تم حل المشكلة مشكله بطئ اقلاع الكمبيوتر

samco · 22 سبتمبر 2012

السلام عليكم

اعاني من مشكله بطئ في اقلاع الكمبيوتر

يعني تجيني صوره الوندوز ويتحمل بس يطول تطويل مو عادي

يجلس قريب الخمس دقائق

فهل كثرة البرامج تسبب البطئ فى الجهاز

ارجوا المساعده

التقرير على هذا الرابط

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

كفاح الجريح · 22 سبتمبر 2012

في البدء اعمل الاتي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بعدها اعمل فحص شامل بالمالوير بايت من الوضع الامن

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ونزل برنامج hw monitor
وارفع صورة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

samco · 23 سبتمبر 2012

كفاح الجريح قال:

في البدء اعمل الاتي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بعدها اعمل فحص شامل بالمالوير بايت من الوضع الامن

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ونزل برنامج hw monitor
وارفع صورة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

أنقر للتوسيع...

شكر للمساعدة اخي كفاح الجريح بارك الله فيك

لقد عملت الخطوه الاولى تمام

ولكن لم استطيع التحميل البرنامج الثاني

وهذه صورة تعليق التحميل ولقد حملت البرنامج اكثر من مره ولكن لا فائده

وهذة صوره من برنامج hw monitor

وهذا التقرير بعد عمل الخطوة الاولى

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

samco · 23 سبتمبر 2012

*********** تقرير الهايجاك ***********
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:12:03, on 23/09/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\dllhost.exe
H:\chrome-win32\chrome.exe
H:\chrome-win32\chrome.exe
H:\chrome-win32\chrome.exe
H:\chrome-win32\chrome.exe
H:\chrome-win32\chrome.exe
C:\Program Files\Internet Download Manager\IDMan.exe
F:\البرامج\برامج خدمية\SnagIT v8.2.2 Portable\cabin\SnagIt32.exe
F:\البرامج\برامج خدمية\SnagIT v8.2.2 Portable\cabin\TSCHelp.exe
F:\البرامج\برامج خدمية\SnagIT v8.2.2 Portable\cabin\SnagPriv.exe
H:\chrome-win32\chrome.exe
H:\chrome-win32\chrome.exe
H:\chrome-win32\chrome.exe
H:\chrome-win32\chrome.exe
H:\chrome-win32\chrome.exe
H:\chrome-win32\chrome.exe
H:\chrome-win32\chrome.exe
H:\chrome-win32\chrome.exe
H:\chrome-win32\chrome.exe
H:\chrome-win32\chrome.exe
H:\chrome-win32\chrome.exe
H:\chrome-win32\chrome.exe
C:\Documents and Settings\marei\My Documents\Downloads\Zyzoom_Report_Tool.exe
C:\DOCUME~1\marei\LOCALS~1\Temp\Ht.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: KMPlayer Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Anvi Smart Defender] C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O8 - Extra context menu item: إر&سال إلى OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: تحميل ملفات (إف.إل.في) الـ 10 الأخيرة بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL2.htm
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ملاحظات OneNote الم&رتبطة - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: ملاحظات OneNote الم&رتبطة - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Anvi Smart Defender Realtime Guard Service (asdsrv) - Anvisoft - C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files\PANDORA.TV\PanService\PandoraService.exe

--
End of file - 8641 bytes

*********** تقرير مسجل النظام ***********

"Silent Runners.vbs", revision 60,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Operating System: Windows XP SP3
Search enabled of all directories on local fixed drives for DESKTOP.INI
DLL launch points
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"uTorrent" = ""C:\Program Files\uTorrent\uTorrent.exe"" ["BitTorrent, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"avgnt" = ""C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min" ["Avira GmbH"]
"egui" = ""C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice" ["ESET"]
"Anvi Smart Defender" = "C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe" ["Anvisoft"]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{0055C089-8582-441B-A0BF-17B458C2A3A8}\(Default) = "IDM Helper"
-> {HKLM...CLSID} = "IDMIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Internet Download Manager\IDMIECC.dll" ["Tonec Inc."]

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub"
-> {HKLM...CLSID} = "Adobe PDF Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"]

{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\(Default) = "Search Helper"
-> {HKLM...CLSID} = "Search Helper"
\InProcServer32\(Default) = "C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll" [MS]

{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Groove GFS Browser Helper"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Java(tm) Plug-In SSV Helper"
\InProcServer32\(Default) = "C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll" ["Oracle Corporation"]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "مساعد تسجيل الدخول إلى Windows Live"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]

{B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = "URLRedirectionBHO"
-> {HKLM...CLSID} = "Office Document Cache Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL" [MS]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper"
\InProcServer32\(Default) = "C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll" ["Oracle Corporation"]

{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Toolbar\wltcore.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

AutoCAD Digital Signatures Icon Overlay Handler\(Default) = "{36A21736-36C2-4C11-8ACB-D4136F2B57BD}"
-> {HKLM...CLSID} = "AcSignIcon"
\InProcServer32\(Default) = "C:\WINDOWS\system32\AcSignIcon.dll" ["Autodesk"]

Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = "{99FD978C-D287-4F50-827F-B2C658EDA8E7}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = "{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = "{920E6DB1-9907-4370-B3A0-BAFC03D81399}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = "{16F3DD56-1AF5-4347-846D-7C10C4192619}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = "{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete"
-> {HKLM...CLSID} = "IE Microsoft AutoComplete"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
-> {HKLM...CLSID} = "History Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]

"{4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD}" = "CorelDRAW Shell Extension Component"
-> {HKLM...CLSID} = "CorelDRAW Shell Extension Component"
\InProcServer32\(Default) = "C:\Program Files\Corel\Graphics10\Draw\CdrViewer\CrlShell100.dll" ["Corel Corporation"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir Desktop\shlext.dll" ["Avira GmbH"]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office14\msohevi.dll" [MS]

"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll" [MS]

"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll" [MS]

"{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D}" = "Groove Namespace Extension"
-> {HKLM...CLSID} = "مساحات عمل"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

"{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}" = "Microsoft OneNote Namespace Extension for Windows Desktop Search"
-> {HKLM...CLSID} = "Microsoft OneNote Namespace Extension for Windows Desktop Search"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL" [MS]

"{506F4668-F13E-4AA1-BB04-B43203AB3CC0}" = "{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"
-> {HKLM...CLSID} = "ImageExtractorShellExt Class"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office14\VISSHE.DLL" [MS]

"{D66DC78C-4F61-447F-942B-3FB6980118CF}" = "{D66DC78C-4F61-447F-942B-3FB6980118CF}"
-> {HKLM...CLSID} = "CInfoTipShellExt Class"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office14\VISSHE.DLL" [MS]

"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper"
-> {HKLM...CLSID} = "Groove GFS Browser Helper"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

"{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar"
-> {HKLM...CLSID} = "Groove Folder Synchronization"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

"{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

"{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler"
-> {HKLM...CLSID} = "Groove GFS Stub Icon Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

"{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

"{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

"{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

"{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

"{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler"
-> {HKLM...CLSID} = "Groove XML Icon Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\MLSHEXT.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL" [MS]

"{1AED2A52-81A3-404D-AEF9-7DE981C316D1}" = "R-Wipe&Clean"
-> {HKLM...CLSID} = "FWipeShellExt Class"
\InProcServer32\(Default) = "C:\Program Files\R-Wipe&Clean\RwcSh32.dll" ["R-tools Technology Inc."]

"{36A21736-36C2-4C11-8ACB-D4136F2B57BD}" = "********** ******* ******** ******** AutoCAD" (unwritable string)
-> {HKLM...CLSID} = "AcSignIcon"
\InProcServer32\(Default) = "C:\WINDOWS\system32\AcSignIcon.dll" ["Autodesk"]

"{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}" = "Autodesk Drawing Preview"
-> {HKLM...CLSID} = "ACTHUMBNAIL"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll" ["Autodesk"]

"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "ESET Smart Security - Context Menu Shell Extension"
-> {HKLM...CLSID} = "ESET Smart Security - Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]

"{0563DB41-F538-4B37-A92D-4659049B7766}" = "WLMD Message Handler"
-> {HKLM...CLSID} = "CLSID_WLMCMimeFilter"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Mail\mailcomm.dll" [MS]

"{00F33137-EE26-412F-8D71-F84E4C2C6625}" = (no title provided)
-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

"{00F346CB-35A4-465B-8B8F-65A29DBAB1F6}" = "Windows Live Photo Gallery Viewer Drop Target Shim"
-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Shim"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

"{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D}" = "Windows Live Photo Gallery Editor Drop Target Shim"
-> {HKLM...CLSID} = "Windows Live Photo Gallery Editor Shim"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

"{00F30F90-3E96-453B-AFCD-D71989ECC2C7}" = "Windows Live Photo Gallery Autoplay Drop Target Shim"
-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

"{5071CDA5-D3E1-11D5-BFC0-005004A71005}" = "Advanced JPEG Compressor Context Menu Shell Extension"
-> {HKLM...CLSID} = "Advanced JPEG Compressor Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Advanced JPEG Compressor\ContextMenuExt.dll" [null data]

"{ECDF2E20-C829-11D1-8233-0030AF3E97A8}" = "Clean Disk Security Erase Files Context Menu Extension"
-> {HKLM...CLSID} = "Eraseex"
\InProcServer32\(Default) = "C:\PROGRA~1\CLEAND~1\eraseex.dll" ["Kevin Solway"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807573E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

<<!>> livecall\CLSID = "{828030A1-22C1-4009-854F-8E305202313F}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL" [MS]

<<!>> ms-help\CLSID = "{314111c7-a502-11d2-bbca-00c04f8ec294}"
-> {HKLM...CLSID} = "HxProtocol Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll" [MS]

<<!>> msnim\CLSID = "{828030A1-22C1-4009-854F-8E305202313F}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL" [MS]

<<!>> wlmailhtml\CLSID = "{03C514A3-1EFB-4856-9F99-10D7BE1653C0}"
-> {HKLM...CLSID} = "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Mail\mailcomm.dll" [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

Advanced SystemCare\(Default) = "{9486A9B2-D787-4eca-A25C-4A0086BB4154}"
-> {HKLM...CLSID} = "CExtMenu Class"
\InProcServer32\(Default) = "C:\Program Files\IObit\Advanced SystemCare 5\ASCv5ExtMenu.dll" [null data]

AJC\(Default) = "{5071CDA5-D3E1-11D5-BFC0-005004A71005}"
-> {HKLM...CLSID} = "Advanced JPEG Compressor Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Advanced JPEG Compressor\ContextMenuExt.dll" [null data]

Anvi Smart Defender\(Default) = "{0BB37A67-F062-4F69-8C52-80ADDD64281F}"
-> {HKLM...CLSID} = "ShellMenuExt Class"
\InProcServer32\(Default) = "C:\Program Files\Anvisoft\Anvi Smart Defender\ContextMenu_x86.dll" ["Anvisoft"]

Eraseex\(Default) = "{ECDF2E20-C829-11D1-8233-0030AF3E97A8}"
-> {HKLM...CLSID} = "Eraseex"
\InProcServer32\(Default) = "C:\PROGRA~1\CLEAND~1\eraseex.dll" ["Kevin Solway"]

ESET Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "ESET Smart Security - Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]

Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir Desktop\shlext.dll" ["Avira GmbH"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]

R-Wipe&Clean\(Default) = "{1AED2A52-81A3-404D-AEF9-7DE981C316D1}"
-> {HKLM...CLSID} = "FWipeShellExt Class"
\InProcServer32\(Default) = "C:\Program Files\R-Wipe&Clean\RwcSh32.dll" ["R-tools Technology Inc."]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

Advanced SystemCare\(Default) = "{9486A9B2-D787-4eca-A25C-4A0086BB4154}"
-> {HKLM...CLSID} = "CExtMenu Class"
\InProcServer32\(Default) = "C:\Program Files\IObit\Advanced SystemCare 5\ASCv5ExtMenu.dll" [null data]

Anvi Smart Defender\(Default) = "{0BB37A67-F062-4F69-8C52-80ADDD64281F}"
-> {HKLM...CLSID} = "ShellMenuExt Class"
\InProcServer32\(Default) = "C:\Program Files\Anvisoft\Anvi Smart Defender\ContextMenu_x86.dll" ["Anvisoft"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

igfxcui\(Default) = "{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}"
-> {HKLM...CLSID} = "GraphicsShellExt Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\igfxpph.dll" ["Intel Corporation"]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

Eraseex\(Default) = "{ECDF2E20-C829-11D1-8233-0030AF3E97A8}"
-> {HKLM...CLSID} = "Eraseex"
\InProcServer32\(Default) = "C:\PROGRA~1\CLEAND~1\eraseex.dll" ["Kevin Solway"]

ESET Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "ESET Smart Security - Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]

Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir Desktop\shlext.dll" ["Avira GmbH"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

Default executables:
--------------------

<<!>> HKCU\Software\Classes\.scr\(Default) = "scrfile"

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoLowDiskSpaceChecks" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoToolbarsOnTaskbar" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoSetTaskbar" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Start Menu and Taskbar|
Prevent changes to Taskbar and Start Menu Settings}

"NoSaveSettings" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Desktop|
Don't save settings at exit}

"NoActiveDesktop" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Desktop|Desktop / Active Desktop|
Disable Active Desktop}

"ClassicShell" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Windows Components|Windows Explorer|
Enable Classic Shell / Turn on Classic Shell}

"NoBandCustomize" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Windows Components|Internet Explorer|Toolbars|
Disable customizing browser toolbars}

"NoMovingBands" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoCloseDragDropBands" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"ClearRecentDocsOnExit" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoRecentDocsHistory" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoInstrumentation" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDriveAutoRun-" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoDriveTypeAutoRun-" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoRun" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoControlPanel" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoFolderOptions" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoLowDiskSpaceChecks" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\

"NoUpdateCheck" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"SynchronousMachineGroupPolicy" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"SynchronousUserGroupPolicy" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"try" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"EnableLUA" = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Run All Administrators In Admin Approval Mode}

"tray" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"VerboseStatus" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\marei\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

MPCPlayCDAudioOnArrival\
"Provider" = "Haihaisoft Universal Player"
"InvokeProgID" = "HaihaisoftUniversalPlayer.Autorun"
"InvokeVerb" = "PlayCDAudio"
HKLM\SOFTWARE\Classes\HaihaisoftUniversalPlayer.Autorun\shell\PlayCDAudio\command\(Default) = ""C:\Program Files\Haihaisoft Universal Player\hmplayer.exe" %1 /cd" ["Haihaisoft"]

MPCPlayDVDMovieOnArrival\
"Provider" = "Haihaisoft Universal Player"
"InvokeProgID" = "HaihaisoftUniversalPlayer.Autorun"
"InvokeVerb" = "PlayDVDMovie"
HKLM\SOFTWARE\Classes\HaihaisoftUniversalPlayer.Autorun\shell\PlayDVDMovie\command\(Default) = ""C:\Program Files\Haihaisoft Universal Player\hmplayer.exe" %1 /dvd" ["Haihaisoft"]

MPCPlayMusicFilesOnArrival\
"Provider" = "Haihaisoft Universal Player"
"InvokeProgID" = "HaihaisoftUniversalPlayer.Autorun"
"InvokeVerb" = "PlayMusicFiles"
HKLM\SOFTWARE\Classes\HaihaisoftUniversalPlayer.Autorun\shell\PlayMusicFiles\command\(Default) = ""C:\Program Files\Haihaisoft Universal Player\hmplayer.exe" %1" ["Haihaisoft"]

MPCPlayVideoFilesOnArrival\
"Provider" = "Haihaisoft Universal Player"
"InvokeProgID" = "HaihaisoftUniversalPlayer.Autorun"
"InvokeVerb" = "PlayVideoFiles"
HKLM\SOFTWARE\Classes\HaihaisoftUniversalPlayer.Autorun\shell\PlayVideoFiles\command\(Default) = ""C:\Program Files\Haihaisoft Universal Player\hmplayer.exe" %1" ["Haihaisoft"]

MSLivePhotoAcqHWEventHandler\
"Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10"
"ProgID" = "Microsoft.LivePhotoAcqHWEventHandler"
HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqHWEventHandler\CLSID\(Default) = "{3BD0ACD1-71CA-4475-92CC-E0AA0AAF843F}"
-> {HKLM...CLSID} = (no title provided)
\LocalServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe" [MS]

MSLivePhotoAcquireDropHandler\
"Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10"
"InvokeProgID" = "Microsoft.LivePhotoAcqDTShim.1"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = "{00F33137-EE26-412F-8D71-F84E4C2C6625}"
-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

MSLiveShowPicturesOnArrival\
"Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10"
"InvokeProgID" = "Microsoft.Photos.LiveAutoplayShim.1"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = "{00F30F90-3E96-453B-AFCD-D71989ECC2C7}"
-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

MSLiveVideoCameraArrivalCaptureWizard\
"Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10"
"ProgID" = "WLXAutoPlayMgr.WLXHWEventHandler"
"InitCmdLine" = "WLXVideoAcquireWizard"
HKLM\SOFTWARE\Classes\WLXAutoPlayMgr.WLXHWEventHandler\CLSID\(Default) = "{9B5C97F6-B3A5-4A6D-8B03-993EC7291A22}"
-> {HKLM...CLSID} = "WLXWEventHandler Class"
\LocalServer32\(Default) = ""C:\Program Files\Windows Live\Photo Gallery\WLXVideoCameraAutoPlayManager.exe"" [MS]

Picasa2ImportPicturesOnArrival\
"Provider" = "Picasa3"
"InvokeProgID" = "picasa2.autoplay"
"InvokeVerb" = "import"
HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import\command\(Default) = "C:\Program Files\Google\Picasa3\Picasa3.exe "%1"" ["Google Inc."]

Enabled Scheduled Tasks:
------------------------

"SpeedOptimizer Startup" -> launches: "c:\progra~1\speedo~1\SPO.exe /minimized" [file not found]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"
-> {HKLM...CLSID} = "&Windows Live Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Toolbar\wltcore.dll" [MS]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" = (no title provided)
-> {HKLM...CLSID} = "&Windows Live Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Toolbar\wltcore.dll" [MS]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\
"ButtonText" = "تدوين هذا في المدونة"
"MenuText" = "&تدوين هذا في Windows Live Writer"
"CLSIDExtension" = "{5F7B1267-94A9-47F5-98DB-E99415F33AEC}"
-> {HKLM...CLSID} = "BlogThisToolbarButton Class"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll" [MS]

{2670000A-7350-4F3C-8081-5663EE0C6C49}\
"ButtonText" = "إرسال إلى OneNote"
"MenuText" = "إر&سال إلى OneNote"
"CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}"
-> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll" [MS]

{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\
"ButtonText" = "ملاحظات OneNote الم&رتبطة"
"MenuText" = "ملاحظات OneNote الم&رتبطة"
"CLSIDExtension" = "{FFFDC614-B694-4AE6-AB38-5D6374584B52}"
-> {HKLM...CLSID} = "Linked Notes button"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll" [MS]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

Miscellaneous IE Hijack Points
------------------------------

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\
<<H>> "Tabs" = "res://ieframe.dll/tabswelcome.htm" [file not found]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Anvi Smart Defender Realtime Guard Service, asdsrv, "C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe" ["Anvisoft"]
Avira AntiVir Guard, AntiVirService, ""C:\Program Files\Avira\AntiVir Desktop\avguard.exe"" ["Avira GmbH"]
Avira AntiVir Scheduler, AntiVirSchedulerService, ""C:\Program Files\Avira\AntiVir Desktop\sched.exe"" ["Avira GmbH"]
ESET Service, ekrn, ""C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"" ["ESET"]
MBAMScheduler, MBAMScheduler, ""C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe"" ["Malwarebytes Corporation"]
MBAMService, MBAMService, ""C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe"" ["Malwarebytes Corporation"]
PandoraService, PanService, "C:\Program Files\PANDORA.TV\PanService\PandoraService.exe" ["Pandora.TV"]

---------- (launch time: 2012-09-23 18:12:08)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 99 seconds.
---------- (total run time: 158 seconds)

*********** جميع عمليات الذاكرة ***********

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\dllhost.exe
H:\chrome-win32\chrome.exe
H:\chrome-win32\chrome.exe
H:\chrome-win32\chrome.exe
H:\chrome-win32\chrome.exe
H:\chrome-win32\chrome.exe
C:\Program Files\Internet Download Manager\IDMan.exe
F:\البرامج\برامج خدمية\SnagIT v8.2.2 Portable\cabin\SnagIt32.exe
F:\البرامج\برامج خدمية\SnagIT v8.2.2 Portable\cabin\TSCHelp.exe
F:\البرامج\برامج خدمية\SnagIT v8.2.2 Portable\cabin\SnagPriv.exe
H:\chrome-win32\chrome.exe
H:\chrome-win32\chrome.exe
H:\chrome-win32\chrome.exe
H:\chrome-win32\chrome.exe
H:\chrome-win32\chrome.exe
H:\chrome-win32\chrome.exe
H:\chrome-win32\chrome.exe
H:\chrome-win32\chrome.exe
H:\chrome-win32\chrome.exe
C:\Documents and Settings\marei\My Documents\Downloads\Zyzoom_Report_Tool.exe
H:\chrome-win32\chrome.exe

*********** عمليات الذاكره الغير موقعه رقميا _ بدون عمليات النظام _ ***********

C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\dllhost.exe
H:\chrome-win32\chrome.exe
H:\chrome-win32\chrome.exe
H:\chrome-win32\chrome.exe
H:\chrome-win32\chrome.exe
H:\chrome-win32\chrome.exe
H:\chrome-win32\chrome.exe
H:\chrome-win32\chrome.exe
H:\chrome-win32\chrome.exe
H:\chrome-win32\chrome.exe
H:\chrome-win32\chrome.exe
H:\chrome-win32\chrome.exe
H:\chrome-win32\chrome.exe
H:\chrome-win32\chrome.exe
H:\chrome-win32\chrome.exe
C:\Documents and Settings\marei\My Documents\Downloads\Zyzoom_Report_Tool.exe
H:\chrome-win32\chrome.exe

*********** المجلدات والملفات التي تم انشاؤها في آخر شهر ***********

2012-09-23 18:12:00 ----A---- C:\zzlog.txt
2012-09-23 18:12:00 ----A---- C:\WINDOWS\system32\Gif89.dll
2012-09-23 14:50:44 ----D---- C:\Documents and Settings\marei\Application Data\MetaQuotes
2012-09-23 12:18:34 ----A---- C:\WINDOWS\ntbtlog.txt
2012-09-23 11:49:52 ----D---- C:\Program Files\CPUID
2012-09-23 11:45:35 ----D---- C:\Program Files\CCleaner
2012-09-22 20:34:11 ----D---- C:\Documents and Settings\marei\Application Data\Runscanner.net
2012-09-21 16:09:10 ----D---- C:\Program Files\SpeedOptimizer
2012-09-21 14:30:42 ----D---- C:\Documents and Settings\marei\Application Data\Auslogics
2012-09-21 14:29:49 ----D---- C:\Program Files\Auslogics
2012-09-21 13:18:36 ----D---- C:\Documents and Settings\marei\Application Data\Real
2012-09-20 15:53:38 ----D---- C:\Documents and Settings\All Users\Application Data\Kerish Products
2012-09-20 15:53:33 ----D---- C:\Program Files\Kerish Doctor 2012
2012-09-20 15:17:13 ----D---- C:\Documents and Settings\marei\Application Data\Tencent
2012-09-20 15:17:13 ----D---- C:\Documents and Settings\All Users\Application Data\Tencent
2012-09-20 15:05:11 ----D---- C:\Program Files\Your Uninstaller! 7
2012-09-20 15:05:05 ----D---- C:\Documents and Settings\marei\Application Data\Babylon
2012-09-20 15:05:05 ----D---- C:\Documents and Settings\All Users\Application Data\Babylon
2012-09-20 14:58:31 ----D---- C:\Documents and Settings\marei\Application Data\Systweak
2012-09-20 14:58:19 ----D---- C:\Documents and Settings\All Users\Application Data\Systweak
2012-09-20 14:58:16 ----D---- C:\Program Files\Advanced System Protector
2012-09-20 14:58:16 ----A---- C:\WINDOWS\system32\sasnative32.exe
2012-09-20 12:21:12 ----D---- C:\Program Files\DSL Speed
2012-09-20 12:03:52 ----D---- C:\Program Files\Anti Trojan Elite
2012-09-20 11:41:40 ----D---- C:\Program Files\Clean Disk Security
2012-09-19 18:01:35 ----D---- C:\Program Files\Sophos
2012-09-19 16:41:48 ----A---- C:\TDSSKiller.2.8.10.0_19.09.2012_16.41.48_log.txt
2012-09-19 16:40:10 ----D---- C:\TDSSKiller_Quarantine
2012-09-19 16:37:36 ----A---- C:\TDSSKiller.2.8.10.0_19.09.2012_16.37.36_log.txt
2012-09-19 15:50:38 ----D---- C:\Program Files\AutorunRemover
2012-09-19 13:45:16 ----D---- C:\Program Files\Graphmatica
2012-09-18 14:49:53 ----A---- C:\WINDOWS\system32\ztvunrar39.dll
2012-09-18 14:49:53 ----A---- C:\WINDOWS\system32\ztvunace26.dll
2012-09-18 14:49:53 ----A---- C:\WINDOWS\system32\ztv7z.dll
2012-09-18 14:49:52 ----A---- C:\WINDOWS\system32\ztvunrar36.dll
2012-09-18 14:49:52 ----A---- C:\WINDOWS\system32\ztvcabinet.dll
2012-09-18 14:49:52 ----A---- C:\WINDOWS\system32\unrar3.dll
2012-09-18 14:49:52 ----A---- C:\WINDOWS\system32\unacev2.dll
2012-09-18 14:49:41 ----D---- C:\Documents and Settings\marei\Application Data\Simply Super Software
2012-09-18 14:49:41 ----D---- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2012-09-17 11:40:11 ----D---- C:\Documents and Settings\marei\Application Data\CrystalIdea Software
2012-09-16 11:20:39 ----D---- C:\Documents and Settings\marei\Application Data\Norton Utilities
2012-09-16 11:01:49 ----D---- C:\Documents and Settings\All Users\Application Data\Norton Installer
2012-09-16 11:01:03 ----A---- C:\WINDOWS\system32\msxml4a.dll
2012-09-16 10:59:16 ----D---- C:\Program Files\Common Files\Symantec
2012-09-16 10:59:02 ----A---- C:\WINDOWS\system32\CleanMFT32.exe
2012-09-16 10:58:35 ----D---- C:\Program Files\Norton Utilities 15
2012-09-16 10:58:35 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2012-09-16 10:42:17 ----D---- C:\Program Files\Speedup Tool
2012-09-16 09:48:32 ----D---- C:\Program Files\BootRacer
2012-09-15 20:17:44 ----A---- C:\WINDOWS\system32\PARTIZAN.TXT
2012-09-15 18:28:37 ----RSHD---- C:\desktop.ini
2012-09-15 18:28:37 ----RSHD---- C:\comment.htt
2012-09-15 18:28:37 ----RSHD---- C:\autorun.inf
2012-09-15 18:22:39 ----D---- C:\Documents and Settings\All Users\Application Data\RegRun
2012-09-15 18:22:25 ----RASHOT---- C:\WINDOWS\winstart.bat
2012-09-15 18:21:47 ----D---- C:\Program Files\UnHackMe
2012-09-15 18:06:57 ----D---- C:\Documents and Settings\marei\Application Data\T55
2012-09-15 17:11:56 ----A---- C:\WINDOWS\system32\pwNative.exe
2012-09-15 17:11:01 ----D---- C:\Documents and Settings\marei\Application Data\AVG
2012-09-15 17:09:28 ----D---- C:\Program Files\MiniTool Partition Wizard Professional Edition 5.2
2012-09-15 17:08:02 ----D---- C:\Program Files\AVG
2012-09-15 14:39:54 ----D---- C:\Documents and Settings\marei\Application Data\RegistryKeys
2012-09-15 14:38:28 ----D---- C:\Documents and Settings\marei\Application Data\PC Speed Maximizer
2012-09-15 14:37:37 ----D---- C:\Program Files\PC Speed Maximizer
2012-09-15 14:36:36 ----D---- C:\Program Files\Janwsoft Disk Defrag
2012-09-15 13:59:01 ----D---- C:\Program Files\Common Files\TradeStation Technologies
2012-09-15 13:58:46 ----D---- C:\Program Files\TradeStation 8.3 (Build 1419)
2012-09-14 17:44:24 ----D---- C:\Program Files\Trend Micro
2012-09-14 16:21:03 ----D---- C:\Documents and Settings\marei\Application Data\Boost Windows
2012-09-14 16:21:01 ----D---- C:\Documents and Settings\marei\Application Data\Thinstall
2012-09-13 20:31:02 ----D---- C:\Program Files\Advanced JPEG Compressor
2012-09-12 21:48:22 ----A---- C:\WINDOWS\system32\RegistryDefragBootTime.exe
2012-09-12 21:33:17 ----D---- C:\Documents and Settings\All Users\Application Data\IObit
2012-09-12 21:32:54 ----D---- C:\Documents and Settings\marei\Application Data\IObit
2012-09-12 21:32:18 ----D---- C:\Program Files\IObit
2012-09-12 21:09:18 ----D---- C:\Program Files\CodeLifter5
2012-09-12 20:49:21 ----D---- C:\Program Files\MaaTec
2012-09-12 20:49:21 ----D---- C:\Documents and Settings\marei\Application Data\MaaTec
2012-09-12 15:42:52 ----A---- C:\netstat.txt
2012-09-12 14:53:10 ----D---- C:\WINDOWS\pss
2012-09-12 12:17:46 ----D---- C:\Program Files\Imageshackert 3.0
2012-09-11 19:53:49 ----D---- C:\EnsignBackup
2012-09-11 19:42:56 ----A---- C:\WINDOWS\vbupdtx.ini
2012-09-11 19:42:26 ----D---- C:\Program Files\DTN
2012-09-11 19:42:07 ----D---- C:\ENSIGN
2012-09-11 17:49:57 ----D---- C:\Documents and Settings\marei\Application Data\X-NetStat
2012-09-11 17:49:01 ----D---- C:\Program Files\X-NetStat Professional
2012-09-10 14:01:02 ----D---- C:\Program Files\AL Trade 4
2012-09-09 19:18:06 ----A---- C:\WINDOWS\system32\PxSecure.dll-32418218
2012-09-09 19:17:32 ----A---- C:\WINDOWS\wininit.ini
2012-09-09 12:15:31 ----D---- C:\Documents and Settings\marei\Application Data\Anvisoft
2012-09-09 12:15:09 ----D---- C:\Documents and Settings\All Users\Application Data\Anvisoft
2012-09-09 12:14:56 ----D---- C:\Program Files\Anvisoft
2012-09-09 12:01:25 ----D---- C:\Program Files\East-Tec DisposeSecure 5
2012-09-09 11:26:00 ----D---- C:\Documents and Settings\marei\Application Data\Malwarebytes
2012-09-09 11:25:40 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2012-09-09 11:25:37 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-09-03 21:28:28 ----D---- C:\Program Files\inKline Global
2012-09-03 20:15:14 ----A---- C:\WINDOWS\FTGTLogStart.TXT
2012-09-03 20:15:14 ----A---- C:\WINDOWS\FTGT32.INI
2012-09-03 20:12:02 ----A---- C:\WINDOWS\system32\DbcCtrl.dll
2012-09-03 20:12:02 ----A---- C:\WINDOWS\system32\dbcapi.dll
2012-09-03 20:12:01 ----A---- C:\WINDOWS\system32\XceedZip.dll
2012-09-03 20:12:01 ----A---- C:\WINDOWS\system32\MHLOCALE.DLL
2012-09-03 20:11:57 ----A---- C:\WINDOWS\system32\SX32W.DLL
2012-09-03 20:11:57 ----A---- C:\WINDOWS\system32\QPRO32.DLL
2012-09-03 20:11:57 ----A---- C:\WINDOWS\system32\proxydll.dll
2012-09-03 20:11:57 ----A---- C:\WINDOWS\system32\msfl651d.dll
2012-09-03 20:11:57 ----A---- C:\WINDOWS\system32\MidAPI.dll
2012-09-03 20:11:57 ----A---- C:\WINDOWS\system32\IQConnect.exe
2012-09-03 20:11:57 ----A---- C:\WINDOWS\system32\IQ32.DLL
2012-09-03 20:11:57 ----A---- C:\WINDOWS\system32\IMPLODE.DLL
2012-09-03 20:11:57 ----A---- C:\WINDOWS\system32\CTA32.dll
2012-09-03 20:11:57 ----A---- C:\WINDOWS\system32\CompDLL.dll
2012-09-03 20:11:46 ----D---- C:\FTGT
2012-09-03 20:11:15 ----D---- C:\مجلد جديد
2012-09-03 14:53:43 ----D---- C:\Program Files\Ajax Financial MetaTrader 4
2012-09-02 15:19:07 ----D---- C:\Program Files\InCode Solutions
2012-08-31 13:27:11 ----D---- C:\Program Files\Microsoft Silverlight
2012-08-30 11:27:08 ----D---- C:\Program Files\Profiler3D
2012-08-30 11:26:44 ----D---- C:\WINDOWS\Downloaded Installations
2012-08-29 19:05:47 ----D---- C:\Program Files\GameTop.com
2012-08-29 12:46:23 ----HD---- C:\WINDOWS\system32\GroupPolicy
2012-08-28 14:47:13 ----RSD---- C:\WINDOWS\assembly
2012-08-28 14:46:33 ----D---- C:\WINDOWS\Microsoft.NET
2012-08-28 14:45:23 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2012-08-28 14:45:15 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2012-08-28 14:44:18 ----D---- C:\Program Files\Microsoft
2012-08-28 14:43:59 ----D---- C:\Program Files\Windows Live SkyDrive
2012-08-28 14:43:25 ----D---- C:\Program Files\NoCUT
2012-08-28 14:42:05 ----D---- C:\Program Files\Common Files\Windows Live
2012-08-28 14:41:49 ----D---- C:\Program Files\Common Files\SCES
2012-08-28 14:40:38 ----D---- C:\Program Files\Windows Live
2012-08-27 20:40:02 ----D---- C:\WINDOWS\Minidump
2012-08-27 12:08:31 ----D---- C:\Program Files\ESET
2012-08-27 12:08:31 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2012-08-27 12:02:06 ----D---- C:\Program Files\cFosSpeed
2012-08-26 19:34:31 ----D---- C:\Program Files\TNod User & Password Finder
2012-08-26 19:30:29 ----D---- C:\Program Files\Cable & ADSL Optimizer
2012-08-25 15:23:11 ----D---- C:\Documents and Settings\marei\Application Data\DivX

---------------------------------------------------------------------

This Report Created By Zyzoom.org Tools & Silent Runners & HijackThis

كفاح الجريح · 23 سبتمبر 2012

samco قال:
شكر للمساعدة اخي كفاح الجريح بارك الله فيك

لقد عملت الخطوه الاولى تمام

ولكن لم استطيع التحميل البرنامج الثاني

وهذه صورة تعليق التحميل ولقد حملت البرنامج اكثر من مره ولكن لا فائده

وهذة صوره من برنامج hw monitor

وهذا التقرير بعد عمل الخطوة الاولى

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بالنسبة لصورة برنامج الحرارة يرجى تصوير البرنامج كاملا
اما برنامج المالوير تفضل رابط ثاني

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

samco · 23 سبتمبر 2012

كفاح الجريح قال:

بالنسبة لصورة برنامج الحرارة يرجى تصوير البرنامج كاملا
اما برنامج المالوير تفضل رابط ثاني

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

أنقر للتوسيع...

ابشر
هذة الصوره كامل ولا ادري لماذا لم تظهر بقيت الاجهزة

وهذا التقرير برنامج المالوير

Malwarebytes Anti-Malware (PRO) 1.65.0.1400

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

نسخة قاعدة البيانات : v2012.09.23.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
marei :: F-B644A4D151224 [مدير]

الحماية: ممكنة

23/09/2012 21:08:57
mbam-log-2012-09-23 (21-08-57).txt

نوع الفحص : فحص سريع
خيارت الفحص الممكنة: الذاكرة | بدء التشغيل | الريجستري | نظام الملفات | أساليب بحثية/غير ذلك | Shuriken/أساليب بحثية | PUP | PUM
خيارات الفحص المعطلة: P2P
الكائنات المفحوصة : 184905
الوقت المنقضي : 59 دقيقة, 27 ثانية

عمليات الذاكرة المصابة : 0
(لم يتم إكتشاف مواد ضارة)

وحدات الذاكرة المصابة : 0
(لم يتم إكتشاف مواد ضارة)

مفاتيح الريجستري المصابة : 0
(لم يتم إكتشاف مواد ضارة)

قيم الريجستري المصابة : 0
(لم يتم إكتشاف مواد ضارة)

مواد بيانات الريجستري المصابة : 0
(لم يتم إكتشاف مواد ضارة)

المجلدات المصابة : 0
(لم يتم إكتشاف مواد ضارة)

الملفات المصابة : 0
(لم يتم إكتشاف مواد ضارة)

(و)

كفاح الجريح · 23 سبتمبر 2012

بالنسبة لفحص المالوير انت عملت فحص سريع
وانا قلتلك اعمل فحص شامل فحص كامل

كفاح الجريح · 23 سبتمبر 2012

شنو نوع جهازك مكتبي لو محمول

samco · 23 سبتمبر 2012

مكتبي :hh:

samco · 23 سبتمبر 2012

كفاح الجريح قال:
بالنسبة لفحص المالوير انت عملت فحص سريع
وانا قلتلك اعمل فحص شامل فحص كامل

تمام
جاري الفحص الان .....

الخفـوق · 23 سبتمبر 2012

بعد تطبيق اللي تفضل به اخوي / كفاح الجريح

اعد تطبيق تقرير الرن سكنر فضلا ً

samco · 24 سبتمبر 2012

كفاح الجريح قال:
بالنسبة لفحص المالوير انت عملت فحص سريع
وانا قلتلك اعمل فحص شامل فحص كامل

تم عمل الفحص ...

Malwarebytes Anti-Malware (PRO) 1.65.0.1400

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

نسخة قاعدة البيانات : v2012.09.23.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
marei :: F-B644A4D151224 [مدير]

الحماية: ممكنة

24/09/2012 10:50:52
mbam-log-2012-09-24 (10-50-52).txt

نوع الفحص : فحص كامل (C:\|D:\|E:\|F:\|G:\|)
خيارت الفحص الممكنة: الذاكرة | بدء التشغيل | الريجستري | نظام الملفات | أساليب بحثية/غير ذلك | Shuriken/أساليب بحثية | PUP | PUM
خيارات الفحص المعطلة: P2P
الكائنات المفحوصة : 388664
الوقت المنقضي : 2 ساعة, 29 دقيقة, 31 ثانية

عمليات الذاكرة المصابة : 0
(لم يتم إكتشاف مواد ضارة)

وحدات الذاكرة المصابة : 0
(لم يتم إكتشاف مواد ضارة)

مفاتيح الريجستري المصابة : 0
(لم يتم إكتشاف مواد ضارة)

قيم الريجستري المصابة : 0
(لم يتم إكتشاف مواد ضارة)

مواد بيانات الريجستري المصابة : 0
(لم يتم إكتشاف مواد ضارة)

المجلدات المصابة : 0
(لم يتم إكتشاف مواد ضارة)

الملفات المصابة : 0
(لم يتم إكتشاف مواد ضارة)

(و)

samco · 24 سبتمبر 2012

كفاح الجريح قال:
بالنسبة لفحص المالوير انت عملت فحص سريع
وانا قلتلك اعمل فحص شامل فحص كامل

الخفـوق قال:
بعد تطبيق اللي تفضل به اخوي / كفاح الجريح

اعد تطبيق تقرير الرن سكنر فضلا ً

تفضل هذا الملف

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

كفاح الجريح · 24 سبتمبر 2012

الجهاز خالي من الفيروسات
ودرجة الحرارة ان شاء الله جيدة
هل اصبح الجهاز احسن

الخفـوق · 24 سبتمبر 2012

ارفع الملف هنا لاهنت

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

samco · 24 سبتمبر 2012

الخفـوق قال:
ارفع الملف هنا لاهنت

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

تفضل الملف

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

samco · 24 سبتمبر 2012

كفاح الجريح قال:
الجهاز خالي من الفيروسات
ودرجة الحرارة ان شاء الله جيدة
هل اصبح الجهاز احسن

الله يبارك فيك أخي كفاح الجريح
نعم في تحسن لكن هل يوجد خطاء في سجل النظام
لان ادرة المهام لم تشتغل وزر الماوس الايمن لايستجيب ولا ينفتح بسرعة
هل هذا فيروس ام خطاء الله يخليك ...

الخفـوق · 24 سبتمبر 2012

اخوي انت مثبت ثلاث برامج حمايه :d:

منهم الافيرا :no:

يلزم حذفهم وتثبيت برنامج اخر الافيرا مايحميك من الاختراق

:

الخفـوق · 24 سبتمبر 2012

اخوي تحب تبقي ع النود كـ حمايه اساسيه
او نغيره لـ النورتن

عشان اعتمد تحليل التقرير

samco · 25 سبتمبر 2012

الخفـوق قال:
اخوي تحب تبقي ع النود كـ حمايه اساسيه
او نغيره لـ النورتن

عشان اعتمد تحليل التقرير

نعم اخي الخفوق اجعل النود هو الاساسي

زيزوومى مبدع

توقيع : samco

زيزوومى فضى

توقيع : كفاح الجريح

زيزوومى مبدع

توقيع : samco

زيزوومى مبدع

توقيع : samco

زيزوومى فضى

توقيع : كفاح الجريح

زيزوومى مبدع

توقيع : samco

زيزوومى فضى

توقيع : كفاح الجريح

زيزوومى فضى

توقيع : كفاح الجريح

زيزوومى مبدع

توقيع : samco

زيزوومى مبدع

توقيع : samco

خبراء تحليل ملفات

توقيع : الخفـوق

زيزوومى مبدع

توقيع : samco

زيزوومى مبدع

توقيع : samco

زيزوومى فضى

توقيع : كفاح الجريح

خبراء تحليل ملفات

توقيع : الخفـوق

زيزوومى مبدع

توقيع : samco

زيزوومى مبدع

توقيع : samco

خبراء تحليل ملفات

توقيع : الخفـوق

خبراء تحليل ملفات

توقيع : الخفـوق

زيزوومى مبدع

توقيع : samco