تم حل المشكلة ما هي مشكلة جهازي ؟

الحالة
مغلق و غير مفتوح للمزيد من الردود.
محمد خالد جمال

محمد خالد جمال

زيزوومى متألق
إنضم
5 أبريل 2010
المشاركات
307
مستوى التفاعل
18
النقاط
400
الإقامة
مصــ أم الدنيا ــــر (مقيم في البحرين )
غير متصل
السلام عليكم
انا جهازي جنني اولا جربت عليه كل انواع الويندوز و حجات مضمونه و نسخ نضيفة من زيزوم هنا بس للاسف مش عارف فين المشكله و دلوقتي لما اعمل boot من اي اسطوانه علشان انزل نسخه جديده تظهرلي رساله تقول
no emulation system type 00

حاولت اخرج منها معرفتش لازم اعمل ريستارت
فمش عارف افرمت ول حاجه
و تاني شيء ازاي اقدر احدد نوع نواة الجهاز بتاعي يعني انزل عليه 32 ول 64 مش عارف ايهم يناسب جهازي بس انا بنزل 64 هل ممكن يكون دا السبب ؟ و دي صورة
448552494.png




و جهازي على حد علمي خالي من اي ملفات ضارة و بفحصة بشكل دوري و شغال حاليا بكاسبر و محدث و عملتله فحص بأكثر من برنامج اخر كله تمام
و دي التقرار المطلوبه
الرن سكانر

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

[/URL]
دا تقرير الهايجاك
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:02:17 PM, on 11/3/2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Users\mohamed khaled\AppData\Roaming\BitTorrent\BitTorrent.exe
C:\Program Files\Wondershare\MobileGo for Android\MobileGoService.exe
C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
D:\vmware\vmware-tray.exe
C:\Program Files\Wondershare\MobileGo for Android\FileTransfer.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\TechSmith\Snagit 11\TSCHelp.exe
C:\Program Files (x86)\TechSmith\Snagit 11\SnagPriv.exe
C:\Program Files (x86)\TechSmith\Snagit 11\snagiteditor.exe
C:\Program Files\Wondershare\MobileGo for Android\adb.exe
C:\Users\mohamed khaled\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mohamed khaled\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mohamed khaled\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mohamed khaled\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mohamed khaled\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mohamed khaled\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Zyzoom_Forum_Tools\zyzoom.exe
C:\Users\mohamed khaled\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Zyzoom_Forum_Tools\zHijak.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [vmware-tray.exe] "D:\vmware\vmware-tray.exe"
O4 - HKLM\..\Run: [FileTransferForMobileGo] C:\Program Files\Wondershare\MobileGo for Android\FileTransfer.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\mohamed khaled\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BitTorrent] "C:\Users\mohamed khaled\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: MobileGo Service.lnk = C:\Program Files\Wondershare\MobileGo for Android\MobileGoService.exe
O4 - Global Startup: Snagit 11.lnk = C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O15 - ESC Trusted Zone:

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O15 - ESC Trusted Zone:

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O15 - ESC Trusted Zone:

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

(HKLM)
O15 - ESC Trusted Zone:

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

(HKLM)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\vmware\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: VMware Workstation Server (VMwareHostd) - Unknown owner - D:\vmware\vmware-hostd.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12841 bytes


تقرير البرامج



====== ??????? ???? ??????? ======

X64 WIN_7 7600


====== ????? ??????? ??????? ======

Adobe Flash Player 15 Plugin
Adobe Reader X (10.1.1)
Avira
Avira
Avira Free Antivirus
FormatFactory 2.60
Internet Download Manager
Kaspersky Internet Security 2013
Kaspersky Internet Security 2013
K-Lite Codec Pack 7.9.0 (Full)
Malwarebytes Anti-Malware version 2.0.3.1025
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MiniTool Partition Wizard Home Edition 8.1.1
MiniTool Power Data Recovery
Mozilla Firefox 19.0.2 (x86 en-US)
Mozilla Maintenance Service
Nero 7 Essentials
PowerISO
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Snagit 11
tools-freebsd
tools-linux
VLC media player
VMware Workstation
WinRAR 5.11 (32-??)
Wondershare MobileGo for Android ( Version 5.3.1 )


تقرير سجلات النظام و الاخطاء





====== ??? ????? ?????? ======

Computer Name: mohamedkhaled
Event Code: 6008
Message: The previous system shutdown at 10:41:57 PM on ?11/?2/?2014 was unexpected.
Record Number: 7463
Source Name: EventLog
Time Written: 20141103064353.000000-000
Event Type: Error
User:

Computer Name: mohamedkhaled
Event Code: 41
Message: The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Record Number: 7440
Source Name: Microsoft-Windows-Kernel-Power
Time Written: 20141103064322.300013-000
Event Type: Critical
User: NT AUTHORITY\SYSTEM

Computer Name: mohamedkhaled
Event Code: 1014
Message: Name resolution for the name ssld.oes.avira.com timed out after none of the configured DNS servers responded.
Record Number: 7433
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20141103063055.614119-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: mohamedkhaled
Event Code: 1014
Message: Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.
Record Number: 7421
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20141103061616.503572-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: mohamedkhaled
Event Code: 1014
Message: Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.
Record Number: 7406
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20141103043109.761380-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE



===== ??? ????? ??????? =====

Computer Name: mohamedkhaled
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
5 user registry handles leaked from \Registry\User\S-1-5-21-3351383752-1542105771-4285025494-1000:
Process 4212 (\Device\HarddiskVolume2\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-3351383752-1542105771-4285025494-1000\Software\Ahead\Nero Home\MediaLibrary\Scanner
Process 4212 (\Device\HarddiskVolume2\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-3351383752-1542105771-4285025494-1000\Software\Ahead\Nero Home\MediaLibrary\Scanner
Process 4212 (\Device\HarddiskVolume2\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-3351383752-1542105771-4285025494-1000\Software\Ahead\Nero Home\MediaLibrary
Process 4212 (\Device\HarddiskVolume2\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-3351383752-1542105771-4285025494-1000\Software\Ahead\Nero Home\MediaLibrary
Process 4212 (\Device\HarddiskVolume2\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-3351383752-1542105771-4285025494-1000\Software\Ahead\Nero Home\MediaLibrary

Record Number: 2063
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20141103232531.861696-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: mohamedkhaled
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
5 user registry handles leaked from \Registry\User\S-1-5-21-3351383752-1542105771-4285025494-1000:
Process 4328 (\Device\HarddiskVolume2\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-3351383752-1542105771-4285025494-1000\Software\Ahead\Nero Home\MediaLibrary\Scanner
Process 4328 (\Device\HarddiskVolume2\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-3351383752-1542105771-4285025494-1000\Software\Ahead\Nero Home\MediaLibrary\Scanner
Process 4328 (\Device\HarddiskVolume2\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-3351383752-1542105771-4285025494-1000\Software\Ahead\Nero Home\MediaLibrary
Process 4328 (\Device\HarddiskVolume2\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-3351383752-1542105771-4285025494-1000\Software\Ahead\Nero Home\MediaLibrary
Process 4328 (\Device\HarddiskVolume2\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-3351383752-1542105771-4285025494-1000\Software\Ahead\Nero Home\MediaLibrary

Record Number: 2030
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20141103214923.576865-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: mohamedkhaled
Event Code: 3036
Message: The content source <csc://{S-1-5-21-3351383752-1542105771-4285025494-1000}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
The URL was already processed during this update. If you received this message while processing alerts, then the alerts are redundant, or else Modify should be used instead of Add. (HRESULT : 0x80040d0d) (0x80040d0d)

Record Number: 2021
Source Name: Microsoft-Windows-Search
Time Written: 20141103213947.000000-000
Event Type: Warning
User:

Computer Name: mohamedkhaled
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
5 user registry handles leaked from \Registry\User\S-1-5-21-3351383752-1542105771-4285025494-1000:
Process 4528 (\Device\HarddiskVolume2\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-3351383752-1542105771-4285025494-1000\Software\Ahead\Nero Home\MediaLibrary\Scanner
Process 4528 (\Device\HarddiskVolume2\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-3351383752-1542105771-4285025494-1000\Software\Ahead\Nero Home\MediaLibrary\Scanner
Process 4528 (\Device\HarddiskVolume2\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-3351383752-1542105771-4285025494-1000\Software\Ahead\Nero Home\MediaLibrary
Process 4528 (\Device\HarddiskVolume2\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-3351383752-1542105771-4285025494-1000\Software\Ahead\Nero Home\MediaLibrary
Process 4528 (\Device\HarddiskVolume2\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-3351383752-1542105771-4285025494-1000\Software\Ahead\Nero Home\MediaLibrary

Record Number: 1970
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20141103164326.783745-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: mohamedkhaled
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
20 user registry handles leaked from \Registry\User\S-1-5-21-3351383752-1542105771-4285025494-1000:
Process 1884 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3351383752-1542105771-4285025494-1000
Process 1884 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3351383752-1542105771-4285025494-1000
Process 1884 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3351383752-1542105771-4285025494-1000
Process 1884 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3351383752-1542105771-4285025494-1000
Process 1884 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3351383752-1542105771-4285025494-1000\Software\Microsoft\SystemCertificates\Root
Process 1884 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3351383752-1542105771-4285025494-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1884 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3351383752-1542105771-4285025494-1000\Software\Microsoft\SystemCertificates\trust
Process 1884 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3351383752-1542105771-4285025494-1000\Software\Microsoft\SystemCertificates\My
Process 1884 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3351383752-1542105771-4285025494-1000\Software\Microsoft\SystemCertificates\CA
Process 1948 (\Device\HarddiskVolume2\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-3351383752-1542105771-4285025494-1000\Software\Ahead\Nero Home\MediaLibrary\Scanner
Process 1948 (\Device\HarddiskVolume2\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-3351383752-1542105771-4285025494-1000\Software\Ahead\Nero Home\MediaLibrary\Scanner
Process 1884 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3351383752-1542105771-4285025494-1000\Software\Policies\Microsoft\SystemCertificates
Process 1884 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3351383752-1542105771-4285025494-1000\Software\Policies\Microsoft\SystemCertificates
Process 1884 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3351383752-1542105771-4285025494-1000\Software\Policies\Microsoft\SystemCertificates
Process 1884 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3351383752-1542105771-4285025494-1000\Software\Policies\Microsoft\SystemCertificates
Process 1884 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3351383752-1542105771-4285025494-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 1948 (\Device\HarddiskVolume2\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-3351383752-1542105771-4285025494-1000\Software\Ahead\Nero Home\MediaLibrary
Process 1948 (\Device\HarddiskVolume2\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-3351383752-1542105771-4285025494-1000\Software\Ahead\Nero Home\MediaLibrary
Process 1948 (\Device\HarddiskVolume2\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-3351383752-1542105771-4285025494-1000\Software\Ahead\Nero Home\MediaLibrary
Process 1884 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3351383752-1542105771-4285025494-1000\Software\Microsoft\SystemCertificates\SmartCardRoot

Record Number: 1887
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20141103065534.997217-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM



===== ????? ?????? =====

Computer Name: mohamedkhaled
Event Code: 5061
Message: Cryptographic operation.

Subject:
Security ID: S-1-5-18
Account Name: MOHAMEDKHALED$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Cryptographic Parameters:
Provider Name: Microsoft Software Key Storage Provider
Algorithm Name: RSA
Key Name: {E1EAEC4A-5FF6-4353-AD34-ABE78718F30C}
Key Type: Machine key.

Cryptographic Operation:
Operation: Open Key.
Return Code: 0x0
Record Number: 7017
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20141103041301.611141-000
Event Type: Audit Success
User:

Computer Name: mohamedkhaled
Event Code: 5058
Message: Key file operation.

Subject:
Security ID: S-1-5-18
Account Name: MOHAMEDKHALED$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Cryptographic Parameters:
Provider Name: Microsoft Software Key Storage Provider
Algorithm Name: Not Available.
Key Name: {E1EAEC4A-5FF6-4353-AD34-ABE78718F30C}
Key Type: Machine key.

Key File Operation Information:
File Path: C:\ProgramData\Microsoft\Crypto\Keys\d1b0241a1bfd376a0881c0f3b4e669c8_ac5e46ee-eeaa-4999-b136-97ceb67f1732
Operation: Read persisted key from file.
Return Code: 0x0
Record Number: 7016
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20141103041301.610141-000
Event Type: Audit Success
User:

Computer Name: mohamedkhaled
Event Code: 5061
Message: Cryptographic operation.

Subject:
Security ID: S-1-5-19
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5

Cryptographic Parameters:
Provider Name: Microsoft Software Key Storage Provider
Algorithm Name: RSA
Key Name: a09b86fc-0d16-4a13-afd0-329032b03d67
Key Type: Machine key.

Cryptographic Operation:
Operation: Open Key.
Return Code: 0x0
Record Number: 7015
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20141103041251.218547-000
Event Type: Audit Success
User:

Computer Name: mohamedkhaled
Event Code: 5058
Message: Key file operation.

Subject:
Security ID: S-1-5-19
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5

Cryptographic Parameters:
Provider Name: Microsoft Software Key Storage Provider
Algorithm Name: Not Available.
Key Name: a09b86fc-0d16-4a13-afd0-329032b03d67
Key Type: Machine key.

Key File Operation Information:
File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f61d3368c0cea22a555db69bbd08dfd0_ac5e46ee-eeaa-4999-b136-97ceb67f1732
Operation: Read persisted key from file.
Return Code: 0x0
Record Number: 7014
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20141103041251.218547-000
Event Type: Audit Success
User:

Computer Name: mohamedkhaled
Event Code: 1102
Message: The audit log was cleared.
Subject:
Security ID: S-1-5-21-3351383752-1542105771-4285025494-1000
Account Name: mohamed khaled
Domain Name: mohamedkhaled
Logon ID: 0x16b17
Record Number: 7013
Source Name: Microsoft-Windows-Eventlog
Time Written: 20141103040756.859710-000
Event Type: Audit Success
User:



===== ????? ?????? ??????? =====




===== ????? ?????? ??????? =====

==================================================
Dump File : 110214-39889-01.dmp
Crash Time : 11/2/2014 10:43:59 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`02cc418c
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+71f00
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\110214-39889-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 286,760
==================================================



يا ريت تساعدوني لاني بحتاج جهازي في دراستي و اصبح حاله بيعطلني و جزاكم الله كل خير
 

التعديل الأخير:
توقيع : محمد خالد جمال
ملاحظه برامج الحماية الاخرى غير كاسبر مجرد مثبتها فحص عند الطلب
 
توقيع : محمد خالد جمال
نقاط بدأ التشغيل

"Silent Runners.vbs", revision 61,

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


Operating System: Windows 7
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"]
"IDMan" = "C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot" ["Tonec Inc."]
"Sidebar" = "C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" [MS]
"Google Update" = ""C:\Users\mohamed khaled\AppData\Local\Google\Update\GoogleUpdate.exe" /c" ["Google Inc."]
"BitTorrent" = ""C:\Users\mohamed khaled\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED" ["BitTorrent Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Wondershare Helper Compact.exe" = "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" ["Wondershare"]
"TkBellExe" = ""C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot" ["RealNetworks, Inc."]
"PWRISOVM.EXE" = "C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup" ["Power Software Ltd"]
"BCSSync" = ""C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices" [MS]
"vmware-tray.exe" = ""D:\vmware\vmware-tray.exe"" ["VMware, Inc."]
"FileTransferForMobileGo" = "C:\Program Files\Wondershare\MobileGo for Android\FileTransfer.exe" [null data]
"Adobe ARM" = ""C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"" ["Adobe Systems Incorporated"]
"Avira Systray" = "C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [null data]
"avgnt" = ""C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min" ["Avira Operations GmbH & Co. KG"]
"AVP" = ""C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"" ["Kaspersky Lab ZAO"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{0055C089-8582-441B-A0BF-17B458C2A3A8}\(Default) = "IDM Helper"
-> {HKLM...CLSID} = "IDM integration (IDMIEHlprObj Class)"
\InProcServer32\(Default) = "C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll" ["Internet Download Manager, Tonec Inc."]

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub"
-> {HKLM...CLSID} = "Adobe PDF Link Helper"
\InProcServer32\(Default) = "C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"]

{3049C3E9-B461-4BC5-8870-4C09146192CA}\(Default) = (no title provided)
-> {HKLM...CLSID} = "RealPlayer Download and Record Plugin for Internet Explorer"
\InProcServer32\(Default) = "C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll" ["RealPlayer"]

{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}\(Default) = "ContentBlockerBrowserHelperObject"
-> {HKLM...CLSID} = "Content Blocker Plugin"
\InProcServer32\(Default) = "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll" ["Kaspersky Lab ZAO"]

{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Groove GFS Browser Helper"
\InProcServer32\(Default) = "C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL" [MS]

{73455575-E40C-433C-9784-C78DC7761455}\(Default) = "VirtualKeyboardBrowserHelperObject"
-> {HKLM...CLSID} = "Virtual Keyboard Plugin"
\InProcServer32\(Default) = "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll" ["Kaspersky Lab ZAO"]

{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}\(Default) = "Safe Money Plugin"
-> {HKLM...CLSID} = "Safe Money Plugin"
\InProcServer32\(Default) = "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll" ["Kaspersky Lab ZAO"]

{B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = "URLRedirectionBHO"
-> {HKLM...CLSID} = "Office Document Cache Handler"
\InProcServer32\(Default) = "C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL" [MS]

{E33CF602-D945-461A-83F0-819F76A199F8}\(Default) = "link filter bho"
-> {HKLM...CLSID} = "URL Advisor Plugin"
\InProcServer32\(Default) = "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll" ["Kaspersky Lab ZAO"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = "{99FD978C-D287-4F50-827F-B2C658EDA8E7}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
\InProcServer32\(Default) = "C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL" [MS]

Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = "{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"
\InProcServer32\(Default) = "C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL" [MS]

Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = "{920E6DB1-9907-4370-B3A0-BAFC03D81399}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
\InProcServer32\(Default) = "C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL" [MS]

Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = "{16F3DD56-1AF5-4347-846D-7C10C4192619}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"
\InProcServer32\(Default) = "C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL" [MS]

Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = "{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
\InProcServer32\(Default) = "C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files (x86)\Microsoft Office\Office14\msohevi.dll" [MS]

"{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D}" = "Groove Namespace Extension"
-> {HKLM...CLSID} = "Workspaces"
\InProcServer32\(Default) = "C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL" [MS]

"{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}" = "Microsoft OneNote Namespace Extension for Windows Desktop Search"
-> {HKLM...CLSID} = "Microsoft OneNote Namespace Extension for Windows Desktop Search"
\InProcServer32\(Default) = "C:\Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL" [MS]

"{506F4668-F13E-4AA1-BB04-B43203AB3CC0}" = "{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"
-> {HKLM...CLSID} = "ImageExtractorShellExt Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL" [MS]

"{D66DC78C-4F61-447F-942B-3FB6980118CF}" = "{D66DC78C-4F61-447F-942B-3FB6980118CF}"
-> {HKLM...CLSID} = "CInfoTipShellExt Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL" [MS]

"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper"
-> {HKLM...CLSID} = "Groove GFS Browser Helper"
\InProcServer32\(Default) = "C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL" [MS]

"{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL" [MS]

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar"
-> {HKLM...CLSID} = "Groove Folder Synchronization"
\InProcServer32\(Default) = "C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL" [MS]

"{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"
\InProcServer32\(Default) = "C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL" [MS]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL" [MS]

"{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler"
-> {HKLM...CLSID} = "Groove GFS Stub Icon Handler"
\InProcServer32\(Default) = "C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL" [MS]

"{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"
\InProcServer32\(Default) = "C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL" [MS]

"{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
\InProcServer32\(Default) = "C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL" [MS]

"{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
\InProcServer32\(Default) = "C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL" [MS]

"{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
\InProcServer32\(Default) = "C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL" [MS]

"{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler"
-> {HKLM...CLSID} = "Groove XML Icon Handler"
\InProcServer32\(Default) = "C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL" [MS]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Outlook"
\InProcServer32\(Default) = "C:\PROGRA~2\MICROS~1\Office14\MLSHEXT.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL" [MS]

"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files (x86)\WinRAR\rarext.dll" [null data]

"{CF74B903-3389-469c-B3B6-0204D204FCBD}" = "SnagIt Shell Extension"
-> {HKLM...CLSID} = "SnagItShellExt Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\TechSmith\Snagit 11\SnagitShellExt.dll" ["TechSmith Corporation"]

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]

"{dd230880-495a-11d1-b064-008048ec2fc5}" = "Scan with Kaspersky Anti-Virus"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\shellex.dll" ["Kaspersky Lab ZAO"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL" [MS]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
<<!>> "Userinit" = "userinit.exe," [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\

{503739d0-4c5e-4cfd-b3ba-d881334f0df2}\(Default) = "VaultCredProvider"
-> {HKLM...CLSID} = "VaultCredProvider"
\InProcServer32\(Default) = "C:\Windows\System32\VaultCredProvider.dll" [file not found]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> deflate\CLSID = "{8f6b0360-b80d-11d0-a9b3-006097942311}"
-> {HKLM...CLSID} = "AP encoding/decoding Filters"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\urlmon.dll" [MS]

<<!>> gzip\CLSID = "{8f6b0360-b80d-11d0-a9b3-006097942311}"
-> {HKLM...CLSID} = "AP encoding/decoding Filters"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\urlmon.dll" [MS]

<<!>> text/xml\CLSID = "{807573E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

<<!>> about\CLSID = "{3050F406-98B5-11CF-BB82-00AA00BDCE0B}"
-> {HKLM...CLSID} = "Microsoft HTML About Pluggable Protocol"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\mshtml.dll" [MS]

<<!>> cdl\CLSID = "{3dd53d40-7b8b-11D0-b013-00aa0059ce02}"
-> {HKLM...CLSID} = "CDL: Asychronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\urlmon.dll" [MS]

<<!>> dvd\CLSID = "{12D51199-0DB5-46FE-A120-47A3D7D937CC}"
-> {HKLM...CLSID} = "DVD: Pluggable Protocol"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\msvidctl.dll" [MS]

<<!>> file\CLSID = "{79eac9e7-baf9-11ce-8c82-00aa004ba90b}"
-> {HKLM...CLSID} = "file:, local: Asychronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\urlmon.dll" [MS]

<<!>> ftp\CLSID = "{79eac9e3-baf9-11ce-8c82-00aa004ba90b}"
-> {HKLM...CLSID} = "ftp: Asychronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\urlmon.dll" [MS]

<<!>> gopher\CLSID = "{79eac9e4-baf9-11ce-8c82-00aa004ba90b}"
-> {HKLM...CLSID} = "gopher: Asychronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\Windows\syswow64\urlmon.dll" [MS]

<<!>> http\CLSID = "{79eac9e2-baf9-11ce-8c82-00aa004ba90b}"
-> {HKLM...CLSID} = "http: Asychronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\urlmon.dll" [MS]

<<!>> https\CLSID = "{79eac9e5-baf9-11ce-8c82-00aa004ba90b}"
-> {HKLM...CLSID} = "https: Asychronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\urlmon.dll" [MS]

<<!>> javascript\CLSID = "{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}"
-> {HKLM...CLSID} = "Microsoft HTML Javascript Pluggable Protocol"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\mshtml.dll" [MS]

<<!>> local\CLSID = "{79eac9e7-baf9-11ce-8c82-00aa004ba90b}"
-> {HKLM...CLSID} = "file:, local: Asychronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\urlmon.dll" [MS]

<<!>> mailto\CLSID = "{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}"
-> {HKLM...CLSID} = "Microsoft HTML Mailto Pluggable Protocol"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\mshtml.dll" [MS]

<<!>> mk\CLSID = "{79eac9e6-baf9-11ce-8c82-00aa004ba90b}"
-> {HKLM...CLSID} = "mk: Asychronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\urlmon.dll" [MS]

<<!>> ms-help\CLSID = "{314111c7-a502-11d2-bbca-00c04f8ec294}"
-> {HKLM...CLSID} = "HxProtocol Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll" [MS]

<<!>> res\CLSID = "{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}"
-> {HKLM...CLSID} = "Microsoft HTML Resource Pluggable Protocol"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\mshtml.dll" [MS]

<<!>> tv\CLSID = "{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}"
-> {HKLM...CLSID} = "TV: Pluggable Protocol"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\msvidctl.dll" [MS]

<<!>> vbscript\CLSID = "{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}"
-> {HKLM...CLSID} = "Microsoft HTML Javascript Pluggable Protocol"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\mshtml.dll" [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\shellex.dll" ["Kaspersky Lab ZAO"]

SnagItMainShellExt\(Default) = "{CF74B903-3389-469c-B3B6-0204D204FCBD}"
-> {HKLM...CLSID} = "SnagItShellExt Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\TechSmith\Snagit 11\SnagitShellExt.dll" ["TechSmith Corporation"]

WinRAR32\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files (x86)\WinRAR\rarext.dll" [null data]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL" [MS]

{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}\(Default) = (no title provided)
-> {HKLM...CLSID} = "NBShellHook Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBShell.dll" ["Nero AG"]

HKLM\SOFTWARE\Classes\*\shellex\DragDropHandlers\

NBShellHook\(Default) = "{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}"
-> {HKLM...CLSID} = "NBShellHook Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBShell.dll" ["Nero AG"]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL" [MS]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\shellex.dll" ["Kaspersky Lab ZAO"]

SnagItMainShellExt\(Default) = "{CF74B903-3389-469c-B3B6-0204D204FCBD}"
-> {HKLM...CLSID} = "SnagItShellExt Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\TechSmith\Snagit 11\SnagitShellExt.dll" ["TechSmith Corporation"]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL" [MS]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\shellex.dll" ["Kaspersky Lab ZAO"]

WinRAR32\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files (x86)\WinRAR\rarext.dll" [null data]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL" [MS]

{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}\(Default) = (no title provided)
-> {HKLM...CLSID} = "NBShellHook Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBShell.dll" ["Nero AG"]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

NBShellHook\(Default) = "{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}"
-> {HKLM...CLSID} = "NBShellHook Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBShell.dll" ["Nero AG"]

WinRAR32\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files (x86)\WinRAR\rarext.dll" [null data]


Default executables:
--------------------

HKLM\SOFTWARE\Classes\.hta\(Default) = "htafile"
<<!>> HKLM\SOFTWARE\Classes\htafile\shell\open\command\(Default) = "C:\Windows\SysWOW64\mshta.exe "%1" %*" [MS]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoActiveDesktop" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoActiveDesktopChanges" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"ForceActiveDesktopOn" = (REG_DWORD) dword:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Users\mohamed khaled\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg"


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

MPCPlayBluRayOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayBlurayMovie"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayBlurayMovie\command\(Default) = ""C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %L\BDMV\INDEX.BDMV" ["MPC-HC Team"]

MPCPlayCDAudioOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayCDAudio"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 /cd" ["MPC-HC Team"]

MPCPlayDVDMovieOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayDVDMovie"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 /dvd" ["MPC-HC Team"]

MPCPlayMusicFilesOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayMusicFiles"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1" ["MPC-HC Team"]

MPCPlayVideoFilesOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayVideoFiles"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1" ["MPC-HC Team"]

NeroAutoPlay7CDAudio\
"Provider" = "Nero Express Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "CDAudio_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero 7\Core\nero.exe -w /New:AudioCD" ["Nero AG"]

NeroAutoPlay7CopyCD\
"Provider" = "Nero Express Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero 7\Core\nero.exe -w /New:DiscCopy" ["Nero AG"]

NeroAutoPlay7DataDisc\
"Provider" = "Nero Express Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "DataDisc_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero 7\Core\nero.exe -w /New:ISODisc" ["Nero AG"]

NeroAutoPlay7LaunchNeroStartSmart\
"Provider" = "Nero StartSmart Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"]

NeroAutoPlay7PlayAudioCD\
"Provider" = "Nero ShowTime Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "PlayAudioCD_PlayMusicFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]

NeroAutoPlay7PlayDVD\
"Provider" = "Nero ShowTime Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "PlayDVD_PlayVideoFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]

NeroAutoPlay7VideoCapture\
"Provider" = "Nero Vision Essentials SE"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = ""C:\Program Files (x86)\Nero\Nero 7\Nero Vision\NeroVision.exe" /New:VideoCapture"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "Shell Execute Hardware Event Handler"
\LocalServer32\(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

NeroAutoPlay7ViewPhotos\
"Provider" = "Nero PhotoSnap Viewer Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "ViewPhotos_ShowPicturesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = "C:\Program Files (x86)\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe /" ["Nero AG"]

RPCDBurningOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.CDBurn.6"
"InvokeVerb" = "open"
HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = ""C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe" /burn "%1"" ["RealNetworks, Inc."]

RPDeviceOnArrival\
"Provider" = "RealPlayer"
"ProgID" = "RealPlayer.HWEventHandler"
HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = "{67E76F1D-BDE2-4052-913C-2752366192D2}"
-> {HKLM...CLSID} = "RealNetworks Scheduler"
\LocalServer32\(Default) = ""C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -autoplay" ["RealNetworks, Inc."]

RPDVDBurningOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.DVDBurn.6"
"InvokeVerb" = "open"
HKCU\Software\Classes\RealPlayer.DVDBurn.6\shell\open\command\(Default) = ""C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe" /burndvd "%1"" ["RealNetworks, Inc."]

RPPlayCDAudioOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.AudioCD.6"
"InvokeVerb" = "play"
HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = ""C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe" /play %1 " ["RealNetworks, Inc."]

RPPlayDVDMovieOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.DVD.6"
"InvokeVerb" = "play"
HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = ""C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe" /dvd %1 " ["RealNetworks, Inc."]

RPPlayMediaOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.AutoPlay.6"
"InvokeVerb" = "open"
HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = ""C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe" /autoplay "%1"" ["RealNetworks, Inc."]

VLCPlayCDAudioOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.CDAudio"
"InvokeVerb" = "Open"
HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\Open\command\(Default) = ""C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file cdda:///%1" ["VideoLAN"]

VLCPlayDVDAudioOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.OPENFolder"
"InvokeVerb" = "Open"
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = ""C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1" ["VideoLAN"]

VLCPlayDVDMovieOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.DVDMovie"
"InvokeVerb" = "Open"
HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\Open\command\(Default) = ""C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file dvd:///%1" ["VideoLAN"]

VLCPlayMusicFilesOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.OPENFolder"
"InvokeVerb" = "Open"
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = ""C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1" ["VideoLAN"]

VLCPlaySVCDMovieOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.SVCDMovie"
"InvokeVerb" = "Open"
HKLM\SOFTWARE\Classes\VLC.SVCDMovie\shell\Open\command\(Default) = ""C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1" ["VideoLAN"]

VLCPlayVCDMovieOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.VCDMovie"
"InvokeVerb" = "Open"
HKLM\SOFTWARE\Classes\VLC.VCDMovie\shell\Open\command\(Default) = ""C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1" ["VideoLAN"]

VLCPlayVideoFilesOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.OPENFolder"
"InvokeVerb" = "Open"
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = ""C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1" ["VideoLAN"]


Startup items in "mohamed khaled" & "All Users" startup folders:
----------------------------------------------------------------

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
"MobileGo Service" -> shortcut to: "C:\Program Files\Wondershare\MobileGo for Android\MobileGoService.exe" [null data]
"Snagit 11" -> shortcut to: "C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe" ["TechSmith Corporation"]


Windows Sidebar Gadgets:
------------------------

C:\Users\mohamed khaled\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
"C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CClock.Gadget"
"C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CCalendar.Gadget"
"C:%5CProgram%20Files%5CWindows%20Sidebar%5CShared%20Gadgets%5CKaspersky13.Gadget"


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]
000000000005\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000006\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000007\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 11
%windir%\system32\vsocklib.dll ["VMware, Inc."], 12 - 13


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{0C4CC089-D306-440D-9772-464E226F6539}\
"ButtonText" = "Virtual Keyboard"
"CLSIDExtension" = "{0BA14598-4178-4CE5-B1F1-B5C6408A3F2E}"
-> {HKLM...CLSID} = "VirtualKeyboardToolbarButtonHandler Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll" ["Kaspersky Lab ZAO"]

{CCF151D8-D089-449F-A5A4-D9909053F20F}\
"ButtonText" = "URLs check"
"CLSIDExtension" = "{CCF151D8-D089-449F-A5A4-D9909053F20F}"
-> {HKLM...CLSID} = "FilterButtonHandler Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll" ["Kaspersky Lab ZAO"]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Adobe Acrobat Update Service, AdobeARMservice, ""C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"" ["Adobe Systems Incorporated"]
Application Experience, AeLookupSvc, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\System32\aelupsvc.dll" [file not found]}
Application Information, Appinfo, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\System32\appinfo.dll" [file not found]}
Avira Real-Time Protection, AntiVirService, ""C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"" ["Avira Operations GmbH & Co. KG"]
Avira Scheduler, AntiVirSchedulerService, ""C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe"" ["Avira Operations GmbH & Co. KG"]
Background Intelligent Transfer Service, BITS, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\qmgr.dll" [file not found]}
Base Filtering Engine, BFE, "C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork" {"C:\Windows\System32\bfe.dll" [file not found]}
Bluetooth Support Service, bthserv, "C:\Windows\system32\svchost.exe -k bthsvcs" {"C:\Windows\system32\bthserv.dll" [file not found]}
CNG Key Isolation, KeyIso, "C:\Windows\system32\lsass.exe" [file not found]
Computer Browser, Browser, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\browser.dll" [file not found]}
DCOM Server Process Launcher, DcomLaunch, "C:\Windows\system32\svchost.exe -k DcomLaunch" {"C:\Windows\system32\rpcss.dll" [file not found]}
Desktop Window Manager Session Manager, UxSms, "C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\uxsms.dll" [file not found]}
Diagnostic Policy Service, DPS, "C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork" {"C:\Windows\system32\dps.dll" [file not found]}
Distributed Link Tracking Client, TrkWks, "C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\trkwks.dll" [file not found]}
DNS Client, Dnscache, "C:\Windows\system32\svchost.exe -k NetworkService" {"C:\Windows\System32\dnsrslvr.dll" [file not found]}
Extensible Authentication Protocol, EapHost, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\eapsvc.dll" [file not found]}
Function Discovery Provider Host, fdPHost, "C:\Windows\system32\svchost.exe -k LocalService" {"C:\Windows\system32\fdPHost.dll" [file not found]}
Function Discovery Resource Publication, FDResPub, "C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation" {"C:\Windows\system32\fdrespub.dll" [file not found]}
Group Policy Client, gpsvc, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\System32\gpsvc.dll" [file not found]}
HomeGroup Listener, HomeGroupListener, "C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\system32\ListSvc.dll" [file not found]}
IKE and AuthIP IPsec Keying Modules, IKEEXT, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\System32\ikeext.dll" [file not found]}
IP Helper, iphlpsvc, "C:\Windows\System32\svchost.exe -k NetSvcs" {"C:\Windows\System32\iphlpsvc.dll" [file not found]}
IPsec Policy Agent, PolicyAgent, "C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted" {"C:\Windows\System32\ipsecsvc.dll" [file not found]}
Kaspersky Anti-Virus Service, AVP, ""C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" -r" ["Kaspersky Lab ZAO"]
MBAMScheduler, MBAMScheduler, ""C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"" ["Malwarebytes Corporation"]
MBAMService, MBAMService, ""C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"" ["Malwarebytes Corporation"]
Multimedia Class Scheduler, MMCSS, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\system32\mmcss.dll" [file not found]}
Network Connections, Netman, "C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\netman.dll" [file not found]}
Network Location Awareness, NlaSvc, "C:\Windows\System32\svchost.exe -k NetworkService" {"C:\Windows\System32\nlasvc.dll" [file not found]}
Network Store Interface Service, nsi, "C:\Windows\system32\svchost.exe -k LocalService" {"C:\Windows\system32\nsisvc.dll" [file not found]}
NMIndexingService, NMIndexingService, ""C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe"" ["Nero AG"]
Offline Files, CscService, "C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\cscsvc.dll" [file not found]}
Peer Name Resolution Protocol, PNRPsvc, "C:\Windows\System32\svchost.exe -k LocalServicePeerNet" {"C:\Windows\system32\pnrpsvc.dll" [file not found]}
Peer Networking Grouping, p2psvc, "C:\Windows\System32\svchost.exe -k LocalServicePeerNet" {"C:\Windows\system32\p2psvc.dll" [file not found]}
Peer Networking Identity Manager, p2pimsvc, "C:\Windows\System32\svchost.exe -k LocalServicePeerNet" {"C:\Windows\system32\pnrpsvc.dll" [file not found]}
Plug and Play, PlugPlay, "C:\Windows\system32\svchost.exe -k DcomLaunch" {"C:\Windows\system32\umpnpmgr.dll" [file not found]}
Portable Device Enumerator Service, WPDBusEnum, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\system32\wpdbusenum.dll" [file not found]}
Power, Power, "C:\Windows\system32\svchost.exe -k DcomLaunch" {"C:\Windows\system32\umpo.dll" [file not found]}
Print Spooler, Spooler, "C:\Windows\System32\spoolsv.exe" [file not found]
Program Compatibility Assistant Service, PcaSvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\pcasvc.dll" [file not found]}
Remote Procedure Call (RPC), RpcSs, "C:\Windows\system32\svchost.exe -k rpcss" {"C:\Windows\system32\rpcss.dll" [file not found]}
RPC Endpoint Mapper, RpcEptMapper, "C:\Windows\system32\svchost.exe -k RPCSS" {"C:\Windows\System32\RpcEpMap.dll" [file not found]}
Security Accounts Manager, SamSs, "C:\Windows\system32\lsass.exe" [file not found]
Security Center, wscsvc, "C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted" {"C:\Windows\System32\wscsvc.dll" [file not found]}
Server, LanmanServer, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\system32\srvsvc.dll" [file not found]}
SSDP Discovery, SSDPSRV, "C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation" {"C:\Windows\System32\ssdpsrv.dll" [file not found]}
Superfetch, SysMain, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\system32\sysmain.dll" [file not found]}
Task Scheduler, Schedule, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\system32\schedsvc.dll" [file not found]}
TCP/IP NetBIOS Helper, lmhosts, "C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted" {"C:\Windows\System32\lmhsvc.dll" [file not found]}
Themes, Themes, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\system32\themeservice.dll" [file not found]}
User Profile Service, ProfSvc, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\system32\profsvc.dll" [file not found]}
VMware Authorization Service, VMAuthdService, "D:\vmware\vmware-authd.exe" ["VMware, Inc."]
VMware DHCP Service, VMnetDHCP, "C:\Windows\system32\vmnetdhcp.exe" [** WMI GetObject error **]
VMware NAT Service, VMware NAT Service, "C:\Windows\system32\vmnat.exe" [** WMI GetObject error **]
VMware USB Arbitration Service, VMUSBArbService, ""C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe"" ["VMware, Inc."]
VMware Workstation Server, VMwareHostd, "D:\vmware\vmware-hostd.exe -u "C:\ProgramData\VMware\hostd\config.xml"" [null data]
Windows Audio, AudioSrv, "C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted" {"C:\Windows\System32\Audiosrv.dll" [file not found]}
Windows Audio Endpoint Builder, AudioEndpointBuilder, "C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\Audiosrv.dll" [file not found]}
Windows Driver Foundation - User-mode Driver Framework, wudfsvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\WUDFSvc.dll" [file not found]}
Windows Event Log, eventlog, "C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted" {"C:\Windows\System32\wevtsvc.dll" [file not found]}
Windows Firewall, MpsSvc, "C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork" {"C:\Windows\system32\mpssvc.dll" [file not found]}
Windows Font Cache Service, FontCache, "C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation" {"C:\Windows\system32\FntCache.dll" [file not found]}
Windows Image Acquisition (WIA), stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [file not found]}
Windows Management Instrumentation, Winmgmt, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\system32\wbem\WMIsvc.dll" [file not found]}
Windows Update, wuauserv, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\system32\wuaueng.dll" [file not found]}
WLAN AutoConfig, Wlansvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\wlansvc.dll" [file not found]}
Workstation, LanmanWorkstation, "C:\Windows\System32\svchost.exe -k NetworkService" {"C:\Windows\System32\wkssvc.dll" [file not found]}


Keyboard Driver Filters:
------------------------

HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\
<<!>> "UpperFilters" = <<!>> "klkbdflt" [file not found],<<!>> "kbdclass" [file not found]


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Local Port\Driver = "localspl.dll" [file not found]
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [file not found]
Standard TCP/IP Port\Driver = "tcpmon.dll" [file not found]
USB Monitor\Driver = "usbmon.dll" [file not found]
WSD Port\Driver = "WSDMon.dll" [file not found]


---------- (launch time: 2014-11-03 19:20:05)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 91 seconds, including 4 seconds for message boxes)
 
توقيع : محمد خالد جمال
وعليكم السلام ورحمة الله

اولاً اخى .. الافضل تثبيت ويندوز بنواة 32 >> الرام لديك 3 جيجا فقط
ثانياً ... بالنسبة لتقرير الهايجاك لا مشاكل سوى وجود برنامجين حماية >> اعلم ان الافيراً فحص عند الطلب لكن ربما يسبب ثقل خصوصاً مع الكاسبر
ثالثاً ... بخصوص الرسالة التى تظهر >> جرب تعطل خيارات الساتا من البيوس وجرب من جديد
 
توقيع : White Man
حاضر هثبت نسخه جديده بس ازاي انفذ الخطوة رقم 3 و اعطل خيارات الساتا من البيوس ؟

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

 
توقيع : محمد خالد جمال

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

حسب نوع البوردة لديك اخى ..
ابجث عن احد الخيارات التالية وقم بتبديلها

AHCI >> IDE/ATA
ENHANCED >> ATA
SATA NATIVE SUPPORT >> DISABLE
SATA MODE >> DISABLE
 
توقيع : White Man
من واقع الصورة انت لديك الرامة لديك 3 جيجا

هل هي رامتين 2 جيجا + 1 جيجا وهل هما متوافقين ونفس الجيجا هيرتز
 
توقيع : الهمشري

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


لا يا اخي هو لاب توب و راماته 3 جيجا من ساعة ما اشتريته من الشركه من سنوات
 
توقيع : محمد خالد جمال
GMxMjx.png
.

XbdnJl.png
SaStDR.png
0KRdL3.png
ENeojp.png


هذه يا اخي صور البيوس صورتها بالموبيل اغير ايه بالظبط

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

 
توقيع : محمد خالد جمال
vIilpM.png


و هذه صورة اللي يظهرلي اول ما اعمل بوت من اسطوانه سواء ويندوز او اي شيء
 
توقيع : محمد خالد جمال
يمكنك التوجهة الي البيوس وقم بتعطيل خاص الساتا واجعلها Disable
 
توقيع : الهمشري

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


اسمه ايه الخيار بالظبط انا مصور البيوس كلها فوق
 
توقيع : محمد خالد جمال
اذهب الي البيوس

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

جاري الشرح اخي من فضلك انتظر
 
توقيع : الهمشري
اذهب الي البيوس

1 (1)-inpainted.webp


لاحض خاصية الساتا AHCI مفعلة وعليك تعطيلها

1 (2)-inpainted-inpainted.webp


إجعلها IDE

1 (3)-inpainted-inpainted.webp


وقد تجد في نفس نوع البيوس شكل أخر
إختار serial ata ide controller
وجعلها desabled

1-inpainted.webp


كليك على F10 ثم على OK لحفض الاعدادات في كلتا الحالتين

partition_xp_15.webp


 
توقيع : الهمشري
جزاك الله كل خير اخي و انا طالب في طب زي ما ساعدتني هنا اي استشارات انا موجود :D :D الفورمات شغال اول ما يخلص هبلغك

في ميزان حسناتك :)))
 
توقيع : محمد خالد جمال

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


وانا فعلا سأحتاج منك استشارة طبية ولكن فيما بعد وسيكون علي الخاص

وربنا يوفقك في دراستك

هل تريد شيء اخر

وطبعا اخي الغالي عمر كان لة سبب في حل مشكلتك
 
توقيع : الهمشري
علي العموم لن يغلق الموضوع حتي تثبت النسخة

وجهازك يمكنة التعامل مع أي نظام تحب سواء 32 بت أو 64 بت
 
توقيع : الهمشري
تم تثبيت النسخه جزاكم الله كل خير :)
 
توقيع : محمد خالد جمال
تم
 
توقيع : الهمشري
الحالة
مغلق و غير مفتوح للمزيد من الردود.
عودة
أعلى