طلب جهازي ثقيل بعد تحميل الكاسبر 2015

Um Bandar · 6 ديسمبر 2014

لاحظت جهازي صار ثقيل جدا بعد تحميل الكاسبر انترنت كسيورتي 2015

علما باني لا اعدل في الإعدادات اخاف رفض برامج ابيها علما باني لما شغلته جتني اشارة بالأحمر بان الجهاز المصاب

أرجوكم أبي اثنين

الأول : تدلوني على الأعدادات الافتراضية للكاسبر حتى لا يمنع البرامج او المتصفحات عن العمل ..
حتى لما افتح الووورد ثقيل وما يفتح ..

ثانيا : جهازي من أول مصاب مع اني مفرمته لان الهاردسيك انخرب وما ادري السبب اختراق او ايش

وباعطيكم تقارير جهازي .. اولها الهايجيك

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 06:38:25 م, on 06/12/14
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Activ Software\ActivDriver\ActivMgr.exe
C:\Program Files\SMART Technologies\Education Software\SMARTBoardTools.exe
C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe
C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe
C:\Program Files\SMART Technologies\Education Software\DesktopMenu.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\SMART Technologies\Education Software\sbsdk-server\SBWDKService.exe
C:\Program Files\Activ Software\ActivDriver\FlashExtension\flashbridge-wrapper-crossplatform.exe
C:\Windows\system32\conhost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SMART Technologies\Education Software\Office\SMARTInk-SBSDKProxy.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\SMART Technologies\Education Software\ResponseConnectorService.exe
C:\Windows\system32\conhost.exe
C:\Program Files\SMART Technologies\Education Software\ResponseSoftwareService.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\plugin-nm-server.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Zyzoom_Forum_Tools\zyzoom.exe
C:\Zyzoom_Forum_Tools\zHijak.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\Education Software\Win32\NotebookPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: VirtualKeyboardBrowserHelperObject - {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Safe Money Plugin - {E3D96E85-529D-4269-AC6A-97CF9E2221E3} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [ActivManager] C:\Program Files\Activ Software\ActivDriver\ActivMgr.exe
O4 - HKLM\..\Run: [SMART Board Tools] "C:\Program Files\SMART Technologies\Education Software\SMARTBoardTools.exe"
O4 - HKLM\..\Run: [sbsdk-server] "C:\Program Files\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe"
O4 - HKLM\..\Run: [SMART Board Service] "C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe" -d
O4 - HKLM\..\Run: [SMART Ink] "C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe" -a
O4 - HKLM\..\Run: [Response Desktop Menu] "C:\Program Files\SMART Technologies\Education Software\DesktopMenu.exe"
O4 - HKLM\..\Run: [ResponseConnectorService] "C:\Program Files\SMART Technologies\Education Software\response-connector-server\NodeLauncher.exe"
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: ActivSDK Flash Extension.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: إر&سال إلى OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: إرسال إلى &جهاز Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: إرسال إلى Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: Virtual Keyboard - {09A10376-994C-4BBF-9121-F50CF7BA237E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ملاحظات OneNote الم&رتبطة - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: ملاحظات OneNote الم&رتبطة - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs:
O23 - Service: ActivControl - Promethean - C:\Program Files\Activ Software\ActivDriver\ActivControlsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service 15.0.1 (AVP15.0.1) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FlexNet Licensing Service - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
O23 - Service: خدمة Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: خدمة Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP LaserJet Professional M1210 MFP Series Receive Fax Service (HPM1210RcvFaxSrvc) - HP - C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
O23 - Service: HP SI Service (HPSIService) - HP - C:\Windows\system32\HPSIsvc.exe
O23 - Service: خدمة iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: خدمة Maxiget Update (mglupdate) (mglupdate) - Maxiget Ltd. - C:\Program Files\Maxiget\Updater\MaxigetUpdater.exe
O23 - Service: خدمة Maxiget Update (mglupdatem) (mglupdatem) - Maxiget Ltd. - C:\Program Files\Maxiget\Updater\MaxigetUpdater.exe
O23 - Service: Response Hardware - SMART Technologies ULC - C:\Program Files\SMART Technologies\Education Software\ResponseHardwareService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SMART Helper Service (SMARTHelperService) - SMART Technologies - C:\Program Files\SMART Technologies\Education Software\SMARTHelperService.exe

--
End of file - 12112 bytes

Mr.AzOz · 6 ديسمبر 2014

اخي معروف الكاسبر بثقله ..
وبما انك قلت لم تعدل بالاعدادات منذ تثبيت البرنامج ..
فالبرنامج يستخدم الاعدادات الافتراضيه ..

وتقرير الهايجاك نظيف :]

Um Bandar · 6 ديسمبر 2014

وهذا الرن سكنر

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Um Bandar · 6 ديسمبر 2014

طيب ممكن إعدادات الكاسبر اعرف ان الافتراضية لازم تعديلها

وترى من اول جهازي فيه اصابة اخاف مخترق لان برنامج الحماية اللي قبله وقف عن العمل رحت حذفته ورجعت الكاسبر

Um Bandar · 6 ديسمبر 2014

وهذا البرامج المثبتة:

====== معلومات نظام التشغيل ======

X86 WIN_7 7600

====== قائمة البرامج المثبتة ======

32 Bit HP CIO Components Installer
ActivDriver x86 v5.9
ActivInspire Core Resources (ARA) v1
ActivInspire Help (ARA) v1
ActivInspire HWR Resources (ARA) v1
ActivInspire v1
Adobe Flash Player 15 ActiveX
Adobe Flash Player 15 Plugin
Adobe Photoshop CS
Adobe Reader 9.1 - Arabic
Adobe Shockwave Player 11.5
Allgemeine Runtime Files (x86)
Apple Mobile Device Support
Apple Software Update
Bonjour
BufferChm
Copy
Destinations
DeviceDiscovery
DirectX 9.0c Extra Files (x86)
DJ_AIO_06_F2400_SW_Min
F2400
GOM Player
Google Chrome
Google Update Helper
GPBaseService2
HP Customer Participation Program 13.0
HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
HP Imaging Device Functions 13.0
HP LaserJet Professional M1130-M1210 MFP Series
HP LaserJet Professional M1210 MFP Series Fax Installer
HP Print Projects 1.0
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPPhotoGadget
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
iTunes
Java 7 Update 7
Java Auto Updater
Kaspersky Internet Security
Kaspersky Internet Security
K-Lite Mega Codec Pack 10.8.0
LameACM
MarketResearch
MaxiGet Download Manager
Microsoft .NET Framework 1.1 German Language Pack
Microsoft .NET Framework 1.1 SP1 + KB928366
Microsoft .NET Framework 1.1 SP1 + KB928366
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended
Microsoft Office Access MUI (Arabic) 2010
Microsoft Office Excel MUI (Arabic) 2010
Microsoft Office Groove MUI (Arabic) 2010
Microsoft Office InfoPath MUI (Arabic) 2010
Microsoft Office OneNote MUI (Arabic) 2010
Microsoft Office Outlook MUI (Arabic) 2010
Microsoft Office PowerPoint MUI (Arabic) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (Arabic) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proofing (Arabic) 2010
Microsoft Office Publisher MUI (Arabic) 2010
Microsoft Office Shared MUI (Arabic) 2010
Microsoft Office Word MUI (Arabic) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
MSVCRT Redists
MSVCRT Redists
MSVCRT Redists
Nero 7 Lite 7.7.5.1
PowerDVD
QuickTime 7
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Scan
Scan To
Shop for HP Supplies
Skype Click to Call
Skype™ 6.18
SMART Arabic Language Pack
SMART Common Files
SMART Ink
SMART Notebook
SMART Product Drivers
SmartWebPrinting
SolutionCenter
Status
Swiff Player 1.1
SWiSH Max2
SWiSH Max4
SWiSHmax
Toolbox
TrayApp
Vegas Pro 10.0
VideoLAN VLC media player 0.8.6b
WebReg
أرشيف وينرار
برنامج SMART Response
برنامج WIDCOMM Bluetooth
دعم تطبيق Apple

Mr.AzOz · 6 ديسمبر 2014

قم بتحميل البرنامج من الموضوع هذا ..

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وعطني صوره مثل هذي ..

Um Bandar · 6 ديسمبر 2014

هذه هي البرامج
على هذا الرابط الحمد لله مافي لون احمر

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ثانيا هذه الصورة ليه تطلع لي لما افتح الأوفيس ..مع اني عندي سيريال

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Um Bandar · 6 ديسمبر 2014

====== سجل أخطاء النظام ======

Computer Name: 37L4247D28-05
Event Code: 7036
Message: ‏‏دخلت الخدمة Diagnostic Policy Service في حالة stopped.
Record Number: 5
Source Name: Service Control Manager
Time Written: 20090714045645.074339-000
Event Type: معلومات
User:

Computer Name: 37L4247D28-05
Event Code: 6005
Message: The Event log service was started.
Record Number: 4
Source Name: EventLog
Time Written: 20141025164811.000000-000
Event Type: معلومات
User:

Computer Name: 37L4247D28-05
Event Code: 6009
Message: Microsoft (R) Windows (R) 6.01. 7600 Multiprocessor Free.
Record Number: 3
Source Name: EventLog
Time Written: 20141025164811.000000-000
Event Type: معلومات
User:

Computer Name: 37L4247D28-05
Event Code: 6011
Message: The NetBIOS name and DNS host name of this machine have been changed from 37L4247D28-05 to WIN-O73G37MJ4HS.
Record Number: 2
Source Name: EventLog
Time Written: 20141025164811.000000-000
Event Type: معلومات
User:

Computer Name: 37L4247D28-05
Event Code: 7036
Message: ‏‏دخلت الخدمة Microsoft Software Shadow Copy Provider في حالة stopped.
Record Number: 1
Source Name: Service Control Manager
Time Written: 20090714045645.074339-000
Event Type: معلومات
User:

===== سجل أخطاء البرامج =====

Computer Name: 37L4247D28-05
Event Code: 412
Message: Catalog Database (1092) Catalog Database: Unable to read the header of logfile C:\Windows\system32\CatRoot2\edb.log. Error -546.
Record Number: 5
Source Name: ESENT
Time Written: 20141025164824.000000-000
Event Type: خطأ
User:

Computer Name: 37L4247D28-05
Event Code: 5617
Message: Windows Management Instrumentation Service subsystems initialized successfully
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20141025164822.000000-000
Event Type: معلومات
User:

Computer Name: 37L4247D28-05
Event Code: 5615
Message: Windows Management Instrumentation Service started sucessfully
Record Number: 3
Source Name: Microsoft-Windows-WMI
Time Written: 20141025164818.000000-000
Event Type: معلومات
User:

Computer Name: 37L4247D28-05
Event Code: 1531
Message: ‏‏بدأ تشغيل خدمة ملف تعريف المستخدم بنجاح.

Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20141025164813.809323-000
Event Type: معلومات
User: NT AUTHORITY\SYSTEM

Computer Name: 37L4247D28-05
Event Code: 4625
Message: ‏‏يمنع النظام الفرعي EventSystem إدخالات سجل الأحداث المتكررة لمدة 86400 ثانية. يمكن التحكم في مهلة المنع بواسطة قيمة REG_DWORD تسمى SuppressDuplicateDuration تحت مفتاح التسجيل التالي: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 1
Source Name: Microsoft-Windows-EventSystem
Time Written: 20141025164813.000000-000
Event Type: معلومات
User:

===== السجل الأمني =====

Computer Name: 37L4247D28-05
Event Code: 4735
Message: ‏‏تم تغيير مجموعة محلية ذات تأمين ممكّن.

العنوان:
معرّف الأمان: S-1-5-18
اسم الحساب: 37L4247D28-05$
مجال الحساب: WORKGROUP
معرّف تسجيل الدخول: 0x3e7

المجموعة:
معرّف الأمان: S-1-5-32-551
اسم المجموعة: Backup Operators
مجال المجموعة: Builtin

السمات التي تم تغييرها:
اسم حساب SAM: -
محفوظات معرّف الأمان: -

معلومات إضافية:
الامتيازات: -
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20141025164739.941664-000
Event Type: تدقيق النجاح
User:

Computer Name: 37L4247D28-05
Event Code: 4731
Message: ‏‏تم إنشاء مجموعة محلية ذات تأمين ممكّن.

العنوان:
معرّف الأمان: S-1-5-18
اسم الحساب: 37L4247D28-05$
مجال الحساب: WORKGROUP
معرّف تسجيل الدخول: 0x3e7

المجموعة الجديدة:
معرّف الأمان: S-1-5-32-551
اسم المجموعة: Backup Operators
مجال المجموعة: Builtin

السمات:
اسم حساب SAM: Backup Operators
محفوظات معرّف الأمان: -

معلومات إضافية:
الامتيازات: -
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20141025164739.863663-000
Event Type: تدقيق النجاح
User:

Computer Name: 37L4247D28-05
Event Code: 4902
Message: ‏‏تم إنشاء جدول نهج التدقيق لكل مستخدم.

عدد العناصر: 0
معرّف النهج: 0x3098d
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20141025164739.629663-000
Event Type: تدقيق النجاح
User:

Computer Name: 37L4247D28-05
Event Code: 4624
Message: ‏‏تم تسجيل دخول حساب بنجاح.

العنوان:
معرّف الأمان: S-1-0-0
اسم الحساب: -
مجال الحساب: -
معرّف تسجيل الدخول: 0x0

نوع تسجيل الدخول: 0

تسجيل الدخول الجديد:
معرّف الأمان: S-1-5-18
اسم الحساب: SYSTEM
مجال الحساب: NT AUTHORITY
معرّف تسجيل الدخول: 0x3e7
المعرّف الفريد العمومي لتسجيل الدخول: {00000000-0000-0000-0000-000000000000}

معلومات العملية:
معرّف العملية: 0x4
اسم العملية:

معلومات الشبكة:
اسم محطة العمل: -
عنوان الشبكة المصدر: -
المنفذ المصدر: -

معلومات المصادقة المفصّلة:
عملية تسجيل الدخول: -
حزمة المصادقة: -
الخدمات المنقولة: -
اسم الحزمة (NTLM فقط): -
طول المفتاح: 0

يتم تكوين هذا الحدث عند إنشاء جلسة عمل تسجيل دخول، كما يتم تكوينه على الكمبيوتر الذي تم الوصول إليه.

تشير حقول العناوين إلى حساب النظام المحلي الذي طالب بتسجيل الدخول. هذه عبارة عن خدمة بشكل عام (مثل خدمة "الخادم"، أو خدمة محلية مثل Winlogon.exe أو Services.exe).

يشير الحقل "نوع تسجيل الدخول" إلى نوع تسجيل الدخول الذي تم إجراؤه. أكثر أنواع تسجيل الدخول استخداماً هي 2 (محلي) و 3 (شبكة).

تشير حقول "تسجيل الدخول الجديد" إلى الحساب الذي تم إنشاء تسجيل الدخول له( الحساب الذي تم تسجيل الدخول إليه).

تشير حقول الشبكة إلى موقع تكوين طلب تسجيل دخول عن بُعد. لا يتوفر اسم محطة العمل دائماً وقد يُترك فارغاً في بعض الحالات.

توفر حقول معلومات المصادقة معلومات مفصّلة حول طلب تسجيل الدخول المحدد هذا.
- "معرّف تسجيل الدخول العمومي" عبارة عن معرّف فريد يمكن استخدامه للربط بين هذا الحدوث وحدث KDC.
- تشير "الخدمات المنقولة" إلى الخدمات الوسيطة التي شاركت في طلب تسجيل الدخول هذا.
- يشير "اسم الحزمة" إلى البروتوكول الثانوي الذي تم استخدامه من بين بروتوكولات NTLM.
- يشير "طول المفتاح" إلى طول مفتاح جلسة العمل الذي تم تكوينه. سيكون طول المفتاح 0 عند عدم طلب أية مفاتيح جلسات عمل.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20141025164738.022860-000
Event Type: تدقيق النجاح
User:

Computer Name: 37L4247D28-05
Event Code: 4608
Message: ‏‏يتم الآن بدء تشغيل Windows.

يتم تسجيل هذا الحدث عند بدء تشغيل LSASS.EXE وتهيئة نظام التدقيق.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20141025164737.976060-000
Event Type: تدقيق النجاح
User:

===== تقرير انهيار البرامج =====

==================================================
Process File : hpzstub.exe
Event Name : ‏‏تم التوقف عن العمل
Event Time : 02/01/36 08:04:04 م
User Name : Al-kc
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : G:\hpzstub.exe
Report File Size : 10,322
Report File Path : C:\Users\Al-kc\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_hpzstub.exe_3baf4b21e4a086cd24248daaee9bbeac6ccabc1b_04b44ca9\Report.wer
==================================================

==================================================
Process File : iexplore.exe
Event Name : ‏‏تم التوقف عن العمل
Event Time : 10/01/36 01:56:29 ص
User Name : Al-kc
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : C:\Program Files\Internet Explorer\iexplore.exe
Report File Size : 27,658
Report File Path : C:\Users\Al-kc\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_iexplore.exe_211a4a8dc34888e2af751a7173b9b67ba1574fc_12e6ed0f\Report.wer
==================================================

==================================================
Process File : iexplore.exe
Event Name : ‏‏تم التوقف عن العمل
Event Time : 14/02/36 06:01:05 م
User Name : Al-kc
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : C:\Program Files\Internet Explorer\iexplore.exe
Report File Size : 25,902
Report File Path : C:\Users\Al-kc\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_iexplore.exe_3e766798d6c2731d47e6dcd99074e1c0c26da83_04fdf4f9\Report.wer
==================================================

==================================================
Process File : iexplore.exe
Event Name : ‏‏تم التوقف عن العمل
Event Time : 14/02/36 06:01:00 م
User Name : Al-kc
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : C:\Program Files\Internet Explorer\iexplore.exe
Report File Size : 25,902
Report File Path : C:\Users\Al-kc\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_iexplore.exe_3e766798d6c2731d47e6dcd99074e1c0c26da83_1225e12b\Report.wer
==================================================

==================================================
Process File : swishMax4.exe
Event Name : ‏‏تم التوقف عن العمل
Event Time : 14/02/36 02:14:54 ص
User Name : Al-kc
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : C:\Program Files\SWiSH Max4\swishMax4.exe
Report File Size : 7,202
Report File Path : C:\Users\Al-kc\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_swishMax4.exe_d2e9409b108d7bdc4b3e5fa039f392c816c827_136e3da4\Report.wer
==================================================

==================================================
Process File : swishMax4.exe
Event Name : ‏‏تم التوقف عن العمل
Event Time : 14/02/36 02:12:03 ص
User Name : Al-kc
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : C:\Program Files\SWiSH Max4\swishMax4.exe
Report File Size : 7,202
Report File Path : C:\Users\Al-kc\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_swishMax4.exe_d2e9409b108d7bdc4b3e5fa039f392c816c827_1c23aa4b\Report.wer
==================================================

==================================================
Process File : swishMax4.exe
Event Name : ‏‏تم التوقف عن العمل
Event Time : 14/02/36 02:23:01 ص
User Name : Al-kc
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : C:\Program Files\SWiSH Max4\swishMax4.exe
Report File Size : 7,202
Report File Path : C:\Users\Al-kc\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_swishMax4.exe_d2e9409b108d7bdc4b3e5fa039f392c816c827_2485b9a6\Report.wer
==================================================

==================================================
Process File : swishMax4.exe
Event Name : ‏‏تم التوقف عن العمل
Event Time : 14/02/36 02:12:11 ص
User Name : Al-kc
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : C:\Program Files\SWiSH Max4\swishMax4.exe
Report File Size : 7,202
Report File Path : C:\Users\Al-kc\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_swishMax4.exe_d2e9409b108d7bdc4b3e5fa039f392c816c827_25abc2ca\Report.wer
==================================================

==================================================
Process File : WINWORD.EXE
Event Name : ‏‏تم التوقف عن العمل
Event Time : 16/01/36 09:25:17 م
User Name : Al-kc
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Report File Size : 12,582
Report File Path : C:\Users\Al-kc\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_WINWORD.EXE_54eaba618b3535bfd53622b89dd62dd8bc3069_118035d0\Report.wer
==================================================

==================================================
Process File : WINWORD.EXE
Event Name : ‏‏تم التوقف عن العمل
Event Time : 23/01/36 10:35:19 م
User Name : Al-kc
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Report File Size : 14,060
Report File Path : C:\Users\Al-kc\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_WINWORD.EXE_969573db6be65e9bccea6c1a36d25227e37818_0106b6e2\Report.wer
==================================================

==================================================
Process File : WINWORD.EXE
Event Name : ‏‏تم التوقف عن العمل
Event Time : 23/01/36 10:35:59 م
User Name : Al-kc
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Report File Size : 14,152
Report File Path : C:\Users\Al-kc\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_WINWORD.EXE_969573db6be65e9bccea6c1a36d25227e37818_0c4325da\Report.wer
==================================================

==================================================
Process File : explorer.exe
Event Name : ‏‏توقف عن الاستجابة وتم إغلاقه
Event Time : 14/02/36 04:02:20 ص
User Name : Al-kc
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : C:\Windows\explorer.exe
Report File Size : 27,744
Report File Path : C:\Users\Al-kc\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppHang_explorer.exe_5d2fbaa4282ee7e15bed86c23a7e1a8598699_18e13a04\Report.wer
==================================================

==================================================
Process File : Patch.exe
Event Name : ‏‏توقف عن الاستجابة وتم إغلاقه
Event Time : 14/02/36 02:12:28 ص
User Name : Al-kc
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : C:\Program Files\SWiSH Max4\Patch.exe
Report File Size : 8,994
Report File Path : C:\Users\Al-kc\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppHang_Patch.exe_30ee9b868ebc7589fcfe4e461e4cae320696173_1f5c6a7d\Report.wer
==================================================

==================================================
Process File : avpui.exe
Event Name : ‏‏توقف عن الاستجابة وتم إغلاقه
Event Time : 14/02/36 06:22:19 م
User Name : Al-kc
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe
Report File Size : 3,428
Report File Path : C:\Users\Al-kc\AppData\Local\Microsoft\Windows\WER\ReportArchive\Critical_avpui.exe_104be1e797a841f7bc2bd990b77ae6dbc47c264a_10b96068\Report.wer
==================================================

==================================================
Process File : explorer.exe
Event Name : ‏‏توقف عن الاستجابة وتم إغلاقه
Event Time : 16/01/36 09:38:47 م
User Name : Al-kc
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : C:\Windows\explorer.exe
Report File Size : 3,636
Report File Path : C:\Users\Al-kc\AppData\Local\Microsoft\Windows\WER\ReportArchive\Critical_explorer.exe_af88108b6deca0b7d66ae0985e5f2d71fe7c1879_1584abe9\Report.wer
==================================================

==================================================
Process File : WINWORD.EXE
Event Name : ‏‏توقف عن الاستجابة وتم إغلاقه
Event Time : 14/02/36 06:20:34 م
User Name : Al-kc
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Report File Size : 3,458
Report File Path : C:\Users\Al-kc\AppData\Local\Microsoft\Windows\WER\ReportArchive\Critical_WINWORD.EXE_79fc6ca5ac1a9e1a9caf7b20d4fb31917f449c_046c94c1\Report.wer
==================================================

==================================================
Process File : mpsigstub.exe
Event Name : MpTelemetry
Event Time : 01/01/36 09:40:29 م
User Name : Al-kc
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : D:\2db89afed7b108d0b2e5a2612881\mpsigstub.exe
Report File Size : 1,766
Report File Path : C:\Users\Al-kc\AppData\Local\Microsoft\Windows\WER\ReportArchive\NonCritical_0x8007042c_7dcf713d328591da92c96b7d99be45322b1ff1_0e902c7c\Report.wer
==================================================

==================================================
Process File : iexplore.exe
Event Name : مشكلة في عرض صفحة ويب
Event Time : 01/02/36 09:13:45 م
User Name : Al-kc
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : C:\Program Files\Internet Explorer\iexplore.exe
Report File Size : 1,744
Report File Path : C:\Users\Al-kc\AppData\Local\Microsoft\Windows\WER\ReportArchive\NonCritical_iexplore.exe_ce11fb96b0a1634648d4c7e2126056e03c49cec_0ade79e0\Report.wer
==================================================

==================================================
Process File : iexplore.exe
Event Name : مشكلة في عرض صفحة ويب
Event Time : 06/02/36 11:59:07 م
User Name : Al-kc
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : C:\Program Files\Internet Explorer\iexplore.exe
Report File Size : 1,744
Report File Path : C:\Users\Al-kc\AppData\Local\Microsoft\Windows\WER\ReportArchive\NonCritical_iexplore.exe_ce11fb96b0a1634648d4c7e2126056e03c49cec_1400121b\Report.wer
==================================================

==================================================
Process File : iexplore.exe
Event Name : مشكلة في عرض صفحة ويب
Event Time : 10/01/36 12:32:18 ص
User Name : Al-kc
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : C:\Program Files\Internet Explorer\iexplore.exe
Report File Size : 1,744
Report File Path : C:\Users\Al-kc\AppData\Local\Microsoft\Windows\WER\ReportArchive\NonCritical_iexplore.exe_ce11fb96b0a1634648d4c7e2126056e03c49cec_16c5d069\Report.wer
==================================================

==================================================
Process File : msseces.exe
Event Name : MSSecurityClient
Event Time : 01/01/36 09:43:08 م
User Name : Al-kc
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : C:\Program Files\Microsoft Security Client\msseces.exe
Report File Size : 2,108
Report File Path : C:\Users\Al-kc\AppData\Local\Microsoft\Windows\WER\ReportArchive\NonCritical_msseces.exe_74add9fc1cc5575f4eaecdfc8aec575a727e580_09e6aa23\Report.wer
==================================================

==================================================
Process File : DWWIN.EXE
Event Name : OfficeFileValidationPerf
Event Time : 14/02/36 01:37:49 ص
User Name : Al-kc
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : C:\Windows\System32\DWWIN.EXE
Report File Size : 1,594
Report File Path : C:\Users\Al-kc\AppData\Local\Microsoft\Windows\WER\ReportArchive\NonCritical_WINWORD.EXE_f752896224a7eb5a061249f3083eec7ffccb0de_18c85142\Report.wer
==================================================

==================================================
Process File : mpsigstub.exe
Event Name : MpTelemetry
Event Time : 03/01/36 10:25:43 م
User Name : All Users
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : D:\0fcc633b427cca41f04cfbc80c4c2797\mpsigstub.exe
Report File Size : 1,774
Report File Path : C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_0x8007042c_7dcf713d328591da92c96b7d99be45322b1ff1_089568d0\Report.wer
==================================================

==================================================
Process File : mpsigstub.exe
Event Name : MpTelemetry
Event Time : 01/01/36 09:43:32 م
User Name : All Users
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : D:\57846d3702c8145b3c279e80ca47a623\mpsigstub.exe
Report File Size : 1,774
Report File Path : C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_0x8007042c_7dcf713d328591da92c96b7d99be45322b1ff1_0abef6fb\Report.wer
==================================================

==================================================
Process File : mpsigstub.exe
Event Name : MpTelemetry
Event Time : 06/01/36 11:20:13 م
User Name : All Users
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : D:\4cf99722d6330903777599cfa9\mpsigstub.exe
Report File Size : 1,762
Report File Path : C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_0x8007042c_7dcf713d328591da92c96b7d99be45322b1ff1_0ff5a4a7\Report.wer
==================================================

==================================================
Process File : mpsigstub.exe
Event Name : MpTelemetry
Event Time : 14/01/36 10:40:02 ص
User Name : All Users
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : D:\8e8884ff81aa2fb91772e65c8e58f3\mpsigstub.exe
Report File Size : 1,770
Report File Path : C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_0x8007042c_9577498061afe7ef34f2679762ccabb54d6dd_08720888\Report.wer
==================================================

==================================================
Process File : mpsigstub.exe
Event Name : MpTelemetry
Event Time : 11/01/36 12:50:13 م
User Name : All Users
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : D:\d77f32ce1388cd156677084aebff3446\mpsigstub.exe
Report File Size : 1,774
Report File Path : C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_0x8007042c_9577498061afe7ef34f2679762ccabb54d6dd_0a9a13be\Report.wer
==================================================

==================================================
Process File : mpsigstub.exe
Event Name : MpTelemetry
Event Time : 13/01/36 03:40:00 ص
User Name : All Users
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : D:\1a40e21eca952ebf272c73\mpsigstub.exe
Report File Size : 1,754
Report File Path : C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_0x8007042c_9577498061afe7ef34f2679762ccabb54d6dd_0bd20405\Report.wer
==================================================

==================================================
Process File : mpsigstub.exe
Event Name : MpTelemetry
Event Time : 09/01/36 11:08:39 م
User Name : All Users
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : D:\7be1db8b8c1898db948b755e\mpsigstub.exe
Report File Size : 1,758
Report File Path : C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_0x8007042c_9577498061afe7ef34f2679762ccabb54d6dd_0f6d1360\Report.wer
==================================================

==================================================
Process File : mpsigstub.exe
Event Name : MpTelemetry
Event Time : 16/01/36 06:52:52 م
User Name : All Users
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : D:\b8aa9f1e28110e92a4\mpsigstub.exe
Report File Size : 1,746
Report File Path : C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_0x8007042c_9577498061afe7ef34f2679762ccabb54d6dd_0fca0df4\Report.wer
==================================================

==================================================
Process File : mpsigstub.exe
Event Name : MpTelemetry
Event Time : 15/01/36 03:14:25 م
User Name : All Users
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : D:\67463698a91ce2e481a3b2ef7d0435b1\mpsigstub.exe
Report File Size : 1,774
Report File Path : C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_0x8007042c_9577498061afe7ef34f2679762ccabb54d6dd_104b9839\Report.wer
==================================================

==================================================
Process File : setup.exe
Event Name : MSSecurityClient
Event Time : 01/01/36 09:26:44 م
User Name : All Users
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : D:\bb8a61dfbbd58a8f00bae190\x86\setup.exe
Report File Size : 2,204
Report File Path : C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_Setup.exe_e7aba8ba6770ea97239970438bb14a5066b5be_0e8ba311\Report.wer
==================================================

==================================================
Process File : mpsigstub.exe
Event Name : MpTelemetry
Event Time : 03/01/36 10:25:43 م
User Name :
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : D:\0fcc633b427cca41f04cfbc80c4c2797\mpsigstub.exe
Report File Size : 1,774
Report File Path : C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_0x8007042c_7dcf713d328591da92c96b7d99be45322b1ff1_089568d0\Report.wer
==================================================

==================================================
Process File : mpsigstub.exe
Event Name : MpTelemetry
Event Time : 01/01/36 09:43:32 م
User Name :
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : D:\57846d3702c8145b3c279e80ca47a623\mpsigstub.exe
Report File Size : 1,774
Report File Path : C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_0x8007042c_7dcf713d328591da92c96b7d99be45322b1ff1_0abef6fb\Report.wer
==================================================

==================================================
Process File : mpsigstub.exe
Event Name : MpTelemetry
Event Time : 06/01/36 11:20:13 م
User Name :
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : D:\4cf99722d6330903777599cfa9\mpsigstub.exe
Report File Size : 1,762
Report File Path : C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_0x8007042c_7dcf713d328591da92c96b7d99be45322b1ff1_0ff5a4a7\Report.wer
==================================================

==================================================
Process File : mpsigstub.exe
Event Name : MpTelemetry
Event Time : 14/01/36 10:40:02 ص
User Name :
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : D:\8e8884ff81aa2fb91772e65c8e58f3\mpsigstub.exe
Report File Size : 1,770
Report File Path : C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_0x8007042c_9577498061afe7ef34f2679762ccabb54d6dd_08720888\Report.wer
==================================================

==================================================
Process File : mpsigstub.exe
Event Name : MpTelemetry
Event Time : 11/01/36 12:50:13 م
User Name :
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : D:\d77f32ce1388cd156677084aebff3446\mpsigstub.exe
Report File Size : 1,774
Report File Path : C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_0x8007042c_9577498061afe7ef34f2679762ccabb54d6dd_0a9a13be\Report.wer
==================================================

==================================================
Process File : mpsigstub.exe
Event Name : MpTelemetry
Event Time : 13/01/36 03:40:00 ص
User Name :
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : D:\1a40e21eca952ebf272c73\mpsigstub.exe
Report File Size : 1,754
Report File Path : C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_0x8007042c_9577498061afe7ef34f2679762ccabb54d6dd_0bd20405\Report.wer
==================================================

==================================================
Process File : mpsigstub.exe
Event Name : MpTelemetry
Event Time : 09/01/36 11:08:39 م
User Name :
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : D:\7be1db8b8c1898db948b755e\mpsigstub.exe
Report File Size : 1,758
Report File Path : C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_0x8007042c_9577498061afe7ef34f2679762ccabb54d6dd_0f6d1360\Report.wer
==================================================

==================================================
Process File : mpsigstub.exe
Event Name : MpTelemetry
Event Time : 16/01/36 06:52:52 م
User Name :
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : D:\b8aa9f1e28110e92a4\mpsigstub.exe
Report File Size : 1,746
Report File Path : C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_0x8007042c_9577498061afe7ef34f2679762ccabb54d6dd_0fca0df4\Report.wer
==================================================

==================================================
Process File : mpsigstub.exe
Event Name : MpTelemetry
Event Time : 15/01/36 03:14:25 م
User Name :
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : D:\67463698a91ce2e481a3b2ef7d0435b1\mpsigstub.exe
Report File Size : 1,774
Report File Path : C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_0x8007042c_9577498061afe7ef34f2679762ccabb54d6dd_104b9839\Report.wer
==================================================

==================================================
Process File : setup.exe
Event Name : MSSecurityClient
Event Time : 01/01/36 09:26:44 م
User Name :
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : D:\bb8a61dfbbd58a8f00bae190\x86\setup.exe
Report File Size : 2,204
Report File Path : C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_Setup.exe_e7aba8ba6770ea97239970438bb14a5066b5be_0e8ba311\Report.wer
==================================================

===== تقرير الشاشة الزرقاء =====

Um Bandar · 6 ديسمبر 2014

"Silent Runners.vbs", revision 61,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Operating System: Windows 7
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"OfficeSyncProcess" = ""C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]
"LanguageShortcut" = ""C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"" [null data]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."]
"BCSSync" = ""C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices" [MS]
"TkBellExe" = ""C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot" ["RealNetworks, Inc."]
"ActivManager" = "C:\Program Files\Activ Software\ActivDriver\ActivMgr.exe" [null data]
"SMART Board Tools" = ""C:\Program Files\SMART Technologies\Education Software\SMARTBoardTools.exe"" ["SMART Technologies ULC"]
"sbsdk-server" = ""C:\Program Files\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe"" ["SMART Technologies"]
"SMART Board Service" = ""C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe" -d" ["SMART Technologies"]
"SMART Ink" = ""C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe" -a" [null data]
"Response Desktop Menu" = ""C:\Program Files\SMART Technologies\Education Software\DesktopMenu.exe"" ["SMART Technologies ULC"]
"ResponseConnectorService" = ""C:\Program Files\SMART Technologies\Education Software\response-connector-server\NodeLauncher.exe"" ["SMART Technologies"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{0347C33E-8762-4905-BF09-768834316C61}\(Default) = "HP Print Enhancer"
-> {HKLM...CLSID} = "HP Print Enhancer"
\InProcServer32\(Default) = "C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll" ["Hewlett-Packard Co."]

{03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358}\(Default) = "ContentBlockerBrowserHelperObject"
-> {HKLM...CLSID} = "Content Blocker Plugin"
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll" ["Kaspersky Lab ZAO"]

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub"
-> {HKLM...CLSID} = "Adobe PDF Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"]

{3049C3E9-B461-4BC5-8870-4C09146192CA}\(Default) = (no title provided)
-> {HKLM...CLSID} = "RealPlayer Download and Record Plugin for Internet Explorer"
\InProcServer32\(Default) = "C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll" ["RealPlayer"]

{67BCF957-85FC-4036-8DC4-D4D80E00A77B}\(Default) = "SMART Notebook Download Utility"
-> {HKLM...CLSID} = "SMART Notebook Download Utility"
\InProcServer32\(Default) = "C:\Program Files\SMART Technologies\Education Software\Win32\NotebookPlugin.dll" ["SMART Technologies ULC."]

{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Groove GFS Browser Helper"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Java(tm) Plug-In SSV Helper"
\InProcServer32\(Default) = "C:\Program Files\Java\jre7\bin\ssv.dll" ["Oracle Corporation"]

{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\(Default) = "SkypeIEPluginBHO"
-> {HKLM...CLSID} = "Skype Click to Call for Internet Explorer"
\InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" [MS]

{B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = "URLRedirectionBHO"
-> {HKLM...CLSID} = "Office Document Cache Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL" [MS]

{B5D5BB14-C8E2-478D-9C97-574AC10AF9E8}\(Default) = "VirtualKeyboardBrowserHelperObject"
-> {HKLM...CLSID} = "Virtual Keyboard Plugin"
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll" ["Kaspersky Lab ZAO"]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper"
\InProcServer32\(Default) = "C:\Program Files\Java\jre7\bin\jp2ssv.dll" ["Oracle Corporation"]

{E3D96E85-529D-4269-AC6A-97CF9E2221E3}\(Default) = "Safe Money Plugin"
-> {HKLM...CLSID} = "Safe Money Plugin"
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll" ["Kaspersky Lab ZAO"]

{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}\(Default) = "HP Smart BHO Class"
-> {HKLM...CLSID} = "HP Smart BHO Class"
\InProcServer32\(Default) = "C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll" ["Hewlett-Packard Co."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = "{99FD978C-D287-4F50-827F-B2C658EDA8E7}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = "{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = "{920E6DB1-9907-4370-B3A0-BAFC03D81399}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = "{16F3DD56-1AF5-4347-846D-7C10C4192619}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = "{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places"
-> {HKLM...CLSID} = "مواضع Bluetooth"
\InProcServer32\(Default) = "C:\Windows\system32\BTNEIG~1.DLL" ["Broadcom Corporation."]

"{7842554E-6BED-11D2-8CDB-B05550C10000}" = "Monitor"
-> {HKLM...CLSID} = "Monitor Class"
\InProcServer32\(Default) = "C:\Windows\system32\btncopy.dll" ["Broadcom Corporation."]

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]

"{c5aec3ec-e812-4677-a9a7-4fee1f9aa000}" = "Icaros Thumbnail Provider"
-> {HKLM...CLSID} = "Icaros Thumbnail Provider"
\InProcServer32\(Default) = "C:\Program Files\K-Lite Codec Pack\Icaros\IcarosThumbnailProvider.dll" ["Tabibito Technology"]

"{0c08e2bb-d10b-4cc9-b1b3-701f5be9d6ec}" = "IcarosPropertyHandler"
-> {HKLM...CLSID} = "IcarosPropertyHandler.IcarosPropertyHandler"
\InProcServer32\(Default) = "mscoree.dll" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office14\msohevi.dll" [MS]

"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll" [MS]

"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll" [MS]

"{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D}" = "Groove Namespace Extension"
-> {HKLM...CLSID} = "مساحات عمل"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

"{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}" = "Microsoft OneNote Namespace Extension for Windows Desktop Search"
-> {HKLM...CLSID} = "Microsoft OneNote Namespace Extension for Windows Desktop Search"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL" [MS]

"{506F4668-F13E-4AA1-BB04-B43203AB3CC0}" = "{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"
-> {HKLM...CLSID} = "ImageExtractorShellExt Class"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office14\VISSHE.DLL" [MS]

"{D66DC78C-4F61-447F-942B-3FB6980118CF}" = "{D66DC78C-4F61-447F-942B-3FB6980118CF}"
-> {HKLM...CLSID} = "CInfoTipShellExt Class"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office14\VISSHE.DLL" [MS]

"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper"
-> {HKLM...CLSID} = "Groove GFS Browser Helper"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

"{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar"
-> {HKLM...CLSID} = "Groove Folder Synchronization"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

"{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

"{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler"
-> {HKLM...CLSID} = "Groove GFS Stub Icon Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

"{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

"{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

"{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

"{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

"{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler"
-> {HKLM...CLSID} = "Groove XML Icon Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\MLSHEXT.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL" [MS]

"{014F27E2-6D75-4E42-A0E9-2A2C68498AFA}" = "Scan with Kaspersky Anti-Virus"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\shellex.dll" ["Kaspersky Lab ZAO"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807573E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

<<!>> ms-help\CLSID = "{314111c7-a502-11d2-bbca-00c04f8ec294}"
-> {HKLM...CLSID} = "HxProtocol Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll" [MS]

<<!>> skypec2c\CLSID = "{91774881-D725-4E58-B298-07617B9B86A8}"
-> {HKLM...CLSID} = "Skype Click to Call IE Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

Kaspersky Anti-Virus 15.0.1\(Default) = "{014F27E2-6D75-4E42-A0E9-2A2C68498AFA}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\shellex.dll" ["Kaspersky Lab ZAO"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

Kaspersky Anti-Virus 15.0.1\(Default) = "{014F27E2-6D75-4E42-A0E9-2A2C68498AFA}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\shellex.dll" ["Kaspersky Lab ZAO"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\

Monitor\(Default) = "{7842554E-6BED-11D2-8CDB-B05550C10000}"
-> {HKLM...CLSID} = "Monitor Class"
\InProcServer32\(Default) = "C:\Windows\system32\btncopy.dll" ["Broadcom Corporation."]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

Kaspersky Anti-Virus 15.0.1\(Default) = "{014F27E2-6D75-4E42-A0E9-2A2C68498AFA}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\shellex.dll" ["Kaspersky Lab ZAO"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Users\Al-kc\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg"

Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

GOMPlayDVDOnArrival\
"Provider" = "GOM Player"
"InvokeProgID" = "GomPlayer.DVD"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\GomPlayer.DVD\shell\open\command\(Default) = ""C:\Program Files\GRETECH\GomPlayer\GOM.EXE" /open "%1"" ["Gretech Corp."]
HKLM\SOFTWARE\Classes\GomPlayer.DVD\shell\open\DropTarget\CLSID = "{D0F0AD6B-ECCC-401E-8E71-C4363D41399C}"
-> {HKLM...CLSID} = (no title provided)
\LocalServer32\(Default) = ""C:\Program Files\GRETECH\GomPlayer\GOM.EXE"" ["Gretech Corp."]

GOMPlayMediaOnArrival\
"Provider" = "GOM Player"
"InvokeProgID" = "GomPlayer.MediaFile"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\GomPlayer.MediaFile\shell\open\command\(Default) = ""C:\Program Files\GRETECH\GomPlayer\GOM.EXE" /open "%1"" ["Gretech Corp."]
HKLM\SOFTWARE\Classes\GomPlayer.MediaFile\shell\open\DropTarget\CLSID = "{D0F0AD6B-ECCC-401E-8E71-C4363D41399C}"
-> {HKLM...CLSID} = (no title provided)
\LocalServer32\(Default) = ""C:\Program Files\GRETECH\GomPlayer\GOM.EXE"" ["Gretech Corp."]

iTunesBurnCDOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.BurnCD"
"InvokeVerb" = "burn"
HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L"" ["Apple Inc."]

iTunesImportSongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.ImportSongsOnCD"
"InvokeVerb" = "import"
HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L"" ["Apple Inc."]

iTunesPlaySongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.PlaySongsOnCD"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /playCD "%L"" ["Apple Inc."]

iTunesShowSongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.ShowSongsOnCD"
"InvokeVerb" = "showsongs"
HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L"" ["Apple Inc."]

MPCPlayBluRayOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayBlurayMovie"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayBlurayMovie\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\MPC-HC\mpc-hc.exe" %L\BDMV\INDEX.BDMV" ["MPC-HC Team"]

MPCPlayCDAudioOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayCDAudio"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\MPC-HC\mpc-hc.exe" %1 /cd" ["MPC-HC Team"]

MPCPlayDVDMovieOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayDVDMovie"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\MPC-HC\mpc-hc.exe" %1 /dvd" ["MPC-HC Team"]

MPCPlayMusicFilesOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayMusicFiles"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\MPC-HC\mpc-hc.exe" %1" ["MPC-HC Team"]

MPCPlayVideoFilesOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayVideoFiles"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\MPC-HC\mpc-hc.exe" %1" ["MPC-HC Team"]

PDVDPlayCDAudioOnArrival\
"Provider" = "PowerDVD"
"InvokeProgID" = "AudioCD"
"InvokeVerb" = "PlayWithPowerDVD"
HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."]

PDVDPlayDVDMovieOnArrival\
"Provider" = "PowerDVD"
"InvokeProgID" = "DVD"
"InvokeVerb" = "PlayWithPowerDVD"
HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."]

PDVDPlayVCDMovieOnArrival\
"Provider" = "PowerDVD"
"InvokeProgID" = "VCD"
"InvokeVerb" = "PlayWithPowerDVD"
HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."]

RPCDBurningOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.CDBurn.6"
"InvokeVerb" = "open"
HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /burn "%1"" ["RealNetworks, Inc."]

RPDeviceOnArrival\
"Provider" = "RealPlayer"
"ProgID" = "RealPlayer.HWEventHandler"
HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = "{67E76F1D-BDE2-4052-913C-2752366192D2}"
-> {HKLM...CLSID} = "RealNetworks Scheduler"
\LocalServer32\(Default) = ""C:\Program Files\Real\RealPlayer\Update\realsched.exe" -autoplay" ["RealNetworks, Inc."]

RPDVDBurningOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.DVDBurn.6"
"InvokeVerb" = "open"
HKCU\Software\Classes\RealPlayer.DVDBurn.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /burndvd "%1"" ["RealNetworks, Inc."]

RPPlayCDAudioOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.AudioCD.6"
"InvokeVerb" = "play"
HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /play %1 " ["RealNetworks, Inc."]

RPPlayDVDMovieOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.DVD.6"
"InvokeVerb" = "play"
HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /dvd %1 " ["RealNetworks, Inc."]

RPPlayMediaOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.AutoPlay.6"
"InvokeVerb" = "open"
HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /autoplay "%1"" ["RealNetworks, Inc."]

VLCPlayCDAudioOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.CDAudio"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\play\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file cdda:%1" ["VideoLAN Team"]

VLCPlayDVDMovieOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.DVDMovie"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\play\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file dvd:%1" ["VideoLAN Team"]

WIA_{8456CB3A-E789-4B72-8435-6D17C93A6983}\
"Provider" = "Microsoft Publisher"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = "/WiaCmd;C:\Program Files\Microsoft Office\Office14\MSPUB.EXE /IMG_STI /StiDevice:%1 /StiEvent:%2;"
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]

WIA_{8C8F60CF-53EA-4213-B981-536FD9C074D4}\
"Provider" = "Microsoft Publisher"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = "/WiaCmd;C:\Program Files\Microsoft Office\Office14\MSPUB.EXE /IMG_WIA;"
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]

WIA_{CA641BCE-44D8-41A4-B64B-D2C21AF178CC}\
"Provider" = "Photoshop"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = "/WiaCmd;C:\Program Files\Adobe\Photoshop CS\Photoshop.exe /StiDevice:%1 /StiEvent:%2;"
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]

Startup items in "Al-kc" & "All Users" startup folders:
-------------------------------------------------------

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
"ActivSDK Flash Extension" -> shortcut to: "C:\Windows\Installer\{19541760-F18C-4148-8A55-F0A88B41DF0A}\NewShortcut1_31C7358B35944FA781961EEA93A9077C.exe" ["Flexera Software, Inc."]
"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Bluetooth" -> shortcut to: "C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe" ["Broadcom Corporation."]
"HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."]

Windows Sidebar Gadgets:
------------------------

C:\Users\Al-kc\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
C:\Users\Al-kc\AppData\Local\Microsoft\Windows Sidebar\Gadgets\HPPhoto.gadget

Non-disabled Scheduled Tasks:
-----------------------------

C:\Windows\System32\Tasks
"Adobe Flash Player Updater" -> launches: "C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe" ["Adobe Systems Incorporated"]
"GoogleUpdateTaskMachineCore" -> launches: "C:\Program Files\Google\Update\GoogleUpdate.exe /c" ["Google Inc."]
"GoogleUpdateTaskMachineUA" -> launches: "C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" ["Google Inc."]
"HP online update program" -> launches: "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard"]
"iToolsDaemon" -> launches: "C:\Program Files\ThinkSky\iTools 3\iToolsDaemon.exe" [file not found]
"Java Update Scheduler" -> launches: "C:\Program Files\Common Files\Java\Java Update\jusched.exe" ["Sun Microsystems, Inc."]
"klcp_update" -> launches: ""C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe" /verysilent /update /freq=30" [null data]
"MaxigetUpdaterTaskMachineCore" -> launches: "C:\Program Files\Maxiget\Updater\MaxigetUpdater.exe /c" ["Maxiget Ltd."]
"MaxigetUpdaterTaskMachineUA" -> launches: "C:\Program Files\Maxiget\Updater\MaxigetUpdater.exe /ua /installsource scheduler" ["Maxiget Ltd."]
"Real Player online update program" -> launches: "C:\Program Files\Real\RealPlayer\update\realsched.exe -osboot" ["RealNetworks, Inc."]
"RealUpgradeLogonTaskS-1-5-21-2397852174-3290058728-804687662-1000" -> launches: "C:\Program Files\Real\RealUpgrade\RealUpgrade.exe /logoncheck" ["RealNetworks, Inc."]
"RealUpgradeScheduledTaskS-1-5-21-2397852174-3290058728-804687662-1000" -> launches: "C:\Program Files\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck" ["RealNetworks, Inc."]
"ReclaimerUpdateFiles_Al-kc" -> launches: "C:\Users\Al-kc\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe /UpdateFiles" ["RealNetworks, Inc."]
"ReclaimerUpdateXML_Al-kc" -> launches: "C:\Users\Al-kc\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe /UpdateXML" ["RealNetworks, Inc."]
"RNUpgradeHelperLogonPrompt_Al-kc" -> launches: "C:\Users\Al-kc\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe /prompt os_boot" ["RealNetworks, Inc."]
"RNUpgradeHelperResumePrompt_Al-kc" -> launches: "C:\Users\Al-kc\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe /prompt os_resume" ["RealNetworks, Inc."]
"User_Feed_Synchronization-{5006E56E-0A63-425A-8A36-93D4A3E86B53}" -> (HIDDEN!) launches: "C:\Windows\system32\msfeedssync.exe sync" [MS]
"{23261C32-73F9-41D1-9DEC-2BC25D1E4DF5}" -> launches: "C:\Windows\system32\pcalua.exe -a "C:\Users\Al-kc\Documents\برنامج سوني فيغاس\تعريب فيقاس 11.exe" -d "C:\Users\Al-kc\Documents\برنامج سوني فيغاس"" [MS]

C:\Windows\System32\Tasks\Apple
"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]

C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
"AD RMS Rights Policy Template Management (Manual)" -> launches: "{BF5CB148-7C77-4d8a-A53E-D81C70CF743C}"
-> {HKLM...CLSID} = "AD RMS Rights Policy Template Management (Manual) Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\msdrm.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
"AitAgent" -> launches: "aitagent" [MS]
"ProgramDataUpdater" -> launches: "%windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
"Proxy" -> launches: "%windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
"UninstallDeviceTask" -> launches: "BthUdTask.exe $(Arg0)" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
"SystemTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
-> {HKLM...CLSID} = "Certificate Services Client Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]
"UserTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
-> {HKLM...CLSID} = "Certificate Services Client Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
"Consolidator" -> launches: "%SystemRoot%\System32\wsqmcons.exe" [MS]
"KernelCeipTask" -> (HIDDEN!) launches: "{e7ed314f-2816-4c26-aeb5-54a34d02404c}"
-> {HKLM...CLSID} = "KernelCeipCustomHandler"
\InProcServer32\(Default) = "C:\Windows\System32\kernelceip.dll" [MS]
"UsbCeip" -> (HIDDEN!) launches: "{c27f6b1d-fe0b-45e4-9257-38799fa69bc8}"
-> {HKLM...CLSID} = "UsbCeip"
\InProcServer32\(Default) = "C:\Windows\System32\usbceip.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
"ScheduledDefrag" -> launches: "%windir%\system32\defrag.exe -c" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
"Scheduled" -> (HIDDEN!) launches: "{c1f85ef8-bcc2-4606-bb39-70c523715eb3}"
-> {HKLM...CLSID} = "ScheduledDiagnosticCustomHandler"
\InProcServer32\(Default) = "C:\Windows\System32\sdiagschd.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Location
"Notifications" -> launches: "%windir%\System32\LocationNotifications.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
"WinSAT" -> launches: "{A9A33436-678B-4C9C-A211-7CC38785E79D}"
-> {HKLM...CLSID} = "WinSAT Task Manger Task"
\InProcServer32\(Default) = "C:\Windows\system32\WinSATAPI.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
"ActivateWindowsSearch" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch" [MS]
"ConfigureInternetTimeService" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService" [MS]
"DispatchRecoveryTasks" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)" [MS]
"ehDRMInit" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DRMInit" [MS]
"InstallPlayReady" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)" [MS]
"mcupdate" -> launches: "%SystemRoot%\ehome\mcupdate $(Arg0)" [MS]
"MediaCenterRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask" [MS]
"ObjectStoreRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask" [MS]
"OCURActivate" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURActivate" [MS]
"OCURDiscovery" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)" [MS]
"PBDADiscovery" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery" [MS]
"PBDADiscoveryW1" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery" [MS]
"PBDADiscoveryW2" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery" [MS]
"PvrRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask" [MS]
"PvrScheduleTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -PvrSchedule" [MS]
"RegisterSearch" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)" [MS]
"ReindexSearchRoot" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot" [MS]
"SqlLiteRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask" [MS]
"UpdateRecordPath" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
"CorruptionDetector" -> (HIDDEN!) launches: "{190BA3F6-0205-4f46-B589-95C6822899D2}"
-> {HKLM...CLSID} = "MemoryDiagnosticCustomHandler"
\InProcServer32\(Default) = "C:\Windows\System32\memdiag.dll" [MS]
"DecompressionFailureDetector" -> (HIDDEN!) launches: "{190BA3F6-0205-4f46-B589-95C6822899D2}"
-> {HKLM...CLSID} = "MemoryDiagnosticCustomHandler"
\InProcServer32\(Default) = "C:\Windows\System32\memdiag.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
"HotStart" -> launches: "{06DA0625-9701-43da-BFD7-FBEEA2180A1E}"
-> {HKLM...CLSID} = "HotStart User Agent"
\InProcServer32\(Default) = "C:\Windows\System32\HotStartUserAgent.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MUI
"LPRemove" -> launches: "%windir%\system32\lpremove.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
"SystemSoundsService" -> launches: "{2DEA658F-54C1-4227-AF9B-260AB5FC3543}"
-> {HKLM...CLSID} = "Microsoft PlaySoundService Class"
\InProcServer32\(Default) = "C:\Windows\System32\PlaySndSrv.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
"GatherNetworkInfo" -> launches: "%windir%\system32\gatherNetworkInfo.vbs" [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
"AnalyzeSystem" -> launches: "%SystemRoot%\System32\powercfg.exe -energy -auto" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RAC
"RacTask" -> (HIDDEN!) launches: "{42060D27-CA53-41f5-96E4-B1E8169308A6}"
-> {HKLM...CLSID} = "ReliabilityAnalysisCustomHandler"
\InProcServer32\(Default) = "C:\Windows\system32\RacEngn.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Ras
"MobilityManager" -> launches: "{c463a0fc-794f-4fdf-9201-01938ceacafa}"
-> {HKLM...CLSID} = "RasMobilityManager"
\InProcServer32\(Default) = "C:\Windows\system32\rasmbmgr.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Registry
"RegIdleBackup" -> (HIDDEN!) launches: "{ca767aa8-9157-4604-b64b-40747123d5f2}"
-> {HKLM...CLSID} = "RegistryIdleBackupHandler"
\InProcServer32\(Default) = "C:\Windows\System32\regidle.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
"RemoteAssistanceTask" -> (HIDDEN!) launches: "%windir%\system32\RAServer.exe /offerraupdate" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
"GadgetManager" -> launches: "{FF87090D-4A9A-4f47-879B-29A80C355D61}"
-> {HKLM...CLSID} = "GadgetsManager Class"
\InProcServer32\(Default) = "C:\Windows\System32\AuxiliaryDisplayServices.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
"SR" -> launches: "%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TabletPC
"InputPersonalization" -> launches: "%CommonProgramFiles%\Microsoft Shared\Ink\InputPersonalization.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
"Interactive" -> (HIDDEN!) launches: "{855fec53-d2e4-4999-9e87-3414e9cf0ff4}"
-> {HKLM...CLSID} = "RunTask"
\InProcServer32\(Default) = "C:\Windows\system32\wdc.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
"IpAddressConflict1" -> launches: "%windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem" [MS]
"IpAddressConflict2" -> launches: "%windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
"MsCtfMonitor" -> (HIDDEN!) launches: "{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}"
-> {HKLM...CLSID} = "MsCtfMonitor task handler"
\InProcServer32\(Default) = "C:\Windows\system32\MsCtfMonitor.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
"SynchronizeTime" -> launches: "%windir%\system32\sc.exe start w32time task_started" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
"UPnPHostConfig" -> launches: "sc.exe config upnphost start= auto" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI
"ResolutionHost" -> (HIDDEN!) launches: "{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}"
-> {HKLM...CLSID} = "DiagnosticInfrastructureCustomHandler"
\InProcServer32\(Default) = "C:\Windows\System32\wdi.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
"QueueReporting" -> launches: "%windir%\system32\wermgr.exe -queuereporting" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
"BfeOnServiceStartTypeChange" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
"UpdateLibrary" -> launches: ""%ProgramFiles%\Windows Media Player\wmpnscfg.exe"" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup
"ConfigNotification" -> launches: "%systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows Defender
"MP Scheduled Scan" -> (HIDDEN!) launches: "c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan" [MS]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]
000000000005\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000006\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000007\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Inc."]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 26

Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\

{555D4D79-4BD2-4094-A395-CFC534424A05}\(Default) = (no title provided)
-> {HKLM...CLSID} = "HP Smart Web Printing"
\InProcServer32\(Default) = "C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll" ["Hewlett-Packard Co."]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

{555D4D79-4BD2-4094-A395-CFC534424A05}\(Default) = (no title provided)
-> {HKLM...CLSID} = "HP Smart Web Printing"
\InProcServer32\(Default) = "C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll" ["Hewlett-Packard Co."]

HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{09A10376-994C-4BBF-9121-F50CF7BA237E}\
"ButtonText" = "Virtual Keyboard"
"CLSIDExtension" = "{F2A56BFE-7911-451A-BC74-A9C3C2E95126}"
-> {HKLM...CLSID} = "VirtualKeyboardToolbarButtonHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll" ["Kaspersky Lab ZAO"]

{2670000A-7350-4F3C-8081-5663EE0C6C49}\
"ButtonText" = "إرسال إلى OneNote"
"MenuText" = "إر&سال إلى OneNote"
"CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}"
-> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll" [MS]

{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\
"ButtonText" = "ملاحظات OneNote الم&رتبطة"
"MenuText" = "ملاحظات OneNote الم&رتبطة"
"CLSIDExtension" = "{FFFDC614-B694-4AE6-AB38-5D6374584B52}"
-> {HKLM...CLSID} = "Linked Notes button"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll" [MS]

{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\
"ButtonText" = "Skype Click to Call settings"
"CLSIDExtension" = "{898EA8C8-E7FF-479B-8935-AEC46303B9E5}"
-> {HKLM...CLSID} = "Skype Click to Call settings"
\InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" [MS]

{CCA281CA-C863-46EF-9331-5C8D4460577F}\
"ButtonText" = "@btrez.dll,-4015"
"MenuText" = "@btrez.dll,-12650"
"Script" = "C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm" [null data]

{DDE87865-83C5-48C4-8357-2F5B1AA84522}\
"ButtonText" = "Show or hide HP Smart Web Printing"
"CLSIDExtension" = "{DDE87865-83C5-48c4-8357-2F5B1AA84522}"
-> {HKLM...CLSID} = "ClipBookBtn Class"
\InProcServer32\(Default) = "C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll" ["Hewlett-Packard Co."]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

خدمة iPod , iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Inc."]
ActivControl, ActivControl, ""C:\Program Files\Activ Software\ActivDriver\ActivControlsvc.exe"" ["Promethean"]
Apple Mobile Device, Apple Mobile Device, ""C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"" ["Apple Inc."]
Bluetooth Service, btwdins, "C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe" ["Broadcom Corporation."]
Bonjour Service, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Inc."]
Cyberlink RichVideo Service(CRVS), RichVideo, ""C:\Program Files\CyberLink\Shared Files\RichVideo.exe"" [empty string]
HP LaserJet Professional M1210 MFP Series Receive Fax Service, HPM1210RcvFaxSrvc, "C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe" ["HP"]
HP SI Service, HPSIService, "C:\Windows\system32\HPSIsvc.exe" ["HP"]
hpqcxs08, hpqcxs08, "C:\Windows\system32\svchost.exe -k hpdevmgmt" {"C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll" ["Hewlett-Packard Co."]}
Net Driver HPZ12, Net Driver HPZ12, "C:\Windows\System32\svchost.exe -k HPZ12" {"C:\Windows\system32\HPZinw12.dll" ["Hewlett-Packard"]}
Office Software Protection Platform, osppsvc, ""C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"" [MS]
Pml Driver HPZ12, Pml Driver HPZ12, "C:\Windows\System32\svchost.exe -k HPZ12" {"C:\Windows\system32\HPZipm12.dll" ["Hewlett-Packard"]}
Response Hardware, Response Hardware, ""C:\Program Files\SMART Technologies\Education Software\ResponseHardwareService.exe"" ["SMART Technologies ULC"]
Skype Click to Call PNR Service, c2cpnrsvc, ""C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service" [MS]
Skype Click to Call Updater, c2cautoupdatesvc, ""C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service" [MS]
SMART Helper Service, SMARTHelperService, ""C:\Program Files\SMART Technologies\Education Software\SMARTHelperService.exe"" ["SMART Technologies"]
خدمة HP CUE DeviceDiscovery (الكشف على أجهزة CUE لـ HP), hpqddsvc, "C:\Windows\system32\svchost.exe -k hpdevmgmt" {"C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll" ["Hewlett-Packard Co."]}

Keyboard Driver Filters:
------------------------

HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\
<<!>> "UpperFilters" = <<!>> "klkbdflt" ["Kaspersky Lab ZAO"],<<!>> "kbdclass" [MS]

Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
HPM1210LM\Driver = "HPM1210LM.DLL" [null data]
SMART Local Port\Driver = "C:\Windows\system32\smrtlocalmon.dll" ["SMART Technologies ULC"]
منفذ طابعة Bluetooth\Driver = "bthcrp.dll" ["Broadcom Corporation."]

---------- (launch time: 2014-12-06 20:09:46)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 58 seconds, including 18 seconds for message boxes)

Um Bandar · 6 ديسمبر 2014

من يعطيني اعدادات الكاسبر حتى يخف علي الجهاز

Mr.AzOz · 6 ديسمبر 2014

um bander قال:
من يعطيني اعدادات الكاسبر حتى يخف علي الجهاز

أخوي سبق ان قلت لك ..
الكاسبر معروف بثقله حتى ان استخدمت اعدادات ..
ربما تخفف الثقل شيء بسيط فقط , ولكن راح يبقى الثقل ..

بما أن جهازك نظيف وانت تريد اعدادات للكاسبر ..
سيتم نقل موضوعك لـ
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
..

أن شاء الله تجد الأخوان يساعدونك هناا ..
بالتوفيق !

Um Bandar · 6 ديسمبر 2014

جزاك الله خيرا

Um Bandar · 7 ديسمبر 2014

للرفع أريد إعدادات الكاسبر أرجوكم
ومشكلة الأوفيس هنا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

أحمد بدر الدين · 10 ديسمبر 2014

هل تمت الافاده

Um Bandar · 11 ديسمبر 2014

لا لم اجد الإفادة خاصة ان
الكاسبر لا يحمل fall scan خليته فوق 5 الساعات وفي الأخير 1 %

طلب جهازي ثقيل بعد تحميل الكاسبر 2015

Um Bandar

زيزوومى مميز

Mr.AzOz

زيزوومي ماسى

توقيع : Mr.AzOz

Um Bandar

زيزوومى مميز

Um Bandar

زيزوومى مميز

Um Bandar

زيزوومى مميز

Mr.AzOz

زيزوومي ماسى

توقيع : Mr.AzOz

Um Bandar

زيزوومى مميز

Um Bandar

زيزوومى مميز

Um Bandar

زيزوومى مميز

Um Bandar

زيزوومى مميز

Mr.AzOz

زيزوومي ماسى

توقيع : Mr.AzOz

Um Bandar

زيزوومى مميز

Um Bandar

زيزوومى مميز

أحمد بدر الدين

زيزوومي VIP

Um Bandar

زيزوومى مميز