تم حل المشكلة محتاج اعمل نسخة احتياطية للملفات " باك اب "

انا بابا يلا · 17 يوليو 2014

السلام عليكم ورحمة الله وبركاته
يارب الجميع بخير
وتعود علينا الايام ب الخير
انا محتاج اعمل باك اب لملفات الويندوز بحيث عند حودث اى مشكلة بجهازى استعيدها
فمحتاج احد يساعدنى والله يجزاه الخير بتحليل التقارير للجهاز للتاكد من سلامة الجهاز قبل البدء فى عمل النسخ الاحتياطى للويندوز
سيتم ارفاق التقارير

انا بابا يلا · 17 يوليو 2014

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 05:24:37 ص, on 17/07/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17207)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe
C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe
C:\Program Files (x86)\TechSmith\Snagit 12\SnagPriv.exe
C:\Program Files (x86)\TechSmith\Snagit 12\TSCHelp.exe
C:\Program Files (x86)\TechSmith\Snagit 12\snagiteditor.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
C:\Program Files (x86)\Ad Muncher\AdMunch.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Glary Utilities 5\SoftwareUpdate.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
D:\Pro\runscanner.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Zyzoom_Forum_Tools\zyzoom.exe
C:\Zyzoom_Forum_Tools\zHijak.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files (x86)\Ad Muncher\AdMunch.exe" /bt
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-21-408805599-1616170544-1016358918-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot (User '?')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\ie_banner_deny.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office15\EXCEL.EXE/3000
O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Kaspersky Anti-Virus Service 15.0.0 (AVP15.0.0) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: خدمة Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: خدمة Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ma-Config Agent (MaConfigAgent) - Unknown owner - C:\Program Files\ma-config.com\MaConfigAgent.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11836 bytes

انا بابا يلا · 17 يوليو 2014

"Silent Runners.vbs", revision 61,

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

Operating System: Windows 7 SP1
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"IDMan" = "C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot" ["Tonec Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Ad Muncher" = ""C:\Program Files (x86)\Ad Muncher\AdMunch.exe" /bt" ["Murray Hurps Software Pty Ltd"]
"StartCCC" = ""C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun" ["Advanced Micro Devices, Inc."]
"AMD AVT" = "Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml" [MS]
"Adobe ARM" = ""C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"" ["Adobe Systems Incorporated"]
"SwitchBoard" = "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" ["Adobe Systems Incorporated"]
"AdobeCS5.5ServiceManager" = ""C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin" ["Adobe Systems Incorporated"]
"SunJavaUpdateSched" = ""C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"" ["Oracle Corporation"]

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
{8A69D345-D564-463c-AFF1-A69D9E530F96}\(Default) = "Google Chrome"
\StubPath = ""C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome" ["Google Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{0055C089-8582-441B-A0BF-17B458C2A3A8}\(Default) = "IDM Helper"
-> {HKLM...CLSID} = "IDM integration (IDMIEHlprObj Class)"
\InProcServer32\(Default) = "C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll" ["Internet Download Manager, Tonec Inc."]

{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}\(Default) = "ContentBlockerBrowserHelperObject"
-> {HKLM...CLSID} = "Content Blocker Plugin"
\InProcServer32\(Default) = "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll" ["Kaspersky Lab ZAO"]

{73455575-E40C-433C-9784-C78DC7761455}\(Default) = "VirtualKeyboardBrowserHelperObject"
-> {HKLM...CLSID} = "Virtual Keyboard Plugin"
\InProcServer32\(Default) = "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll" ["Kaspersky Lab ZAO"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Java(tm) Plug-In SSV Helper"
\InProcServer32\(Default) = "C:\Program Files (x86)\Java\jre7\bin\ssv.dll" ["Oracle Corporation"]

{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}\(Default) = "Safe Money Plugin"
-> {HKLM...CLSID} = "Safe Money Plugin"
\InProcServer32\(Default) = "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll" ["Kaspersky Lab ZAO"]

{B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = "URLRedirectionBHO"
-> {HKLM...CLSID} = "Office Document Cache Handler"
\InProcServer32\(Default) = "C:\PROGRA~2\MICROS~2\Office15\URLREDIR.DLL" [MS]

{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Microsoft SkyDrive Pro Browser Helper"
\InProcServer32\(Default) = "C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL" [MS]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper"
\InProcServer32\(Default) = "C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll" ["Oracle Corporation"]

{E33CF602-D945-461A-83F0-819F76A199F8}\(Default) = "link filter bho"
-> {HKLM...CLSID} = "URL Advisor Plugin"
\InProcServer32\(Default) = "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll" ["Kaspersky Lab ZAO"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

SkyDrivePro1 (ErrorConflict)\(Default) = "{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
-> {HKLM...CLSID} = "Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict)"
\InProcServer32\(Default) = "C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL" [MS]

SkyDrivePro2 (SyncInProgress)\(Default) = "{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
-> {HKLM...CLSID} = "Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress)"
\InProcServer32\(Default) = "C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL" [MS]

SkyDrivePro3 (InSync)\(Default) = "{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
-> {HKLM...CLSID} = "Microsoft SkyDrive Pro Icon Overlay 3 (InSync)"
\InProcServer32\(Default) = "C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Program Files (x86)\7-Zip\7-zip.dll" ["Igor Pavlov"]

"{BD8BB16E-84EC-485E-8F58-9BD1FEFB8EE2}" = "Scan with Kaspersky Anti-Virus"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\shellex.dll" ["Kaspersky Lab ZAO"]

"{8BA85C75-763B-4103-94EB-9470F12FE0F7}" = "Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict)"
-> {HKLM...CLSID} = "Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict)"
\InProcServer32\(Default) = "C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL" [MS]

"{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" = "Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress)"
-> {HKLM...CLSID} = "Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress)"
\InProcServer32\(Default) = "C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL" [MS]

"{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" = "Microsoft SkyDrive Pro Icon Overlay 3 (InSync)"
-> {HKLM...CLSID} = "Microsoft SkyDrive Pro Icon Overlay 3 (InSync)"
\InProcServer32\(Default) = "C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL" [MS]

"{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}" = "Microsoft SkyDrive Pro Browser Helper"
-> {HKLM...CLSID} = "Microsoft SkyDrive Pro Browser Helper"
\InProcServer32\(Default) = "C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL" [MS]

"{DB19096C-5365-4164-A246-59FEFF9D8062}" = "Nameext"
-> {HKLM...CLSID} = "مشاريع المؤسسة"
\InProcServer32\(Default) = "C:\Program Files (x86)\Microsoft Office\Office15\NAMEEXT.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files (x86)\Microsoft Office\Office15\OLKFSTUB.DLL" [MS]

"{CF74B903-3389-469c-B3B6-0204D204FCBD}" = "SnagIt Shell Extension"
-> {HKLM...CLSID} = "SnagItShellExt Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\TechSmith\Snagit 12\SnagitShellExt.dll" ["TechSmith Corporation"]

"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\msoshext.dll" [MS]

"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\msoshext.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
<<!>> "Userinit" = "userinit.exe" [MS]

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"|"BootDefrag.exe" [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\

{503739d0-4c5e-4cfd-b3ba-d881334f0df2}\(Default) = "VaultCredProvider"
-> {HKLM...CLSID} = "VaultCredProvider"
\InProcServer32\(Default) = "C:\Windows\System32\VaultCredProvider.dll" [file not found]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807583E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

<<!>> about\CLSID = "{3050F406-98B5-11CF-BB82-00AA00BDCE0B}"
-> {HKLM...CLSID} = "Microsoft HTML About Pluggable Protocol"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\mshtml.dll" [MS]

<<!>> cdl\CLSID = "{3dd53d40-7b8b-11D0-b013-00aa0059ce02}"
-> {HKLM...CLSID} = "CDL: Asychronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\urlmon.dll" [MS]

<<!>> dvd\CLSID = "{12D51199-0DB5-46FE-A120-47A3D7D937CC}"
-> {HKLM...CLSID} = "DVD: Pluggable Protocol"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\msvidctl.dll" [MS]

<<!>> file\CLSID = "{79eac9e7-baf9-11ce-8c82-00aa004ba90b}"
-> {HKLM...CLSID} = "file:, local: Asychronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\urlmon.dll" [MS]

<<!>> ftp\CLSID = "{79eac9e3-baf9-11ce-8c82-00aa004ba90b}"
-> {HKLM...CLSID} = "ftp: Asychronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\urlmon.dll" [MS]

<<!>> http\CLSID = "{79eac9e2-baf9-11ce-8c82-00aa004ba90b}"
-> {HKLM...CLSID} = "http: Asychronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\urlmon.dll" [MS]

<<!>> https\CLSID = "{79eac9e5-baf9-11ce-8c82-00aa004ba90b}"
-> {HKLM...CLSID} = "https: Asychronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\urlmon.dll" [MS]

<<!>> javascript\CLSID = "{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}"
-> {HKLM...CLSID} = "Microsoft HTML Javascript Pluggable Protocol"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\mshtml.dll" [MS]

<<!>> local\CLSID = "{79eac9e7-baf9-11ce-8c82-00aa004ba90b}"
-> {HKLM...CLSID} = "file:, local: Asychronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\urlmon.dll" [MS]

<<!>> mailto\CLSID = "{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}"
-> {HKLM...CLSID} = "Microsoft HTML Mailto Pluggable Protocol"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\mshtml.dll" [MS]

<<!>> mk\CLSID = "{79eac9e6-baf9-11ce-8c82-00aa004ba90b}"
-> {HKLM...CLSID} = "mk: Asychronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\urlmon.dll" [MS]

<<!>> osf\CLSID = "{D924BDC6-C83A-4BD5-90D0-095128A113D1}"
-> {HKLM...CLSID} = "Protocol Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL" [MS]

<<!>> res\CLSID = "{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}"
-> {HKLM...CLSID} = "Microsoft HTML Resource Pluggable Protocol"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\mshtml.dll" [MS]

<<!>> tv\CLSID = "{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}"
-> {HKLM...CLSID} = "TV: Pluggable Protocol"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\msvidctl.dll" [MS]

<<!>> vbscript\CLSID = "{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}"
-> {HKLM...CLSID} = "Microsoft HTML Javascript Pluggable Protocol"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\mshtml.dll" [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Program Files (x86)\7-Zip\7-zip.dll" ["Igor Pavlov"]

Kaspersky Anti-Virus 15.0.0\(Default) = "{BD8BB16E-84EC-485E-8F58-9BD1FEFB8EE2}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\shellex.dll" ["Kaspersky Lab ZAO"]

SnagItMainShellExt\(Default) = "{CF74B903-3389-469c-B3B6-0204D204FCBD}"
-> {HKLM...CLSID} = "SnagItShellExt Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\TechSmith\Snagit 12\SnagitShellExt.dll" ["TechSmith Corporation"]

WinRAR32\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext32.dll" ["Alexander Roshal"]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Program Files (x86)\7-Zip\7-zip.dll" ["Igor Pavlov"]

Kaspersky Anti-Virus 15.0.0\(Default) = "{BD8BB16E-84EC-485E-8F58-9BD1FEFB8EE2}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\shellex.dll" ["Kaspersky Lab ZAO"]

SnagItMainShellExt\(Default) = "{CF74B903-3389-469c-B3B6-0204D204FCBD}"
-> {HKLM...CLSID} = "SnagItShellExt Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\TechSmith\Snagit 12\SnagitShellExt.dll" ["TechSmith Corporation"]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Program Files (x86)\7-Zip\7-zip.dll" ["Igor Pavlov"]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

Kaspersky Anti-Virus 15.0.0\(Default) = "{BD8BB16E-84EC-485E-8F58-9BD1FEFB8EE2}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\shellex.dll" ["Kaspersky Lab ZAO"]

WinRAR32\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext32.dll" ["Alexander Roshal"]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

WinRAR32\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext32.dll" ["Alexander Roshal"]

Default executables:
--------------------

HKLM\SOFTWARE\Classes\.hta\(Default) = "htafile"
<<!>> HKLM\SOFTWARE\Classes\htafile\shell\open\command\(Default) = "C:\Windows\SysWOW64\mshta.exe "%1" %*" [MS]

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"ClearRecentDocsOnExit" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoActiveDesktop" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoActiveDesktopChanges" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"ForceActiveDesktopOn" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"ConsentPromptBehaviorAdmin" = (REG_DWORD) dword:0x00000002
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Users\Nader\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg"

Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\Windows\system32\scrnsave.scr" [MS]

Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

BridgeCS5.1ImportMediaOnArrival\
"Provider" = "Adobe Bridge CS5.1"
"InvokeProgID" = "Adobe.adobebridgeCS5.1"
"InvokeVerb" = "launch"
HKLM\SOFTWARE\Classes\Adobe.adobebridgeCS5.1\shell\launch\command\(Default) = "C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\bridgeproxy.exe -v %1" ["Adobe Systems, Inc."]

BridgeCS5.1NonVolumeHandler\
"Provider" = "Adobe Bridge CS5.1"
"ProgID" = "Adobe.adobebridgeMTP_1"
HKLM\SOFTWARE\Classes\Adobe.adobebridgeMTP_1\CLSID\(Default) = "{1E6C711B-6D70-4a65-8AB6-745DC19BE2A6}"
-> {HKLM...CLSID} = "Adobe Bridge CS5.1"
\LocalServer32\(Default) = "C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\bridgeproxy.exe -m" ["Adobe Systems, Inc."]

WinampMTPHandler\
"Provider" = "Winamp"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = "C:\Program Files (x86)\Winamp\winamp.exe"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "Shell Execute Hardware Event Handler"
\LocalServer32\(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

WinampPlayMediaOnArrival\
"Provider" = "Winamp"
"InvokeProgID" = "Winamp.File"
"InvokeVerb" = "Play"
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Program Files (x86)\Winamp\winamp.exe" "%1"" ["Nullsoft, Inc."]
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}"
-> {HKLM...CLSID} = (no title provided)
\LocalServer32\(Default) = ""C:\Program Files (x86)\Winamp\winamp.exe"" ["Nullsoft, Inc."]

ZPPlayDriveOnArrival\
"Provider" = "Zoom Player"
"InvokeProgID" = "ZP.OpenDrive"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\ZP.OpenDrive\shell\open\command\(Default) = ""C:\Program Files (x86)\Zoom Player\zplayer.exe" "/opendrive:%L"" ["Inmatrix LTD"]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000005\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000006\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 10

Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{0C4CC089-D306-440D-9772-464E226F6539}\
"ButtonText" = "Virtual Keyboard"
"CLSIDExtension" = "{0BA14598-4178-4CE5-B1F1-B5C6408A3F2E}"
-> {HKLM...CLSID} = "VirtualKeyboardToolbarButtonHandler Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll" ["Kaspersky Lab ZAO"]

{CCF151D8-D089-449F-A5A4-D9909053F20F}\
"ButtonText" = "URLs check"
"CLSIDExtension" = "{CCF151D8-D089-449F-A5A4-D9909053F20F}"
-> {HKLM...CLSID} = "FilterButtonHandler Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll" ["Kaspersky Lab ZAO"]

Miscellaneous IE Hijack Points
------------------------------

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\
<<H>> "InPrivate" = "res://ieframe.dll/inprivate_win7.htm" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Adobe Acrobat Update Service, AdobeARMservice, ""C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"" ["Adobe Systems Incorporated"]
AMD External Events Utility, AMD External Events Utility, "C:\Windows\system32\atiesrxx.exe" [file not found]
Application Experience, AeLookupSvc, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\System32\aelupsvc.dll" [file not found]}
Application Information, Appinfo, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\System32\appinfo.dll" [file not found]}
Background Intelligent Transfer Service, BITS, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\qmgr.dll" [file not found]}
Base Filtering Engine, BFE, "C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork" {"C:\Windows\System32\bfe.dll" [file not found]}
CNG Key Isolation, KeyIso, "C:\Windows\system32\lsass.exe" [file not found]
DCOM Server Process Launcher, DcomLaunch, "C:\Windows\system32\svchost.exe -k DcomLaunch" {"C:\Windows\system32\rpcss.dll" [file not found]}
Desktop Window Manager Session Manager, UxSms, "C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\uxsms.dll" [file not found]}
Diagnostic Policy Service, DPS, "C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork" {"C:\Windows\system32\dps.dll" [file not found]}
Distributed Link Tracking Client, TrkWks, "C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\trkwks.dll" [file not found]}
DNS Client, Dnscache, "C:\Windows\system32\svchost.exe -k NetworkService" {"C:\Windows\System32\dnsrslvr.dll" [file not found]}
Function Discovery Provider Host, fdPHost, "C:\Windows\system32\svchost.exe -k LocalService" {"C:\Windows\system32\fdPHost.dll" [file not found]}
Function Discovery Resource Publication, FDResPub, "C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation" {"C:\Windows\system32\fdrespub.dll" [file not found]}
Group Policy Client, gpsvc, "C:\Windows\system32\svchost.exe -k GPSvcGroup" {"C:\Windows\System32\gpsvc.dll" [file not found]}
HomeGroup Listener, HomeGroupListener, "C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\system32\ListSvc.dll" [file not found]}
IKE and AuthIP IPsec Keying Modules, IKEEXT, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\System32\ikeext.dll" [file not found]}
IP Helper, iphlpsvc, "C:\Windows\System32\svchost.exe -k NetSvcs" {"C:\Windows\System32\iphlpsvc.dll" [file not found]}
IPsec Policy Agent, PolicyAgent, "C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted" {"C:\Windows\System32\ipsecsvc.dll" [file not found]}
Kaspersky Anti-Virus Service 15.0.0, AVP15.0.0, ""C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe" -r" ["Kaspersky Lab ZAO"]
Ma-Config Agent, MaConfigAgent, ""C:\Program Files\ma-config.com\MaConfigAgent.exe"" ["CybelSoft"]
MBAMScheduler, MBAMScheduler, ""C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"" ["Malwarebytes Corporation"]
MBAMService, MBAMService, ""C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"" ["Malwarebytes Corporation"]
Multimedia Class Scheduler, MMCSS, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\system32\mmcss.dll" [file not found]}
Network Connections, Netman, "C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\netman.dll" [file not found]}
Network Location Awareness, NlaSvc, "C:\Windows\System32\svchost.exe -k NetworkService" {"C:\Windows\System32\nlasvc.dll" [file not found]}
Network Store Interface Service, nsi, "C:\Windows\system32\svchost.exe -k LocalService" {"C:\Windows\system32\nsisvc.dll" [file not found]}
Offline Files, CscService, "C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\cscsvc.dll" [file not found]}
Peer Name Resolution Protocol, PNRPsvc, "C:\Windows\System32\svchost.exe -k LocalServicePeerNet" {"C:\Windows\system32\pnrpsvc.dll" [file not found]}
Peer Networking Grouping, p2psvc, "C:\Windows\System32\svchost.exe -k LocalServicePeerNet" {"C:\Windows\system32\p2psvc.dll" [file not found]}
Peer Networking Identity Manager, p2pimsvc, "C:\Windows\System32\svchost.exe -k LocalServicePeerNet" {"C:\Windows\system32\pnrpsvc.dll" [file not found]}
Plug and Play, PlugPlay, "C:\Windows\system32\svchost.exe -k DcomLaunch" {"C:\Windows\system32\umpnpmgr.dll" [file not found]}
Power, Power, "C:\Windows\system32\svchost.exe -k DcomLaunch" {"C:\Windows\system32\umpo.dll" [file not found]}
Print Spooler, Spooler, "C:\Windows\System32\spoolsv.exe" [file not found]
Program Compatibility Assistant Service, PcaSvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\pcasvc.dll" [file not found]}
Remote Procedure Call (RPC), RpcSs, "C:\Windows\system32\svchost.exe -k rpcss" {"C:\Windows\system32\rpcss.dll" [file not found]}
RPC Endpoint Mapper, RpcEptMapper, "C:\Windows\system32\svchost.exe -k RPCSS" {"C:\Windows\System32\RpcEpMap.dll" [file not found]}
Security Accounts Manager, SamSs, "C:\Windows\system32\lsass.exe" [file not found]
Security Center, wscsvc, "C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted" {"C:\Windows\System32\wscsvc.dll" [file not found]}
Server, LanmanServer, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\system32\srvsvc.dll" [file not found]}
SSDP Discovery, SSDPSRV, "C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation" {"C:\Windows\System32\ssdpsrv.dll" [file not found]}
Superfetch, SysMain, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\system32\sysmain.dll" [file not found]}
Task Scheduler, Schedule, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\system32\schedsvc.dll" [file not found]}
TCP/IP NetBIOS Helper, lmhosts, "C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted" {"C:\Windows\System32\lmhsvc.dll" [file not found]}
TeamViewer 9, TeamViewer9, ""C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe"" ["TeamViewer GmbH"]
Themes, Themes, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\system32\themeservice.dll" [file not found]}
User Profile Service, ProfSvc, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\system32\profsvc.dll" [file not found]}
Windows Audio, AudioSrv, "C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted" {"C:\Windows\System32\Audiosrv.dll" [file not found]}
Windows Audio Endpoint Builder, AudioEndpointBuilder, "C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\Audiosrv.dll" [file not found]}
Windows Backup, SDRSVC, "C:\Windows\system32\svchost.exe -k SDRSVC" {"C:\Windows\System32\SDRSVC.dll" [file not found]}
Windows Defender, WinDefend, "C:\Windows\System32\svchost.exe -k secsvcs" {"C:\Program Files (x86)\Windows Defender\mpsvc.dll" [file not found]}
Windows Driver Foundation - User-mode Driver Framework, wudfsvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\WUDFSvc.dll" [file not found]}
Windows Event Log, eventlog, "C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted" {"C:\Windows\System32\wevtsvc.dll" [file not found]}
Windows Firewall, MpsSvc, "C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork" {"C:\Windows\system32\mpssvc.dll" [file not found]}
Windows Font Cache Service, FontCache, "C:\Windows\system32\svchost.exe -k LocalService" {"C:\Windows\system32\FntCache.dll" [file not found]}
Windows Image Acquisition (WIA), stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [file not found]}
Windows Management Instrumentation, Winmgmt, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\system32\wbem\WMIsvc.dll" [file not found]}
Windows Update, wuauserv, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\system32\wuaueng.dll" [file not found]}
Workstation, LanmanWorkstation, "C:\Windows\System32\svchost.exe -k NetworkService" {"C:\Windows\System32\wkssvc.dll" [file not found]}

Keyboard Driver Filters:
------------------------

HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\
<<!>> "UpperFilters" = <<!>> "klkbdflt" [file not found],<<!>> "kbdclass" [file not found]

Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Local Port\Driver = "localspl.dll" [file not found]
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [file not found]
Standard TCP/IP Port\Driver = "tcpmon.dll" [file not found]
USB Monitor\Driver = "usbmon.dll" [file not found]
WSD Port\Driver = "WSDMon.dll" [file not found]

---------- (launch time: 2014-07-17 05:27:10)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 61 seconds)

انا بابا يلا · 17 يوليو 2014

Error_log

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

Runscanner

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

انا بابا يلا · 17 يوليو 2014

ملف اعدادات الكاسبر

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

هل في الاعدادات اى شىء
انا محتاج اقصى حماية والوضع التلقائى

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

انا بابا يلا · 17 يوليو 2014

# AdwCleaner v3.215 - Report created 17/07/2014 at 05:56:14
# Updated 09/07/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Nader - NADER-PC
# Running from : C:\Users\Nader\Downloads\Programs\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AlawarWrapper
Folder Deleted : C:\Users\Public\Documents\AlawarWrapper
File Deleted : C:\Users\Nader\AppData\Roaming\Mozilla\Firefox\Profiles\3rx3tilq.default\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207

-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Nader\AppData\Roaming\Mozilla\Firefox\Profiles\3rx3tilq.default\prefs.js ]

-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Nader\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1100 octets] - [17/07/2014 05:55:22]
AdwCleaner[S0].txt - [1028 octets] - [17/07/2014 05:56:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1088 octets] ##########

انا بابا يلا · 17 يوليو 2014

"

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

انا بابا يلا · 17 يوليو 2014

Malwarebytes Anti-Malware

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

Scan Date: 17/07/2014
Scan Time: 05:20:49 ص
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.17.03
Rootkit Database: v2014.07.14.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Nader

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 281551
Time Elapsed: 15 min, 6 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.CrossRider.A, C:\Users\Nader\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcppakhbahnbmmkdmlkadccjfocbdbke, Quarantined, [492be8b7c0bbbb7b6718822262a0f30d],
PUP.Optional.CrossRider.A, C:\Users\Nader\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcppakhbahnbmmkdmlkadccjfocbdbke\0.1_0, Quarantined, [492be8b7c0bbbb7b6718822262a0f30d],

Files: 6
PUP.Optional.CrossRider.A, C:\Users\Nader\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcppakhbahnbmmkdmlkadccjfocbdbke\0.1_0\background.js, Quarantined, [492be8b7c0bbbb7b6718822262a0f30d],
PUP.Optional.CrossRider.A, C:\Users\Nader\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcppakhbahnbmmkdmlkadccjfocbdbke\0.1_0\bookmarklet.js, Quarantined, [492be8b7c0bbbb7b6718822262a0f30d],
PUP.Optional.CrossRider.A, C:\Users\Nader\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcppakhbahnbmmkdmlkadccjfocbdbke\0.1_0\icon-128.png, Quarantined, [492be8b7c0bbbb7b6718822262a0f30d],
PUP.Optional.CrossRider.A, C:\Users\Nader\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcppakhbahnbmmkdmlkadccjfocbdbke\0.1_0\icon-16.png, Quarantined, [492be8b7c0bbbb7b6718822262a0f30d],
PUP.Optional.CrossRider.A, C:\Users\Nader\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcppakhbahnbmmkdmlkadccjfocbdbke\0.1_0\icon-48.png, Quarantined, [492be8b7c0bbbb7b6718822262a0f30d],
PUP.Optional.CrossRider.A, C:\Users\Nader\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcppakhbahnbmmkdmlkadccjfocbdbke\0.1_0\manifest.json, Quarantined, [492be8b7c0bbbb7b6718822262a0f30d],

Physical Sectors: 0
(No malicious items detected)

(end)

White Man · 17 يوليو 2014

اخى حمل اداة

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

لايقاف نشاط الفيروسات قم بتشغيلها وانتظر الى ان تنتهى من ايقاف العمليات المشبوهة........
بعد ان تنتهى الاداة من عملها ستجد ملف txt على سطح المكتب يسمى rkill قم بفتح الملف وانسخ التقرير الذى بداخله ( لان المالوير بايت واجهته مشكلة فيروسات نشططة لم يستطع ايقافها ) واعد فحص المالويربايتس من جديد
ولى عودة مع باقى التقارير باذن الله

انا بابا يلا · 17 يوليو 2014

لالا يالغالى مستحيل فى فايروس الويندوز تو جديد هههههه

White Man · 17 يوليو 2014

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

rookit activity جرب ولن تخسر شئ

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

انا بابا يلا · 17 يوليو 2014

Rkill 2.6.7 by Lawrence Abrams (Grinler)

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

Program started at: 07/17/2014 08:35:07 PM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions could not be fixed. Use Hosts-perm.bat to fix permissions:

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

* HOSTS file entries found:

127.0.0.1 localhost
127.0.0.1 activation.cloud.techsmith.com

Program finished at: 07/17/2014 08:36:38 PM
Execution time: 0 hours(s), 1 minute(s), and 30 seconds(s)

White Man · 17 يوليو 2014

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

تمام لا توجد مشاكل

White Man · 18 يوليو 2014

هناك مشكلة فى تحميل تحديثات الويندوز لاصلاحها افعل الاتى

ولاصلاح مشكلة التحديث حملى برنامج

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

نسخة محمولة لا تحتاج تثبيت فقط قوم بفك الضغط عنه وتشغيله
اختر مركز الاصلاح و ثم بدء

وستظهر النافذة التالية اضغط unselect all وبعدها حدد repair windows update

وحمل الرن سكنر وطبق عليه التنظيف ( موجود في المرفقات )

وقم بعمل الاتى لتسريع الجهاز وتنظيفه من المخلفات
حمل اداة

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

r واعمل تنظيف من خلالها
+
نحمل برنامج wise care

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

ثم نثبته ونقوم بالتشغيل
وعمل فحص وتنظيف بواسطة الزر الرئيسي من واجهة البرنامج

ومن عند زر " توليف "
نضغط عليه ثم نضغط على زر " تحسين "
هذه الخطوه ننفذها بعد كل تشغيل للجهاز لكشف اي الخدمات اللازم تعطيلها لتحسين أداء الجهاز

...............

من نفس البرنامج نعمل الخطوتين
بشكل اسبوعي :
لتحسين وتسريع الجهاز

بعد ما يخلص
من نفس الواجهه نروح لــ إلغاء التجزئه
كما في الصوره التاليه ك

وباذن الله لا توجد مشاكل اخرى

White Man · 24 يوليو 2014

===
يـــغـــلـــق بــنـــاءً عــلـــى طــلـــب صــاحــبـــه
===

برنامج Avast Premium Security 24.12.9725 تفعيل بسيريال مدة 680 يوم​

زيزوومى مميز

توقيع : انا بابا يلا

زيزوومى مميز

توقيع : انا بابا يلا

زيزوومى مميز

توقيع : انا بابا يلا

زيزوومى مميز

توقيع : انا بابا يلا

زيزوومى مميز

توقيع : انا بابا يلا

زيزوومى مميز

توقيع : انا بابا يلا

زيزوومى مميز

توقيع : انا بابا يلا

زيزوومى مميز

توقيع : انا بابا يلا

إداري سابق

توقيع : White Man

زيزوومى مميز

توقيع : انا بابا يلا

إداري سابق

توقيع : White Man

زيزوومى مميز

توقيع : انا بابا يلا

إداري سابق

توقيع : White Man

إداري سابق

المرفقات

توقيع : White Man

إداري سابق

توقيع : White Man

برنامج Avast Premium Security 24.12.9725 تفعيل بسيريال مدة 680 يوم