سركسيان
زيزوومي نشيط
غير متصل
كيف ارجع الايكون الخاص بال C والd
- بادئ الموضوع سركسيان
- تاريخ البدء
- 1,633
فارس الملاك
زيزوومى محترف
غير متصل
عذرا ياغالي بنقله للقسم الانسب
حتى تلقى الدعم الافضل
تحياتي
فارس الملاك
توقيع : فارس الملاك
تأييد
0
السّاجد لله
زيزوومى فضى
- إنضم
- 15 مايو 2008
- المشاركات
- 6,854
- مستوى التفاعل
- 108
- النقاط
- 850
- الإقامة
- بغداد انتي في دمي
- الموقع الالكتروني
- www.tvquran.com
غير متصل
متى ظهرت المشكلة بالضبط يعني قبل كم يوم
توقيع : السّاجد لله
تأييد
0
سركسيان
زيزوومي نشيط
غير متصل
صورة البرنامج
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
تأييد
0
السّاجد لله
زيزوومى فضى
- إنضم
- 15 مايو 2008
- المشاركات
- 6,854
- مستوى التفاعل
- 108
- النقاط
- 850
- الإقامة
- بغداد انتي في دمي
- الموقع الالكتروني
- www.tvquran.com
غير متصل
أظهر الملفات المخفية
افتح القسم صاحب المشكلة وابحث عن الملف التالي
[FONT=Arial,Helvetica,Geneva,Sans-serif]Autorun.inf[/FONT]
[FONT=Arial,Helvetica,Geneva,Sans-serif]نضغط عليه بيمين الماوس ونحذفه [/FONT]
[FONT=Arial,Helvetica,Geneva,Sans-serif]ثم نعيد التشغيل [/FONT]
توقيع : السّاجد لله
تأييد
0
السّاجد لله
زيزوومى فضى
- إنضم
- 15 مايو 2008
- المشاركات
- 6,854
- مستوى التفاعل
- 108
- النقاط
- 850
- الإقامة
- بغداد انتي في دمي
- الموقع الالكتروني
- www.tvquran.com
غير متصل
الحل الثاني
اتبع هذه الطريقة
[FONT=Arial,Helvetica,Geneva,Sans-serif]اذهب إلى [/FONT]
[FONT=Arial,Helvetica,Geneva,Sans-serif]إبدأ start[/FONT]
[FONT=Arial,Helvetica,Geneva,Sans-serif]تشغيل RUN[/FONT]
[FONT=Arial,Helvetica,Geneva,Sans-serif]اكتب الأمر التالي regedit ثم موافق[/FONT]
[FONT=Arial,Helvetica,Geneva,Sans-serif]تتبع هذا المسار[/FONT]
[FONT=Arial,Helvetica,Geneva,Sans-serif]HKEY_LOCAL_MACHINE[/FONT]
[FONT=Arial,Helvetica,Geneva,Sans-serif]SOFTWARE[/FONT]
[FONT=Arial,Helvetica,Geneva,Sans-serif]Microsoft [/FONT]
[FONT=Arial,Helvetica,Geneva,Sans-serif]Windows[/FONT]
[FONT=Arial,Helvetica,Geneva,Sans-serif]CurrentVersion [/FONT]
[FONT=Arial,Helvetica,Geneva,Sans-serif]Explorer[/FONT]
[FONT=Arial,Helvetica,Geneva,Sans-serif]DriveIcons[/FONT]
[FONT=Arial,Helvetica,Geneva,Sans-serif]من جهة اليمين أحذف هذا المفتاح[/FONT]
[FONT=Arial,Helvetica,Geneva,Sans-serif]drive[/FONT]
[FONT=Arial,Helvetica,Geneva,Sans-serif]وقم بتتبع المسار التالي[/FONT]
[FONT=Arial,Helvetica,Geneva,Sans-serif]HKEY_CLASSES_ROOT [/FONT]
[FONT=Arial,Helvetica,Geneva,Sans-serif]Applications[/FONT]
[FONT=Arial,Helvetica,Geneva,Sans-serif]explorer.exe[/FONT]
[FONT=Arial,Helvetica,Geneva,Sans-serif]Drives[/FONT]
[FONT=Arial,Helvetica,Geneva,Sans-serif]من جهة اليمين أحذف هذا المفتاح[/FONT]
[FONT=Arial,Helvetica,Geneva,Sans-serif][FONT=Arial,Helvetica,Geneva,Sans-serif]drive[/FONT][/FONT]
اتبع هذه الطريقة
[FONT=Arial,Helvetica,Geneva,Sans-serif]اذهب إلى [/FONT]
[FONT=Arial,Helvetica,Geneva,Sans-serif]إبدأ start[/FONT]
[FONT=Arial,Helvetica,Geneva,Sans-serif]تشغيل RUN[/FONT]
[FONT=Arial,Helvetica,Geneva,Sans-serif]اكتب الأمر التالي regedit ثم موافق[/FONT]
[FONT=Arial,Helvetica,Geneva,Sans-serif]تتبع هذا المسار[/FONT]
[FONT=Arial,Helvetica,Geneva,Sans-serif]HKEY_LOCAL_MACHINE[/FONT]
[FONT=Arial,Helvetica,Geneva,Sans-serif]SOFTWARE[/FONT]
[FONT=Arial,Helvetica,Geneva,Sans-serif]Microsoft [/FONT]
[FONT=Arial,Helvetica,Geneva,Sans-serif]Windows[/FONT]
[FONT=Arial,Helvetica,Geneva,Sans-serif]CurrentVersion [/FONT]
[FONT=Arial,Helvetica,Geneva,Sans-serif]Explorer[/FONT]
[FONT=Arial,Helvetica,Geneva,Sans-serif]DriveIcons[/FONT]
[FONT=Arial,Helvetica,Geneva,Sans-serif]من جهة اليمين أحذف هذا المفتاح[/FONT]
[FONT=Arial,Helvetica,Geneva,Sans-serif]drive[/FONT]
[FONT=Arial,Helvetica,Geneva,Sans-serif]وقم بتتبع المسار التالي[/FONT]
[FONT=Arial,Helvetica,Geneva,Sans-serif]HKEY_CLASSES_ROOT [/FONT]
[FONT=Arial,Helvetica,Geneva,Sans-serif]Applications[/FONT]
[FONT=Arial,Helvetica,Geneva,Sans-serif]explorer.exe[/FONT]
[FONT=Arial,Helvetica,Geneva,Sans-serif]Drives[/FONT]
[FONT=Arial,Helvetica,Geneva,Sans-serif]من جهة اليمين أحذف هذا المفتاح[/FONT]
[FONT=Arial,Helvetica,Geneva,Sans-serif][FONT=Arial,Helvetica,Geneva,Sans-serif]drive[/FONT][/FONT]
توقيع : السّاجد لله
تأييد
0
السّاجد لله
زيزوومى فضى
- إنضم
- 15 مايو 2008
- المشاركات
- 6,854
- مستوى التفاعل
- 108
- النقاط
- 850
- الإقامة
- بغداد انتي في دمي
- الموقع الالكتروني
- www.tvquran.com
غير متصل
هل عملت ريستارت بعد عمل الحل اعلاه
توقيع : السّاجد لله
تأييد
0
السّاجد لله
زيزوومى فضى
- إنضم
- 15 مايو 2008
- المشاركات
- 6,854
- مستوى التفاعل
- 108
- النقاط
- 850
- الإقامة
- بغداد انتي في دمي
- الموقع الالكتروني
- www.tvquran.com
غير متصل
اذا لم تفلح الطريقة السابقة اعمل التالي
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
اعمل تقرير للهايجاك
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
اعمل تقرير للهايجاك
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم
التعديل الأخير بواسطة المشرف:
توقيع : السّاجد لله
تأييد
0
سركسيان
زيزوومي نشيط
غير متصل
Microsoft Windows XP Home Edition 5.1.2600.3.1256.1.1025.18.448 [GMT 3:00]
Running from: C:\Documents and Settings\Owner\??? ??????\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Owner\Application Data\.#
C:\WINDOWS\system32\agsaame.dll
C:\WINDOWS\system32\ALOAudioFile2.dll
C:\WINDOWS\system32\ALOAVIFile.dll
C:\WINDOWS\system32\ALOQuickTimeFile.dll
C:\WINDOWS\system32\ALOVideoCoreM.dll
C:\WINDOWS\system32\ALOWMAFile2.dll
.
((((((((((((((((((((((((( Files Created from 2008-09-07 to 2008-10-07 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-07 19:10 712,736 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-10-07 19:10 4,564 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-10-07 19:09 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-10-07 19:07 5,390,368 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-07 19:07 44,240 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-07 19:06 72,066 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-10-07 19:06 5,259 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-10-07 18:54 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-10-07 00:13 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-10-07 00:13 --------- d-----w C:\Program Files\Common Files\Nokia
2008-10-07 00:10 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-10-07 00:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-07 00:07 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Installations
2008-10-07 00:00 --------- d-----w C:\Program Files\Nokia
2008-10-06 23:27 --------- d-----w C:\Documents and Settings\Owner\Application Data\Nokia
2008-10-06 23:22 --------- d-----w C:\Documents and Settings\Owner\Application Data\PC Suite
2008-10-06 22:20 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-10-06 18:13 --------- d-----w C:\Program Files\AutorunRemover
2008-10-04 00:32 --------- d-----w C:\Program Files\GameTop.com
2008-10-04 00:02 --------- d-----w C:\Program Files\Brave Dwarves 2
2008-10-03 03:13 --------- d-----w C:\Program Files\Chicken Invaders 3
2008-09-29 14:44 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-09-28 21:46 --------- dc-h--w C:\Documents and Settings\All Users.WINDOWS\Application Data\{96F5B506-0F68-4EDB-AD12-CF915081579C}
2008-09-28 21:31 --------- d-----w C:\Program Files\Stardock
2008-09-28 13:37 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\DriverScanner
2008-09-23 20:51 --------- d-----w C:\Program Files\IEPro
2008-09-21 00:01 --------- d-----w C:\Program Files\Intel
2008-09-20 23:07 --------- dc-h--w C:\Documents and Settings\All Users.WINDOWS\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2008-09-20 23:07 --------- d-----w C:\Program Files\Uniblue
2008-09-20 23:07 --------- d-----w C:\Documents and Settings\Owner\Application Data\Uniblue
2008-09-16 00:59 --------- d-----w C:\Program Files\ReflexiveArcade
2008-09-16 00:59 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\InterAction studios
2008-09-13 22:12 --------- d-----w C:\Program Files\TryMedia
2008-09-13 21:22 --------- d-----w C:\Program Files\Common Files\TerraGame Shared
2008-09-10 21:15 --------- d-----w C:\Documents and Settings\Owner\Application Data\Wildfire
2008-09-10 20:49 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-09-07 20:36 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-09-06 19:48 --------- d-----w C:\Program Files\Monopoly Here & Now Edition
2008-09-05 19:44 --------- d-----w C:\Program Files\Panda Security
2008-09-01 21:48 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-31 18:45 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-08-31 18:38 --------- d-----w C:\Program Files\Macromedia
2008-08-31 18:38 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-31 16:58 --------- d-----w C:\Program Files\Common Files\Vbox
2008-08-31 00:02 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-08-30 23:49 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-08-30 23:48 --------- d-----w C:\Program Files\Kaspersky Lab
2008-08-30 23:18 --------- d-----w C:\Documents and Settings\Owner\Application Data\PC Tools
2008-08-30 22:59 --------- d-----w C:\Program Files\Common Files\BitDefender
2008-08-29 21:54 --------- d-----w C:\Program Files\Gunslinger Solitaire
2008-08-29 21:54 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\The Revills Games
2008-08-28 04:45 --------- d-----w C:\Program Files\ma-config.com
2008-08-28 04:45 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\ma-config.com
2008-08-28 04:41 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-08-27 02:16 --------- d-----w C:\Program Files\Common Files\Xara
2008-08-27 02:11 --------- d-----w C:\Program Files\Xara
2008-08-25 19:55 --------- d-----w C:\Program Files\DFX
2008-08-25 19:25 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\DFX
2008-08-25 18:50 --------- d-----w C:\Documents and Settings\Owner\Application Data\Media Player Classic
2008-08-25 18:49 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-08-25 00:20 --------- d-----w C:\Program Files\QuickTime
2008-08-23 22:32 82,380 ----a-w C:\WINDOWS\system32\drivers\AFS2K.SYS
2008-08-23 22:30 --------- d-----w C:\Program Files\GVR
2008-08-23 21:49 --------- d-----w C:\Program Files\Picasa2
2008-08-23 21:49 --------- d-----w C:\Program Files\Google
2008-08-23 14:07 --------- d-----w C:\Program Files\7-Zip
2008-08-23 10:55 --------- d-----w C:\Program Files\Your Uninstaller 2008
2008-08-22 21:16 --------- d-----w C:\Program Files\PopCap Games
2008-08-22 21:16 --------- d-----w C:\Program Files\Pic2Ico
2008-08-22 21:16 --------- d-----w C:\Program Files\DivX
2008-08-22 21:16 --------- d-----w C:\Program Files\Ares Ultra
2008-08-22 20:59 --------- d-----w C:\Program Files\Ace Utilities
2008-08-18 20:20 --------- d-----w C:\Program Files\Ares
2008-08-17 23:44 --------- d-----w C:\Program Files\Xilisoft
2008-08-17 17:00 --------- d-----w C:\Program Files\Magic Video Converter
2008-08-17 17:00 --------- d-----w C:\Documents and Settings\Owner\Application Data\Vso
2008-08-17 16:59 81,920 ----a-w C:\Documents and Settings\Owner\Application Data\ezpinst.exe
2008-08-17 16:59 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-08-17 16:59 47,360 ----a-w C:\Documents and Settings\Owner\Application Data\pcouffin.sys
2008-08-16 18:48 --------- d-----w C:\Program Files\Windows Doctor
2008-08-16 14:15 --------- d-----w C:\Documents and Settings\Owner\Application Data\FileVOoM
2008-08-16 14:05 --------- d-----w C:\Program Files\Java
2008-08-14 23:36 --------- d-----w C:\Program Files\Unlocker
2008-08-14 11:56 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-08-13 14:14 355,584 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-08-13 14:14 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-11 15:17 680,960 ----a-w C:\WINDOWS\is-CR2IS.exe
2008-08-11 11:31 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-08-11 11:31 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-08-11 11:31 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Suite
2008-08-11 11:29 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Nokia
2008-08-11 11:27 --------- d-----w C:\Program Files\MSXML 6.0
2008-08-10 21:38 --------- d-----w C:\Program Files\Apple Software Update
2008-08-10 19:09 --------- d-----w C:\Program Files\GetData
2008-08-10 17:01 --------- d-----w C:\Program Files\SatcoDX
2008-08-08 23:34 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-08-08 22:30 --------- d-----w C:\Program Files\Folder Lock
2008-08-08 17:23 --------- d-----w C:\Program Files\VisiPics
2008-08-01 14:34 45,056 ----a-w C:\WINDOWS\NCUNINST.EXe
2008-08-01 14:30 40,960 ----a-w C:\WINDOWS\NCLAUNCH.EXe
.
------- Sigcheck -------
04/23/2008 07:19 AM 827392 154282ae8e63d03a7add87e50d061836 C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
06/23/2008 06:38 PM 827904 bd4be2824bc805da1f29385519b865f9 C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
03/02/2006 03:00 PM 654848 1e1cef80a11bdab92b2a83f885d214d5 C:\WINDOWS\ie7\wininet.dll
08/13/2007 06:54 PM 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
04/23/2008 07:16 AM 826368 565098f166f21e24874ebc8cf89c623c C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
06/23/2008 07:15 PM 817152 80716256f266066bd98b846e7562db76 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
06/23/2008 07:15 PM 817152 80716256f266066bd98b846e7562db76 C:\WINDOWS\system32\wininet.dll
06/23/2008 07:15 PM 826368 3f4bca25f29394995161e8e85d925c1a C:\WINDOWS\system32\dllcache\wininet.dll
04/14/2008 06:59 PM 974848 5320ea6507cfa8abc92caf91cd2fc8a5 C:\WINDOWS\explorer.exe
03/02/2006 03:00 PM 1029632 932f97b77f2625f7ff7dfc97552548f8 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
04/14/2008 06:59 PM 974848 5320ea6507cfa8abc92caf91cd2fc8a5 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
04/14/2008 06:59 PM 1031168 ca3445dce9eb70a2ca2504e0af5c543f C:\WINDOWS\system32\dllcache\explorer.exe
07/18/2008 10:10 PM 68808 136896c2cdc3f689876e0d44485153ea C:\WINDOWS\ServicePackFiles\i386\wuauclt.exe
07/18/2008 10:10 PM 68808 136896c2cdc3f689876e0d44485153ea C:\WINDOWS\system32\wuauclt.exe
07/18/2008 10:10 PM 53448 d316e28958873859b88d72cf47ad1ea5 C:\WINDOWS\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 06:59 PM 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [07/26/2008 02:31 PM 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [07/29/2008 08:20 PM 206088]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/25/2008 10:08 PM 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [04/14/2008 06:59 PM 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
"NCLaunch"=C:\WINDOWS\NCLAUNCH.EXe
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"=SOUNDMAN.EXE
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
"Custom Skin Clock"=C:\Program Files\Custom Skin Clock\Clock.exe
"Vistadrv"=D:\العاب\VistaDrives\vsdrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=
"C:\\Program Files\\IEPro\\MiniDM.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [01/29/2008 06:29 PM 32784]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [04/14/2008 07:00 PM 14336]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [03/13/2008 07:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [04/30/2008 06:06 PM 24592]
S2 BDVEDISK;BDVEDISK;C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys [ ]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;C:\DOCUME~1\Owner\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [ ]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [07/25/2008 08:57 PM 191656]
S3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [01/24/2008 12:25 AM 27136]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [08/13/2008 05:14 PM 355584]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - CATCHME
.
s of the 'Scheduled Tasks' folder
2008-10-07 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [06/20/2008 09:09 AM]
2008-10-01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [08/29/2006 02:21 PM]
2008-09-26 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1217100308.job
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [04/06/2003 12:52 AM]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xnle9b79.default\
FF -: plugin - C:\Program Files\ma-config.com\nphardwaredetection.dll
FF -: plugin - C:\Program Files\Picasa2\npPicasa2.dll
.
.
------- File Associations -------
.
txtfile=C:\WINDOWS\notepad.exe %1
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-10-07 22:38:44
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\sccfg.sys 20 bytes
**************************************************************************
.
Completion time: 10/07/2008 22:42:04
ComboFix-quarantined-files.txt 2008-10-07 19:41:01
Pre-Run: 22,779,338,752 bytes free
Post-Run: 23,152,680,960 bytes free
239 --- E O F --- 2008-09-10 21:14:51
Running from: C:\Documents and Settings\Owner\??? ??????\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Owner\Application Data\.#
C:\WINDOWS\system32\agsaame.dll
C:\WINDOWS\system32\ALOAudioFile2.dll
C:\WINDOWS\system32\ALOAVIFile.dll
C:\WINDOWS\system32\ALOQuickTimeFile.dll
C:\WINDOWS\system32\ALOVideoCoreM.dll
C:\WINDOWS\system32\ALOWMAFile2.dll
.
((((((((((((((((((((((((( Files Created from 2008-09-07 to 2008-10-07 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-07 19:10 712,736 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-10-07 19:10 4,564 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-10-07 19:09 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-10-07 19:07 5,390,368 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-07 19:07 44,240 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-07 19:06 72,066 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-10-07 19:06 5,259 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-10-07 18:54 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-10-07 00:13 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-10-07 00:13 --------- d-----w C:\Program Files\Common Files\Nokia
2008-10-07 00:10 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-10-07 00:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-07 00:07 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Installations
2008-10-07 00:00 --------- d-----w C:\Program Files\Nokia
2008-10-06 23:27 --------- d-----w C:\Documents and Settings\Owner\Application Data\Nokia
2008-10-06 23:22 --------- d-----w C:\Documents and Settings\Owner\Application Data\PC Suite
2008-10-06 22:20 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-10-06 18:13 --------- d-----w C:\Program Files\AutorunRemover
2008-10-04 00:32 --------- d-----w C:\Program Files\GameTop.com
2008-10-04 00:02 --------- d-----w C:\Program Files\Brave Dwarves 2
2008-10-03 03:13 --------- d-----w C:\Program Files\Chicken Invaders 3
2008-09-29 14:44 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-09-28 21:46 --------- dc-h--w C:\Documents and Settings\All Users.WINDOWS\Application Data\{96F5B506-0F68-4EDB-AD12-CF915081579C}
2008-09-28 21:31 --------- d-----w C:\Program Files\Stardock
2008-09-28 13:37 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\DriverScanner
2008-09-23 20:51 --------- d-----w C:\Program Files\IEPro
2008-09-21 00:01 --------- d-----w C:\Program Files\Intel
2008-09-20 23:07 --------- dc-h--w C:\Documents and Settings\All Users.WINDOWS\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2008-09-20 23:07 --------- d-----w C:\Program Files\Uniblue
2008-09-20 23:07 --------- d-----w C:\Documents and Settings\Owner\Application Data\Uniblue
2008-09-16 00:59 --------- d-----w C:\Program Files\ReflexiveArcade
2008-09-16 00:59 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\InterAction studios
2008-09-13 22:12 --------- d-----w C:\Program Files\TryMedia
2008-09-13 21:22 --------- d-----w C:\Program Files\Common Files\TerraGame Shared
2008-09-10 21:15 --------- d-----w C:\Documents and Settings\Owner\Application Data\Wildfire
2008-09-10 20:49 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-09-07 20:36 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-09-06 19:48 --------- d-----w C:\Program Files\Monopoly Here & Now Edition
2008-09-05 19:44 --------- d-----w C:\Program Files\Panda Security
2008-09-01 21:48 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-31 18:45 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-08-31 18:38 --------- d-----w C:\Program Files\Macromedia
2008-08-31 18:38 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-31 16:58 --------- d-----w C:\Program Files\Common Files\Vbox
2008-08-31 00:02 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-08-30 23:49 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-08-30 23:48 --------- d-----w C:\Program Files\Kaspersky Lab
2008-08-30 23:18 --------- d-----w C:\Documents and Settings\Owner\Application Data\PC Tools
2008-08-30 22:59 --------- d-----w C:\Program Files\Common Files\BitDefender
2008-08-29 21:54 --------- d-----w C:\Program Files\Gunslinger Solitaire
2008-08-29 21:54 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\The Revills Games
2008-08-28 04:45 --------- d-----w C:\Program Files\ma-config.com
2008-08-28 04:45 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\ma-config.com
2008-08-28 04:41 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-08-27 02:16 --------- d-----w C:\Program Files\Common Files\Xara
2008-08-27 02:11 --------- d-----w C:\Program Files\Xara
2008-08-25 19:55 --------- d-----w C:\Program Files\DFX
2008-08-25 19:25 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\DFX
2008-08-25 18:50 --------- d-----w C:\Documents and Settings\Owner\Application Data\Media Player Classic
2008-08-25 18:49 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-08-25 00:20 --------- d-----w C:\Program Files\QuickTime
2008-08-23 22:32 82,380 ----a-w C:\WINDOWS\system32\drivers\AFS2K.SYS
2008-08-23 22:30 --------- d-----w C:\Program Files\GVR
2008-08-23 21:49 --------- d-----w C:\Program Files\Picasa2
2008-08-23 21:49 --------- d-----w C:\Program Files\Google
2008-08-23 14:07 --------- d-----w C:\Program Files\7-Zip
2008-08-23 10:55 --------- d-----w C:\Program Files\Your Uninstaller 2008
2008-08-22 21:16 --------- d-----w C:\Program Files\PopCap Games
2008-08-22 21:16 --------- d-----w C:\Program Files\Pic2Ico
2008-08-22 21:16 --------- d-----w C:\Program Files\DivX
2008-08-22 21:16 --------- d-----w C:\Program Files\Ares Ultra
2008-08-22 20:59 --------- d-----w C:\Program Files\Ace Utilities
2008-08-18 20:20 --------- d-----w C:\Program Files\Ares
2008-08-17 23:44 --------- d-----w C:\Program Files\Xilisoft
2008-08-17 17:00 --------- d-----w C:\Program Files\Magic Video Converter
2008-08-17 17:00 --------- d-----w C:\Documents and Settings\Owner\Application Data\Vso
2008-08-17 16:59 81,920 ----a-w C:\Documents and Settings\Owner\Application Data\ezpinst.exe
2008-08-17 16:59 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-08-17 16:59 47,360 ----a-w C:\Documents and Settings\Owner\Application Data\pcouffin.sys
2008-08-16 18:48 --------- d-----w C:\Program Files\Windows Doctor
2008-08-16 14:15 --------- d-----w C:\Documents and Settings\Owner\Application Data\FileVOoM
2008-08-16 14:05 --------- d-----w C:\Program Files\Java
2008-08-14 23:36 --------- d-----w C:\Program Files\Unlocker
2008-08-14 11:56 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-08-13 14:14 355,584 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-08-13 14:14 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-11 15:17 680,960 ----a-w C:\WINDOWS\is-CR2IS.exe
2008-08-11 11:31 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-08-11 11:31 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-08-11 11:31 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Suite
2008-08-11 11:29 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Nokia
2008-08-11 11:27 --------- d-----w C:\Program Files\MSXML 6.0
2008-08-10 21:38 --------- d-----w C:\Program Files\Apple Software Update
2008-08-10 19:09 --------- d-----w C:\Program Files\GetData
2008-08-10 17:01 --------- d-----w C:\Program Files\SatcoDX
2008-08-08 23:34 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-08-08 22:30 --------- d-----w C:\Program Files\Folder Lock
2008-08-08 17:23 --------- d-----w C:\Program Files\VisiPics
2008-08-01 14:34 45,056 ----a-w C:\WINDOWS\NCUNINST.EXe
2008-08-01 14:30 40,960 ----a-w C:\WINDOWS\NCLAUNCH.EXe
.
------- Sigcheck -------
04/23/2008 07:19 AM 827392 154282ae8e63d03a7add87e50d061836 C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
06/23/2008 06:38 PM 827904 bd4be2824bc805da1f29385519b865f9 C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
03/02/2006 03:00 PM 654848 1e1cef80a11bdab92b2a83f885d214d5 C:\WINDOWS\ie7\wininet.dll
08/13/2007 06:54 PM 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
04/23/2008 07:16 AM 826368 565098f166f21e24874ebc8cf89c623c C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
06/23/2008 07:15 PM 817152 80716256f266066bd98b846e7562db76 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
06/23/2008 07:15 PM 817152 80716256f266066bd98b846e7562db76 C:\WINDOWS\system32\wininet.dll
06/23/2008 07:15 PM 826368 3f4bca25f29394995161e8e85d925c1a C:\WINDOWS\system32\dllcache\wininet.dll
04/14/2008 06:59 PM 974848 5320ea6507cfa8abc92caf91cd2fc8a5 C:\WINDOWS\explorer.exe
03/02/2006 03:00 PM 1029632 932f97b77f2625f7ff7dfc97552548f8 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
04/14/2008 06:59 PM 974848 5320ea6507cfa8abc92caf91cd2fc8a5 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
04/14/2008 06:59 PM 1031168 ca3445dce9eb70a2ca2504e0af5c543f C:\WINDOWS\system32\dllcache\explorer.exe
07/18/2008 10:10 PM 68808 136896c2cdc3f689876e0d44485153ea C:\WINDOWS\ServicePackFiles\i386\wuauclt.exe
07/18/2008 10:10 PM 68808 136896c2cdc3f689876e0d44485153ea C:\WINDOWS\system32\wuauclt.exe
07/18/2008 10:10 PM 53448 d316e28958873859b88d72cf47ad1ea5 C:\WINDOWS\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 06:59 PM 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [07/26/2008 02:31 PM 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [07/29/2008 08:20 PM 206088]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/25/2008 10:08 PM 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [04/14/2008 06:59 PM 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
"NCLaunch"=C:\WINDOWS\NCLAUNCH.EXe
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"=SOUNDMAN.EXE
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
"Custom Skin Clock"=C:\Program Files\Custom Skin Clock\Clock.exe
"Vistadrv"=D:\العاب\VistaDrives\vsdrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=
"C:\\Program Files\\IEPro\\MiniDM.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [01/29/2008 06:29 PM 32784]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [04/14/2008 07:00 PM 14336]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [03/13/2008 07:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [04/30/2008 06:06 PM 24592]
S2 BDVEDISK;BDVEDISK;C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys [ ]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;C:\DOCUME~1\Owner\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [ ]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [07/25/2008 08:57 PM 191656]
S3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [01/24/2008 12:25 AM 27136]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [08/13/2008 05:14 PM 355584]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - CATCHME
.
s of the 'Scheduled Tasks' folder
2008-10-07 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [06/20/2008 09:09 AM]
2008-10-01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [08/29/2006 02:21 PM]
2008-09-26 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1217100308.job
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [04/06/2003 12:52 AM]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xnle9b79.default\
FF -: plugin - C:\Program Files\ma-config.com\nphardwaredetection.dll
FF -: plugin - C:\Program Files\Picasa2\npPicasa2.dll
.
.
------- File Associations -------
.
txtfile=C:\WINDOWS\notepad.exe %1
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-10-07 22:38:44
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\sccfg.sys 20 bytes
**************************************************************************
.
Completion time: 10/07/2008 22:42:04
ComboFix-quarantined-files.txt 2008-10-07 19:41:01
Pre-Run: 22,779,338,752 bytes free
Post-Run: 23,152,680,960 bytes free
239 --- E O F --- 2008-09-10 21:14:51
تأييد
0
سركسيان
زيزوومي نشيط
غير متصل
وهذا تقرير الهايجاك
Scan saved at 10:45:22 م, on 07/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Owner\سطح المكتب\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: احصائيات حماية حركة مرور الشبكة - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) -
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 8314 bytes
Scan saved at 10:45:22 م, on 07/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Owner\سطح المكتب\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: احصائيات حماية حركة مرور الشبكة - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 8314 bytes
تأييد
0
السّاجد لله
زيزوومى فضى
- إنضم
- 15 مايو 2008
- المشاركات
- 6,854
- مستوى التفاعل
- 108
- النقاط
- 850
- الإقامة
- بغداد انتي في دمي
- الموقع الالكتروني
- www.tvquran.com
غير متصل
اعد لصق تقرير الهايجاك بصورة صحيحة
توقيع : السّاجد لله
تأييد
0
سركسيان
زيزوومي نشيط
غير متصل
Scan saved at 10:45:22 م, on 07/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Owner\سطح المكتب\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: احصائيات حماية حركة مرور الشبكة - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) -
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 8314 bytes
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Owner\سطح المكتب\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: احصائيات حماية حركة مرور الشبكة - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 8314 bytes
تأييد
0
السّاجد لله
زيزوومى فضى
- إنضم
- 15 مايو 2008
- المشاركات
- 6,854
- مستوى التفاعل
- 108
- النقاط
- 850
- الإقامة
- بغداد انتي في دمي
- الموقع الالكتروني
- www.tvquran.com
غير متصل
التقرير سليم مئة بالمئة ان شاء الله هل انتهت المشكلة ام لا
توقيع : السّاجد لله
تأييد
0