شاشة زرقاء

سهر اليل · 25 أبريل 2012

اخونى هذا التقريرLogfile of Trend Micro HijackThis v2.0.4
Scan saved at 03:43:00 م, on 25/04/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\SlySoft\Game Jackal v4\Server.exe
C:\Program Files\Java\jre8\bin\jqs.exe
C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\برامج\pack-vista-inspirat-2-1.0\VistaDriveIcon\DrvIcon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Documents and Settings\ahmd\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\ahmd\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ahmd\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ahmd\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ahmd\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ahmd\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Zyzoom_Forum_Tools\zyzoom.exe
C:\Zyzoom_Forum_Tools\zHijak.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: StartNow Toolbar Helper - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DrvIcon] D:\برامج\pack-vista-inspirat-2-1.0\VistaDriveIcon\DrvIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ahmd\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AppleChargerSrv - Unknown owner - C:\WINDOWS\system32\AppleChargerSrv.exe
O23 - Service: Game Jackal Server (GJService) - Unknown owner - C:\Program Files\SlySoft\Game Jackal v4\Server.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre8\bin\jqs.exe
O23 - Service: Updater Service for StartNow Toolbar - Unknown owner - C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe

--
End of file - 6134 bytes

سهر اليل · 25 أبريل 2012

تقرير اخر Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:07:39 م, on 25/04/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SlySoft\Game Jackal v4\Server.exe
C:\Program Files\Java\jre8\bin\jqs.exe
C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\برامج\pack-vista-inspirat-2-1.0\VistaDriveIcon\DrvIcon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Documents and Settings\ahmd\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\ahmd\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ahmd\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ahmd\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ahmd\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ahmd\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Zyzoom_Forum_Tools\zyzoom.exe
C:\Zyzoom_Forum_Tools\zHijak.com
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\ahmd\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\برامج\برنامج\Zyzoom.org_Tool_V_1.0.exe
C:\DOCUME~1\ahmd\LOCALS~1\Temp\zyaoom Tool\Hijack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: StartNow Toolbar Helper - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DrvIcon] D:\برامج\pack-vista-inspirat-2-1.0\VistaDriveIcon\DrvIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ahmd\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\WINDOWS\system32\AppleChargerSrv.exe
O23 - Service: Game Jackal Server (GJService) - Unknown owner - C:\Program Files\SlySoft\Game Jackal v4\Server.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre8\bin\jqs.exe
O23 - Service: Updater Service for StartNow Toolbar - Unknown owner - C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe

--
End of file - 6045 bytes

techno · 25 أبريل 2012

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

قائمة البرامج المثبته+تقرير سجلات أخطاء النظام

سهر اليل · 25 أبريل 2012

اخى هل فى خطئ بتقرير Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 05:59:35 م, on 25/04/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SlySoft\Game Jackal v4\Server.exe
C:\Program Files\Java\jre8\bin\jqs.exe
C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\برامج\pack-vista-inspirat-2-1.0\VistaDriveIcon\DrvIcon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Zyzoom_Forum_Tools\zyzoom.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Zyzoom_Forum_Tools\zHijak.com
C:\Documents and Settings\ahmd\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ahmd\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ahmd\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ahmd\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ahmd\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ahmd\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ahmd\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ahmd\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ahmd\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ahmd\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: StartNow Toolbar Helper - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DrvIcon] D:\برامج\pack-vista-inspirat-2-1.0\VistaDriveIcon\DrvIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ahmd\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AppleChargerSrv - Unknown owner - C:\WINDOWS\system32\AppleChargerSrv.exe
O23 - Service: Game Jackal Server (GJService) - Unknown owner - C:\Program Files\SlySoft\Game Jackal v4\Server.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre8\bin\jqs.exe
O23 - Service: Updater Service for StartNow Toolbar - Unknown owner - C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe

--
End of file - 6573 bytes

سهر اليل · 25 أبريل 2012

"Silent Runners.vbs", revision 61,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"IDMan" = "C:\Program Files\Internet Download Manager\IDMan.exe /onboot" ["Tonec Inc."]
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" ["Google Inc."]
"Google Update" = ""C:\Documents and Settings\ahmd\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c" ["Google Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"IgfxTray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]
"HotKeysCmds" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]
"Persistence" = "C:\WINDOWS\system32\igfxpers.exe" ["Intel Corporation"]
"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"DrvIcon" = "D:\برامج\pack-vista-inspirat-2-1.0\VistaDriveIcon\DrvIcon.exe" ["artArmin"]
"SunJavaUpdateSched" = ""C:\Program Files\Common Files\Java\Java Update\jusched.exe"" ["Sun Microsystems, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{0055C089-8582-441B-A0BF-17B458C2A3A8}\(Default) = "IDM Helper"
-> {HKLM...CLSID} = "IDM integration (IDMIEHlprObj Class)"
\InProcServer32\(Default) = "C:\Program Files\Internet Download Manager\IDMIECC.dll" ["Internet Download Manager, Tonec Inc."]

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub"
-> {HKLM...CLSID} = "Adobe PDF Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"]

{6E13D095-45C3-4271-9475-F3B48227DD9F}\(Default) = "StartNow Toolbar Helper"
-> {HKLM...CLSID} = "StartNow Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\StartNow Toolbar\Toolbar32.dll" [empty string]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Java(tm) Plug-In SSV Helper"
\InProcServer32\(Default) = "C:\Program Files\Java\jre8\bin\ssv.dll" ["Oracle Corporation"]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Sign-in Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]

{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc.‎‏"]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper"
\InProcServer32\(Default) = "C:\Program Files\Java\jre8\bin\jp2ssv.dll" ["Oracle Corporation"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

IDM Shell Extension\(Default) = "{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
-> {HKLM...CLSID} = "IDM Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Internet Download Manager\IDMShellExt.dll" ["Tonec Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "My Sharing Folders"
\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0787.00.dll" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]

"{CDC95B92-E27C-4745-A8C5-64A52A78855D}" = "IDM Shell Extension"
-> {HKLM...CLSID} = "IDM Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Internet Download Manager\IDMShellExt.dll" ["Tonec Inc."]

"{ABC70703-32AF-11d4-90C4-D483A70F4825}" = "CMenuExtender"
-> {HKLM...CLSID} = "CMenuExtender"
\InProcServer32\(Default) = "C:\WINDOWS\BricoPacks\Vista Inspirat 2\iColorFolder\CMExt.dll" ["Revenger inc."]

"{A7005AF0-D6E8-48AF-8DFA-023B1CF660A7}" = "TeraCopy"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\TeraCopy\TeraCopy.dll" [null data]

"{A8005AF0-D6E8-48AF-8DFA-023B1CF660A7}" = "TeraCopy"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\TeraCopy\TeraCopyExt.dll" [null data]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

<<!>> livecall\CLSID = "{828030A1-22C1-4009-854F-8E305202313F}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL" [MS]

<<!>> msnim\CLSID = "{828030A1-22C1-4009-854F-8E305202313F}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL" [MS]

<<!>> mso-offdap11\CLSID = "{32505114-5902-49B2-880A-1F7738E5A384}"
-> {HKLM...CLSID} = "Data Page Plugable Protocal mso-offdap11 Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL" [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

TeraCopy\(Default) = "{A8005AF0-D6E8-48AF-8DFA-023B1CF660A7}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\TeraCopy\TeraCopyExt.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

HKLM\SOFTWARE\Classes\*\shellex\DragDropHandlers\

TeraCopy\(Default) = "{A7005AF0-D6E8-48AF-8DFA-023B1CF660A7}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\TeraCopy\TeraCopy.dll" [null data]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

CMenuExtender\(Default) = "{ABC70703-32AF-11d4-90C4-D483A70F4825}"
-> {HKLM...CLSID} = "CMenuExtender"
\InProcServer32\(Default) = "C:\WINDOWS\BricoPacks\Vista Inspirat 2\iColorFolder\CMExt.dll" ["Revenger inc."]

TeraCopy\(Default) = "{A8005AF0-D6E8-48AF-8DFA-023B1CF660A7}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\TeraCopy\TeraCopyExt.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

TeraCopy\(Default) = "{A7005AF0-D6E8-48AF-8DFA-023B1CF660A7}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\TeraCopy\TeraCopy.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

igfxcui\(Default) = "{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}"
-> {HKLM...CLSID} = "GraphicsShellExt Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\igfxpph.dll" ["Intel Corporation"]

TeraCopy\(Default) = "{A8005AF0-D6E8-48AF-8DFA-023B1CF660A7}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\TeraCopy\TeraCopyExt.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]

TeraCopy\(Default) = "{A8005AF0-D6E8-48AF-8DFA-023B1CF660A7}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\TeraCopy\TeraCopyExt.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

TeraCopy\(Default) = "{A7005AF0-D6E8-48AF-8DFA-023B1CF660A7}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\TeraCopy\TeraCopy.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\ahmd\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]

Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

MPCPlayBluRayOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayBlurayMovie"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayBlurayMovie\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %L\BDMV\INDEX.BDMV" ["MPC-HC Team"]

MPCPlayCDAudioOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayCDAudio"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 /cd" ["MPC-HC Team"]

MPCPlayDVDMovieOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayDVDMovie"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 /dvd" ["MPC-HC Team"]

MPCPlayMusicFilesOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayMusicFiles"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1" ["MPC-HC Team"]

MPCPlayVideoFilesOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayVideoFiles"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1" ["MPC-HC Team"]

RPCDBurningOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.CDBurn.6"
"InvokeVerb" = "open"
HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /burn "%1"" ["RealNetworks, Inc."]

RPDeviceOnArrival\
"Provider" = "RealPlayer"
"ProgID" = "RealPlayer.HWEventHandler"
HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = "{67E76F1D-BDE2-4052-913C-2752366192D2}"
-> {HKLM...CLSID} = "RealNetworks Scheduler"
\LocalServer32\(Default) = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -autoplay" ["RealNetworks, Inc."]

RPPlayCDAudioOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.AudioCD.6"
"InvokeVerb" = "play"
HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /play %1 " ["RealNetworks, Inc."]

RPPlayDVDMovieOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.DVD.6"
"InvokeVerb" = "play"
HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /dvd %1 " ["RealNetworks, Inc."]

RPPlayMediaOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.AutoPlay.6"
"InvokeVerb" = "open"
HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /autoplay "%1"" ["RealNetworks, Inc."]

Startup items in "ahmd" & "All Users" startup folders:
------------------------------------------------------

C:\Documents and Settings\ahmd\Start Menu\Programs\Startup
"RocketDock" -> shortcut to: "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [null data]

Enabled Scheduled Tasks:
------------------------

"GoogleUpdateTaskUserS-1-5-21-1078081533-152049171-682003330-1003Core" -> launches: "C:\Documents and Settings\ahmd\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c" ["Google Inc."]
"GoogleUpdateTaskUserS-1-5-21-1078081533-152049171-682003330-1003UA" -> launches: "C:\Documents and Settings\ahmd\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" ["Google Inc."]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc.‎‏"]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc.‎‏"]

"{5911488E-9D1E-40EC-8CBB-06B231CC153F}" = "StartNow Toolbar"
-> {HKLM...CLSID} = "StartNow Toolbar"
\InProcServer32\(Default) = "C:\Program Files\StartNow Toolbar\Toolbar32.dll" [empty string]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&بحث"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "بحث"

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Game Jackal Server, GJService, "C:\Program Files\SlySoft\Game Jackal v4\Server.exe" [empty string]
Java Quick Starter, JavaQuickStarterService, ""C:\Program Files\Java\jre8\bin\jqs.exe" -service -config "C:\Program Files\Java\jre8\lib\deploy\jqs\jqs.conf"" ["Oracle Corporation"]
Updater Service for StartNow Toolbar, Updater Service for StartNow Toolbar, "C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe" [null data]

Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]

---------- (launch time: 2012-04-25 18:11:19)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 35 seconds, including 3 seconds for message boxes)

techno · 25 أبريل 2012

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

سهر اليل · 26 أبريل 2012

SUPERAntiSpyware Scan Log

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Generated 04/26/2012 at 02:03 AM

Application Version : 5.0.1146

Core Rules Database Version : 8513
Trace Rules Database Version: 6325

Scan type : Complete Scan
Total Scan Time : 00:42:33

Operating System Information
Windows XP Professional 32-bit, Service Pack 2 (Build 5.01.2600)
Administrator

Memory items scanned : 385
Memory threats detected : 0
Registry items scanned : 32503
Registry threats detected : 25
File items scanned : 52101
File threats detected : 117

PUP.StartNow Toolbar
HKCR\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}
HKCR\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}#ProgID
HKCR\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}#VersionIndependentProgID
HKCR\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}#TypeLib
HKCR\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}\InprocServer32
HKCR\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}\InprocServer32#ThreadingModel
HKCR\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}\Programmable
C:\Program Files\StartNow Toolbar\ReactivateIE.exe
C:\Program Files\StartNow Toolbar\Resources\images\engine_images.png
C:\Program Files\StartNow Toolbar\Resources\images\engine_maps.png
C:\Program Files\StartNow Toolbar\Resources\images\engine_news.png
C:\Program Files\StartNow Toolbar\Resources\images\engine_videos.png
C:\Program Files\StartNow Toolbar\Resources\images\engine_web.png
C:\Program Files\StartNow Toolbar\Resources\images\icon_amazon.png
C:\Program Files\StartNow Toolbar\Resources\images\icon_ebay.png
C:\Program Files\StartNow Toolbar\Resources\images\icon_facebook.png
C:\Program Files\StartNow Toolbar\Resources\images\icon_games.png
C:\Program Files\StartNow Toolbar\Resources\images\icon_msn.png
C:\Program Files\StartNow Toolbar\Resources\images\icon_shopping.png
C:\Program Files\StartNow Toolbar\Resources\images\icon_travel.png
C:\Program Files\StartNow Toolbar\Resources\images\icon_twitter.png
C:\Program Files\StartNow Toolbar\Resources\images\startnow_logo.png
C:\Program Files\StartNow Toolbar\Resources\images
C:\Program Files\StartNow Toolbar\Resources\installer.xml
C:\Program Files\StartNow Toolbar\Resources\skin\chevron_button.png
C:\Program Files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
C:\Program Files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
C:\Program Files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
C:\Program Files\StartNow Toolbar\Resources\skin\searchbox_input_background.png
C:\Program Files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
C:\Program Files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
C:\Program Files\StartNow Toolbar\Resources\skin\separator.png
C:\Program Files\StartNow Toolbar\Resources\skin\splitter.png
C:\Program Files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
C:\Program Files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
C:\Program Files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
C:\Program Files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
C:\Program Files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
C:\Program Files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
C:\Program Files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
C:\Program Files\StartNow Toolbar\Resources\skin
C:\Program Files\StartNow Toolbar\Resources\toolbar.xml
C:\Program Files\StartNow Toolbar\Resources\update.xml
C:\Program Files\StartNow Toolbar\Resources
C:\Program Files\StartNow Toolbar\StartNowToolbarUninstall.exe
C:\Program Files\StartNow Toolbar\Toolbar32.dll
C:\Program Files\StartNow Toolbar\ToolbarBroker.exe
C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Program Files\StartNow Toolbar\uninstall.dat
C:\Program Files\StartNow Toolbar
HKLM\Software\Classes\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
HKCR\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
HKCR\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
HKCR\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}#ProgID
HKCR\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}#VersionIndependentProgID
HKCR\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}#TypeLib
HKCR\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\InprocServer32
HKCR\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\InprocServer32#ThreadingModel
HKCR\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\Programmable
HKLM\Software\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}
HKCR\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}
HKU\S-1-5-21-1078081533-152049171-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
HKU\S-1-5-21-1078081533-152049171-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{5911488E-9D1E-40ec-8CBB-06B231CC153F}

Disabled.SecurityCenterOption
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#ANTIVIRUSDISABLENOTIFY
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#FIREWALLDISABLENOTIFY
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#UPDATESDISABLENOTIFY

Adware.Tracking Cookie
C:\Documents and Settings\ahmd\Cookies\ahmd@doubleclick[1].txt [ /doubleclick ]
C:\Documents and Settings\ahmd\Cookies\ahmd@zgstats[1].txt [ /zgstats ]
.zgstats.com [ C:\DOCUMENTS AND SETTINGS\AHMD\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www6.addfreestats.com [ C:\DOCUMENTS AND SETTINGS\AHMD\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\AHMD\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\AHMD\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\AHMD\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\AHMD\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\DOCUMENTS AND SETTINGS\AHMD\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\AHMD\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\AHMD\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\AHMD\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\AHMD\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\DOCUMENTS AND SETTINGS\AHMD\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\AHMD\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\DOCUMENTS AND SETTINGS\AHMD\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\AHMD\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
s10.flagcounter.com [ C:\DOCUMENTS AND SETTINGS\AHMD\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\AHMD\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c1.atdmt.com [ C:\DOCUMENTS AND SETTINGS\AHMD\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\AHMD\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yadro.ru [ C:\DOCUMENTS AND SETTINGS\AHMD\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yadro.ru [ C:\DOCUMENTS AND SETTINGS\AHMD\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\AHMD\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\AHMD\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\AHMD\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\AHMD\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
s10.flagcounter.com [ C:\DOCUMENTS AND SETTINGS\AHMD\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.weborama.fr [ C:\DOCUMENTS AND SETTINGS\AHMD\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.weborama.fr [ C:\DOCUMENTS AND SETTINGS\AHMD\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\AHMD\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\AHMD\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\AHMD\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\AHMD\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\AHMD\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\AHMD\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\AHMD\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\AHMD\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\AHMD\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\AHMD\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

PUP.SoftonicDownloader
D:\NEW FOLDER (10)\NEW FOLDER\SOFTONICDOWNLOADER_FOR_MALWAREBYTES-ANTI-MALWARE.EXE

Trojan.Agent/Gen-HackPatch
D:\برامج\33\USB.AUTORUN.VIRUS.REMOVAL\USB VIRUS REMOVER.BY ALHANOOON\USB VIRUS AUTORUN REMOVER\PATCH\AUTORUN.VIRUS.REMOVER.2.3.-PATCH.EXE
D:\برامج\برنامج\EGYUP.COM.INTERNET DOWNLOAD MANAGER 6.07 BUILD 10.BY.JACK\EGYUP.COM.INTERNET DOWNLOAD MANAGER 6.07 BUILD 10.BY.JACK\PATCH\INTERNET.DOWNLOAD.MANAGER.6.XX.(2011)-PATCH.EXE
D:\برامج\برنامج\EGYUP.COM.INTERNET DOWNLOAD MANAGER 6.07 BUILD 10.BY.JACK\PATCH\INTERNET.DOWNLOAD.MANAGER.6.XX.(2011)-PATCH.EXE
D:\برامج\برنامج\MIXOLGY.NET_INTERNET DOWNLOAD MANAGER 6.07 BUILD 5 FINAL.BY MIDOPOP\PATCH\ثم استخدم هذا الباتش\PATCH .XX 2.EXE
D:\برامج\برنامج\MIXOLGY.NET_INTERNET DOWNLOAD MANAGER 6.07 BUILD 5 FINAL.BY MIDOPOP\PATCH\ثم استخدم هذا الباتش\PATCH 6.XX.EXE
D:\برامج\برنامج\NEW FOLDER (5)\NEW FOLDER (11)\البرامج الخاصة بويندوز 7\MYEGY.COM.INTERNET DOWNLOAD MANAGER 6.03 BETA 12.BY.VIBRATION\PATCH .XX 2.EXE
D:\برامج\برنامج\NEW FOLDER (5)\NEW FOLDER (11)\البرامج الخاصة بويندوز 7\MYEGY.COM.INTERNET DOWNLOAD MANAGER 6.03 BETA 12.BY.VIBRATION\PATCH 6.XX.EXE
D:\برامج\برنامج\NEW FOLDER (5)\NEW FOLDER (11)\MYEGY.COM.INTERNET DOWNLOAD MANAGER 6.03 BETA 2.BY.VIBRATION\MYEGY.COM.INTERNET DOWNLOAD MANAGER 6.03 BETA 2.BY.VIBRATION\PATCH\PATCH .XX 2.EXE
D:\برامج\برنامج\NEW FOLDER (5)\NEW FOLDER (11)\MYEGY.COM.INTERNET DOWNLOAD MANAGER 6.03 BETA 2.BY.VIBRATION\MYEGY.COM.INTERNET DOWNLOAD MANAGER 6.03 BETA 2.BY.VIBRATION\PATCH\PATCH 6.XX.EXE
K:\العاب\السمكه2\FEEDING FRENZY 2 1.X PATCH.EXE

Trojan.Agent/Gen-Koobface[Bonkers]
D:\برامج\ارقام موبيل\NEW FOLDER (2)\NEW FOLDER\WINDOWS-1256__CREZEMAN.COM\CREZEMAN.COMCHANGE NUMBERS\CHANGE NUMBERS.EXE

Trojan.Agent/Gen-Keygen
D:\برامج\برنامج\EGYUP.COM.INTERNET DOWNLOAD MANAGER 6.07 BUILD 10.BY.JACK\EGYUP.COM.INTERNET DOWNLOAD MANAGER 6.07 BUILD 10.BY.JACK\PATCH\SNDK&P.EXE
D:\برامج\برنامج\EGYUP.COM.INTERNET DOWNLOAD MANAGER 6.07 BUILD 10.BY.JACK\PATCH\SNDK&P.EXE
D:\برامج\برنامج\MIXOLGY.NET_INTERNET DOWNLOAD MANAGER 6.07 BUILD 5 FINAL.BY MIDOPOP\PATCH\استخدم هذا الباتش اولا\SNDK&P.EXE

Trojan.Agent/Gen-Alient
D:\برامج\برنامج\SPEED NET.EXE

Trojan.Agent/Gen-Cryptor[Egun]
D:\برامج\دريم\BC DREAMBOX BUNDELE\DREAMCODEC SETUP.EXE
G:\اسلاميات\EGYPTLIONZ.COM_QURAN LEARN CHILDREN.BY.MIDO_NET\4\LOADING.EXE
G:\اسلاميات\EGYPTLIONZ.COM_QURAN LEARN CHILDREN.BY.MIDO_NET\EGYPTLIONZ.COM_QURAN LEARN CHILDREN.BY.MIDO_NET\SUPPORT\LOADING.EXE
G:\اسلاميات\EGYPTLIONZ.COM_QURAN LEARN CHILDREN.BY.MIDO_NET\NEW FOLDER\EGYPTLIONZ.COM_QURAN LEARN CHILDREN.BY.MIDO_NET\SUPPORT\LOADING.EXE
G:\اسلاميات\EGYPTLIONZ.COM_QURAN LEARN CHILDREN.BY.MIDO_NET\NEW FOLDER\NEW FOLDER\EGYPTLIONZ.COM_QURAN LEARN CHILDREN.BY.MIDO_NET\SUPPORT\LOADING.EXE
G:\NEW FOLDER (2)\المصحف المعلم للاطفال\SUPPORT\LOADING.EXE

Unclassified.Unknown Origin
D:\برامج\GGG\NERO 6.6.1.15A RUS ULTRA EDITION\KEYGEN.EXE

Spyware.AdaEbook
G:\NEW FOLDER (2)\NEW FOLDER\قصص الانبياء.EXE

Trojan.VXGame-Variant/D
H:\KILMA.NET.GUNDAM2.STORY.TELLER BY SIR MERO\PLUGINS\SENDCODE.EXE
K:\العاب\MYEGY.COM.GP_VS_SB__PORTABLE.DR.MIDO\MYEGY.COM.MINI.GOLF.BY.[T.U.R.K]\KEYGEN.EXE
K:\العاب\MYEGY.COM.MEGAMANX3.BY.GEEMY\العاب\MYEGY.COM SONIC HEROES BY HESHAM\SONIC HEROES MULTI RIP\TECSETUP.EXE

Trojan.Agent/Gen-FSG
H:\NEW FOLDER (8)\KEYGEN.EXE

Trojan.Agent/Gen-FakeAlert[Local]
H:\NEW FOLDER (8)\NEW FOLDER (4)\EYP.DRAGONBALL.BY.MR.ZIKO\DATA\OLD_TOOLS\AIREDITW.EXE
I:\EGYUP.COM__DRAGON BALL Z MUGEN TENKAICHI\DATA\OLD_TOOLS\AIREDITW.EXE

Trojan.Agent/Gen-PhotoBot
I:\IMAGESHACK - 17555IMGCACHE.JPG.EXE

Trojan.Agent/Gen-Backdoor
K:\العاب\MYEGY.COM.MR.ROBBOT.BY.DR.MIDO\THINSTALL\STUBS\5D351B8DC3C536D879BF48C7C9EAEC4E46B8E8\MRROBOT.EXE

Trojan.Agent/Gen-IRCBot
K:\العاب\NEW FOLDER (6)\AUTOPLAY\DOCS\PORTABLE BIG CLOCK PRO 1.0.0.0\THINSTALL\BIG CLOCK PRO 1.0\10000001F00002I\WLLOGINPROXY.EXE
K:\العاب\NEW FOLDER (6)\AUTOPLAY\DOCS\PORTABLE BIG CLOCK PRO 1.0.0.0\THINSTALL\BIG CLOCK PRO 1.0\4000001300002I\GOOGLETOOLBARNOTIFIER.EXE

شاشة زرقاء

سهر اليل

زيزوومي جديد

سهر اليل

زيزوومي جديد

techno

عضو شرف

توقيع : techno

سهر اليل

زيزوومي جديد

سهر اليل

زيزوومي جديد

techno

عضو شرف

توقيع : techno

سهر اليل

زيزوومي جديد