تم تعطيل الجافا سكربت. للحصول على تجربة أفضل، الرجاء تمكين الجافا سكربت في المتصفح الخاص بك قبل المتابعة.

كيف ممكن ازالة الـــ key logger

بادئ الموضوع sasi
تاريخ البدء 8 أبريل 2009
1,158

S

sasi

زيزوومي جديد

غير متصل

8 أبريل 2009

#1

لسلام عليكم ورحمة الله وبركاته
اسعد الله اوقات الجميع
ممكن لو تكرم اخواني في هذا المنتدى الرائع حقا ان يجيبوني على استفساري ألا وهو كيف ممكن القضاء عالى برنامج key

logger الذي اعتقد انه تجسسي وليس له اثر معلوم لدي واعتقد اته مدمج لكن حال تشغيل بعض البرامج تظهر رساله مفادها ان

لديك ملف يعمل اسمه كي لوقر بحثت عنه لكن دون جدوى

شاكرا لكم جهودكم

ترتيب حسب التاريخ ترتيب حسب الأصوات

D

duhok

زيزوومى مميز

غير متصل

8 أبريل 2009

#2

تسجيل ضربات المفاتيح
اي تجسس على ماتكتب م اسماء وباسوردات
تحتاج برنامج ضد التجسس

تأييد 0

format

زيزوومي ماسى

غير متصل

8 أبريل 2009

#3

تحتاج برنامج ضد التجسس

زي اش اعطيه مثال زي اي برنامج عموما ياخوي انت حدث المكافح الي عندك وخليه يفحص جميع الملفات اذا مامسكه اذا حدث الوندز عشان الملف التجسس يطير عموما لو احسيت انه لسه موجود

FORMAT سي (c) ونزل وندز جديد لانه ملف التجسس يكون دائما في سي ونادر لما يكون في مكان تاني

توقيع : format

تأييد 0

S

sasi

زيزوومي جديد

غير متصل

10 أبريل 2009

#4

كل الشكر لحبايبي الأعزاء على سرعة الرد وجزاكم الله خيرا
أنا بأحدث الكاسبر سيكورتي كل 4 ساعات ولم يعمل شئ سو اخباري انه لديك برنامج كي لوقر ولا يوجد اي خيارات لازالته وفعلا انا باستدخم ملف اعدادات السيكورتى الموجود في المنتدى بس الصفحة بتتحرك مع حركة الماوس بدوون الضغط على الماوس فوق وتحت حركة خفيفة مرة او مرتين
شكرا

تأييد 0

M

MMA_LORD_735

زيزوومي جديد

غير متصل

10 أبريل 2009

#5

و عليكم السلام و رحمة الله و بركته ...

حياكـ الله عزيزي ...

أنتظر ولا تفرمت شي ...

أعمل التالي لا هنت ...

حمل هذه الأداءة ...

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغلها و روح على أول خيار ...

شوي و يعطيك تقرير داخل مفكرة ...

أنسخه كاملا ً وبشكل صحيح ...

و ضعه في ردك القادم ...

توقيع : MMA_LORD_735

تأييد 0

S

sasi

زيزوومي جديد

غير متصل

10 أبريل 2009

#6

هذا هو التقرير

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:14:23 AM, on 4/10/2009
Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\show\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet

Explorer
F2 - REG:system.ini: Shell=Explorer.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-

784B7D6BE0B3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: GetRight IE Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} -

C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program

Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -

C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program

Files\ONSPEED\components\NOWImaging.dll (file missing)
O2 - BHO: Prefetch - {A66AA08A-9BF0-4e87-99E6-6972731D6B99} - C:\Program

Files\ONSPEED\Prefetch.dll (file missing)
O2 - BHO: AdSwpr - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - C:\PROGRA~1

\IEDOCT~1\adflr.dll (file missing)
O3 - Toolbar: ONSPEED - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program

Files\ONSPEED\Toolband.dll (file missing)
O3 - Toolbar: &IE Doctor Bar - {123249EB-F891-44C4-946F-450064F9080E} -

C:\PROGRA~1\IEDOCT~1\IEDrBar.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32

\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

/IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32

\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software

Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security

2009\avp.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe

/auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -

atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User

'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User

'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User

'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User

'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky

Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download with GetRight Pro - C:\Program

Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program

Files\GetRight\GRbrowse.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-

AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009

\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-

5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program

Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-

f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-

00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

b?1223092291920
O17 - HKLM\System\CCS\Services\Tcpip\..\{F174323B-7589-4036-84A5-AEB84C85B448}:

NameServer = 62.215.6.52 62.215.6.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -

C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,C:\PROGRA~1

\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1

\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program

Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program

Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program

Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE

Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity

Solution\ServiceLayer.exe

--
End of file - 7173 bytes

تأييد 0

M

MMA_LORD_735

زيزوومي جديد

غير متصل

10 أبريل 2009

#7

حمل هذه الأداءة ...

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغلها ... يجيك رسالة أضغط على Yes ...

و يجيك رسالة تانية أضغط على Yes ...

و نتظر حتى تنتهي الأداءة من الفحص ...

<< يمكن يطول الفحص و يسوي أعاداءة تشغيل جهازك ...

<< لا تشغل أي برنامج حتى تنتهي الأداءة من الفحص و تعطيك تقرير ...

أنسخه و لصقه في ردك القادم ...

توقيع : MMA_LORD_735

تأييد 0

S

sasi

زيزوومي جديد

غير متصل

11 أبريل 2009

#8

هذا هو التقرير لـــ combofix

ComboFix 09-04-04.01 - Sasi 2009-04-11 5:44:09.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.965.1033.18.3071.2510 [GMT 3:00]
Running from: d:\show\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
AV: Rising Antivirus *On-access scanning enabled* (Outdated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt
c:\windows\ksires32.dll
c:\windows\msxfcg32.dll
c:\windows\system32\Plugins
c:\windows\system32\Plugins\ml\ml_pmp_device_Shakoosh - Phone memory.ini

.
((((((((((((((((((((((((( Files Created from 2009-03-11 to 2009-04-11 )))))))))))))))))))))))))))))))
.

2009-11-08 08:31 . 2009-11-08 08:31 <DIR> d-------- c:\program files\Torrent Harvester
2009-11-07 07:58 . 2009-11-07 07:58 <DIR> d-------- c:\windows\system32\Codec
2009-11-07 07:58 . 2009-11-07 07:58 <DIR> d-------- C:\Video Center
2009-04-11 05:41 . 2006-03-02 23:42 73,728 --a------ C:\pv.exe
2009-04-08 07:45 . 2009-04-08 07:45 <DIR> d-------- c:\program files\Dachshund Software
2009-04-08 07:45 . 2009-04-08 07:46 72 --ah----- c:\windows\winshell.dat
2009-04-06 09:52 . 2009-04-06 09:52 <DIR> d-------- c:\program files\IE Accelerator
2009-04-06 08:38 . 2009-04-06 08:38 <DIR> d-------- c:\program files\Windows Defender
2009-04-05 07:48 . 2009-04-05 08:18 <DIR> d-------- c:\program files\ProgDVB
2009-04-05 05:00 . 2009-04-05 05:00 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2009-04-05 05:00 . 2009-04-05 05:00 <DIR> d-------- c:\program files\Common Files\Intel
2009-04-05 05:00 . 2009-04-05 05:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2009-04-04 09:39 . 2009-04-05 08:58 <DIR> d-------- c:\program files\RenQuranFiles
2009-04-04 09:39 . 2000-01-24 05:01 2,023,424 --a------ c:\windows\system32\VCL50.BPL
2009-04-04 09:39 . 1999-03-23 09:12 299,520 --a------ c:\windows\uninst.exe
2009-04-02 09:54 . 2007-11-30 17:31 26,112 --a------ c:\windows\system32\drivers\usbser.sys
2009-04-02 09:54 . 2007-11-30 17:31 26,112 --a--c--- c:\windows\system32\dllcache\usbser.sys
2009-04-02 09:53 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll
2009-04-02 09:53 . 2009-04-02 09:53 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-04-02 09:53 . 2009-04-02 09:53 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-04-02 07:16 . 2009-04-11 05:48 6,006,816 --a------ c:\windows\system32\drivers\fidbox.dat
2009-04-02 07:16 . 2009-04-11 05:48 557,088 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-04-02 07:16 . 2009-04-11 05:48 49,056 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-04-02 07:16 . 2009-04-11 05:48 4,032 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-04-02 07:08 . 2009-04-02 07:09 <DIR> d-------- c:\program files\XP TCPIP Repair
2009-03-31 05:33 . 2009-04-01 04:39 32 --a------ c:\windows\0
2009-03-31 05:33 . 2009-03-31 05:33 0 --a------ c:\windows\system32\0
2009-03-30 09:41 . 2006-08-10 15:16 2,435,613 --a------ c:\windows\system32\Avc.ax
2009-03-30 09:41 . 2005-01-19 18:23 25,600 --a------ c:\windows\system32\AVSredirect.dll
2009-03-30 06:44 . 2009-03-30 06:44 34 --ah----- c:\windows\system32\MP3ToAMRConverter_sysquict.dat
2009-03-30 06:43 . 2009-03-30 07:59 <DIR> d-------- c:\program files\Okoker MP3 To AMR Converter
2009-03-30 06:31 . 2009-03-30 06:31 <DIR> d-------- c:\program files\7-Zip
2009-03-24 17:27 . 2009-03-24 17:30 <DIR> d-------- C:\KidsMath
2009-03-24 17:27 . 2004-04-15 18:23 347,136 --a------ c:\windows\system32\FM20.oca
2009-03-24 17:27 . 2001-01-17 07:01 260,096 --a------ c:\windows\system32\RICHTX32.OCX
2009-03-24 17:27 . 2000-05-22 16:58 115,920 --a------ c:\windows\system32\MSINET.OCX
2009-03-24 17:27 . 1998-04-24 00:00 83,552 --a------ c:\windows\system32\GAPI32.DLL
2009-03-24 17:27 . 2004-08-25 22:53 62,464 --a------ c:\windows\system32\MCI32.oca
2009-03-24 17:27 . 1998-04-24 00:00 30,720 --a------ c:\windows\system32\RCHTXCHS.DLL
2009-03-24 17:27 . 2001-02-01 23:40 26,384 --a------ c:\windows\system32\FM20CHS.DLL
2009-03-24 17:27 . 1998-07-07 00:00 13,824 --a------ c:\windows\system32\INETCHS.DLL
2009-03-24 17:27 . 1998-06-18 00:00 2,396 --a------ c:\windows\system32\MCI32.DEP
2009-03-23 09:12 . 2009-03-23 09:19 <DIR> d-------- c:\windows\Backups
2009-03-23 09:12 . 2009-03-23 09:12 <DIR> d-------- c:\windows\AutoREGs
2009-03-23 09:11 . 2009-03-23 09:18 404,319 --a------ c:\windows\zakrpa.exe
2009-03-23 09:11 . 2009-03-23 09:18 60 --a------ c:\windows\automatski.cmd
2009-03-20 08:53 . 2009-03-20 08:53 <DIR> d-------- c:\program files\Common Files\xing shared
2009-03-20 07:46 . 2009-03-20 07:46 397 --a------ C:\home.htm
2009-03-19 11:55 . 2009-03-19 11:55 <DIR> d-------- c:\documents and settings\Sasi\Application Data\ACD Systems
2009-03-16 11:09 . 2009-03-16 12:01 (2) -rahs-ot- c:\windows\winstart.bat
2009-03-16 08:48 . 2009-03-16 08:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Drivers Headquarters
2009-03-16 08:38 . 2009-03-16 09:59 <DIR> d-------- c:\program files\PC Drivers HeadQuarters
2009-03-16 06:34 . 2009-03-16 06:34 <DIR> d-------- c:\documents and settings\Sasi\Application Data\COWON
2009-03-16 06:33 . 2009-03-16 10:06 <DIR> d-------- c:\program files\JetAudio
2009-03-16 06:33 . 2009-03-16 06:33 <DIR> d-------- c:\program files\Common Files\COWON
2009-03-13 08:54 . 2009-03-29 10:13 <DIR> d-------- c:\documents and settings\Sasi\Application Data\AIMP
2009-03-13 08:53 . 2009-03-13 10:44 <DIR> d-------- c:\program files\AIMP2
2009-03-11 10:58 . 2009-03-11 10:58 <DIR> d-------- c:\program files\DatawareGames
2009-03-11 07:59 . 2009-03-11 07:59 <DIR> d-------- c:\windows\Downloaded Installations
2009-03-11 07:59 . 2009-03-11 08:00 <DIR> d-------- c:\program files\Bluetooth Remote Control
2009-03-11 06:42 . 2009-03-11 06:49 <DIR> d-------- c:\program files\Photo To Color Sketch

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-11 02:58 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-11 02:39 --------- d-----w c:\documents and settings\Sasi\Application Data\GetRight Pro
2009-04-08 05:59 --------- d-----w c:\documents and settings\Sasi\Application Data\X-NetStat
2009-04-05 02:01 --------- d-----w c:\program files\Intel
2009-04-02 06:19 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-04-02 06:19 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-04-02 06:19 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-04-01 16:38 --------- d-----w c:\program files\File Renamer Turbo
2009-04-01 16:37 --------- d-----w c:\program files\Any Audio Converter
2009-04-01 16:36 --------- d-----w c:\program files\Cooolsoft
2009-04-01 15:14 --------- d-----w c:\program files\Ivacy Monitor
2009-03-29 06:16 --------- d-----w c:\program files\MP3 Workshop
2009-03-24 14:30 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-24 14:30 --------- d-----w c:\program files\Common Files\InstallShield
2009-03-23 06:08 --------- d-----w c:\program files\Common Files\Elecard
2009-03-20 11:51 --------- d-----w c:\documents and settings\Sasi\Application Data\PC Suite
2009-03-20 05:53 --------- d-----w c:\program files\Common Files\Real
2009-03-20 05:23 --------- d-----w c:\program files\vSoft
2009-03-17 02:10 --------- d-----w c:\documents and settings\Sasi\Application Data\Picofactory
2009-03-17 02:10 --------- d-----w c:\documents and settings\Sasi\Application Data\Paltalk
2009-03-17 02:10 --------- d-----w c:\documents and settings\Sasi\Application Data\Nokia
2009-03-17 02:09 --------- d-----w c:\documents and settings\Sasi\Application Data\SlipStream
2009-03-17 01:58 --------- d-----w c:\program files\IE Doctor
2009-03-08 08:24 --------- d-----w c:\program files\QuickTime
2009-03-08 08:24 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-07 09:02 --------- d-----w c:\program files\Essentials Codec Pack
2009-03-07 05:39 --------- d-----w c:\program files\intocartoonpro
2009-03-05 08:30 --------- d-----w c:\program files\X-NetStat Professional
2009-03-05 06:33 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-03 14:24 --------- d--h--w c:\program files\InstallJammer Registry
2009-03-02 06:03 --------- d-----w c:\program files\SkyGrabber
2009-03-01 13:52 --------- d-----w c:\program files\Common Files\DFX
2009-03-01 12:21 --------- d-----w c:\program files\Real
2009-03-01 05:42 --------- d-----w c:\program files\FDRLab
2009-02-28 08:51 --------- d-----w c:\program files\K-Lite Codec Pack
2009-02-28 07:35 --------- d-----w c:\documents and settings\All Users\Application Data\DFX
2009-02-26 09:16 121,856 ----a-w c:\windows\system32\drivers\Rtenicxp.sys
2009-02-26 05:52 --------- d-----w c:\program files\Streambox
2009-02-21 08:39 --------- d-----w c:\documents and settings\Sasi\Application Data\Image Zone Express
2009-02-21 08:38 --------- d-----w c:\program files\VistaCodecPack
2009-02-21 08:35 --------- d-----w c:\documents and settings\All Users\Application Data\Win7codecs
2009-02-21 07:10 --------- d-----w c:\program files\Common Files\ACD Systems
2009-02-21 07:10 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2009-02-21 07:09 --------- d-----w c:\program files\ACD Systems
2009-02-21 06:24 --------- d-----w c:\documents and settings\Sasi\Application Data\Mp3tag
2009-02-21 06:17 --------- d-----w c:\program files\Mp3tag
2009-02-20 18:26 --------- d-----w c:\documents and settings\All Users\Application Data\SRSLabs
2009-02-20 07:30 --------- d-----w c:\program files\SRSLabs
2009-02-20 07:30 --------- d-----w c:\program files\Common Files\SRS
2009-02-20 07:25 --------- d-----w c:\program files\Appwalk.com Technologies Canada
2009-02-20 06:24 --------- d-----w c:\documents and settings\Sasi\Application Data\Kristanix Software
2009-02-20 03:32 --------- d-----w c:\program files\Apple Software Update
2009-02-19 06:51 --------- d-----w c:\program files\Video Convert Master
2009-02-17 18:18 --------- d-----w c:\program files\GetRight
2009-02-17 08:01 --------- d-----w c:\program files\McFunSoft Audio Converter
2009-02-16 17:10 --------- d-----w c:\documents and settings\Sasi\Application Data\Nokia Multimedia Player
2009-02-16 05:59 --------- d-----w c:\program files\Nokia
2009-02-16 05:59 --------- d-----w c:\program files\Common Files\PCSuite
2009-02-16 05:59 --------- d-----w c:\program files\Common Files\Nokia
2009-02-12 23:15 45,056 ----a-w c:\windows\NCUNINST.EXE
2009-02-12 23:13 --------- d-----w c:\program files\Common Files\SWF Studio
2009-02-12 22:56 --------- d-----w c:\documents and settings\Sasi\Application Data\EbkReader
2009-02-12 15:26 --------- d-----w c:\program files\HP
2009-02-12 15:26 --------- d-----w c:\program files\Common Files\HP
2009-02-12 15:25 --------- d-----w c:\documents and settings\All Users\Application Data\HPSSUPPLY
2009-02-11 19:02 --------- d-----w c:\program files\PC Connectivity Solution
2009-02-11 19:00 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2007-12-01 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-04 206088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-20 198160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2007-12-01 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ToggleCommentPosition"= 1 (0x1)
"PreXPSP2ShellProtocolBehavior"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bilal Prayer.LNK]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bilal Prayer.LNK
backup=c:\windows\pss\Bilal Prayer.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ONSPEED.lnk]
backup=c:\windows\pss\ONSPEED.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Server4PC.lnk]
backup=c:\windows\pss\Server4PC.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Server4PC.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Sasi^Start Menu^Programs^Startup^AntiCrash.lnk]
path=c:\documents and settings\Sasi\Start Menu\Programs\Startup\AntiCrash.lnk
backup=c:\windows\pss\AntiCrash.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Sasi^Start Menu^Programs^Startup^BitTorrent SpeedUp Pro.lnk]
path=c:\documents and settings\Sasi\Start Menu\Programs\Startup\BitTorrent SpeedUp Pro.lnk
backup=c:\windows\pss\BitTorrent SpeedUp Pro.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage Setup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IE Doctor

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 10:06 40048 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLD.EXE]
--a------ 2007-09-17 00:16 1343488 c:\program files\Download Direct\DLD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-05-08 16:24 54840 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2007-12-01 00:26 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 15:57 282624 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--------- 2009-03-20 08:52 198160 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Antivirus]
--a------ 2008-12-18 11:37 798720 c:\program files\USB Disk Security\USBGuard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 19:20 866584 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2008-06-19 16:20 57344 c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
--a------ 2008-06-19 16:42 2808832 c:\windows\ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-09-17 23:55 1657376 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2008-12-30 14:58 18082304 c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2007-11-20 18:15 1826816 c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2008-08-19 13:26 77824 c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\drivers\SkyNET.sys [2008-06-18 451816]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b956fbc4-bfab-11dd-97b1-00d0d70a46fe}]
\Shell\AutoRun\command - sq.com
\Shell\explore\Command - sq.com
\Shell\open\Command - sq.com
.
Contents of the 'Scheduled Tasks' folder

2009-04-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 14:21]

2009-04-11 c:\windows\Tasks\WECPUpdate.job
- c:\program files\Essentials Codec Pack\WECPUpdate.exe [2009-02-25 17:28]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Eraser RiskMonitor - c:\program files\East-Tec Eraser 2009\Launch.exe
MSConfigStartUp-Malwarebytes' Anti-Malware - c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
MSConfigStartUp-MMTray - c:\program files\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\MMTray.exe
MSConfigStartUp-mmtray2k - c:\program files\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\mmtray2k.exe
MSConfigStartUp-mmtraylsi - c:\program files\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\mmtraylsi.exe
MSConfigStartUp-PC Suite Tray - c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
MSConfigStartUp-rfagent - c:\program files\RFA\rfagent.exe
MSConfigStartUp-SlipStream - c:\program files\ONSPEED\onspeedcore.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe

.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyServer = 189.72.74.4:31280
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: Download with GetRight Pro - c:\program files\GetRight\GRdownload.htm
IE: Open with GetRight Pro Browser - c:\program files\GetRight\GRbrowse.htm
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-04-11 06:01:06
Windows 5.1.2600 Service Pack 3, v.5657 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-842925246-1979792683-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{83732A8B-CD31-B96B-5A44-A33A8B8E11C7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"fanpllghjdmb"=hex:6f,62,6a,6f,6d,6c,6e,62,64,63,63,64,64,61,64,63,6e,68,65,70,
62,63,6c,65,6d,66,69,61,69,6a,6b,6a,64,70,61,68,6a,61,6c,63,6d,65,6f,6b,6a,\
"gaefedoigihmba"=hex:61,62,6b,6f,70,6c,64,62,63,6c,61,64,6f,62,63,65,68,66,68,
69,6f,63,64,70,6d,70,6b,6b,66,6d,6e,6e,69,69,00,7e
"gannbdnbkbmfij"=hex:65,62,6d,6f,66,6a,64,66,63,6e,68,6d,69,70,67,6d,64,65,6e,
61,6b,70,6c,68,6b,6a,6d,6f,70,6a,68,6f,63,6b,6a,67,70,62,6c,6b,65,68,00,00
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\searchindexer.exe
c:\program files\Canon\CAL\CALMAIN.exe
.
**************************************************************************
.
Completion time: 2009-04-11 6:05:49 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-11 03:05:45

Pre-Run: 123,239,735,296 bytes free
Post-Run: 123,883,864,064 bytes free

323

تأييد 0

M

MMA_LORD_735

زيزوومي جديد

غير متصل

11 أبريل 2009

#9

تمام عزيزي ...

أرجع عطيني تقرير هايجك جديد ...

توقيع : MMA_LORD_735

تأييد 0

S

sasi

زيزوومي جديد

غير متصل

11 أبريل 2009

#10

هذا هو التقرير رقم 2 لهاي جاك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:04:45 AM, on 4/11/2009
Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\explorer.exe
C:\Program Files\GetRight\GetRight.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: GetRight IE Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\ONSPEED\components\NOWImaging.dll (file missing)
O2 - BHO: Prefetch - {A66AA08A-9BF0-4e87-99E6-6972731D6B99} - C:\Program Files\ONSPEED\Prefetch.dll (file missing)
O3 - Toolbar: ONSPEED - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\ONSPEED\Toolband.dll (file missing)
O3 - Toolbar: &IE Doctor Bar - {123249EB-F891-44C4-946F-450064F9080E} - C:\PROGRA~1\IEDOCT~1\IEDrBar.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{F174323B-7589-4036-84A5-AEB84C85B448}: NameServer = 62.215.6.52 62.215.6.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6418 bytes

تأييد 0

M

MMA_LORD_735

زيزوومي جديد

غير متصل

11 أبريل 2009

#11

تمام ...

و الآن أعمل التالي ...

حدد هذه القيم و سوي لها أصلاح ...

O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\ONSPEED\components\NOWImaging.dll (file missing)

O2 - BHO: Prefetch - {A66AA08A-9BF0-4e87-99E6-6972731D6B99} - C:\Program Files\ONSPEED\Prefetch.dll (file missing)

O3 - Toolbar: ONSPEED - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\ONSPEED\Toolband.dll (file missing)

O17 - HKLM\System\CCS\Services\Tcpip\..\{F174323B-7589-4036-84A5-AEB84C85B448}: NameServer =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

طريقة الأصلاح ...

ثم نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

او

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التوافق : ويندوز اكسبيفقط

شرح الاستخدام ,,,,,,

عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

و بعدها هات تقرير جديد ...

التعديل الأخير بواسطة المشرف: 12 مايو 2014

توقيع : MMA_LORD_735

تأييد 0

S

sasi

زيزوومي جديد

غير متصل

11 أبريل 2009

#12

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:07:27 PM, on 4/11/2009
Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: GetRight IE Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O3 - Toolbar: &IE Doctor Bar - {123249EB-F891-44C4-946F-450064F9080E} - C:\PROGRA~1\IEDOCT~1\IEDrBar.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{F174323B-7589-4036-84A5-AEB84C85B448}: NameServer = 62.215.6.51 62.215.6.5
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 5820 bytes

تأييد 0

ز

زمان الصمت

زيزوومى متألق

غير متصل

11 أبريل 2009

#13

صلح هذي القيمه

O17 - HKLM\System\CCS\Services\Tcpip\..\{F174323B-7589-4036-84A5-AEB84C85B448}: NameServer =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

1', 64);return false;">

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

1

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

توقيع : زمان الصمت

تأييد 0

S

sasi

زيزوومي جديد

غير متصل

11 أبريل 2009

#14

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:41:51 PM, on 4/11/2009
Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\notepad.exe
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: GetRight IE Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O3 - Toolbar: &IE Doctor Bar - {123249EB-F891-44C4-946F-450064F9080E} - C:\PROGRA~1\IEDOCT~1\IEDrBar.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 5797 bytes

تأييد 0

S

sasi

زيزوومي جديد

غير متصل

12 أبريل 2009

#15

السلام عليكم ورحمة الله وبركاته
اسعد الله أوقات الجميع

لقد قمت بحذف ما ابلغتني به من القيم وهذه القيم لبرنامج قديم معمول له انستوول من مدة ولم تكن يظهر وقتها أي شئ الا بعد ان ستبت
برنامج ProgDVB وكذلك لعبتين يعني ما حذفت ليس له علاقة بالموضوع والدليل ان الوضع على ما هو عليه لذا كل الشكر لمن قرأ
أو حاول المساعدة وفعلا عاجز عن الشكر
أخوكم sasi

تأييد 0

A

ahat2200

زيزوومي جديد

غير متصل

28 مايو 2009

#16

تسلم والف شكرررررررررررررررررررررررررررررررررررر

تأييد 0

يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.

شارك:

فيسبوك X Bluesky LinkedIn Reddit Pinterest Tumblr WhatsApp البريد الإلكتروني الرابط

๑♥๑ مبـــــــ بـمناسبة مرور ثمانية عشر عام على تأسيس زيـــــــــزووم ــــــــرووك ๑♥๑

أعلى