مهاوي وبس
زيزوومى محترف
غير متصل
- بادئ الموضوع مهاوي وبس
- تاريخ البدء
Demo-dash
داعم للمنتدى،(خبراء زيزووم )
داعــــم للمنتـــــدى
★★ نجم المنتدى ★★
نجم الشهر
كبار الشخصيات
فريق دعم البرامج العامة
غير متصل
حمل هذا البرنامج
اذا انتهى التحميل ==> شغل البرنامج ==> واضغطي على Do a system scan and save log
لحظات .. ويظهر لك تقرير ==> انسخه والصقه بردك القادم
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
اذا انتهى التحميل ==> شغل البرنامج ==> واضغطي على Do a system scan and save log
لحظات .. ويظهر لك تقرير ==> انسخه والصقه بردك القادم
التعديل الأخير بواسطة المشرف:
توقيع : Demo-dash
تأييد
0
مهاوي وبس
زيزوومى محترف
غير متصل
هذا التقرير
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:16:51 م, on 25/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Downloads\Zyzoom_HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: ADSTechnology module - {831CBAC0-8283-4653-9D81-FEB9F3F6E47C} - C:\Program Files\ADSTechnology\ADSTechnology.dll
O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Program Files\ActivationManager\ActivationManager.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PopKiller Class - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - C:\Program Files\Popup Blocker\PKExt.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [hold data mags move] C:\Documents and Settings\All Users\Application Data\Bash Dvd Hold Data\Part Gram.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [clock blah] C:\DOCUME~1\ADMINI~1\APPLIC~1\32open\More Browse.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe" -s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download ALL with IDA32 - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: Download with IDA32 - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 10809 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:16:51 م, on 25/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Downloads\Zyzoom_HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: ADSTechnology module - {831CBAC0-8283-4653-9D81-FEB9F3F6E47C} - C:\Program Files\ADSTechnology\ADSTechnology.dll
O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Program Files\ActivationManager\ActivationManager.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PopKiller Class - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - C:\Program Files\Popup Blocker\PKExt.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [hold data mags move] C:\Documents and Settings\All Users\Application Data\Bash Dvd Hold Data\Part Gram.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [clock blah] C:\DOCUME~1\ADMINI~1\APPLIC~1\32open\More Browse.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe" -s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download ALL with IDA32 - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: Download with IDA32 - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 10809 bytes
توقيع : مهاوي وبس
تأييد
0
AbOdy
عضو شرف
- إنضم
- 17 سبتمبر 2007
- المشاركات
- 6,865
- مستوى التفاعل
- 91
- النقاط
- 840
غير متصل
حدد القيم واحذفهم
O2 - BHO: ADSTechnology module - {831CBAC0-8283-4653-9D81-FEB9F3F6E47C} - C:\Program Files\ADSTechnology\ADSTechnology.dll
O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Program Files\ActivationManager\ActivationManager.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKCU\..\Run: [clock blah] C:\DOCUME~1\ADMINI~1\APPLIC~1\32open\More Browse.exe
.png)
.png)
واخبرنا بالنتائج
O2 - BHO: ADSTechnology module - {831CBAC0-8283-4653-9D81-FEB9F3F6E47C} - C:\Program Files\ADSTechnology\ADSTechnology.dll
O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Program Files\ActivationManager\ActivationManager.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKCU\..\Run: [clock blah] C:\DOCUME~1\ADMINI~1\APPLIC~1\32open\More Browse.exe
طريقة الحذف
ثم نزل هذه الاداة واتبع الشرح التالي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
التوافق : ويندوز اكسبي فقط
شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )
وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))
واخبرنا بالنتائج
توقيع : AbOdy
تأييد
0
تم التحليل يامهاوي
احذفي هذي
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
طريقة الحذف
ثم نزل هذه الاداة واتبع الشرح التالي
وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))
بالتوفيق,,,
احذفي هذي
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
طريقة الحذف
ثم نزل هذه الاداة واتبع الشرح التالي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
التوافق : ويندوز اكسبي فقط
شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )
وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))
بالتوفيق,,,
تأييد
0
مهاوي وبس
زيزوومى محترف
غير متصل
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:36:46 ص, on 26/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Downloads\Zyzoom_HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PopKiller Class - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - C:\Program Files\Popup Blocker\PKExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [hold data mags move] C:\Documents and Settings\All Users\Application Data\Bash Dvd Hold Data\Part Gram.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [clock blah] C:\DOCUME~1\ADMINI~1\APPLIC~1\32open\More Browse.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\Administrator\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\Administrator\Application Data\CyberScrub\Privacy Suite"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe" -s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download ALL with IDA32 - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: Download with IDA32 - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin ******) -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 11171 bytes
Scan saved at 06:36:46 ص, on 26/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Downloads\Zyzoom_HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PopKiller Class - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - C:\Program Files\Popup Blocker\PKExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [hold data mags move] C:\Documents and Settings\All Users\Application Data\Bash Dvd Hold Data\Part Gram.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [clock blah] C:\DOCUME~1\ADMINI~1\APPLIC~1\32open\More Browse.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\Administrator\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\Administrator\Application Data\CyberScrub\Privacy Suite"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe" -s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download ALL with IDA32 - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: Download with IDA32 - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin ******) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 11171 bytes
توقيع : مهاوي وبس
تأييد
0
حدد القيم التاليه واحذفها
O4 - HKCU\..\Run: [clock blah] C:\DOCUME~1\ADMINI~1\APPLIC~1\32open\More Browse.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
حمل هذه الاداة ,,
واتبع الشرح التالي ,, لتنظيف جهازك من الفيروسات
و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,
رابط الاداة
شرح الاستخدام ,,,,,,
ولحفظ التقرير اعمل التالي ,,
بعدهاا ارفع التقرير على هذا الموقع ,, وارفق الرابط بردك القادم
O4 - HKCU\..\Run: [clock blah] C:\DOCUME~1\ADMINI~1\APPLIC~1\32open\More Browse.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
حمل هذه الاداة ,,
واتبع الشرح التالي ,, لتنظيف جهازك من الفيروسات
و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,
رابط الاداة
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
شرح الاستخدام ,,,,,,
ولحفظ التقرير اعمل التالي ,,
بعدهاا ارفع التقرير على هذا الموقع ,, وارفق الرابط بردك القادم
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
تأييد
0
مهاوي وبس
زيزوومى محترف
غير متصل
19/03/1429 03:08:37 م Engine version =5200.2160
19/03/1429 03:08:37 م AntiVirus DAT version =5195.0000
19/03/1429 03:08:37 م Number of detection signatures in EXTRA.DAT =None
19/03/1429 03:08:37 م Names of detection signatures in EXTRA.DAT =None
19/03/1429 03:08:31 م Scan Started THE_GOVERNMENT\Administrator On-Demand Scan
19/03/1429 03:09:51 م Deleted Administrator c:\documents and settings\administrator\******s\administrator@specificclick[2].txt\00000000.ie ******-SpecClick(Potentially Unwanted Program)
19/03/1429 03:09:54 م Deleted Administrator c:\documents and settings\administrator\******s\administrator@specificclick[2].txt\00000000.ie ******-SpecClick(Potentially Unwanted Program)
19/03/1429 03:09:54 م Deleted Administrator c:\documents and settings\administrator\******s\administrator@specificclick[2].txt\00000000.ie ******-SpecClick(Potentially Unwanted Program)
19/03/1429 03:09:54 م Deleted Administrator c:\documents and settings\administrator\******s\administrator@specificclick[2].txt\00000000.ie ******-SpecClick(Potentially Unwanted Program)
19/03/1429 03:09:54 م Deleted Administrator c:\documents and settings\administrator\******s\administrator@statcounter[1].txt\00000000.ie ******-Statcounter(Potentially Unwanted Program)
19/03/1429 03:11:03 م Deleted Administrator C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\ZYZOOM_AUTORUN_VIRUSES_CLEANER\ZYZOOM_PROCESS.EXE PrcViewer(Potentially Unwanted Program)
19/03/1429 03:11:04 م Deleted Administrator c:\Documents and Settings\Administrator\Application Data\Zyzoom_Autorun_Viruses_cleaner\zyzoom_PROCESS.exe PrcViewer(Potentially Unwanted Program)
19/03/1429 03:32:18 م Not scanned (The file is encrypted) Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP106\A0035758.exe\ID.TXT
19/03/1429 03:32:38 م Not scanned (The file is encrypted) Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP108\A0036042.exe\ID.TXT
19/03/1429 03:33:37 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP116\A0036738.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:33:37 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP116\A0036738.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:34:01 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP117\A0036785.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:34:01 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP117\A0036785.dll MWS(Potentially Unwanted Program)
19/03/1429 03:34:08 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0036995.inf MWS(Potentially Unwanted Program)
19/03/1429 03:34:21 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0036996.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:34:21 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0036996.dll MWS(Potentially Unwanted Program)
19/03/1429 03:34:33 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0036997.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:34:33 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0036997.dll MWS(Potentially Unwanted Program)
19/03/1429 03:34:36 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037001.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:34:36 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037001.dll MWS(Potentially Unwanted Program)
19/03/1429 03:34:36 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037002.SCR MWS(Potentially Unwanted Program)
19/03/1429 03:34:36 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037002.scr MWS(Potentially Unwanted Program)
19/03/1429 03:34:36 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037010.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:34:36 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037010.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:34:40 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037011.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:34:40 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037011.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:34:52 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037012.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:34:52 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037012.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:35:04 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037013.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:35:04 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037013.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:35:17 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037014.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:35:17 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037014.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:35:29 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037015.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:35:29 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037015.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:35:42 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037016.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:35:42 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037016.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:35:54 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037017.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:35:54 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037017.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:35:54 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037018.SCR MWS(Potentially Unwanted Program)
19/03/1429 03:35:54 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037018.SCR MWS(Potentially Unwanted Program)
19/03/1429 03:35:58 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037019.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:35:58 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037019.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:36:01 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037020.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:36:01 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037020.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:36:01 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037021.EXE MWS(Potentially Unwanted Program)
19/03/1429 03:36:01 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037021.EXE MWS(Potentially Unwanted Program)
19/03/1429 03:36:04 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037022.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:36:04 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037022.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:36:16 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037023.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:36:16 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037023.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:36:29 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037024.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:36:29 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037024.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:36:41 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037026.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:36:41 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037026.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:36:44 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037027.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:36:44 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037027.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:36:44 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037028.EXE MWS(Potentially Unwanted Program)
19/03/1429 03:36:44 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037028.EXE MWS(Potentially Unwanted Program)
19/03/1429 03:36:56 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037029.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:36:56 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037029.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:37:09 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037031.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:37:09 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037031.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:37:21 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037032.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:37:21 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037032.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:37:21 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037033.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:37:21 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037033.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:37:21 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037034.EXE MWS(Potentially Unwanted Program)
19/03/1429 03:37:21 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037034.EXE MWS(Potentially Unwanted Program)
19/03/1429 03:37:21 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037035.EXE MWS(Potentially Unwanted Program)
19/03/1429 03:37:21 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037035.EXE MWS(Potentially Unwanted Program)
19/03/1429 03:37:22 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037036.EXE MWS(Potentially Unwanted Program)
19/03/1429 03:37:22 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037036.EXE MWS(Potentially Unwanted Program)
19/03/1429 03:37:22 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037037.EXE MWS(Potentially Unwanted Program)
19/03/1429 03:37:22 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037037.EXE MWS(Potentially Unwanted Program)
19/03/1429 03:37:34 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037038.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:37:34 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037038.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:37:46 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037039.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:37:46 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037039.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:37:59 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037040.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:37:59 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037040.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:38:11 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037046.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:38:11 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037046.dll MWS(Potentially Unwanted Program)
19/03/1429 03:38:23 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037047.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:38:23 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037047.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:38:36 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037051.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:38:36 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037051.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:38:49 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037062.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:38:49 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037062.dll MWS(Potentially Unwanted Program)
19/03/1429 03:40:11 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP128\A0041943.EXE PrcViewer(Potentially Unwanted Program)
19/03/1429 03:40:11 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP128\A0041943.exe PrcViewer(Potentially Unwanted Program)
19/03/1429 03:43:31 م Not scanned (The file is encrypted) Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP41\A0009554.exe\CLICK1.OGG
19/03/1429 03:55:33 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP77\A0029789.EXE PrcViewer(Potentially Unwanted Program)
19/03/1429 03:55:33 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP77\A0029789.exe PrcViewer(Potentially Unwanted Program)
19/03/1429 03:56:40 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP89\A0032557.EXE PrcViewer(Potentially Unwanted Program)
19/03/1429 03:56:58 م Deleted (Clean failed) Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP89\A0032557.exe\ZYZOOM_PROCESS.EXE PrcViewer(Potentially Unwanted Program)
19/03/1429 03:56:59 م Not scanned (The file is encrypted) Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP89\A0032558.exe\THUMBS.DB
19/03/1429 03:57:51 م Not scanned (The file is encrypted) Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP96\A0035209.exe\ID.TXT
19/03/1429 03:57:52 م Not scanned (The file is encrypted) Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP96\A0035216.exe\ID.TXT
19/03/1429 04:09:40 م Scan Summary THE_GOVERNMENT\Administrator Scan Summary
19/03/1429 04:09:40 م Scan Summary THE_GOVERNMENT\Administrator Processes scanned : 46
19/03/1429 04:09:40 م Scan Summary THE_GOVERNMENT\Administrator Processes detected : 0
19/03/1429 04:09:40 م Scan Summary THE_GOVERNMENT\Administrator Processes cleaned : 0
19/03/1429 04:09:40 م Scan Summary THE_GOVERNMENT\Administrator Boot sectors scanned : 2
19/03/1429 04:09:40 م Scan Summary THE_GOVERNMENT\Administrator Boot sectors detected: 0
19/03/1429 04:09:40 م Scan Summary THE_GOVERNMENT\Administrator Boot sectors cleaned : 0
19/03/1429 04:09:40 م Scan Summary THE_GOVERNMENT\Administrator Files scanned : 57556
19/03/1429 04:09:40 م Scan Summary THE_GOVERNMENT\Administrator Files with detections: 44
19/03/1429 04:09:40 م Scan Summary THE_GOVERNMENT\Administrator File detections : 87
19/03/1429 04:09:40 م Scan Summary THE_GOVERNMENT\Administrator Files cleaned : 0
19/03/1429 04:09:40 م Scan Summary THE_GOVERNMENT\Administrator Files deleted : 44
19/03/1429 04:09:40 م Scan Summary THE_GOVERNMENT\Administrator Files not scanned : 32
19/03/1429 04:09:40 م Scan Summary THE_GOVERNMENT\Administrator Scan Summary (Registry Scanning)
19/03/1429 04:09:40 م Scan Summary THE_GOVERNMENT\Administrator Keys scanned : 36560
19/03/1429 04:09:40 م Scan Summary THE_GOVERNMENT\Administrator Keys detected : 0
19/03/1429 04:09:40 م Scan Summary THE_GOVERNMENT\Administrator Keys cleaned : 0
19/03/1429 04:09:40 م Scan Summary THE_GOVERNMENT\Administrator Keys deleted : 0
19/03/1429 04:09:40 م Scan Summary THE_GOVERNMENT\Administrator Scan Summary (****** Scanning)
19/03/1429 04:09:40 م Scan Summary THE_GOVERNMENT\Administrator ******s scanned : 53
19/03/1429 04:09:40 م Scan Summary THE_GOVERNMENT\Administrator ******s detected : 5
19/03/1429 04:09:40 م Scan Summary THE_GOVERNMENT\Administrator ******s cleaned : 0
19/03/1429 04:09:40 م Scan Summary THE_GOVERNMENT\Administrator ******s deleted : 5
19/03/1429 04:09:40 م Scan Summary THE_GOVERNMENT\Administrator Run time : 1:01:09
19/03/1429 04:09:40 م Scan Complete THE_GOVERNMENT\Administrator On-Demand Scan
19/03/1429 03:08:37 م AntiVirus DAT version =5195.0000
19/03/1429 03:08:37 م Number of detection signatures in EXTRA.DAT =None
19/03/1429 03:08:37 م Names of detection signatures in EXTRA.DAT =None
19/03/1429 03:08:31 م Scan Started THE_GOVERNMENT\Administrator On-Demand Scan
19/03/1429 03:09:51 م Deleted Administrator c:\documents and settings\administrator\******s\administrator@specificclick[2].txt\00000000.ie ******-SpecClick(Potentially Unwanted Program)
19/03/1429 03:09:54 م Deleted Administrator c:\documents and settings\administrator\******s\administrator@specificclick[2].txt\00000000.ie ******-SpecClick(Potentially Unwanted Program)
19/03/1429 03:09:54 م Deleted Administrator c:\documents and settings\administrator\******s\administrator@specificclick[2].txt\00000000.ie ******-SpecClick(Potentially Unwanted Program)
19/03/1429 03:09:54 م Deleted Administrator c:\documents and settings\administrator\******s\administrator@specificclick[2].txt\00000000.ie ******-SpecClick(Potentially Unwanted Program)
19/03/1429 03:09:54 م Deleted Administrator c:\documents and settings\administrator\******s\administrator@statcounter[1].txt\00000000.ie ******-Statcounter(Potentially Unwanted Program)
19/03/1429 03:11:03 م Deleted Administrator C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\ZYZOOM_AUTORUN_VIRUSES_CLEANER\ZYZOOM_PROCESS.EXE PrcViewer(Potentially Unwanted Program)
19/03/1429 03:11:04 م Deleted Administrator c:\Documents and Settings\Administrator\Application Data\Zyzoom_Autorun_Viruses_cleaner\zyzoom_PROCESS.exe PrcViewer(Potentially Unwanted Program)
19/03/1429 03:32:18 م Not scanned (The file is encrypted) Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP106\A0035758.exe\ID.TXT
19/03/1429 03:32:38 م Not scanned (The file is encrypted) Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP108\A0036042.exe\ID.TXT
19/03/1429 03:33:37 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP116\A0036738.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:33:37 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP116\A0036738.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:34:01 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP117\A0036785.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:34:01 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP117\A0036785.dll MWS(Potentially Unwanted Program)
19/03/1429 03:34:08 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0036995.inf MWS(Potentially Unwanted Program)
19/03/1429 03:34:21 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0036996.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:34:21 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0036996.dll MWS(Potentially Unwanted Program)
19/03/1429 03:34:33 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0036997.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:34:33 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0036997.dll MWS(Potentially Unwanted Program)
19/03/1429 03:34:36 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037001.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:34:36 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037001.dll MWS(Potentially Unwanted Program)
19/03/1429 03:34:36 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037002.SCR MWS(Potentially Unwanted Program)
19/03/1429 03:34:36 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037002.scr MWS(Potentially Unwanted Program)
19/03/1429 03:34:36 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037010.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:34:36 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037010.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:34:40 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037011.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:34:40 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037011.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:34:52 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037012.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:34:52 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037012.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:35:04 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037013.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:35:04 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037013.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:35:17 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037014.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:35:17 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037014.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:35:29 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037015.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:35:29 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037015.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:35:42 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037016.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:35:42 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037016.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:35:54 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037017.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:35:54 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037017.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:35:54 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037018.SCR MWS(Potentially Unwanted Program)
19/03/1429 03:35:54 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037018.SCR MWS(Potentially Unwanted Program)
19/03/1429 03:35:58 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037019.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:35:58 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037019.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:36:01 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037020.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:36:01 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037020.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:36:01 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037021.EXE MWS(Potentially Unwanted Program)
19/03/1429 03:36:01 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037021.EXE MWS(Potentially Unwanted Program)
19/03/1429 03:36:04 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037022.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:36:04 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037022.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:36:16 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037023.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:36:16 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037023.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:36:29 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037024.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:36:29 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037024.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:36:41 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037026.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:36:41 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037026.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:36:44 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037027.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:36:44 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037027.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:36:44 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037028.EXE MWS(Potentially Unwanted Program)
19/03/1429 03:36:44 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037028.EXE MWS(Potentially Unwanted Program)
19/03/1429 03:36:56 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037029.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:36:56 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037029.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:37:09 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037031.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:37:09 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037031.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:37:21 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037032.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:37:21 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037032.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:37:21 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037033.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:37:21 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037033.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:37:21 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037034.EXE MWS(Potentially Unwanted Program)
19/03/1429 03:37:21 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037034.EXE MWS(Potentially Unwanted Program)
19/03/1429 03:37:21 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037035.EXE MWS(Potentially Unwanted Program)
19/03/1429 03:37:21 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037035.EXE MWS(Potentially Unwanted Program)
19/03/1429 03:37:22 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037036.EXE MWS(Potentially Unwanted Program)
19/03/1429 03:37:22 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037036.EXE MWS(Potentially Unwanted Program)
19/03/1429 03:37:22 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037037.EXE MWS(Potentially Unwanted Program)
19/03/1429 03:37:22 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037037.EXE MWS(Potentially Unwanted Program)
19/03/1429 03:37:34 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037038.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:37:34 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037038.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:37:46 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037039.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:37:46 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037039.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:37:59 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037040.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:37:59 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037040.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:38:11 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037046.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:38:11 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037046.dll MWS(Potentially Unwanted Program)
19/03/1429 03:38:23 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037047.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:38:23 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037047.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:38:36 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037051.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:38:36 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037051.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:38:49 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037062.DLL MWS(Potentially Unwanted Program)
19/03/1429 03:38:49 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP118\A0037062.dll MWS(Potentially Unwanted Program)
19/03/1429 03:40:11 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP128\A0041943.EXE PrcViewer(Potentially Unwanted Program)
19/03/1429 03:40:11 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP128\A0041943.exe PrcViewer(Potentially Unwanted Program)
19/03/1429 03:43:31 م Not scanned (The file is encrypted) Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP41\A0009554.exe\CLICK1.OGG
19/03/1429 03:55:33 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP77\A0029789.EXE PrcViewer(Potentially Unwanted Program)
19/03/1429 03:55:33 م Deleted Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP77\A0029789.exe PrcViewer(Potentially Unwanted Program)
19/03/1429 03:56:40 م Deleted Administrator C:\SYSTEM VOLUME INFORMATION\_RESTORE{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP89\A0032557.EXE PrcViewer(Potentially Unwanted Program)
19/03/1429 03:56:58 م Deleted (Clean failed) Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP89\A0032557.exe\ZYZOOM_PROCESS.EXE PrcViewer(Potentially Unwanted Program)
19/03/1429 03:56:59 م Not scanned (The file is encrypted) Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP89\A0032558.exe\THUMBS.DB
19/03/1429 03:57:51 م Not scanned (The file is encrypted) Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP96\A0035209.exe\ID.TXT
19/03/1429 03:57:52 م Not scanned (The file is encrypted) Administrator c:\System Volume Information\_restore{83E41C9C-8864-4ACF-A6DC-45A182784494}\RP96\A0035216.exe\ID.TXT
19/03/1429 04:09:40 م Scan Summary THE_GOVERNMENT\Administrator Scan Summary
19/03/1429 04:09:40 م Scan Summary THE_GOVERNMENT\Administrator Processes scanned : 46
19/03/1429 04:09:40 م Scan Summary THE_GOVERNMENT\Administrator Processes detected : 0
19/03/1429 04:09:40 م Scan Summary THE_GOVERNMENT\Administrator Processes cleaned : 0
19/03/1429 04:09:40 م Scan Summary THE_GOVERNMENT\Administrator Boot sectors scanned : 2
19/03/1429 04:09:40 م Scan Summary THE_GOVERNMENT\Administrator Boot sectors detected: 0
19/03/1429 04:09:40 م Scan Summary THE_GOVERNMENT\Administrator Boot sectors cleaned : 0
19/03/1429 04:09:40 م Scan Summary THE_GOVERNMENT\Administrator Files scanned : 57556
19/03/1429 04:09:40 م Scan Summary THE_GOVERNMENT\Administrator Files with detections: 44
19/03/1429 04:09:40 م Scan Summary THE_GOVERNMENT\Administrator File detections : 87
19/03/1429 04:09:40 م Scan Summary THE_GOVERNMENT\Administrator Files cleaned : 0
19/03/1429 04:09:40 م Scan Summary THE_GOVERNMENT\Administrator Files deleted : 44
19/03/1429 04:09:40 م Scan Summary THE_GOVERNMENT\Administrator Files not scanned : 32
19/03/1429 04:09:40 م Scan Summary THE_GOVERNMENT\Administrator Scan Summary (Registry Scanning)
19/03/1429 04:09:40 م Scan Summary THE_GOVERNMENT\Administrator Keys scanned : 36560
19/03/1429 04:09:40 م Scan Summary THE_GOVERNMENT\Administrator Keys detected : 0
19/03/1429 04:09:40 م Scan Summary THE_GOVERNMENT\Administrator Keys cleaned : 0
19/03/1429 04:09:40 م Scan Summary THE_GOVERNMENT\Administrator Keys deleted : 0
19/03/1429 04:09:40 م Scan Summary THE_GOVERNMENT\Administrator Scan Summary (****** Scanning)
19/03/1429 04:09:40 م Scan Summary THE_GOVERNMENT\Administrator ******s scanned : 53
19/03/1429 04:09:40 م Scan Summary THE_GOVERNMENT\Administrator ******s detected : 5
19/03/1429 04:09:40 م Scan Summary THE_GOVERNMENT\Administrator ******s cleaned : 0
19/03/1429 04:09:40 م Scan Summary THE_GOVERNMENT\Administrator ******s deleted : 5
19/03/1429 04:09:40 م Scan Summary THE_GOVERNMENT\Administrator Run time : 1:01:09
19/03/1429 04:09:40 م Scan Complete THE_GOVERNMENT\Administrator On-Demand Scan
توقيع : مهاوي وبس
تأييد
0
مهاوي وبس
زيزوومى محترف
غير متصل
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
توقيع : مهاوي وبس
تأييد
0
تأييد
0
مهاوي وبس
زيزوومى محترف
غير متصل
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:28:28 ص, on 27/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Orbitdownloader\Grab.exe
C:\Program Files\BitComet\tools\CometBrowser.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Downloads\Zyzoom_HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PopKiller Class - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - C:\Program Files\Popup Blocker\PKExt.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [hold data mags move] C:\Documents and Settings\All Users\Application Data\Bash Dvd Hold Data\Part Gram.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [clock blah] C:\DOCUME~1\ADMINI~1\APPLIC~1\32open\More Browse.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe" -s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download ALL with IDA32 - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: Download with IDA32 - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan ******) -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin ******) -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 10316 bytes
Scan saved at 01:28:28 ص, on 27/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Orbitdownloader\Grab.exe
C:\Program Files\BitComet\tools\CometBrowser.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Downloads\Zyzoom_HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PopKiller Class - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - C:\Program Files\Popup Blocker\PKExt.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [hold data mags move] C:\Documents and Settings\All Users\Application Data\Bash Dvd Hold Data\Part Gram.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [clock blah] C:\DOCUME~1\ADMINI~1\APPLIC~1\32open\More Browse.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe" -s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download ALL with IDA32 - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: Download with IDA32 - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan ******) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin ******) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 10316 bytes
توقيع : مهاوي وبس
تأييد
0
- الحالة