هذا التقرير من ComboFix ونبي منكم الشرح الله يعطيكم العافية

محروم.كوم · #1 06-04-2009, 01:40 AM

ComboFix 09-05-31.06 - pc 06/03/2009 17:05.1 - FAT32x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.240.128 [GMT 3:00]
Running from: c:\documents and settings\pc\My Documents\Downloads\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt
c:\windows\system\oeminfo.ini
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\tmp.reg
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2009-05-03 to 2009-06-03 )))))))))))))))))))))))))))))))
.

2009-05-27 21:54 . 2009-05-27 21:54 -------- d-----w- c:\documents and settings\pc\Application Data\Xilisoft Corporation
2009-05-27 21:50 . 2009-05-27 21:50 -------- d-----w- c:\program files\Xilisoft
2009-05-22 19:25 . 2009-05-22 19:25 -------- d-----w- c:\documents and settings\pc\Local Settings\Application Data\Xenocode
2009-05-22 00:10 . 2009-05-22 00:10 -------- d-----w- c:\program files\VeryPDF PDF2Word v3.0
2009-05-18 22:36 . 2009-05-18 22:36 -------- d-----w- c:\program files\VerbAce Research
2009-05-18 21:54 . 2009-05-18 21:54 198064 ----a-w- c:\documents and settings\pc\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-05-18 21:54 . 2009-05-18 21:54 -------- d-----w- c:\documents and settings\pc\Application Data\IDM
2009-05-18 21:53 . 2009-05-18 21:53 -------- d-----w- c:\documents and settings\pc\Application Data\DMCache
2009-05-18 21:51 . 2009-05-18 21:51 -------- d-----w- c:\program files\Internet Download Manager
2009-05-18 21:17 . 2009-05-18 21:17 -------- d-----w- c:\program files\WinASO
2009-05-15 00:08 . 2009-05-15 00:08 -------- d-----w- c:\documents and settings\pc\Local Settings\Application Data\PassMark
2009-05-15 00:06 . 2008-07-12 05:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2009-05-15 00:06 . 2008-07-12 05:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2009-05-15 00:06 . 2008-07-12 05:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2009-05-15 00:06 . 2006-09-28 13:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2009-05-15 00:05 . 2009-05-15 00:05 -------- d-----w- c:\windows\Logs
2009-05-15 00:05 . 2009-05-15 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\PassMark
2009-05-15 00:04 . 2009-05-15 00:04 -------- d-----w- c:\program files\PerformanceTest
2009-05-13 15:58 . 2009-05-13 15:58 -------- d-----w- c:\documents and settings\pc\Application Data\Media Player Classic
2009-05-13 09:24 . 2009-05-13 09:24 -------- d-----w- c:\windows\Muslim Bag
2009-05-13 09:24 . 2009-05-13 09:24 -------- d-----w- c:\program files\Muslim Bag
2009-05-13 09:21 . 2009-05-13 09:21 -------- d-----w- c:\program files\Real Alternative
2009-05-13 09:21 . 2009-05-13 09:21 -------- d-----w- c:\documents and settings\pc\Local Settings\Application Data\Real
2009-05-11 19:14 . 2009-05-11 19:14 -------- d-----w- c:\windows\A4W_DATA
2009-05-11 19:11 . 2004-04-27 08:18 110592 ----a-w- c:\windows\system32\tsccvid.dll
2009-05-10 20:56 . 2009-05-10 20:56 -------- d-----w- c:\program files\Common Files\DistributeShield
2009-05-10 20:56 . 2009-05-10 20:56 -------- d-----w- C:\DVDneXtCOPY
2009-05-10 20:56 . 2009-05-10 20:56 -------- d-----w- c:\program files\DVDneXtCOPY 3
2009-05-10 20:12 . 2009-05-10 20:12 -------- d-----w- c:\program files\USB Disk Security
2009-05-08 21:57 . 2009-05-08 21:57 28928 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2009-05-08 21:57 . 2009-05-08 21:57 212288 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-05-08 21:56 . 2009-05-08 21:56 82464 ----a-w- c:\windows\system32\drivers\snapman.sys

2009-05-08 21:55 . 2009-05-08 21:55 -------- d-----w- c:\program files\Acronis
2009-05-08 21:55 . 2009-05-08 21:55 -------- d-----w- c:\program files\Common Files\Acronis
2009-05-07 07:42 . 2009-03-26 15:35 210352 ----a-w- c:\windows\system32\idmmbc.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-06-03 13:59 . 2008-06-25 23:18 40992 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-03 13:59 . 2008-06-25 23:18 2268 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-03 13:59 . 2008-06-25 23:18 4508 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-03 13:59 . 2008-06-25 23:18 304672 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-03 13:58 . 2007-12-16 09:31 12 ----a-w- c:\windows\bthservsdp.dat

2009-05-27 21:55 . 2007-12-16 21:03 114384 ----a-w- c:\documents and settings\pc\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-20 12:45 . 2008-06-25 23:19 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-05-20 12:45 . 2008-06-25 23:19 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-04-23 20:36 . 2009-04-23 20:36 -------- d-----w- c:\documents and settings\pc\Application Data\ACD Systems
2009-04-23 20:31 . 2009-04-23 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems
2009-04-23 20:29 . 2009-04-23 20:29 -------- d-----w- c:\program files\ACD Systems
2009-04-23 20:29 . 2009-04-23 20:29 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-04-16 06:56 . 2009-04-16 06:56 -------- d-----w- c:\program files\Microsoft
2009-04-16 06:55 . 2009-04-16 06:55 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-04-15 07:56 . 2009-04-15 07:55 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2009-04-15 07:54 . 2009-04-15 07:54 -------- d-----w- c:\program files\PDF to Word
2009-03-15 01:25 . 2008-07-18 01:40 861448 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.3 57\Updater.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Google Update"="c:\documents and settings\pc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-06 133104]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-07 2807216]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2008-09-23 798720]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-02-10 201992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
"PcSync"="c:\program files\Samsung\Samsung PC Studio 7\PcSync2.exe" [2006-06-27 1449984]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ASUS Hotkey.lnk - c:\program files\Asus\Asus Hotkey\Hotkey.exe [2007-12-17 543744]
VerbAce-Pro Startup Agent.lnk - c:\program files\VerbAce Research\VerbAce-Pro\VerbAce-Pro.exe [2009-5-19 606208]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\procexp90.Sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ASUS ChkMail.lnk]
backup=c:\windows\pss\ASUS ChkMail.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ASUS Hotkey.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ASUS Hotkey.lnk
backup=c:\windows\pss\ASUS Hotkey.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^pc^Start Menu^Programs^Startup^CaptureWiz.lnk]
backup=c:\windows\pss\CaptureWiz.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power_Gear
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickPhrase
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mobily Connect Card\\Mobily Connect Card.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB;c:\windows\system32\DRIVERS\br3gmdm.sys [2008-03-14 100096]
R3 nmwcdsa;Samsung USB Phone Parent;c:\windows\system32\drivers\nmwcdsa.sys [2007-05-02 135680]
R3 nmwcdsac;Samsung USB Generic;c:\windows\system32\drivers\nmwcdsac.sys [2007-05-02 8320]
R3 nmwcdsacj;Samsung USB Port;c:\windows\system32\drivers\nmwcdsacj.sys [2007-05-02 12288]
R3 nmwcdsacm;Samsung USB Modem;c:\windows\system32\drivers\nmwcdsacm.sys [2007-05-02 12288]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-02-10 33808]
S2 BandLuxe_Service;BandLuxe Service;c:\program files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe [2008-06-03 87264]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-03-25 24592]
S3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [2002-08-23 177280]

--- Other Services/Drivers In Memory ---

*Deregistered* - AcrSch2Svc
*Deregistered* - AFD
*Deregistered* - ALG
*Deregistered* - Arp1394
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - AVP
*Deregistered* - BandLuxe_Service
*Deregistered* - Beep
*Deregistered* - BITS
*Deregistered* - Browser
*Deregistered* - BthServ
*Deregistered* - Cdfs
*Deregistered* - Compbatt
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - Fastfat
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - helpsvc
*Deregistered* - HTTP
*Deregistered* - ImapiService
*Deregistered* - IpFilterDriver
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - irda
*Deregistered* - Irmon
*Deregistered* - JavaQuickStarterService
*Deregistered* - kl1
*Deregistered* - klbg
*Deregistered* - KLIF
*Deregistered* - klim5
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Null
*Deregistered* - NWCWorkstation
*Deregistered* - NwlnkIpx
*Deregistered* - NwlnkNb
*Deregistered* - NwlnkSpx
*Deregistered* - NWRDR
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - Pml Driver HPZ12
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasirda
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - tifsfilter
*Deregistered* - timounter
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - Vmodem
*Deregistered* - VolSnap
*Deregistered* - Vpctcom
*Deregistered* - Vvoice
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
.
*******s of the 'Scheduled Tasks' folder

2009-05-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 09:34]

2009-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-9318785-596333656-765479376-1005.job
- c:\documents and settings\pc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-06 00:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.thegulfbiz.com/vb/forumdisplay.php?f=5
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: ShaPlus Google Translator - c:\program files\ShaPlus Google Translator\GoogleTranslator.dll/ie.htm
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
.
.
------- File Associations -------
.
txtfile=c:\windows\notepad.exe %1
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-03 17:19
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-9318785-596333656-765479376-1005\RemoteAccess\Profile\x *]
"EnableAutodisconnect"=dword:00000001
"EnableExitDisconnect"=dword:00000001
"DisconnectIdleTime"=dword:00000014

[HKEY_USERS\S-1-5-21-9318785-596333656-765479376-1005\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.*a]
@Class="Shell"

[HKEY_USERS\S-1-5-21-9318785-596333656-765479376-1005\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.*a\OpenWithList]
@Class="Shell"
"a"="realplay.exe"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-9318785-596333656-765479376-1005\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.*a\OpenWithProgids]
"1_auto_file"=hex(0):

[HKEY_USERS\S-1-5-21-9318785-596333656-765479376-1005\Software\Microsoft\Windows\CurrentVersion\Exp lorer\RecentDocs\.*a]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"0"=hex:48,06,31,06,39,06,20,00,61,06,62,06,33 ,06, 46,06,29,06,2e,00,61,06,00,
00,5c,00,36,00,00,00,00,00,00,00,00,00,00,00,48,06 ,31,06,39,06,20,00,61,06,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff

[HKEY_LOCAL_MACHINE\software\Classes\.*a]
@="1_auto_file"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(928)
c:\windows\system32\klogon.dll

- - - - - - - > 'lsass.exe'(992)
c:\windows\system32\relog_ap.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\MICROS~3\rapimgr.exe
.
************************************************** ************************
.
Completion time: 2009-06-03 17:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-03 14:30

Pre-Run: 16,173,694,976 bytes free
Post-Run: 16,234,545,152 bytes free

355 --- E O F --- 2008-07-09 14:42

__DEFINE_LIKE_SHARE__

المواضيع المتشابهه
الموضوع	كاتب الموضوع	المنتدى	مشاركات	آخر مشاركة
استفسار لأهل الخبرة الله يعطيكم العافية	محروم.كوم	منتدى أخبار المواقع والمنتديات العربية والأجنبية	0	06-12-2010 01:20 AM
الله يعطيكم العافية مزاد على رقم	محروم.كوم	منتدى أخبار المواقع والمنتديات العربية والأجنبية	0	05-03-2010 10:20 AM
افيدوني الله يعطيكم العافية( 715 نوفي)	محروم.كوم	منتدى أخبار المواقع والمنتديات العربية والأجنبية	0	02-11-2010 03:20 PM
استفسار الله يعطيكم العافية .........................القناص2008	محروم.كوم	منتدى أخبار المواقع والمنتديات العربية والأجنبية	0	12-06-2009 12:00 PM
استفسار الله يعطيكم العافية وله مني الدعاء	محروم.كوم	منتدى أخبار المواقع والمنتديات العربية والأجنبية	0	08-29-2009 04:10 AM