- بادئ الموضوع brs10
- تاريخ البدء
- 1,288
MAAX
عضوشرف
غير متصل
الله يحييك اخوي
حمل هذا البرنامج
شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
حمل هذا البرنامج
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
التعديل الأخير بواسطة المشرف:
تأييد
0
الله يسلمك يالغالي
هذا التقرير
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:25:11 م, on 28/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\USER\سطح المكتب\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AFProg] C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: سرعة تشغيل Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
--
End of file - 5528 bytes
هذا التقرير
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:25:11 م, on 28/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\USER\سطح المكتب\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AFProg] C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: سرعة تشغيل Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
--
End of file - 5528 bytes
تأييد
0
عطل برامج الحماية لديك
نزل هذه الاداة
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بردك الاول
وقم بعمل هذا الشرح
لكي يسرع فتح النوافذ
بالآآنتظآآر ,,
نزل هذه الاداة
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بردك الاول
وقم بعمل هذا الشرح
لكي يسرع فتح النوافذ
بالآآنتظآآر ,,
توقيع : أعتز بك
تأييد
0
هذا التقرير يالغالي
ComboFix 09-04-27.05 - USER 04/28/2009 21:18.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.447.262 [GMT 3:00]
Running from: c:\documents and settings\USER\سطح المكتب\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\IE4 Error Log.txt
.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-28 )))))))))))))))))))))))))))))))
.
2009-04-28 16:52 . 2009-04-28 16:52 20512 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-28 16:52 . 2009-04-28 16:52 -------- d-----w c:\windows\LastGood
2009-04-28 16:52 . 2008-07-08 11:54 148496 ----a-w c:\windows\system32\drivers\92975346.sys
2009-04-26 20:32 . 2009-04-26 20:32 -------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-04-25 08:03 . 2009-02-09 11:48 2059264 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-04-25 08:03 . 2009-02-09 11:48 2017280 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-25 08:03 . 2009-02-09 11:48 2182016 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-25 08:03 . 2009-02-09 11:48 2137600 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-25 07:54 . 2008-10-24 11:10 453632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2009-04-25 07:54 . 2008-06-14 17:59 271616 ------w c:\windows\system32\dllcache\bthport.sys
2009-04-25 07:54 . 2008-06-14 17:59 271616 ------w c:\windows\system32\drivers\bthport.sys
2009-04-25 03:48 . 2008-07-09 07:34 26488 ----a-w c:\windows\system32\spupdsvc.exe
2009-04-25 03:48 . 2009-04-25 03:48 -------- d--h--w c:\windows\$hf_mig$
2009-04-24 11:03 . 2009-04-24 11:03 -------- d-----w c:\program files\HLPSOFT
2009-04-20 13:11 . 2009-04-20 13:11 -------- d-----w c:\documents and settings\USER\Application Data\JLC's Software
2009-04-20 13:11 . 2009-04-20 13:11 -------- d-----w c:\program files\JLC's Software
2009-04-17 13:05 . 2009-04-17 13:05 -------- d-sh--w C:\FOUND.005
2009-04-15 19:30 . 2009-04-15 19:30 -------- d-----w c:\documents and settings\USER\Local Settings\Application Data\Help
2009-04-05 16:39 . 2009-04-05 16:39 -------- d-----w c:\documents and settings\USER\Application Data\FreeCall
2009-04-05 14:46 . 2009-04-05 14:47 -------- d-----w c:\program files\FreeCall.com
2009-03-30 18:26 . 2009-03-30 18:26 0 ----a-w c:\windows\nsreg.dat
2009-03-30 18:26 . 2009-03-30 18:26 -------- d-----w c:\documents and settings\USER\Local Settings\Application Data\Mozilla
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-28 16:52 . 2009-04-28 16:52 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-27 17:05 . 2009-04-27 17:05 2678 ----a-w c:\windows\java\Packages\Data\6XJ9VZ31.DAT
2009-04-27 17:05 . 2009-04-27 17:04 2678 ----a-w c:\windows\java\Packages\Data\ZHF13T7H.DAT
2009-04-27 17:05 . 2009-04-27 17:04 2678 ----a-w c:\windows\java\Packages\Data\MR7P3BZD.DAT
2009-04-27 17:05 . 2009-04-27 17:04 2678 ----a-w c:\windows\java\Packages\Data\B3R3JHBV.DAT
2009-04-27 17:05 . 2009-04-27 17:04 2678 ----a-w c:\windows\java\Packages\Data\3T31BJ7N.DAT
2009-04-26 01:03 . 2001-09-19 11:00 58586 ----a-w c:\windows\system32\perfc001.dat
2009-04-26 01:03 . 2001-09-19 11:00 328222 ----a-w c:\windows\system32\perfh001.dat
2009-03-27 11:52 . 2009-03-27 11:52 -------- d-----w c:\program files\Internet Download Manager
2009-02-09 14:15 . 2004-08-03 20:46 1846144 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:48 . 2004-08-03 21:48 2017280 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:48 . 2004-08-03 20:48 2137600 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 10:19 . 2004-08-03 20:55 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:19 . 2004-08-03 20:55 717824 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:19 . 2004-08-03 20:55 680960 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:19 . 2004-08-03 20:55 693760 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:05 . 2004-08-03 20:56 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 16:54 . 2001-09-19 11:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 20:08 . 2004-08-03 20:55 55808 ----a-w c:\windows\system32\secur32.dll
2009-01-30 20:28 . 2009-01-30 20:28 172032 ------w c:\windows\Setup1.exe
2009-01-30 20:28 . 2009-01-30 20:28 73216 ----a-w c:\windows\ST6UNST.EXE
2009-01-30 20:15 . 2009-01-30 20:14 47104 ------w c:\windows\AKDeInstall.exe
2009-01-30 20:14 . 2009-01-30 20:14 90112 ----a-w c:\windows\system32\agsaami.dll
2009-01-30 20:14 . 2009-01-30 20:14 610304 ----a-w c:\windows\system32\agsaamg.dll
2009-01-30 20:14 . 2009-01-30 20:14 372736 ----a-w c:\windows\system32\agsaamc.dll
2009-01-30 20:14 . 2009-01-30 20:14 2535424 ----a-w c:\windows\system32\agsaamj.dll
2009-01-30 20:14 . 2009-01-30 20:14 1986560 ----a-w c:\windows\system32\akll.dll
2009-01-30 20:14 . 2009-01-30 20:14 196608 ----a-w c:\windows\system32\maag.dll
2009-01-30 20:14 . 2009-01-30 20:14 1245184 ----a-w c:\windows\system32\bkll.dll
2009-01-30 20:14 . 2009-01-30 20:14 1212416 ----a-w c:\windows\system32\ckll.dll
2009-01-30 19:42 . 2009-01-30 19:42 2232 ----a-w c:\windows\java\Packages\Data\PRZFTVJV.DAT
2009-01-30 19:42 . 2009-01-30 19:42 155995 ----a-w c:\windows\java\Packages\2CVPR9JX.ZIP
2009-01-30 18:26 . 2009-01-30 17:53 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-01-30 17:53 . 2001-09-19 11:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-01-30 17:51 . 2009-01-30 17:51 22144 ----a-w c:\windows\system32\emptyregdb.dat
.
------- Sigcheck -------
[-] 2007-12-15 14:12 1547776 B0BACE02277B1979F22CE785536F651F c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"AFProg"="c:\program files\Hotspot Shield\AnchorFree\ctrl\AFController.exe" [2006-07-23 118784]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-03-27 2745776]
"FreeCall"="c:\program files\FreeCall.com\FreeCall\FreeCall.exe" [2008-09-01 9109296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-30 185896]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2004-05-27 49152]
"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2004-06-07 143360]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-08-02 577536]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\USER\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
is-HQUQI.lnk - c:\documents and settings\USER\«ل¥ ںéêè¢ \Virus Removal Tool\is-HQUQI\startup.exe [2009-4-28 65536]
c:\documents and settings\All Users\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
«©م، ¢¬نïé Adobe Reader.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-1-30 113664]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-4-11 394856]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoWelcomeScreen"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSearch"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\AVGUARD.EXE"=
"c:\\Program Files\\CyberLink\\Shared files\\RichVideo.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\Globe7\\Globe7.exe"=
"c:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
S1 is-HQUQIdrv;is-HQUQIdrv;c:\windows\system32\DRIVERS\92975346.sys [2008-07-08 148496]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - IS-HQUQIDRV
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5abf9446-2bf0-11de-a2e7-003018a4e806}]
\sheLL\AUtopLaY\commanD - H:\qsam.exe
\sheLL\AutoRun\command - H:\qsam.exe
\sheLL\ExploRe\coMMaND - H:\qsam.exe
\sheLL\opEn\cOMmanD - H:\qsam.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3a7074a-0f1f-11de-a24e-003018a4e806}]
\Shell\AutoRun\command - jm3cx96.bat
\Shell\open\Command - jm3cx96.bat
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
DPF: Microsoft XML Parser for Java -
FF - ProfilePath - c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\7n3sljv1.default\
FF - component: c:\documents and settings\USER\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-04-28 21:19
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):e3,bd,63,df,52,b1,11,67,0e,51,5c,98,e3,26,36,6e,eb,77,42,98,87,
6f,fe,c3,21,19,c5,88,cb,bc,d9,e5,4a,84,ae,01,d0,b3,f5,45,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{b441d10c-711f-49ca-859c-5058eaa2fc19}]
@Denied: (Full) (Everyone)
"Model"=dword:00000055
"Therad"=dword:00000007
.
Completion time: 2009-04-28 21:20
ComboFix-quarantined-files.txt 2009-04-28 18:20
ComboFix2.txt 2009-03-26 17:55
Pre-Run: 18,620,792,832 bytes free
Post-Run: 19,649,626,112 bytes free
178 --- E O F --- 2009-04-27 17:05
ComboFix 09-04-27.05 - USER 04/28/2009 21:18.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.447.262 [GMT 3:00]
Running from: c:\documents and settings\USER\سطح المكتب\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\IE4 Error Log.txt
.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-28 )))))))))))))))))))))))))))))))
.
2009-04-28 16:52 . 2009-04-28 16:52 20512 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-28 16:52 . 2009-04-28 16:52 -------- d-----w c:\windows\LastGood
2009-04-28 16:52 . 2008-07-08 11:54 148496 ----a-w c:\windows\system32\drivers\92975346.sys
2009-04-26 20:32 . 2009-04-26 20:32 -------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-04-25 08:03 . 2009-02-09 11:48 2059264 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-04-25 08:03 . 2009-02-09 11:48 2017280 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-25 08:03 . 2009-02-09 11:48 2182016 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-25 08:03 . 2009-02-09 11:48 2137600 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-25 07:54 . 2008-10-24 11:10 453632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2009-04-25 07:54 . 2008-06-14 17:59 271616 ------w c:\windows\system32\dllcache\bthport.sys
2009-04-25 07:54 . 2008-06-14 17:59 271616 ------w c:\windows\system32\drivers\bthport.sys
2009-04-25 03:48 . 2008-07-09 07:34 26488 ----a-w c:\windows\system32\spupdsvc.exe
2009-04-25 03:48 . 2009-04-25 03:48 -------- d--h--w c:\windows\$hf_mig$
2009-04-24 11:03 . 2009-04-24 11:03 -------- d-----w c:\program files\HLPSOFT
2009-04-20 13:11 . 2009-04-20 13:11 -------- d-----w c:\documents and settings\USER\Application Data\JLC's Software
2009-04-20 13:11 . 2009-04-20 13:11 -------- d-----w c:\program files\JLC's Software
2009-04-17 13:05 . 2009-04-17 13:05 -------- d-sh--w C:\FOUND.005
2009-04-15 19:30 . 2009-04-15 19:30 -------- d-----w c:\documents and settings\USER\Local Settings\Application Data\Help
2009-04-05 16:39 . 2009-04-05 16:39 -------- d-----w c:\documents and settings\USER\Application Data\FreeCall
2009-04-05 14:46 . 2009-04-05 14:47 -------- d-----w c:\program files\FreeCall.com
2009-03-30 18:26 . 2009-03-30 18:26 0 ----a-w c:\windows\nsreg.dat
2009-03-30 18:26 . 2009-03-30 18:26 -------- d-----w c:\documents and settings\USER\Local Settings\Application Data\Mozilla
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-28 16:52 . 2009-04-28 16:52 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-27 17:05 . 2009-04-27 17:05 2678 ----a-w c:\windows\java\Packages\Data\6XJ9VZ31.DAT
2009-04-27 17:05 . 2009-04-27 17:04 2678 ----a-w c:\windows\java\Packages\Data\ZHF13T7H.DAT
2009-04-27 17:05 . 2009-04-27 17:04 2678 ----a-w c:\windows\java\Packages\Data\MR7P3BZD.DAT
2009-04-27 17:05 . 2009-04-27 17:04 2678 ----a-w c:\windows\java\Packages\Data\B3R3JHBV.DAT
2009-04-27 17:05 . 2009-04-27 17:04 2678 ----a-w c:\windows\java\Packages\Data\3T31BJ7N.DAT
2009-04-26 01:03 . 2001-09-19 11:00 58586 ----a-w c:\windows\system32\perfc001.dat
2009-04-26 01:03 . 2001-09-19 11:00 328222 ----a-w c:\windows\system32\perfh001.dat
2009-03-27 11:52 . 2009-03-27 11:52 -------- d-----w c:\program files\Internet Download Manager
2009-02-09 14:15 . 2004-08-03 20:46 1846144 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:48 . 2004-08-03 21:48 2017280 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:48 . 2004-08-03 20:48 2137600 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 10:19 . 2004-08-03 20:55 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:19 . 2004-08-03 20:55 717824 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:19 . 2004-08-03 20:55 680960 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:19 . 2004-08-03 20:55 693760 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:05 . 2004-08-03 20:56 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 16:54 . 2001-09-19 11:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 20:08 . 2004-08-03 20:55 55808 ----a-w c:\windows\system32\secur32.dll
2009-01-30 20:28 . 2009-01-30 20:28 172032 ------w c:\windows\Setup1.exe
2009-01-30 20:28 . 2009-01-30 20:28 73216 ----a-w c:\windows\ST6UNST.EXE
2009-01-30 20:15 . 2009-01-30 20:14 47104 ------w c:\windows\AKDeInstall.exe
2009-01-30 20:14 . 2009-01-30 20:14 90112 ----a-w c:\windows\system32\agsaami.dll
2009-01-30 20:14 . 2009-01-30 20:14 610304 ----a-w c:\windows\system32\agsaamg.dll
2009-01-30 20:14 . 2009-01-30 20:14 372736 ----a-w c:\windows\system32\agsaamc.dll
2009-01-30 20:14 . 2009-01-30 20:14 2535424 ----a-w c:\windows\system32\agsaamj.dll
2009-01-30 20:14 . 2009-01-30 20:14 1986560 ----a-w c:\windows\system32\akll.dll
2009-01-30 20:14 . 2009-01-30 20:14 196608 ----a-w c:\windows\system32\maag.dll
2009-01-30 20:14 . 2009-01-30 20:14 1245184 ----a-w c:\windows\system32\bkll.dll
2009-01-30 20:14 . 2009-01-30 20:14 1212416 ----a-w c:\windows\system32\ckll.dll
2009-01-30 19:42 . 2009-01-30 19:42 2232 ----a-w c:\windows\java\Packages\Data\PRZFTVJV.DAT
2009-01-30 19:42 . 2009-01-30 19:42 155995 ----a-w c:\windows\java\Packages\2CVPR9JX.ZIP
2009-01-30 18:26 . 2009-01-30 17:53 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-01-30 17:53 . 2001-09-19 11:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-01-30 17:51 . 2009-01-30 17:51 22144 ----a-w c:\windows\system32\emptyregdb.dat
.
------- Sigcheck -------
[-] 2007-12-15 14:12 1547776 B0BACE02277B1979F22CE785536F651F c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"AFProg"="c:\program files\Hotspot Shield\AnchorFree\ctrl\AFController.exe" [2006-07-23 118784]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-03-27 2745776]
"FreeCall"="c:\program files\FreeCall.com\FreeCall\FreeCall.exe" [2008-09-01 9109296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-30 185896]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2004-05-27 49152]
"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2004-06-07 143360]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-08-02 577536]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\USER\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
is-HQUQI.lnk - c:\documents and settings\USER\«ل¥ ںéêè¢ \Virus Removal Tool\is-HQUQI\startup.exe [2009-4-28 65536]
c:\documents and settings\All Users\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
«©م، ¢¬نïé Adobe Reader.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-1-30 113664]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-4-11 394856]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoWelcomeScreen"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSearch"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\AVGUARD.EXE"=
"c:\\Program Files\\CyberLink\\Shared files\\RichVideo.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\Globe7\\Globe7.exe"=
"c:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
S1 is-HQUQIdrv;is-HQUQIdrv;c:\windows\system32\DRIVERS\92975346.sys [2008-07-08 148496]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - IS-HQUQIDRV
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5abf9446-2bf0-11de-a2e7-003018a4e806}]
\sheLL\AUtopLaY\commanD - H:\qsam.exe
\sheLL\AutoRun\command - H:\qsam.exe
\sheLL\ExploRe\coMMaND - H:\qsam.exe
\sheLL\opEn\cOMmanD - H:\qsam.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3a7074a-0f1f-11de-a24e-003018a4e806}]
\Shell\AutoRun\command - jm3cx96.bat
\Shell\open\Command - jm3cx96.bat
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
DPF: Microsoft XML Parser for Java -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
FF - ProfilePath - c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\7n3sljv1.default\
FF - component: c:\documents and settings\USER\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-04-28 21:19
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):e3,bd,63,df,52,b1,11,67,0e,51,5c,98,e3,26,36,6e,eb,77,42,98,87,
6f,fe,c3,21,19,c5,88,cb,bc,d9,e5,4a,84,ae,01,d0,b3,f5,45,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{b441d10c-711f-49ca-859c-5058eaa2fc19}]
@Denied: (Full) (Everyone)
"Model"=dword:00000055
"Therad"=dword:00000007
.
Completion time: 2009-04-28 21:20
ComboFix-quarantined-files.txt 2009-04-28 18:20
ComboFix2.txt 2009-03-26 17:55
Pre-Run: 18,620,792,832 bytes free
Post-Run: 19,649,626,112 bytes free
178 --- E O F --- 2009-04-27 17:05
تأييد
0
- الحالة