من جديد مع الفايروس الصينى الرجاء المساعده

  • بادئ الموضوع بادئ الموضوع abo treka
  • تاريخ البدء تاريخ البدء
  • المشاهدات 716
abo treka

abo treka

زيزوومى مميز
إنضم
7 ديسمبر 2007
المشاركات
850
مستوى التفاعل
36
النقاط
530
الإقامة
Egypt
غير متصل
11102008081846fn8.jpg



الرجاء المساعده فى حذف القيم

تقرير ComboFix

ComboFix 08-10-16.04 - MAAM 2008-10-17 1:42:18.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1256.20.1033.18.720 [GMT 2:00]
Running from: C:\Documents and Settings\MAAM\My Documents\Downloads\Programs\ComboFix.exe
Command switches used :: C:\Documents and Settings\MAAM\My Documents\Downloads\Programs\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Storm3.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-09-16 to 2008-10-16 )))))))))))))))))))))))))))))))
.

2008-10-17 01:46 . 2008-10-17 01:16 35,008,838 --a------ C:\Documents and Settings\All Users\Application Data\Storm3.exe
2008-10-17 01:13 . 2008-10-17 01:13 <DIR> d-------- C:\Program Files\SuperCopier2
2008-10-16 23:09 . 2008-10-16 23:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\channels
2008-10-16 23:09 . 2008-10-16 23:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\10015
2008-10-16 17:02 . 2008-10-16 17:07 893 --a------ C:\is.html
2008-10-16 16:17 . 2008-10-16 16:17 829 --a------ C:\WINDOWS\ata live update.ini
2008-10-16 16:15 . 2008-10-16 16:15 <DIR> d-------- C:\WINDOWS\speech
2008-10-16 16:14 . 2008-10-16 16:14 172,032 --------- C:\WINDOWS\Setup1.exe
2008-10-16 16:14 . 2008-10-16 16:14 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-10-16 16:12 . 2008-10-16 16:12 <DIR> d-------- C:\Documents and Settings\MAAM\Application Data\LingvoSoft
2008-10-16 14:05 . 2008-10-16 14:05 <DIR> d-------- C:\Program Files\WinPcap
2008-10-16 14:05 . 2008-10-16 14:05 <DIR> d-------- C:\Program Files\netcut
2008-10-16 02:18 . 2008-10-16 02:18 <DIR> d-------- C:\WINDOWS\Applian FLV Player
2008-10-16 02:11 . 2008-10-16 02:11 <DIR> d-------- C:\Documents and Settings\MAAM\Application Data\Media Player Classic
2008-10-16 00:41 . 2008-10-03 19:41 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-10-16 00:41 . 2007-04-17 11:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-10-16 00:41 . 2007-03-08 07:10 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-10-16 00:41 . 2008-08-26 09:24 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-10-16 00:41 . 2008-08-26 09:24 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-10-16 00:41 . 2008-08-26 09:24 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-10-16 00:41 . 2008-08-26 09:24 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-10-16 00:41 . 2008-08-26 09:24 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-10-16 00:41 . 2008-08-25 10:38 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-10-15 07:38 . 2008-10-15 07:38 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-10-15 07:36 . 2008-05-07 07:12 1,288,192 --------- C:\WINDOWS\system32\dllcache\quartz.dll
2008-10-15 07:36 . 2008-06-24 18:43 74,240 --------- C:\WINDOWS\system32\dllcache\mscms.dll
2008-10-15 07:35 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 07:30 . 2008-05-08 16:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-10-15 07:29 . 2008-04-11 21:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-10-15 07:22 . 2008-06-13 13:05 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-10-15 07:21 . 2008-09-15 14:12 1,846,400 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-15 07:20 . 2008-08-14 12:11 2,189,184 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 07:20 . 2008-08-14 12:09 2,145,280 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 07:20 . 2008-08-14 11:33 2,066,048 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 07:20 . 2008-08-14 11:33 2,023,936 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-15 07:18 . 2008-05-01 16:33 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-10-15 07:16 . 2008-10-15 07:16 268 --ah----- C:\sqmdata00.sqm
2008-10-15 07:16 . 2008-10-15 07:16 244 --ah----- C:\sqmnoopt00.sqm
2008-10-14 22:13 . 2008-10-14 22:14 <DIR> d-------- C:\Documents and Settings\MAAM\Contacts
2008-10-14 22:12 . 2008-10-14 22:12 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE
2008-10-14 22:12 . 2008-10-14 22:12 <DIR> d-------- C:\Program Files\Yahoo!
2008-10-14 22:12 . 2008-10-14 22:12 <DIR> d-------- C:\Program Files\Windows Live
2008-10-14 22:12 . 2008-10-14 22:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-10-14 22:10 . 2008-10-14 22:10 0 --a------ C:\WINDOWS\nsreg.dat
2008-10-14 22:03 . 2008-10-14 22:03 <DIR> d-------- C:\Program Files\Internet Download Manager
2008-10-14 22:03 . 2008-10-14 22:03 <DIR> d-------- C:\Documents and Settings\MAAM\Application Data\IDM
2008-10-14 22:03 . 2008-10-14 22:03 <DIR> d-------- C:\Documents and Settings\MAAM\Application Data\DMCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-14 19:59 --------- d-----w C:\Program Files\Ringz Studio
2008-10-14 19:59 --------- d-----w C:\Program Files\Google
2008-10-14 19:59 --------- d-----w C:\Program Files\Common Files\Real
2008-10-14 19:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-10-14 19:54 --------- d-----w C:\Program Files\Alwil Software
2008-10-14 19:52 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-10-14 19:45 --------- d-----w C:\Program Files\microsoft frontpage
2008-10-14 19:28 --------- d-----w C:\Program Files\Intel
2008-09-16 19:27 453,152 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-12 10:44 206,256 ----a-w C:\WINDOWS\system32\idmmbc.dll
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-27 11:54 3,593,216 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-25 08:38 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-08-23 05:56 635,848 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-08-14 10:09 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 10:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-08-14 09:33 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-07-31 08:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll
2008-07-31 08:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll
2008-07-31 08:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll
2008-07-16 14:05 53,248 ----a-w C:\WINDOWS\system32\CSVer.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-09-15 2606512]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-09-17 13574144]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-09-17 86016]
"StormCodec_Helper"="C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [2006-11-26 97357]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 C:\WINDOWS\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2008-09-17 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 44544]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"G:\\Games\\urban terrror game\\ioUrbanTerror.exe"=
"C:\\PROGRA~1\\RINGZS~1\\STORMC~1\\Stormser.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 Stormser;Stormser;C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe [2008-10-15 983040]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\MAAM\Application Data\Mozilla\Firefox\Profiles\hxvv7n05.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE -
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-10-17 01:46:39
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\MAAM\LOCALS~1\Temp\mc24.tmp"
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\PROGRAM FILES\RINGZ STUDIO\STORM CODEC\STORMSER.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IEMONITOR.EXE
.
**************************************************************************
.
Completion time: 2008-10-17 1:47:28 - machine was rebooted [MAAM]
ComboFix-quarantined-files.txt 2008-10-16 23:47:24

Pre-Run: 13,370,277,888 bytes free
Post-Run: 13,430,489,088 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft SiCoXP-SP3 Professional" /noexecute=optin /fastdetect

175 --- E O F --- 2008-10-15 23:24:43


-------------------------------------------------------------------------------------------

تقرير hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:48, on 10/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
E:\حقيبة الصيانة\Zyzoom_HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE3F44FE-943C-49BA-A794-3EA8E8C1F7CE}: NameServer = 163.121.128.134,212.103.160.18
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Stormser - ???? - C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe

--
End of file - 4869 bytes


------------------------------------------------------

:d:

لى عندكم سؤال ايضا

كيف اعرف القيم التى يجب حذفها:ok:
 

توقيع : abo treka
ترتيب حسب التاريخ ترتيب حسب الأصوات
يجب عليـك دخول الوضع الآمن ثم عمل التالي :

عطل نقطة استعادة النظام

dis_sys_xp.jpg



ثم حدد التالي واحذفه :

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

طريقة الحذف

9ofccez7zg03e2edjckj.png


ستظهر لك هذا النافذه : اضغط Yes​

r2yz0bxm9ksfpd6fs507.png


بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود


ثم حمل هذه الاداة ,,
واتبع الشرح التالي ,, لتنظيف جهازك من هذه الدعايات
و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,

رابط تحميل آخر تحديث للاداة
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



شرح الاستخدام ,,,,,,
قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور

000.png





001.png





002.png





003.png





004.png

نزل هالاداة لتنظيف الجهاز

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


wh_15149054.png


بعد ذلك هات تقرير هايجاك جديد لااهنت
 
توقيع : Al jNtEeL
تأييد 0
بـ النسبـة لـ سؤالك ادخل هنا وستجد الأجوبة الشافيـة بعون الله >>>
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 
توقيع : Al jNtEeL
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى