طلب مساعدة ضروري :(

  • بادئ الموضوع بادئ الموضوع fish
  • تاريخ البدء تاريخ البدء
  • المشاهدات 808
الحالة
مغلق و غير مفتوح للمزيد من الردود.
F

fish

زيزوومي جديد
إنضم
7 نوفمبر 2008
المشاركات
4
مستوى التفاعل
0
النقاط
0
غير متصل
السلام عليكم ورحمة الله
جهازي صابه فايروس وعطل فيه كل شي
ما عاد شي يشتغل حتى ال task manager
والريجيستري والبرامج كلها ما عادت تفتح
بترجاكن ساعدوني ضروري
وهدا تقريري بالكاسبر اتمنى انه يكون هوي المطلوب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
اهلاا بك اخي
التقرير يظهر انه سليم

اعمل التالي

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، انسخه والصقه بردك القادم
 
تأييد 0
السلام عليكم ورحمة الله
ربي يجزيك الخير أخي ماكس
عملت المطلوب وهي التقرير

ComboFix 08-12-03.04 - BSD 12/04/2008 17:49:20.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.907 [GMT 2:00]
Running from: c:\documents and settings\BSD\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\BSD\Desktop\control lab mi\Desktop_.ini
c:\documents and settings\BSD\Desktop\ملف\CPU_lab\cpu _ALU\unit 2\CPUCodeGenerator\AluCodeGenerator\bin\Debug\Desktop_.ini
c:\documents and settings\BSD\Desktop\ملف \CPU_lab\cpu _ALU\unit 2\CPUCodeGenerator\AluCodeGenerator\bin\Desktop_.ini
c:\documents and settings\BSD\Desktop\ملف \CPU_lab\cpu _ALU\unit 2\CPUCodeGenerator\AluCodeGenerator\Desktop_.ini
c:\documents and settings\BSD\Desktop\ملف \CPU_lab\cpu _ALU\unit 2\CPUCodeGenerator\AluCodeGenerator\obj\Debug\Desktop_.ini
c:\documents and settings\BSD\Desktop\ملف \CPU_lab\cpu _ALU\unit 2\CPUCodeGenerator\AluCodeGenerator\obj\Debug\TempPE\Desktop_.ini
c:\documents and settings\BSD\Desktop\ملف \CPU_lab\cpu _ALU\unit 2\CPUCodeGenerator\AluCodeGenerator\obj\Desktop_.ini
c:\documents and settings\BSD\Desktop\ملف \CPU_lab\cpu _ALU\unit 2\CPUCodeGenerator\AluCodeGenerator\Properties\Desktop_.ini
c:\documents and settings\BSD\Desktop\ملف \CPU_lab\cpu _ALU\unit 2\CPUCodeGenerator\Desktop_.ini
c:\documents and settings\BSD\Desktop\ملف \CPU_lab\cpu _ALU\unit 2\Desktop_.ini
c:\documents and settings\BSD\Desktop\ملف \CPU_lab\cpu _ALU\unit1\CPU_CONTROL_UNIT_1\bin\Debug\Desktop_.ini
c:\documents and settings\BSD\Desktop\ملف \CPU_lab\cpu _ALU\unit1\CPU_CONTROL_UNIT_1\bin\Desktop_.ini
c:\documents and settings\BSD\Desktop\ملف \CPU_lab\cpu _ALU\unit1\CPU_CONTROL_UNIT_1\Desktop_.ini
c:\documents and settings\BSD\Desktop\ملف \CPU_lab\cpu _ALU\unit1\CPU_CONTROL_UNIT_1\obj\Debug\Desktop_.ini
c:\documents and settings\BSD\Desktop\ملف \CPU_lab\cpu _ALU\unit1\CPU_CONTROL_UNIT_1\obj\Debug\TempPE\Desktop_.ini
c:\documents and settings\BSD\Desktop\ملف \CPU_lab\cpu _ALU\unit1\CPU_CONTROL_UNIT_1\obj\Desktop_.ini
c:\documents and settings\BSD\Desktop\ملف \CPU_lab\cpu _ALU\unit1\CPU_CONTROL_UNIT_1\Properties\Desktop_.ini
c:\documents and settings\BSD\Desktop\ملف \CPU_lab\cpu _ALU\unit1\Desktop_.ini
c:\program files\ShoppingReport
c:\program files\ShoppingReport\Uninst.exe
c:\windows\system32\mdm.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASC3360PR
-------\Service_asc3360pr

((((((((((((((((((((((((( Files Created from 2008-11-04 to 2008-12-04 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-04 16:02 3,929,888 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-12-04 16:02 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-12-04 16:01 64,178,720 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-04 16:00 865,688 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-04 16:00 374,600 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-12-04 15:48 --------- d-----w c:\documents and settings\BSD\Application Data\DMCache
2008-12-04 07:25 --------- d-----w c:\documents and settings\All Users\Application Data\Urban FreeStyle Soccer
2008-12-04 07:23 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-04 07:23 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-02 18:35 --------- d-----w c:\documents and settings\BSD\Application Data\U3
2008-11-27 16:31 --------- d-----w c:\documents and settings\BSD\Application Data\MathWorks
2008-11-25 21:51 --------- d-----w c:\program files\Craft s
2008-11-22 18:17 --------- d-----w c:\documents and settings\BSD\Application Data\Nuotex
2008-11-20 16:20 --------- d-----w c:\documents and settings\BSD\Application Data\Eidos
2008-11-20 14:50 --------- d-----w c:\documents and settings\BSD\Application Data\Disney Interactive Studios
2008-11-16 18:54 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-11-15 04:44 --------- d-----w c:\program files\Cossacks 2 - Demo
2008-11-13 23:08 --------- d-----w c:\program files\Holomatix
2008-11-13 23:06 --------- d-----w c:\documents and settings\BSD\Application Data\{A227CC19-656C-41E2-A664-E5BF39A1547D}
2008-11-13 10:47 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-12 14:44 --------- d-----w c:\program files\Windows Media Connect 2
2008-11-11 12:42 --------- d-----w c:\program files\Activision
2008-11-05 16:43 --------- d-----w c:\program files\Sierra Wireless Inc
2008-11-05 16:42 --------- d-----w c:\documents and settings\BSD\Application Data\Sierra Wireless
2008-10-30 12:44 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-29 18:52 256 ----a-w C:\control_unit1.bin
2008-10-29 18:51 256 ----a-w C:\control1.bin
2008-10-28 19:43 --------- d-----w c:\program files\Common Files\GuruNet Shared
2008-10-28 19:43 --------- d-----w c:\program files\Common Files\Accent Shared
2008-10-28 16:39 --------- d-----w c:\program files\PopCap Games
2008-10-26 13:59 --------- d-----w c:\documents and settings\BSD\Application Data\ooVoo Details
2008-10-24 15:24 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2008-10-24 15:06 10,200 ------w c:\windows\_000005_.tmp.dll
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-18 07:16 --------- d-----w c:\program files\Windows Live
2008-10-15 20:30 --------- d-----w c:\documents and settings\BSD\Application Data\Windows Live Writer
2008-10-14 13:16 --------- d-----w c:\program files\Xilisoft
2008-10-11 23:02 --------- d-----w c:\program files\Microsoft Office Outlook Connector
2008-10-11 22:58 --------- d-----w c:\program files\Microsoft
2008-10-11 22:48 --------- d-----w c:\program files\Common Files\Windows Live
2008-10-11 13:25 --------- d-----w c:\program files\Common Files\ChaosGroup
2008-10-10 08:43 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2008-10-06 17:11 --------- d-----w c:\program files\WIBUKEY
2008-10-06 17:11 --------- d-----w c:\program files\WIBU-SYSTEMS
2008-10-05 16:53 --------- d-----w c:\program files\Common Files\Adobe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
07/28/2008 12:46 PM 160496 --a------ c:\program files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [04/14/2008 02:12 AM 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [11/05/2008 09:59 PM 4424944]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [09/09/2008 12:02 AM 3513344]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [08/03/2007 12:51 PM 271656]
"Google Update"="c:\documents and settings\BSD\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [09/02/2008 10:14 PM 206832]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [10/07/2008 05:23 PM 189680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [10/04/2007 11:14 AM 8491008]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [10/04/2007 11:14 AM 81920]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 03:57 PM 222768]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [08/08/2007 09:25 AM 1897768]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [08/22/2008 01:08 AM 259624]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 03:27 AM 214416]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [01/20/2007 09:09 AM 278528]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 06:00 AM 103280]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [10/07/2008 05:23 PM 189680]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [06/28/2007 12:51 PM 218376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [04/14/2008 02:12 AM 15360]
c:\documents and settings\BSD\Start Menu\Programs\Startup\
is-DE8DA.lnk - c:\documents and settings\BSD\Desktop\Virus Removal Tool\is-DE8DA\startup.exe [2008-12-03 65536]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 11000]
DRSpawner.lnk - c:\documents and settings\All Users\Application Data\ASGvis\DRSpawner\DRSpawner.exe [2008-09-11 1814528]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 7.0\\avp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\BSD\\My Documents\\Downloads\\Compressed\\Rendition_1.0.372\\Rendition_1.0.372\\Rendition.exe"=
"e:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"e:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe"=
"c:\\WINDOWS\\system32\\vsjitdebugger.exe"=
"c:\\Program Files\\Common Files\\Nero\\Lib\\NeroCheck.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\ASGvis\\DRSpawner\\DRSpawner.exe"=
"d:\\matlab7\\bin\\win32\\matlab.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\Common Files\\Nero\\Lib\\NMIndexStoreSvr.exe"=
"c:\\Program Files\\Nero\\Nero8\\Nero BackItUp\\NBKeyScan.exe"=
"c:\\Documents and Settings\\BSD\\Desktop\\Virus Removal Tool\\is-DE8DA\\is-DE8DA.exe"=
"c:\\Program Files\\PowerISO\\PWRISOVM.EXE"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\jusched.exe"=
"c:\\DOCUME~1\\BSD\\LOCALS~1\\Temp\\winamttag.exe"=
"c:\\DOCUME~1\\BSD\\LOCALS~1\\Temp\\winxsxdw.exe"=
"c:\\DOCUME~1\\BSD\\LOCALS~1\\Temp\\winijkgnx.exe"=
R1 is-DE8DAdrv;is-DE8DAdrv;c:\windows\system32\DRIVERS\72037796.sys [2008-12-03 148496]
R2 WKSVW32;WIBU-KEY Server;c:\program files\WIBUKEY\SERVER\WkSvW32.exe [2008-10-06 577536]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-04-04 24344]
R3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\DRIVERS\swivspnt.sys [2007-03-26 20352]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\DRIVERS\swnc8u80.sys [2008-05-20 167040]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\DRIVERS\swumx80.sys [2008-05-20 143360]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 [2005-09-23 2799808]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0460296-bc6e-11dd-a83f-001b22059b38}]
\Shell\AutoRun\command - fnexsjs.exe
\Shell\explore\Command - fnexsjs.exe
\Shell\open\Command - fnexsjs.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6b01163-9c28-11dd-aec8-001b22059b38}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6b01164-9c28-11dd-aec8-001b22059b38}]
\Shell\AutoRun\command - kinza.exe
\Shell\explore\Command - kinza.exe
\Shell\open\Command - kinza.exe
*Newly Created Service* - ASC3360PR
.
s of the 'Scheduled Tasks' folder
2008-12-03 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\BSD\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [09/02/2008 10:14 PM]
2008-12-03 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe []
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
HKCU-Run-Steam - d:\cs\Counter-Strike Source\Steam.exe
Notify-WgaLogon - (no file)

.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\docume~1\BSD\LOCALS~1\Temp\Rar$EX22.297\Internet_Download_Manager_5.12_Build_7\Internet Download Manager 5.12 Build 7\IEGetAll.htm
IE: تحميل بـ إنترنت داونلود مانيجر - c:\docume~1\BSD\LOCALS~1\Temp\Rar$EX22.297\Internet_Download_Manager_5.12_Build_7\Internet Download Manager 5.12 Build 7\IEExt.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\docume~1\BSD\LOCALS~1\Temp\Rar$EX22.297\Internet_Download_Manager_5.12_Build_7\Internet Download Manager 5.12 Build 7\IEGetVL.htm
LSP: c:\windows\system32\idmmbc.dll
TCP: {FDE3A087-0FCE-4AE9-8E27-2A1461C96E1B} = 212.14.224.1,212.150.48.169
c:\windows\Downloaded Program Files\installer.ocx - O16 -: {82FFA573-38AA-482A-99AD-91F697B91631}
hxxp://f300ce3177d433319cded8ba6b0e860c.impregnable.net/get.php/dl_applet.cab?t=1219298422&h=aefda1062ccfca0e10a1d684714d0067&f=tfmb.cab&fn=/dl_applet.cab
c:\windows\Downloaded Program Files\installer.INF
FireFox -: Profile - c:\documents and settings\BSD\Application Data\Mozilla\Firefox\Profiles\9on75n8d.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-ytbm&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
FF -: plugin - c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF -: plugin - c:\documents and settings\BSD\Local Settings\Application Data\Google\Update\1.2.131.19\npGoogleOneClick6.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
FF -: plugin - d:\basheeer\DivX Player\npDivxPlayerPlugin.dll
FF -: plugin - d:\basheeer\DivX Web Player\npdivx32.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-12-04 18:01:34
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1112)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\windows\system32\klogon.dll
- - - - - - - > 'lsass.exe'(1168)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\windows\system32\idmmbc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
d:\matlab7\bin\win32\MATLAB.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\windows\system32\wscntfy.exe
c:\docume~1\BSD\LOCALS~1\Temp\winamttag.exe
c:\docume~1\BSD\LOCALS~1\Temp\winxsxdw.exe
c:\docume~1\BSD\LOCALS~1\Temp\winijkgnx.exe
.
**************************************************************************
.
Completion time: 12/04/2008 18:10:42 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-04 16:10:38
Pre-Run: 3,738,628,096 bytes free
Post-Run: 6,727,823,360 bytes free
253 --- E O F --- 2008-11-22 05:06:37
 
تأييد 0
استخدم هذه الاداة ,, شغلها وانتظر حتى تظهر رسالة تطلب اعادة التشغيل
اعد التشغيل وبلغنا النتائج
الحجم : 365 كيلوبايت
التوافق : ويندوز اكسبي ( فقط )



يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


بعد الانتهاء

حمل هذا البرنامج
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
 
التعديل الأخير بواسطة المشرف:
تأييد 0
السلام عليكم
نفذت المطلوب لكن للأسف لا فرق
ان اعرف اسم الفايروس اللي سبب لي المشكلة
هو Virus.Win32.Sality.aa
جربت عدة وسائل لحذه لكن دون فائدة

اما التقرير المطلوب فهو كالآتي

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:03:02 م, on 04/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\PROGRAM FILES\WIBUKEY\SERVER\WkSvW32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Documents and Settings\BSD\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\DOCUME~1\BSD\LOCALS~1\Temp\hvqcwr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOCUME~1\BSD\LOCALS~1\Temp\uoin.exe
C:\DOCUME~1\BSD\LOCALS~1\Temp\winbtto.exe
C:\Documents and Settings\BSD\Desktop\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\DOCUME~1\BSD\LOCALS~1\Temp\Rar$EX22.297\Internet_Download_Manager_5.12_Build_7\Internet Download Manager 5.12 Build 7\IDMIECC.dll (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\BSD\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: is-DE8DA.lnk = C:\Documents and Settings\BSD\Desktop\Virus Removal Tool\is-DE8DA\startup.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: DRSpawner.lnk = C:\Documents and Settings\All Users\Application Data\ASGvis\DRSpawner\DRSpawner.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\DOCUME~1\BSD\LOCALS~1\Temp\Rar$EX22.297\Internet_Download_Manager_5.12_Build_7\Internet Download Manager 5.12 Build 7\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\DOCUME~1\BSD\LOCALS~1\Temp\Rar$EX22.297\Internet_Download_Manager_5.12_Build_7\Internet Download Manager 5.12 Build 7\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\DOCUME~1\BSD\LOCALS~1\Temp\Rar$EX22.297\Internet_Download_Manager_5.12_Build_7\Internet Download Manager 5.12 Build 7\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{FDE3A087-0FCE-4AE9-8E27-2A1461C96E1B}: NameServer = 212.14.224.1,212.150.48.169
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - D:\MATLAB7\webserver\bin\win32\matlabserver.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WIBU-KEY Server (WKSVW32) - WIBU-SYSTEMS AG - C:\PROGRAM FILES\WIBUKEY\SERVER\WkSvW32.exe
--
End of file - 11950 bytes
 
تأييد 0
حدد القيم التالية واحذفها

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\DOCUME~1\BSD\LOCALS~1\Temp\Rar$EX22.297\Interne t_Download_Manager_5.12_Build_7\Internet Download Manager 5.12 Build 7\IDMIECC.dll (file missing

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInsta nce.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\BSD\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

O4 - Startup: is-DE8DA.lnk = C:\Documents and Settings\BSD\Desktop\Virus Removal Tool\is-DE8DA\startup.exe

O4 - Global Startup: DRSpawner.lnk = C:\Documents and Settings\All Users\Application Data\ASGvis\DRSpawner\DRSpawner.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1

O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\DOCUME~1\BSD\LOCALS~1\Temp\Rar$EX22.297\Interne t_Download_Manager_5.12_Build_7\Internet Download Manager 5.12 Build 7\IEGetAll.htm

O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\DOCUME~1\BSD\LOCALS~1\Temp\Rar$EX22.297\Interne t_Download_Manager_5.12_Build_7\Internet Download Manager 5.12 Build 7\IEExt.htm

O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\DOCUME~1\BSD\LOCALS~1\Temp\Rar$EX22.297\Interne t_Download_Manager_5.12_Build_7\Internet Download Manager 5.12 Build 7\IEGetVL.htm

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


طريقة الحذف

mg%20(3).png


mg%20(4).png


بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود


ثم نزل هذه الاداة واتبع الشرح التالي



يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


التوافق : ويندوز اكسبيفقط


شرح الاستخدام ,,,,,,
دبل كلك على الاداة واصبر حتى تنتهي جميع النوافذ وتقف عند هذه النافذة


002.png


وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

ثم

حمل هذه الاداة ,,
واتبع الشرح التالي ,, لتنظيف جهازك من هذه الدعايات
و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,

رابط تحميل آخر تحديث للاداة
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



شرح الاستخدام ,,,,,,
قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور

000.png





001.png





002.png





003.png





004.png





005.png


وبلغنا النتائج​
 
تأييد 0
السلام عليكم
نفذت الخطوات السابقة
لكن عند تشغيل الاداة SmitfraudFix.exe
ظهرت لي رسائل الخطأ
Task manager has been disabled by your Asministrator
Registry has been disabled by your Asministrator

والتقرير
SmitFraudFix v2.381
Scan done at 20:48:32.17, Thu 12/04/2008
Run from C:\Documents and Settings\BSD\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process​

»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri​

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.​

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri​

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
Problem while deleting C:\Program Files\Google\googletoolbar1.dll
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri​

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri​

»»»»»»»»»»»»»»»»»»»»»»»» RK​

»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: NVIDIA nForce Networking Controller - Packet Scheduler Miniport
DNS Server Search Order: 212.14.224.1
DNS Server Search Order: 212.150.48.169
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FDE3A087-0FCE-4AE9-8E27-2A1461C96E1B}:
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FDE3A087-0FCE-4AE9-8E27-2A1461C96E1B}:
HKLM\SYSTEM\CS3\Services\Tcpip\..\{FDE3A087-0FCE-4AE9-8E27-2A1461C96E1B}:​

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files​

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""​

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning​

Registry Cleaning done.​

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll​

»»»»»»»»»»»»»»»»»»»»»»»» Reboot
C:\Program Files\Google\googletoolbar1.dll Deleted​

»»»»»»»»»»»»»»»»»»»»»»»» End​
 
تأييد 0
تأييد 0
الحالة
مغلق و غير مفتوح للمزيد من الردود.
عودة
أعلى