اختفاء سطح المكتب

هذا هو التقرير

ComboFix 09-12-31.06 - user 12/31/2009 22:17:08.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.2008.1557 [GMT 3:00]
Running from: c:\documents and settings\user\سطح المكتب\ComboFix.exe
AV: Kaspersky Anti-Virus 6.0 *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
c:\documents and settings\tazebama.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Bluetooth.lnk
c:\documents and settings\MyDocuments\Readme.doc .exe
c:\documents and settings\MyDocuments\readthis.doc.exe
c:\documents and settings\tazebama.dll
c:\documents and settings\user\a9w1t72b2.exe
c:\documents and settings\user\Application Data\tazebama
c:\documents and settings\user\Application Data\tazebama\tazebama.log
c:\documents and settings\user\Application Data\tazebama\zPharaoh.dat
c:\documents and settings\user\c8s6n83o3.exe
c:\documents and settings\user\eaeae.exe
c:\documents and settings\user\easdjadeh9.exe
c:\documents and settings\user\w8v9r56t6.exe
c:\program files\K-Lite Codec Pack\tools\StatsReader.exe
c:\windows\EventSystem.log
c:\windows\system32\_000110_.tmp.dll
c:\windows\system32\ieuinit.inf
C:\zPharaoh.exe
D:\autorun.inf
d:\f5b9~1\C1AC~1\F13E~1.exe
D:\zPharaoh.exe

Infected copy of c:\windows\pchealth\helpctr\binaries\helpctr.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\helpctr.exe

Infected copy of c:\windows\pchealth\helpctr\binaries\msconfig.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\msconfig.exe

Infected copy of c:\windows\system32\calc.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\calc.exe

Infected copy of c:\windows\system32\charmap.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\charmap.exe

Infected copy of c:\windows\system32\cmd.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\cmd.exe

Infected copy of c:\windows\system32\freecell.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\freecell.exe

Infected copy of c:\windows\system32\magnify.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\magnify.exe

Infected copy of c:\windows\system32\mobsync.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\mobsync.exe

Infected copy of c:\windows\system32\mshearts.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\mshearts.exe

Infected copy of c:\windows\system32\mspaint.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\mspaint.exe

Infected copy of c:\windows\system32\mstsc.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\mstsc.exe

Infected copy of c:\windows\system32\notepad.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\notepad.exe

Infected copy of c:\windows\system32\ntbackup.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\ntbackup.exe

Infected copy of c:\windows\system32\odbcad32.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\odbcad32.exe

Infected copy of c:\windows\system32\osk.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\osk.exe

Infected copy of c:\windows\system32\sndrec32.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\sndrec32.exe

Infected copy of c:\windows\system32\sndvol32.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\sndvol32.exe

Infected copy of c:\windows\system32\sol.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\sol.exe

Infected copy of c:\windows\system32\spider.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\spider.exe

Infected copy of c:\windows\system32\winmine.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\winmine.exe

Infected copy of c:\windows\system32\Restore\rstrui.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\rstrui.exe

.
((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-31 )))))))))))))))))))))))))))))))
.

2009-12-31 19:24 . 2009-12-31 19:25 154971 --sh--r- C:\zPharaoh.exe
2009-12-31 19:24 . 2009-12-31 19:25 154971 --sh--r- \zPharaoh.exe
2009-12-31 19:21 . 2009-12-31 19:25 -------- d-----w- c:\documents and settings\user\Application Data\tazebama
2009-12-31 19:15 . 2009-12-31 19:25 -------- d-----w- \ComboFix
2009-12-31 12:53 . 2009-12-31 12:53 33792 ----a-w- c:\documents and settings\user\eadefaem9.exe
2009-12-31 12:45 . 2009-12-31 12:58 511 ----a-w- c:\documents and settings\user\easdjadee8.exe
2009-12-31 00:10 . 2009-12-31 19:24 -------- d---a-w- \Qoobox
2009-12-30 20:15 . 2009-12-30 21:13 33792 ----a-w- c:\documents and settings\user\eadefaed5.exe
2009-12-30 20:08 . 2009-12-30 20:08 -------- d-----w- c:\program files\cdromdeaf
2009-12-30 20:08 . 2009-12-30 20:08 -------- d-----w- c:\documents and settings\user\Application Data\cdromdeaf
2009-12-30 20:06 . 2009-12-30 20:06 -------- d-----w- c:\program files\Circl Developement
2009-12-30 19:58 . 2009-12-30 19:58 -------- d-----r- C:\SIN
2009-12-30 19:58 . 2009-12-30 19:58 -------- d-----r- \SIN
2009-12-16 22:19 . 2009-12-30 10:14 885160 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-16 17:51 . 2009-12-16 17:51 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\IsolatedStorage
2009-12-16 17:51 . 2009-12-16 21:24 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Nokia
2009-12-16 17:42 . 2009-12-16 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NokiaMusic
2009-12-16 17:40 . 2009-12-16 17:41 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-12-16 17:38 . 2009-12-16 17:43 -------- d-----w- c:\windows\Globalization
2009-12-16 17:23 . 2009-12-16 17:23 -------- d-----w- c:\program files\MSBuild
2009-12-16 17:23 . 2009-12-16 17:23 -------- d-----w- c:\program files\Reference Assemblies
2009-12-16 17:20 . 2009-12-16 17:20 -------- d-----w- c:\program files\MSXML 6.0
2009-12-09 09:24 . 2009-12-09 09:24 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Help

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-31 19:25 . 2009-12-31 19:24 154971 --sh--r- \zPharaoh.exe
2009-12-31 19:21 . 2004-08-03 20:56 1186159 ----a-w- c:\windows\explorer.exe
2009-12-30 20:06 . 2009-03-27 11:22 -------- d-----w- c:\program files\Messenger Plus! Live
2009-12-16 17:51 . 2009-03-27 01:55 99912 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-16 17:49 . 2009-03-27 02:06 -------- d-----w- c:\documents and settings\user\Application Data\Nokia
2009-12-16 17:44 . 2009-03-27 02:05 -------- d-----w- c:\program files\Common Files\Nokia
2009-12-16 17:44 . 2009-03-27 02:05 -------- d-----w- c:\program files\Nokia
2009-11-24 15:25 . 2009-03-27 11:14 229743 ----a-w- c:\windows\ST6UNST.EXE
2009-11-24 15:20 . 2009-03-27 11:07 547191 ----a-w- c:\documents and settings\user\Application Data\Real\RealPlayer\setup\AU_setup6.exe
2009-11-24 15:20 . 2009-03-27 11:12 201583 ----a-w- c:\documents and settings\user\Application Data\Microsoft\Installer\{885A63EA-382B-4DD4-A755-14809B8557D6}\ARPPRODUCTICON.exe
2009-11-24 15:15 . 2009-03-27 02:05 34130135 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_ara_web.exe
2009-11-24 15:15 . 2009-03-27 02:03 203631 ----a-w- c:\windows\AKDeInstall.exe
2009-11-24 14:07 . 2002-08-14 12:03 222063 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Ghost\aspiinst.exe
2009-11-24 13:42 . 2008-07-29 08:03 18653059 ----a-w- c:\documents and settings\Administrator\Application Data\TMP\setup.exe
2009-11-21 09:59 . 2009-11-21 09:59 -------- d-----w- c:\documents and settings\user\Application Data\DivX
2009-11-18 20:38 . 2009-11-18 20:38 -------- d-----w- c:\documents and settings\user\Application Data\CyberLink
2009-10-22 09:57 . 2009-03-27 12:04 27262976 ----a-w- C:\VIRTPART.DAT
2009-10-22 09:57 . 2009-03-27 12:04 27262976 ----a-w- \VIRTPART.DAT
2004-08-03 20:55 . 2004-08-03 20:55 173318 --sha-r- c:\windows\system32\ohqqxb.dll
.

------- Sigcheck -------

[-] 2009-12-31 . 1DF3C37425557B46DD4D3C996DB60278 . 1186159 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[7] 2004-08-03 . 932F97B77F2625F7FF7DFC97552548F8 . 1029632 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe

[-] 2008-01-01 . DABAD58A8BA625B241B90FB1A81154ED . 1547776 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2005-03-17 1159168]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2009-12-16 1824111]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-25 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-08-01 200704]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2009-12-31 1868655]
"kav"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2009-12-31 295894]
"GhostStartTrayApp"="c:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2009-12-16 250735]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-31 342423]
"Nokia FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-02-26 2376992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 10:06 40048 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AESTFltr]
2008-07-11 09:15 466944 ----a-w- c:\windows\system32\AESTFltr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2008-11-26 08:39 2289664 ----a-w- c:\windows\system32\WLTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
2009-12-16 00:37 250735 ----a-w- c:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-09-16 11:01 178712 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-09-16 11:02 150040 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2009-11-25 10:58 211359 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2005-09-25 16:11 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-24 15:15 1362287 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-09-16 11:02 150040 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2009-11-25 10:58 213455 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-11-24 15:25 23036567 ----a-w- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2008-07-21 07:42 442460 ----a-w- c:\program files\IDT\WDM\sttray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-12-31 14:41 342423 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9183:TCP"= 9183:TCP:tujps

R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [14/08/2002 03:11 م 5632]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [27/03/2009 04:52 ص 108160]
R3 OA009Afx;Provides a software interface to control audio effects of OA009 camera.;c:\windows\system32\drivers\OA009Afx.sys [27/03/2009 04:37 ص 148056]
R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\drivers\OA009Ufd.sys [27/03/2009 04:37 ص 144544]
R3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\drivers\OA009Vid.sys [27/03/2009 04:37 ص 268992]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [27/03/2009 04:36 ص 157696]
S2 afqhwlxj;Center Driver;c:\windows\system32\svchost.exe -k netsvcs [03/08/2004 11:56 م 14336]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
afqhwlxj

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{14MAD6M8-1MAD-81AD-JIM6-26OP5G3369085}]
2009-10-24 08:17 40960 ------w- c:\xavx\ReleAsE\xAVy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{63MAD6M8-1MAD-81AD-JIM6-32OP5G1234521}]
2009-10-07 15:28 57344 --sha-r- c:\jim\carry\jIm.exe
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: إرسال إلى &جهاز Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: إرسال إلى Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-31 22:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\afqhwlxj]
"ServiceDll"="c:\windows\system32\ohqqxb.dll"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\smss.exe
c:\windows\system32\csrss.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\System32\svchost.exe
c:\program files\TGTSoft\StyleXP\StyleXPService.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\spoolsv.exe
c:\program files\idt\xpm09_6047v002\wdm\STacSV.exe
c:\documents and settings\tazebama.dl_
c:\program files\Symantec\Norton Ghost 2003\GhostStartService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\svchost.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\wscntfy.exe
c:\windows\System32\alg.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\windows\system32\wbem\wmiprvse.exe
c:\program files\Nokia\PC Connectivity Solution\ServiceLayer.exe
c:\program files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Nokia\PC Connectivity Solution\Transports\NclBCBTSrv.exe
c:\windows\system32\wbem\wmiprvse.exe
.
**************************************************************************
.
Completion time: 2009-12-31 22:27:40 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-31 19:27

Pre-Run: 46,712,418,304 bytes free
Post-Run: 46,686,814,208 bytes free

- - End Of File - - F82D652857E34A861924623BBE729CBE

 

اوووكي الآن

حمل هذا البرنامج ​

http://www.malwarebytes.org/mbam-download.php​

ثبته على الجهاز ،، ثم شغله واعمل كما الشرح التالي لفحص الجهاز وعمل تقرير​

​

وبعد انتهاء الفحص اعمل التالي​

​

انسخ ما بداخل التقرير والصقه بمشاركتك القادمة​

​

​

 

هذا هو بعد الفحص



Malwarebytes' Anti-Malware 1.43
نسخة قاعدة البيانات: 3458
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

31/12/2009 11:51:06 م
mbam-log-2009-12-31 (23-51-06).txt

نوع البحث: بحث شامل (C:\|D:\|)
تم فحص: 194064
الوقت المنقضى: 30 minute(s), 10 second(s)

عمليات الذاكرة المصابة: 1
وحدات الذاكرة المصابة: 1
مفاتيح التسجيل المصابة: 2
قيم التسجيل المصابة: 0
بيانات التسجيل المصابة: 0
مجلدات مصابة: 1
ملفات مصابة: 143

عمليات الذاكرة المصابة:
C:\Documents and Settings\tazebama.dl_ (Worm.Mabezat) -> Unloaded process successfully.

وحدات الذاكرة المصابة:
C:\Documents and Settings\tazebama.dll (Worm.Mabezat) -> Delete on reboot.

مفاتيح التسجيل المصابة:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{63mad6m8-1mad-81ad-jim6-32op5g1234521} (Worm.AutoRun) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{14mad6m8-1mad-81ad-jim6-26op5g3369085} (Backdoor.Bot) -> Delete on reboot.

قيم التسجيل المصابة:
(لم يتم الكشف عن أية عناصر ضارة)

بيانات التسجيل المصابة:
(لم يتم الكشف عن أية عناصر ضارة)

مجلدات مصابة:
C:\jim\carry (Worm.AutoRun) -> Delete on reboot.

ملفات مصابة:
C:\jim\carry\jIm.exe (Worm.AutoRun) -> Delete on reboot.
C:\xAVx\ReleAsE\xAVy.exe (Backdoor.Bot) -> Delete on reboot.
C:\Documents and Settings\hook.dl_ (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\tazebama.dll.vir (Worm.Mabezat) -> Delete on reboot.
C:\Qoobox\Quarantine\C\Documents and Settings\user\c8s6n83o3.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\user\eaeae.exe.vir (Trojan.PWS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP16\A0019064.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP16\A0019126.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP16\A0020126.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP16\A0020338.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP16\A0020415.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP16\A0021415.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP16\A0021655.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP16\A0021767.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP16\A0022767.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP16\A0022954.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP16\A0023121.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP16\A0023303.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP16\A0023503.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP17\A0023761.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP17\A0023856.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP17\A0024017.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP18\A0024192.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP18\A0024315.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP18\A0024360.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP18\A0024746.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP19\A0025055.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP19\A0025256.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP19\A0025370.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP19\A0025466.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP20\A0025643.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP20\A0026016.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP20\A0026208.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP20\A0026331.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP20\A0026801.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP20\A0026719.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP21\A0026989.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP22\A0027180.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP22\A0027348.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP22\A0027530.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP22\A0027607.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP22\A0030622.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP22\A0030858.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP22\A0030940.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP22\A0030949.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP22\A0030963.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP22\A0030964.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP23\A0031963.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP23\A0031992.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP23\A0031993.exe (Trojan.PWS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP23\A0032031.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP3\A0007390.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP3\A0007551.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP3\A0007552.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP3\A0007823.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP3\A0007924.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP3\A0007925.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP3\A0008295.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP3\A0008476.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP3\A0008854.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP4\A0009066.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP4\A0009075.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP4\A0009281.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP4\A0009518.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP4\A0009613.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP4\A0009679.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP4\A0009681.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP4\A0009680.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP5\A0009926.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP5\A0010032.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP5\A0010071.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP5\A0010072.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP5\A0010590.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP5\A0010647.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP5\A0011036.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP5\A0010589.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP5\A0011173.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP5\A0011174.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP5\A0011350.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP5\A0011351.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP5\A0010843.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP5\A0011721.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP5\A0011951.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP5\A0012001.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP5\A0012002.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP5\A0012220.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP5\A0012404.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP5\A0012508.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP5\A0012703.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP5\A0012745.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP5\A0012746.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP5\A0012747.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP5\A0013077.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP5\A0013267.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP5\A0013408.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP5\A0013409.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP5\A0013644.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP5\A0013780.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP5\A0013907.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP5\A0013781.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP6\A0014135.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP6\A0014209.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP6\A0014210.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP6\A0014328.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP6\A0014329.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP6\A0014539.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP6\A0014715.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP6\A0014716.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP6\A0015033.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP6\A0015034.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP6\A0015035.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP6\A0014839.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP6\A0015208.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP6\A0015370.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP6\A0015588.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP6\A0015371.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP6\A0015677.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP6\A0015678.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP6\A0016062.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP6\A0016063.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP6\A0016296.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP6\A0016409.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP6\A0016615.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP6\A0016616.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP6\A0016617.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP6\A0016946.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP6\A0016947.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP6\A0016713.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP6\A0017616.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP6\A0017668.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP6\A0017670.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP6\A0017719.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP6\A0017720.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP6\A0017669.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP6\A0018053.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{98514F6D-F917-4FE2-89F2-636CCF4A3561}\RP7\A0018420.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ohqqxb.dll (Worm.Conficker) -> Quarantined and deleted successfully.
C:\jim\carry\desKtOp.InI (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Documents and Settings\SYSTEM\Application Data\tazebama\zPharaoh.dat (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\Documents and Settings\tazebama.dl_ (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\Documents and Settings\tazebama.dll (Worm.Mabezat) -> Delete on reboot.
C:\autorun.inf (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\zPharaoh.exe (Worm.Mabezat) -> Quarantined and deleted successfully.

 

مرررره ممتاز

جهازك كان في خبر كان

انحذفت 143 ملف مصاب

الآن اعيدي تشغيل الجهاز

وشوفي كيف الأوضاع ؟

 

عدت التشغيل الحمد لله

بس باقي مشكلة الملفات اذا يوجد كل مجلد متكرر مرتين او اكثر واذا حذفت ترجع مره ثانيه الملفات والمجلدات >> فهمتي قصدي

احس انه لساته مش طبيعي

الملفات والمجلدات اكثر من نسخه عندي

 

اووكي


ممكن صورة من الملف لو سمحتي :king:

 

حبيبتي شوفي مثلا مجلد المنوعات يوجد فيه مجلد افلام ودينيه

بفتح مجلد الأفلام بيوجد داخله المنوعات والدينية وكل المجلدات المتواجده وهكذا

فهمتي علي المجلد متكرر اكثر من مره

ايضا لون عنوان المجلد الخط ازرق

 

الظاهر عندك فيروس autorn اللي يكرر الملفات اكثر من مرة

بس بسئلك هل امتداد المجلد المكرر exe ؟؟

وكل مرة تحذفيه يرجع تاني صح ولالا

ابغاكي تجربي

 

كيف اعرف امتداد المجلد ...؟؟

اي كل مره احذفة يرجع تاني

 

اجل فعلا عندك فيروس اوتورن هذا يجي من فلاشات

يمكن ركبتي فلاش ميموري حامل هذا الفيروس

 

حملي برنامج القضاء على الفيروس من هنا

 

^
^
^

اختي العزيزة حملي البرنامج اللي فوق

موفقة حبيبتي

 

والمشكله اني انقل الميموري من الجهاز المصاب لجهازي الي بكلمك منه هذا

بالذات ذاك ما بفتح به النت معطله كل البرامج فيه :er:

طيب بسألك عن Setting هذا الملف كل ما نقلت الميموري يطلع لي هذا الملف ...؟؟

 

اوك راح اجرب بعد قليل

 

لا ابداً

دحين اتركي الباقي للبرنامج وحمليه وخليه ينظف:d:

 

جربت الأداة بس للأسف مافاد :no:

 

اختي روحي للرجستري شوفيه يشتغل

وكمان شوفي ادارة المهام تشتغل ولالا ؟
​

 

مافهمت عليك كيف اشوف الرجيستري يشتغل ...؟


ادارة المهام يس تشتغل

بعرف اني راح اتعبك معي ربي يرزقك ويوفقك دنيا واخره

 

الجميع ان شالله

بس جاري البحث عن حلول

ولو طولت

الاخوة والاخوات مرح يقصرو

اهم شي رجع لك سطح المكتب وانحذفت القيم الضارة

باقيلك هذي المشكلة وتراها بسيطة تطمني