فيروسات خطيرة برجاء المساعده

[ahmedabdelsalam]

برجاء مساعدتى​

انا اعانى من الفيروسين دول​

وفيروس اسمه​

trojan horse onlinegames.psw​

برجاء مساعدتى كيف ازيل ذلك الفيروس مع العلم انى عملتscan
بالكسبر والavast
ونزلت نسخه​

وما فى حل

والفيروسات دى عملت لى مشاكل فى الشبكه والسرعه​

 

[المانسي]

يا هلا فيك

اعمل التالي

(1)
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
(2)
واعمل تقرير للهايجاك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم

 

[ahmedabdelsalam]

ComboFix 08-07-04.6 - AA 07/05/2008 16:42:46.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.97 [GMT 3:00]
Running from: C:\Documents and Settings\AA\My Documents\Downloads\Programs\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\smmhbsrv.sys
C:\WINDOWS\system32\spmybapi.sys
C:\WINDOWS\system32\unxxx.bat
.
((((((((((((((((((((((((( Files Created from 2008-06-05 to 2008-07-05 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-05 13:45 9,728 ----a-w C:\WINDOWS\AppPatch\AcSpecf.dll
2008-07-05 13:45 9,728 ----a-w C:\WINDOWS\AppPatch\AclLayer.dll
2008-07-05 13:44 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-05 11:39 --------- d-----w C:\Program Files\Enigma Software Group
2008-07-05 10:22 --------- d-----w C:\Program Files\Internet Download Manager
2008-07-05 10:22 --------- d-----w C:\Documents and Settings\AA\Application Data\Talkback
2008-07-05 10:22 --------- d-----w C:\Documents and Settings\AA\Application Data\IDM
2008-07-05 10:22 --------- d-----w C:\Documents and Settings\AA\Application Data\DMCache
2008-07-05 10:16 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-05 10:16 74,376 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-05 10:16 12,424 ----a-w C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-07-05 10:16 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-07-05 10:15 --------- d-----w C:\Program Files\AVG
2008-07-05 10:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-07-05 10:04 14,336 ----a-w C:\WINDOWS\AppPatch\DesktopWin.dll
2008-07-05 10:03 --------- d-----w C:\Program Files\Yahoo!
2008-07-05 10:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-07-05 10:02 --------- d-----w C:\Program Files\CCleaner
2008-07-05 10:01 --------- d-----w C:\Program Files\Winamp
2008-07-05 10:01 --------- d-----w C:\Program Files\IObit
2008-07-05 10:01 --------- d-----w C:\Documents and Settings\AA\Application Data\Winamp
2008-07-05 10:00 --------- d-----w C:\Program Files\Webteh
2008-07-05 10:00 --------- d-----w C:\Documents and Settings\AA\Application Data\BSplayer Pro
2008-07-05 09:59 --------- d-----w C:\Program Files\Ringz Studio
2008-07-05 09:59 --------- d-----w C:\Program Files\Common Files\Real
2008-07-05 09:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-05 09:59 --------- d-----w C:\Documents and Settings\AA\Application Data\Media Player Classic
2008-07-05 09:42 --------- d-----w C:\Program Files\Alwil Software
2008-07-05 09:29 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-07-05 09:29 --------- d-----w C:\Program Files\Realtek
2008-07-05 09:28 --------- d-----w C:\Program Files\sisagp
2008-07-05 09:26 --------- d-----w C:\Program Files\SiS VGA Utilities V3.78
2008-07-05 09:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-05 09:20 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-05 09:08 --------- d-----w C:\Program Files\VistaPack
2008-07-05 09:08 --------- d-----w C:\Program Files\Unlocker
2008-07-05 09:08 --------- d-----w C:\Program Files\System Tools
2008-07-05 09:08 --------- d-----w C:\Program Files\SpiritPyre Extensions
2008-06-16 15:26 37,386 ----a-w C:\WINDOWS\REGTWEAK.reg
2008-04-14 02:42 74,752 ----a-w C:\WINDOWS\system32\storprop.dll
2008-04-14 02:42 74,240 ----a-w C:\WINDOWS\system32\usbui.dll
2008-04-14 02:42 294,912 ----a-w C:\WINDOWS\system32\msh263.drv
2008-04-14 02:42 29,184 ----a-w C:\WINDOWS\system32\sdhcinst.dll
2008-04-14 02:42 23,552 ----a-w C:\WINDOWS\system32\wdmaud.drv
2008-04-14 02:41 4,096 ----a-w C:\WINDOWS\system32\ksuser.dll
2008-04-14 02:41 30,208 ----a-w C:\WINDOWS\system32\bthserv.dll
2008-04-14 02:41 20,992 ----a-w C:\WINDOWS\system32\bthci.dll
2004-08-08 10:07 520 --sh--w C:\WINDOWS\system32\xscqbhlp.sys
2004-08-08 10:08 520 --sh--w C:\WINDOWS\system32\smdsbsrv.sys
.
------- Sigcheck -------
04/04/2008 12:00 PM 795136 c9abdbc112b8e34f56395b48a2a1ba70 C:\WINDOWS\system32\wininet.dll
04/04/2008 12:00 PM 361344 68f06fe0021b01e670af37b8c5964fdf C:\WINDOWS\system32\drivers\tcpip.sys
04/04/2008 12:00 PM 2097664 f9f87fffec7bf22171760d38d5b82c37 C:\WINDOWS\system32\ntkrnlpa.exe
04/04/2008 12:00 PM 2220800 376117fcc00e85ff65639b70febf06c2 C:\WINDOWS\system32\ntoskrnl.exe
04/04/2008 12:00 PM 1563648 b31c1e2bbe75ad80209648f6579240a7 C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{97421D0D-E07F-40DF-8F07-99597B9585AD}]
07/05/2008 01:08 PM 45056 --a------ C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/04/2008 12:00 PM 15360]
"LClock"="C:\Program Files\VistaPack\Lclock\lclock.exe" [09/19/2004 01:27 PM 65536]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [12/17/2007 05:13 PM 3810544]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [12/21/2007 07:08 AM 931760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [08/20/2006 01:48 PM 6656]
"StormCodec_Helper"="C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [11/26/2006 09:30 PM 97357]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [01/16/2008 01:54 AM 37376]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/05/2008 01:15 PM 1171712]
"SiSPower"="SiSPower.dll" [01/23/2007 07:34 AM 53248 C:\WINDOWS\system32\SiSPower.dll]
"RTHDCPL"="RTHDCPL.EXE" [04/10/2007 10:28 AM 16126464 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [04/04/2008 12:00 PM 15360]
"LClock"="C:\Program Files\VistaPack\Lclock\lclock.exe" [09/19/2004 01:27 PM 65536]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [7/5/2008 12:26:50 PM 262144]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"NoFolderOptions"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"= 0 (0x0)
"NoDispScrSavPage"= 0 (0x0)
"NoDispSettingsPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"NoFolderOptions"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoUserNameInStartMenu"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoClose"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceDelayLoad]
"DesktopWin"= {DA191DE0-AA86-4ED0-4B87-292A3D48BE99} - C:\WINDOWS\AppPatch\DesktopWin.dll [07/05/2008 01:04 PM 14336]
"ThunderAdvise"= {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll [07/05/2008 01:08 PM 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [07/05/2008 01:16 PM]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [07/05/2008 01:16 PM]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [07/05/2008 01:15 PM]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [07/05/2008 01:15 PM]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [07/05/2008 01:16 PM]
S3 eth8023;eth8023;C:\WINDOWS\system32\drivers\eth8023.sys []
S3 FXDrv32;FXDrv32;H:\FXDrv32.sys []
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-General_Removal - d:\General_Removal.exe
HKLM-Run-SystemInit - (no file)
HKLM-Run-Karen - (no file)
HKLM-Run-raVe - (no file)
HKLM-Run-SystemBackup - (no file)
HKLM-Run-Win32BaseServiceMOD - (no file)
HKLM-Run-startIE - (no file)
HKLM-RunServices-raVe - (no file)
HKLM-RunServices-Driver32 - (no file)
ShellExecuteHooks-{87FD640A-158F-48AC-FD14-1597F14A9778} - (no file)

**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-07-05 16:45:09
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\AVG\AVG8\AVGWDSVC.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 07/05/2008 16:46:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-05 13:46:12
Pre-Run: 4,284,207,104 bytes free
Post-Run: 4,288,024,576 bytes free
189

ده التقرير الاول



وده تقرير الهايجاك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:49:22 م, on 05/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VistaPack\Lclock\lclock.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\sistray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\AA\My Documents\Downloads\Programs\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\VistaPack\Lclock\lclock.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\VistaPack\Lclock\lclock.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{B18C1796-486E-48C1-B635-AF6F7F8A13C4}: NameServer = 213.131.65.20,213.131.66.246
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O21 - SSODL: DesktopWin - {DA191DE0-AA86-4ED0-4B87-292A3D48BE99} - C:\WINDOWS\AppPatch\DesktopWin.dll
O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
--
End of file - 5166 bytes

وشكرا ليك على سرعه الاستجابه وان شاء الله تنحل المشكل معاك​

 

[المانسي]

حدد القيم هذه بارك الله فيك

O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')


O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)

O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll

طريقة الحذف

باستخدام اداة الهايجاك

تابع الشرح على الصور

ثم حمل هذه الاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

ثم حمل هذه الاداة
رابط تحميل آخر تحديث للاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شرح الاستخدام ,,,,,,
قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور

قم بتنزيل برنامج AVG Anti-Spyware لمكافحة ملفات التجسس ويفضل تنصيب برنامج كاسبر وفحص الجهاز
كاملا من ثم ضع تقرير اخر باداة هايجيك​