اريد حلا لهدا الفيروسtazebama.dll

  • بادئ الموضوع بادئ الموضوع chibl
  • تاريخ البدء تاريخ البدء
  • المشاهدات 1,845
C

chibl

زيزوومي جديد
إنضم
12 مارس 2009
المشاركات
33
مستوى التفاعل
0
النقاط
40
غير متصل
انه فيروس خطير لقد عطل جل برامجي انقدوني منه جزاكم الله الف خير
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
جهاز الكمبيوتر >>> خصائص >>>> عام >>> تعطيل استعادة النظام ثم

نزل الاداة هذي وشغلها
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

لكن عطل الكاسبر قبل تشغليها
بعدها تظهر لك رسالتين اضغط عليهم >> yes
اتركها تفحص واحتمال تعيد التشغيل
بعد ما تنتهي تطلع لك تقرير
انسخه والصقه بالرد الجاي
 
توقيع : البارون
تأييد 0
اخي هدا تقرير combofix

ComboFix 09-03-18.01 - user 2009-03-19 23:28:09.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1256.212.1036.18.255.71 [GMT 0:00]
Running from: c:\documents and settings\user\Bureau\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\IsDrv118.sys\
c:\windows\system32\drivers\IsPubDrv.sys\
c:\windows\system32\tmp.reg
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASC3360PR
-------\Service_asc3360pr

((((((((((((((((((((((((( Files Created from 2009-02-19 to 2009-03-19 )))))))))))))))))))))))))))))))
.
2009-03-19 21:17 . 2009-03-19 23:13 <REP> d-------- c:\program files\CCleaner
2009-03-19 18:26 . 2009-03-19 18:26 32,768 --a------ c:\documents and settings\tazebama.dll
2009-03-18 21:48 . 2009-03-18 23:42 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-18 21:48 . 2009-03-18 21:48 <REP> d-------- c:\documents and settings\user\Application Data\Malwarebytes
2009-03-18 21:48 . 2009-03-18 21:48 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-18 21:48 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-18 21:48 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-18 18:29 . 2009-03-18 18:29 <REP> d-------- c:\program files\Yahoo!
2009-03-18 14:06 . 2009-03-18 15:26 <REP> d-------- c:\program files\Navilog1
2009-03-17 20:52 . 2009-03-17 20:52 <REP> d-------- c:\documents and settings\user\Application Data\Sammsoft
2009-03-16 14:53 . 2007-11-13 17:57 38 --a------ c:\windows\system32\zzrun.bat
2009-03-16 13:42 . 2008-04-07 13:30 3 --------- c:\windows\system32\Data(4).dll
2009-03-16 13:42 . 2008-04-05 23:14 3 --------- c:\windows\system32\Data(3).dll
2009-03-15 12:36 . 2009-03-15 12:36 <REP> d-------- c:\documents and settings\user\Application Data\Thinstall
2009-03-14 23:39 . 2009-03-15 07:22 <REP> d-------- c:\windows\SxsCaPendDel
2009-03-14 21:51 . 2009-03-14 21:53 <REP> d-------- c:\windows\SHELLNEW
2009-03-14 15:12 . 2009-03-14 15:12 <REP> d-------- c:\documents and settings\All Users\Application Data\Agnitum
2009-03-14 09:40 . 2009-03-14 09:40 0 --a------ c:\windows\evntwin.INI
2009-03-13 22:40 . 2009-03-13 22:40 <REP> d-------- c:\program files\VS Revo Group
2009-03-13 21:37 . 2009-03-13 21:37 <REP> d-------- c:\program files\Fichiers communs\xing shared
2009-03-13 19:51 . 2009-03-18 16:38 <REP> d-------- c:\program files\GVR
2009-03-13 19:51 . 2007-06-12 04:04 2,267,368 --a------ c:\windows\system32\Flash9d.ocx
2009-03-13 16:32 . 2009-03-13 16:32 <REP> d-------- c:\documents and settings\user\Application Data\CyberScrub
2009-03-13 16:32 . 2009-03-13 16:46 <REP> d-------- c:\documents and settings\user\Application Data\cleaner
2009-03-13 12:33 . 2009-03-13 12:33 <REP> d-------- c:\documents and settings\user\Application Data\URSoft
2009-03-12 15:51 . 2009-03-12 15:51 <REP> d-------- c:\program files\Trend Micro
2009-03-10 22:54 . 2009-03-10 22:54 <REP> d-------- c:\program files\Alwil Software
2009-03-09 22:30 . 2009-03-09 22:30 <REP> d-------- c:\windows\system32\exe
2009-03-08 12:34 . 2009-03-15 12:13 <REP> d-------- c:\documents and settings\All Users\Application Data\SpeedBit
2009-03-07 16:05 . 2009-03-07 19:47 73,348 -rahs---- C:\winfile.jpg
2009-03-07 16:05 . 2009-03-07 19:46 73,348 -rahs---- c:\windows\system32\winjpg.jpg
2009-03-07 00:14 . 2009-03-07 00:14 <REP> d-------- c:\windows\DownUp Utilities 2009
2009-03-05 20:26 . 2009-03-05 20:26 <REP> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-03-05 19:39 . 2009-03-05 19:39 <REP> d-------- c:\documents and settings\user\Application Data\profette
2009-02-24 14:49 . 2009-02-24 14:49 <REP> d----c--- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-02-24 13:15 . 2009-02-24 13:15 <REP> dr-h----- C:\AHCache
2009-02-21 23:35 . 2009-03-13 21:44 185 --a------ c:\windows\mdm.ini
2009-02-21 23:29 . 2009-02-21 23:29 <REP> d-------- c:\program files\Web Publish
2009-02-21 17:27 . 2009-02-21 17:27 <REP> d-------- c:\program files\MSXML 4.0
2009-02-19 00:31 . 2009-02-19 00:31 <REP> d-------- c:\program files\Microsoft Synchronization Services
2009-02-19 00:31 . 2009-02-19 00:31 <REP> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-02-19 00:14 . 2009-02-19 00:14 <REP> d-------- c:\program files\Microsoft SDKs
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-17 22:01 --------- d-----w c:\program files\Google
2009-03-17 18:12 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-16 16:14 --------- d-----w c:\program files\Elaborate Bytes
2009-03-15 14:28 --------- d--h--r c:\program files\rnamfler
2009-03-14 23:43 --------- d-----w c:\program files\CyberLink
2009-03-14 21:51 --------- d-----w c:\program files\Microsoft.NET
2009-03-14 20:32 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-13 23:18 --------- d-----w c:\program files\Ahead
2009-03-13 21:37 --------- d-----w c:\program files\Fichiers communs\Real
2009-03-13 21:36 --------- d-----w c:\program files\Real
2009-02-26 23:35 --------- d-----w c:\program files\Paltalk Messenger
2009-02-26 11:46 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-21 23:57 --------- d-----w c:\program files\Microsoft SQL Server
2009-02-21 17:25 --------- d-----w c:\program files\Windows Live
2009-02-21 17:23 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-18 21:25 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2009-02-13 03:00 --------- d-----w c:\program files\MSBuild
2009-02-13 02:59 --------- d-----w c:\program files\Reference Assemblies
2008-07-24 23:48 16 --sha-w c:\windows\idimlobi.sys
2008-10-11 19:43 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008101120081012\index.dat
.
------- Sigcheck -------
2008-04-14 02:34 1107456 fdbdc29d3fa597cc02a1ce77656261d3 c:\windows\explorer.exe
2007-06-13 13:10 1037312 b795475444d6d57a572c14b9e1a29839 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 13:22 1037312 d0288319660edcfed07c7e74c4ea38a5 c:\windows\$NtServicePackUninstall$\explorer.exe
2008-04-14 02:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd c:\windows\ServicePackFiles\i386\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot_2009-03-18_19.03.59.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-22 19:07:56 91,488 ----a-r c:\windows\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.8173\ADDRPARS.DLL
+ 2007-03-22 19:07:54 80,224 ----a-r c:\windows\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.8173\DLGSETP.DLL
+ 2007-04-19 13:53:52 137,568 ----a-r c:\windows\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.8173\ENVELOPE.DLL
+ 2007-05-31 13:41:06 10,422,104 ----a-r c:\windows\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.8173\EXCEL.EXE
+ 2007-04-19 13:09:30 167,256 ----a-r c:\windows\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.8173\IETAG.DLL
+ 2007-04-19 13:53:52 127,328 ----a-r c:\windows\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.8173\IMPMAIL.DLL
+ 2007-04-19 13:54:04 183,136 ----a-r c:\windows\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.8173\MIMEDIR.DLL
+ 2007-06-18 17:16:32 12,259,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.8173\MSO.DLL
+ 2007-05-10 13:35:04 6,817,112 ----a-r c:\windows\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.8173\MSPUB.EXE
+ 2007-05-31 13:43:46 7,613,280 ----a-r c:\windows\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.8173\OUTLLIB.DLL
+ 2007-04-19 13:53:44 106,336 ----a-r c:\windows\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.8173\OUTLMIME.DLL
+ 2007-05-31 13:42:14 200,032 ----a-r c:\windows\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.8173\OUTLOOK.EXE
+ 2007-04-19 13:53:56 149,856 ----a-r c:\windows\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.8173\OUTLPH.DLL
+ 2007-04-19 13:53:24 69,984 ----a-r c:\windows\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.8173\OUTLRPC.DLL
+ 2007-05-31 13:35:22 6,420,320 ----a-r c:\windows\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.8173\POWERPNT.EXE
+ 2007-05-31 13:35:46 133,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.8173\PRTF9.DLL
+ 2007-05-31 13:36:08 612,184 ----a-r c:\windows\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.8173\PTXT9.DLL
+ 2007-05-10 13:34:48 562,528 ----a-r c:\windows\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.8173\PUBCONV.DLL
+ 2007-03-22 19:07:10 41,824 ----a-r c:\windows\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.8173\RECALL.DLL
+ 2007-03-22 19:07:54 78,168 ----a-r c:\windows\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.8173\RM.DLL
+ 2007-03-22 19:22:02 103,264 ----a-r c:\windows\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.8173\TRANSMGR.DLL
+ 2007-05-09 17:19:48 2,585,936 ----a-r c:\windows\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.8173\VBE6.DLL
+ 2007-05-31 13:37:40 12,310,368 ----a-r c:\windows\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.8173\WINWORD.EXE
- 2009-03-18 00:21:07 593,920 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-03-19 00:36:58 593,920 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2009-03-18 00:21:07 12,288 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-03-19 00:36:58 12,288 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2009-03-18 00:21:07 86,016 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2009-03-19 00:36:58 86,016 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-03-18 00:21:07 135,168 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-03-19 00:36:58 135,168 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-03-18 00:21:07 11,264 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-03-19 00:36:59 11,264 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-03-18 00:21:07 27,136 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-03-19 00:36:59 27,136 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-03-18 00:21:07 4,096 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-03-19 00:36:59 4,096 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2009-03-18 00:21:07 794,624 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-03-19 00:36:59 794,624 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-03-18 00:21:07 249,856 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-03-19 00:36:58 249,856 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-03-18 00:21:07 61,440 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-03-19 00:36:58 61,440 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2009-03-18 00:21:07 23,040 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-03-19 00:36:59 23,040 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-03-18 00:21:06 286,720 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-03-19 00:36:58 286,720 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2009-03-18 00:21:06 409,600 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-03-19 00:36:58 409,600 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0A94B116-4504-4e26-AB05-E61E474AA38B}"= "c:\program files\AskPBar\SrchAstt\2.bin\A9SRCHAS.DLL" [2007-12-14 61440]
[HKEY_CLASSES_ROOT\clsid\{0a94b116-4504-4e26-ab05-e61e474aa38b}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 150632]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-03-13 275984]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 108896]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableClock"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoMultiIE"= 0 (0x0)
"LWA"= 0 (0x0)
"LWB"= 0 (0x0)
"LWC"= 0 (0x0)
"LWD"= 0 (0x0)
"LWE"= 0 (0x0)
"LWF"= 0 (0x0)
"LWG"= 0 (0x0)
"LWH"= 1 (0x1)
"LWI"= 1 (0x1)
"LWJ"= 1 (0x1)
"LWK"= 1 (0x1)
"LWL"= 1 (0x1)
"LWM"= 1 (0x1)
"LWN"= 1 (0x1)
"LWO"= 1 (0x1)
"LWP"= 1 (0x1)
"LWQ"= 1 (0x1)
"LWR"= 1 (0x1)
"LWS"= 1 (0x1)
"LWT"= 1 (0x1)
"LWU"= 1 (0x1)
"LWV"= 1 (0x1)
"LWW"= 1 (0x1)
"LWX"= 1 (0x1)
"LWY"= 1 (0x1)
"LWZ"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.SEDG"= mcs_vfw.dll
"msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\00hoeav.com]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\0w.com]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\6.bat]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\6fnlpetp.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\6x8be16.cmd]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\a2cmd.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\a2upd.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\abk.bat]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Adobe Gamma Loader.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\algsrvs.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\algssl.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Angry.bat]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\antihost.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ANTS.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\apu-0607g.xml]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\apu.stt]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashDisp.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashEnhcd.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashLogV.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashMaiSv.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashPopWz.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashQuick.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashServ.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashSkPcc.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashUpd.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashWebSv.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswBoot.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswRegSvr.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswUpdSv.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autorun.bin]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Autorun.ini]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autorun.reg]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autorun.txt]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autorun.wsh]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autorunsc.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Avciman.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgamsvr.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgcc32.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgemc.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgrsx.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgscan.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgserv.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgupsvc.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avltd.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avmailc.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avzkrnl.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bad1.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bad2.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bad3.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdsubwiz.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\BDSurvey.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\BIOSREAD.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caiss.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caissdt.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\catcache.dat]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cauninst.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavApp.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cavasm.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavAUD.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CAVCmd.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CAVCtx.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavEmSrv.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Cavmr.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavMUD.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Cavoar.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavQ.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CAVRep.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CAVRid.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CAVSCons.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cavse.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavSn.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavSub.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CAVSubmit.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavUMAS.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavUserUpd.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Cavvl.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CEmRep.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ckahcomm.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ckahrule.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ckahum.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\clldr.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CMain.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\copy.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\curidsbase.kdz]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\destrukto.vbs]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DF5Serv.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\diffs.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drvins32.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drweb32w.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drweb386.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drwebwcl.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drwreg.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drwtsn32.exe]
"Debugger"=c:\windows\system32\wscript.exe /E:vbs c:\windows\system32\winjpg.jpg
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dwwin.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\e.cmd]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\e9ehn1m8.com]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\edb.chk]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EMDISK.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\f0.cmd]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FileKan.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\flashy.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fpscan.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fptrayproc.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Frameworkservice.EXE ]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FrzState2k.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fs6519.dll.vbs]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fssf.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fssync.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fun.xls.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\g2pfnid.com]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GetSI.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxkickoff.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxkickoff_x64.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxservice.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxup.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\h3.bat]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\hookinst.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\host.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\i.bat]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Identity.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iefqwp.cmd]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IEShow.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ij.bat]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\InstallCAVS.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\InstLsp.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iSafe.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iSafInst.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kav.bav]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavbase.kdl]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ker.vbs]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KeyMgr.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\killVBS.vbs]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kl1.sys]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\klavemu.kdl]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\klbg.cat]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\klbg.sys]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\klif.cat]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\klif.sys]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\klim5.sys]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\licmgr.ex]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\licreg.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lky.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\m2nl.bat]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcappins.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcaupdate.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcinfo.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcinsupd.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcmnhdlr.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcregwiz.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Mctray.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcupdmgr.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcupdui.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcvsftsn.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcvsmap.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msdos.pif]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msfir80.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MSGrc32.vbs]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msime80.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msizap.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msmsgs.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msvcm80.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msvcp80.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msvcr71.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msvcr80.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mzvkbd.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mzvkbd3.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\naiavfin.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\netcfg.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\new folder.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\njibyekk.com]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\olb1iimw.bat]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\OnAccessInstaller.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Pagent.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Pagentwd.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pavprsrv.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PavReport.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pctsAuxs.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pctsSvc.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pctsTray.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\preupd.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\prloader.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PSHost.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pskmssvc.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QtnMaint.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rcukd.cmd]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\reload.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rescuecd.zip]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rose.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sal.xls.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SCVHOST.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\scvhosts.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SCVHSOT.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SCVVHOST.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\scvvhosts.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SCVVHSOT.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SendLogs.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\session.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SocksA.ex]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SOLOCFG.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SOLOLITE.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SOLOSCAN.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SOLOSENT.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\spidercpl.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ssvichosst.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sxs.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\system.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\temp.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\temp2.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\toy.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UdaterUI.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\uiscan.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\unp_test.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\update.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\updater.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UPSDbMaker.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\userdump.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UUpd.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\v.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32Act.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32arkit.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32ECM.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32ifs.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vba32ldr.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32PP3.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32Qtn.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbcmserv.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbcons.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbglobal.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbimport.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbinst.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbscan.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbsystry.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VetMsg.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\virusutilities.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VisthAux.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsmon.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VsTskMgr.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\whi.com]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WinGrc32.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WrAdmin.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WrCtrl.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wsctool.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\yannh.cmd]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ybj8df.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Documents and Settings\\user\\Bureau\\les jeux\\game\\gtawin\\gtawin.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\VS Revo Group\\Revo Uninstaller\\revouninstaller.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\PROGRA~1\\FICHIE~1\\MICROS~1\\DW\\dwtrig20.exe"=
"c:\\ComboFix\\NirCmd.cfexe"=
"c:\\ComboFix\\NirCmdC.cfexe"=
"c:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe"=
"c:\\ComboFix\\Catchme.tmp"=
"c:\\WINDOWS\\VFIND.exe"=
"c:\\PROGRA~1\\FICHIE~1\\MICROS~1\\DW\\DW20.EXE"=
"c:\\WINDOWS\\system32\\cmd.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\msohtmed.exe"=
"c:\\Program Files\\Fichiers communs\\Microsoft Shared\\Source Engine\\OSE.EXE"=
"c:\\WINDOWS\\system32\\CF24829.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-10 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-10 20560]
S2 vcs;vcs;\??\c:\documents and settings\user\Bureau\Cracked\vcs.sys --> c:\documents and settings\user\Bureau\Cracked\vcs.sys [?]
S3 CCCP106;CIF USB Camera (2110A);c:\windows\system32\drivers\cccp106.sys [2006-09-15 227200]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ASC3360PR
*Deregistered* - Alerter
*Deregistered* - AudioSrv
*Deregistered* - BITS
*Deregistered* - Browser
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - gupdate1c99def399a725c
*Deregistered* - helpsvc
*Deregistered* - ImapiService
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - NWCWorkstation
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - RasMan
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - SQLBrowser
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - UleadBurningHelper
*Deregistered* - W32Time
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WudfSvc
*Deregistered* - WZCSVC
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08e2b56d-44b5-11db-9db4-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71b53f1e-0834-11de-ad83-4d6564696130}]
\Shell\AutoRun\command - F:\GuelmimG.bat
\Shell\explore\Command - F:\GuelmimG.bat -e
\Shell\open\Command - F:\GuelmimG.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7eb228ce-de4c-11dd-ad49-4d6564696130}]
\Shell\AutoRun\command - F:\2.cmd
\Shell\explore\Command - F:\2.cmd
\Shell\open\Command - F:\2.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e30da6c-b01a-11dd-acce-4d6564696130}]
\Shell\AutoRun\command - F:\xk2n.bat
\Shell\explore\Command - F:\xk2n.bat
\Shell\open\Command - F:\xk2n.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{923e9352-2126-11dd-ab51-4d6564696130}]
\Shell\AutoRun\command - F:\2.cmd
\Shell\explore\Command - F:\2.cmd
\Shell\open\Command - F:\2.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b3768c8-d73b-11dd-ad36-4d6564696130}]
\sheLl\aUtOplaY\coMmAnd - F:\dhoahh.pif
\sheLl\AutoRun\command - F:\dhoahh.pif
\sheLl\eXPLore\COmmand - F:\dhoahh.pif
\sheLl\OPeN\ComMaND - F:\dhoahh.pif
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a63f8e93-cec2-11dd-ad26-4d6564696130}]
\Shell\AutoRun\command - E:\abk.bat
\Shell\explore\Command - E:\abk.bat
\Shell\open\Command - E:\abk.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ceb9c787-0b2f-11de-ad8e-4d6564696130}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8e68268-9dff-11dd-ac8c-4d6564696130}]
\Shell\AutoRun\command - f6cavn.bat
\Shell\explore\Command - f6cavn.bat
\Shell\open\Command - f6cavn.bat
.
*******s of the 'Scheduled Tasks' folder
2009-03-19 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-06 00:04]
.
.
------- Supplementary Scan -------
.
uStart Page = about:Tabs
uInternet Connection Wizard,ShellNext = iexplore
IE: تحميل باستخدام داون لود إكسبريس - d:\programme 2\Download Express\Add_Url.htm
TCP: {0E568510-4B2C-4FC3-8645-2FCE4440B6D9} = 62.251.231.242 212.217.0.3
DPF: Microsoft XML Parser for Java -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

.
.
------- File Associations -------
.
txtfile=c:\windows\notepad.exe %1
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-03-19 23:36:53
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ےےےے¤•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-03-19 23:46:27 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-19 23:46:21
ComboFix2.txt 2009-03-15 14:56:42
Pre-Run: 10 792 439 808 octets libres
Post-Run: 10,580,291,584 octets libres
848 --- E O F --- 2009-03-19 00:37:06
 
تأييد 0

في البدايه يالغلا عطل استعادة النظام

طريقه تعطيل استعادة النظام


عطل نقطة استعادة النظام حسب الشرح التالي




dis_sys_xp.jpg


بعدين استخدم هذة الاداة


حمل اداة الكاسبر من الرابط التالي


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

او من هنا
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


او من هنا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي





بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل


تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير


zyzoom-3d6517b067.png


zyzoom-7717063ed7.png


zyzoom-cda271da05.png


zyzoom-26888dbf15.png


zyzoom-3f4576c288.png


ثم قوم بضغط التقرير ورفعه هنا>>>>
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



 
التعديل الأخير بواسطة المشرف:
توقيع : صمت السكوت
تأييد 0
و يعطيكي العافية أختي خلود << تم التحرير ...
 
توقيع : MMA_LORD_735
تأييد 0
اداة كاسبر لاتريد ان تفتح لقد حملتها من الرابط التالت ولكن لا تفتح

تخرج لي رسالة بها

c:/docume.................../temp/rar sfx3

folder is not accessible
 
تأييد 0
هدا تقرير الهايجاك للمرة التانية

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:09:18, on 20/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\user\Bureau\Zyzoom_KAV_AVP_Tool_1_12_2008.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\user\LOCALS~1\Temp\RarSFX1\zyzoom.exe
C:\DOCUME~1\user\LOCALS~1\Temp\etonl.exe
C:\DOCUME~1\user\LOCALS~1\Temp\kspqvc.exe
C:\DOCUME~1\user\LOCALS~1\Temp\imkt.exe
C:\Documents and Settings\user\Bureau\ادوات حدف البرامج والفيروسات\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
,
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\2.bin\A9SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\2.bin\A9SRCHAS.DLL
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: تحميل باستخدام داون لود إكسبريس - D:\programme 2\Download Express\Add_Url.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E568510-4B2C-4FC3-8645-2FCE4440B6D9}: NameServer = 62.251.231.242 212.217.0.3
O23 - Service: Google Update Service (gupdate1c99def399a725c) (gupdate1c99def399a725c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 4624 bytes
 
تأييد 0
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
هدا تقرير الهايجاك بعد الفحص باداة AVG virus remove

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:19:17, on 20/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\user\Bureau\Zyzoom_KAV_AVP_Tool_1_12_2008.exe
C:\DOCUME~1\user\LOCALS~1\Temp\RarSFX2\zyzoom.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\user\Bureau\ادوات حدف البرامج والفيروسات\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
,
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\2.bin\A9SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\2.bin\A9SRCHAS.DLL
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: تحميل باستخدام داون لود إكسبريس - D:\programme 2\Download Express\Add_Url.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E568510-4B2C-4FC3-8645-2FCE4440B6D9}: NameServer = 62.251.231.242 212.217.0.3
O23 - Service: Google Update Service (gupdate1c99def399a725c) (gupdate1c99def399a725c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 4498 bytes
 
تأييد 0
خلاص اخوي .. جهازك نظيف باذن الله

احذف البرنامج التالي من اضافة زاله البرامج AskPBar

ثم

احذف القيمه التاليه من تقرير الهايجاك

R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\2.bin\A9SRCHAS.DLL



R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)




طريقة الحذف

mg%20%283%29.png


mg%20%284%29.png


حمل هالبرنامج (( المحمول )) لتنظيف جهازك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


فك الضغط وشغل البرنامج

ثم

zyzoom-d762122afb.jpg


zyzoom-8dbf27d5b7.jpg




zyzoom-c43ce2675a.jpg




ثم

zyzoom-13a981099e.jpg



zyzoom-749b8be64f.jpg



zyzoom-233e42ae23.jpg



zyzoom-2835265acc.jpg



zyzoom-0f820fb2e3.jpg



وانتهى
 
التعديل الأخير بواسطة المشرف:
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
السلام عليكم لقد قمت بحدف القيم بواسطة الهايجاك

ولكن بالنسبة لبرنامج cclean فقد حملته ولكن عند فتحه يفتح وبسرعة يختفي لا يعطيني الفرصة باستخدامه

وسبق ايضا ان قمت بفحص الجهاز باداة مكافي وهدا تقرير الهايجاك مرة اخرى

اما برنامج askpbar الدي طلبت مني حدفه فهو غير ظاهر عندي في اضافة ازالة البرامج

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:01:50, on 21/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\user\LOCALS~1\Temp\untc.exe
C:\DOCUME~1\user\LOCALS~1\Temp\frbm.exe
C:\DOCUME~1\user\LOCALS~1\Temp\bxjubt.exe
C:\Documents and Settings\user\Bureau\ادوات حدف البرامج والفيروسات\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
,
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\2.bin\A9SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\2.bin\A9SRCHAS.DLL
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: تحميل باستخدام داون لود إكسبريس - D:\programme 2\Download Express\Add_Url.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E568510-4B2C-4FC3-8645-2FCE4440B6D9}: NameServer = 62.251.231.242 212.217.0.3
O23 - Service: Google Update Service (gupdate1c99def399a725c) (gupdate1c99def399a725c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 4377 bytes
 
تأييد 0
جزاكم الله خيرا تابعوا معي هدا المشكل لا تتركوني
 
تأييد 0
لمادا هدا السطر R3 كلما احدفه بواسطة الهايجاك دائما موجود لا يحدف

R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\2.bin\A9SRCHAS.DLL
 
تأييد 0
اهلا بك

القيمه الي قلت عليها اغلق المتصفح ثم احذفها مع هذي

R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\2.bin\A9SRCHAS.DLL



O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\2.bin\A9SRCHAS.DLL


واستخدم هالأداه البديله للتنظيف


ثم نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


التوافق : ويندوز اكسبيفقط

شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

000.png


001.png


وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

002.png


 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
هده الاداة اخي حملتها ولكن لا تفتح تخرج لي رسالة

unable to open the script file

وهدا تقرير الهايجاك بعد حدف القيم التي قلت لي ويتضح انها حدفت
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:40:25, on 21/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\DOCUME~1\user\LOCALS~1\Temp\winphhrs.exe
C:\DOCUME~1\user\LOCALS~1\Temp\winaduaw.exe
C:\DOCUME~1\user\LOCALS~1\Temp\aaep.exe
C:\DOCUME~1\user\LOCALS~1\Temp\wpfnh.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\user\LOCALS~1\Temp\krse.exe
C:\Documents and Settings\user\Bureau\ادوات حدف البرامج والفيروسات\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
,
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: تحميل باستخدام داون لود إكسبريس - D:\programme 2\Download Express\Add_Url.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E568510-4B2C-4FC3-8645-2FCE4440B6D9}: NameServer = 62.251.231.242 212.217.0.3
O23 - Service: Google Update Service (gupdate1c99def399a725c) (gupdate1c99def399a725c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 4207 bytes
 
تأييد 0
الا من منقد ينقدني ؟ الا من خبير يعطيني شيئا من خبرته ؟ المهم انا في الانتظار
 
تأييد 0

نزل هالاداة لتنظيف الجهاز​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


zyzoom-3c0e283670.gif




وكذا جهازك سيصبح نظيف اخوي .. هل باقي مشاكل ؟؟
 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
اخي اولا اشكرا لمجهودك ولمتابعتك مشكلي وبارك الله فيك

هده الاداة اخي هي الاخرى عندما حملتها سرعان ماتختفي لا تعطيني الفرصة في استخدامها وعندما فتحتها مباشرة بدون تحميل تعطيني هده الرسالة

done cleaning..ATF CLEANER has freed 20000KBS

ومرة تعطيني رسالة اخرى

no files were removed

المشاكل التي مازلت اعاني منها وهي كالتالي
1- لا استطيع تشغيل الجهاز بالوضع الامن ولقد طبقت كل تلك الطرق الاربعة التي اعطيتني
2-عندي مضاد الفيروسات avast معطوب كلما اردت ازالته او تتبيته ينطفيء الجهاز مباشرة
3-لا استطيع تتبيت اي نوع اخر من مضادات الفيروسات مادام avast موجودا
4-كل برامج الحماية لا تسطيع التشغيل منها برنامج ccleaner - control parental ومجموعة اخرى من البرامج اعطبت ومنها برامج تعليمية كتعليم اللغات وغيرها
5-حتى الصور لا تريد ان تفتح كلما اردت فتح اي صورة تخرج لي رسالة تقول
c:/windows/systeme32 shingvw.dll اظنه ملف حدف بالخطأ اثناء تقارير الهايجاك​

هده المشاكل اخي وانتظر الحلول ان كان ممكنا جزاكم الله الف خير
 
تأييد 0
ممكن احد يتابع معي جزاكم الله الف خير
 
تأييد 0
مازلت انتظر احدا ينقدني يا جماعة الخير
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى