ممكن حل لهذا الفيروس(اعادة تشغيل الجهاز)

[الامل والحياه]

السلام عليكم


تطلع معي هذي الرساله

يسوي اعادة تشغيل

فقط تخرج هذي الرساله

ولا يمكنني التحكم في سطح المكتب ( لاايقونات تخرج ولا شيء)​

 

[MAAX]

حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم

 

[الامل والحياه]

تفضل اخي الكريم


بس ياريت تكون فيه اداه اختصار للوقت لاني محتاج اشتغل عليه للجامعه

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:50 PM, on 4/20/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
G:\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GEST] m‘|\ü
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [GoldenFilterPro] C:\Program Files\Golden Filter Pro\GFPro.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: is-IEQ2V.lnk = C:\Documents and Settings\Administrator\Desktop\Virus Removal Tool\is-IEQ2V\startup.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 5015 bytes

​

 

[MAAX]

اعد التقرير بدون كود

 

[Corporation]

هذا زي ما اعرف يتسوى بالنوتبآد
آممم دور على مسـآرة وأحذفة ,,
وكممل مع الاستاذ مآكس ,,
وأن شاء الله سيزال عنك الهم أخي ,,​

 

[الامل والحياه]

تفضل اخي بدون الكود


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:50 PM, on 4/20/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
G:\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GEST] m‘|\ü
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [GoldenFilterPro] C:\Program Files\Golden Filter Pro\GFPro.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: is-IEQ2V.lnk = C:\Documents and Settings\Administrator\Desktop\Virus Removal Tool\is-IEQ2V\startup.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 5015 bytes
​

 

[hany mix]

كحل مؤقت عشان توقف الريستارت
عقبال ما تحل المشكلة نهائياً ان شاء الله
لما تظهرلك الرسالة دى اعمل الاتى
افتح [ Start ] .
واختر [ Run ] .
وآكـتـب الآمر التـالي :
[ shutdown -a]
​

 

[الامل والحياه]

اخي الكريم ما اقدر اخش علي الوندوز بطريقه العاديه

يخش عن طريق السيف مود

هل تنفع اذا خشيت علي السيف مود​

 

[Demo-dashDemo-dash is verified member.]

لما يجون الاحبه .. استخدم هالاداه من السيف مود

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم​

ومن السيف مود ارفع تقرير هاي جاك جديد .. وارفق لنا التقارير
​

 

[فارس الملاك]

لما يجون الاحبه .. استخدم هالاداه من السيف مود​

عطل جميع برامج الحماية ,,

وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم​

ومن السيف مود ارفع تقرير هاي جاك جديد .. وارفق لنا التقارير​

k:k:k:

 

[الامل والحياه]

ياهلا اخوي

ركبت الاداء

طلع التقرير بدون مايسوي رستار وهذا التقرير


ComboFix 09-04-21.A1 - Administrator 04/21/2009 14:22.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.2037.1800 [GMT 3:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\Data(10).dll
c:\windows\system32\Data(3).dll
c:\windows\system32\Data(7).dll
.
((((((((((((((((((((((((( Files Created from 2009-03-21 to 2009-04-21 )))))))))))))))))))))))))))))))
.
2009-04-19 18:28 . 2009-04-19 18:28 -------- d-----w c:\windows\LastGood.Tmp
2009-04-19 17:22 . 2009-04-12 15:12 20475 ------w c:\windows\hpoins01.dat.temp
2009-04-19 17:22 . 2003-04-07 06:31 16622 ------w c:\windows\hpomdl01.dat.temp
2009-04-12 15:20 . 2009-04-12 15:20 -------- d-----w c:\documents and settings\All Users\Application Data\MSScanAppDataDir
2009-04-12 15:14 . 2009-04-18 09:55 519 ----a-w C:\hpfr3420.xml
2009-04-12 15:10 . 2003-04-07 06:21 94208 ----a-r c:\windows\system32\HPZipt12.dll
2009-04-12 15:10 . 2003-04-07 06:21 57344 ----a-r c:\windows\system32\HPZisn12.dll
2009-04-12 15:10 . 2003-04-07 06:21 65795 ----a-r c:\windows\system32\HPZipm12.exe
2009-04-12 15:10 . 2003-04-07 06:21 61699 ----a-r c:\windows\system32\HPZinw12.exe
2009-04-12 15:10 . 2003-04-07 06:21 167936 ----a-r c:\windows\system32\HPZipr12.dll
2009-04-12 15:10 . 2003-04-07 06:21 16080 ----a-r c:\windows\system32\drivers\HPZipr12.sys
2009-04-12 15:10 . 2003-04-07 06:21 233528 ----a-r c:\windows\system32\HPZidr12.dll
2009-04-12 15:10 . 2003-04-07 06:21 51024 ----a-r c:\windows\system32\drivers\hpzid412.sys
2009-04-12 15:10 . 2003-04-07 06:21 21456 ----a-r c:\windows\system32\drivers\HPZius12.sys
2009-04-12 15:10 . 2004-08-03 19:58 15104 -c--a-w c:\windows\system32\dllcache\usbscan.sys
2009-04-12 15:10 . 2004-08-03 19:58 15104 ----a-w c:\windows\system32\drivers\usbscan.sys
2009-04-12 15:06 . 2009-04-12 15:12 20475 ------w c:\windows\hpoins01.dat
2009-04-12 15:06 . 2003-04-07 06:31 16622 ------w c:\windows\hpomdl01.dat
2009-04-12 15:02 . 2009-04-12 15:02 -------- d-----w c:\windows\system32\NtmsData
2009-04-12 14:47 . 2004-10-08 01:16 35840 ----a-w c:\windows\system32\drivers\AFS2K.SYS
2009-04-09 22:06 . 2009-04-09 22:06 -------- d-----w c:\windows\system32\KB905474
2009-04-09 22:06 . 2009-03-10 19:26 1403264 ----a-w c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-04-09 22:06 . 2009-03-10 19:18 453512 ----a-w c:\windows\system32\KB905474\wgasetup.exe
2009-04-09 22:06 . 2009-02-09 15:51 12490 ----a-w c:\windows\system32\KB905474\wga_eula.txt
2009-04-09 19:07 . 2009-04-09 19:07 -------- d--h--w c:\windows\PIF
2009-04-08 20:35 . 2009-04-14 21:14 73 ----a-w c:\windows\cdplayer.ini
2009-04-08 20:23 . 2009-04-08 20:23 20 ----a-w c:\windows\TTN.INI
2009-04-08 20:22 . 2009-04-08 20:22 -------- d-----w C:\ttnd
2009-04-06 05:22 . 2009-04-06 05:22 268 ---ha-w C:\sqmdata07.sqm
2009-04-06 05:22 . 2009-04-06 05:22 244 ---ha-w C:\sqmnoopt07.sqm
2009-04-04 11:50 . 2004-08-03 20:01 25856 -c--a-w c:\windows\system32\dllcache\usbprint.sys
2009-04-04 11:50 . 2004-08-03 20:01 25856 ----a-w c:\windows\system32\drivers\usbprint.sys
2009-03-30 07:11 . 2009-03-30 08:58 -------- d-----w c:\windows\system32\CatRoot_bak
2009-03-30 06:57 . 2009-02-20 18:09 52224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
2009-03-30 06:57 . 2009-02-20 18:09 459264 -c----w c:\windows\system32\dllcache\msfeeds.dll
2009-03-30 06:57 . 2009-02-20 18:09 268288 -c----w c:\windows\system32\dllcache\iertutil.dll
2009-03-30 06:57 . 2009-02-20 18:09 63488 -c----w c:\windows\system32\dllcache\icardie.dll
2009-03-30 06:57 . 2009-02-20 18:09 383488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
2009-03-30 06:57 . 2009-02-20 10:20 13824 -c----w c:\windows\system32\dllcache\ieudinit.exe
2009-03-30 06:57 . 2008-07-09 14:30 991232 -c----w c:\windows\system32\dllcache\ieframe.dll.mui
2009-03-30 06:57 . 2008-07-09 14:25 2455488 -c----w c:\windows\system32\dllcache\ieapfltr.dat
2009-03-30 06:57 . 2009-02-20 18:09 6066176 -c----w c:\windows\system32\dllcache\ieframe.dll
2009-03-30 06:55 . 2008-06-13 13:10 272128 -c----w c:\windows\system32\dllcache\bthport.sys
2009-03-30 06:55 . 2008-06-13 13:10 272128 ------w c:\windows\system32\drivers\bthport.sys
2009-03-30 06:46 . 2009-02-06 17:24 2180480 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-30 06:46 . 2009-02-06 17:22 2136064 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-30 06:46 . 2009-02-06 16:49 2057728 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-30 06:46 . 2009-02-06 16:49 2015744 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-30 06:36 . 2008-10-24 11:10 453632 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-03-29 20:22 . 2008-10-16 11:06 27496 ----a-w c:\windows\system32\mucltui.dll.mui
2009-03-29 20:22 . 2008-10-16 11:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-03-29 20:22 . 2008-10-16 11:06 208744 ----a-w c:\windows\system32\muweb.dll
2009-03-29 20:19 . 2009-03-29 20:19 -------- d-----w c:\documents and settings\All Users\Application Data\Windows Live Toolbar
2009-03-29 20:19 . 2008-10-16 11:09 43544 ----a-w c:\windows\system32\wups2.dll
2009-03-29 20:19 . 2008-10-16 11:09 31768 ----a-w c:\windows\system32\wucltui.dll.mui
2009-03-29 20:19 . 2008-10-16 11:07 18456 ----a-w c:\windows\system32\wuaueng.dll.mui
2009-03-29 20:19 . 2008-10-16 11:07 23576 ----a-w c:\windows\system32\wuaucpl.cpl.mui
2009-03-29 20:19 . 2008-10-16 11:07 23576 ----a-w c:\windows\system32\wuapi.dll.mui
2009-03-23 14:15 . 2009-03-23 14:15 -------- d-----w c:\windows\Sun
2009-03-23 04:06 . 2009-03-23 04:06 292 ---ha-w C:\sqmdata06.sqm
2009-03-23 04:06 . 2009-03-23 04:06 244 ---ha-w C:\sqmnoopt06.sqm
2009-03-22 23:03 . 2009-03-22 23:03 268 ---ha-w C:\sqmdata05.sqm
2009-03-22 23:03 . 2009-03-22 23:03 244 ---ha-w C:\sqmnoopt05.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-21 11:17 . 2009-04-20 19:49 36832 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-21 11:08 . 2009-03-17 13:55 32 ----a-w C:\service.log
2009-04-21 11:08 . 2009-03-17 13:54 16608 ----a-w c:\windows\gdrv.sys
2009-04-20 19:49 . 2009-04-20 19:49 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-20 18:40 . 2009-04-20 18:40 -------- d-----w c:\documents and settings\Administrator\Application Data\abelhadigital.com
2009-04-18 09:55 . 2009-04-12 15:14 3545 ----a-w C:\hpfr3425.log
2009-04-14 15:15 . 2009-04-14 15:15 -------- d-----w c:\program files\Focus Multimedia
2009-04-13 17:55 . 2009-03-17 13:55 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-12 14:47 . 2009-04-12 14:44 -------- d-----w c:\program files\Hewlett-Packard
2009-04-12 14:44 . 2009-04-12 14:44 -------- d-----w c:\program files\Common Files\Hewlett-Packard
2009-03-29 20:22 . 2009-03-29 20:14 -------- d-----w c:\program files\Windows Live Toolbar
2009-03-29 20:22 . 2009-03-29 20:22 -------- d-----w c:\program files\Windows Live Favorites
2009-03-29 20:13 . 2009-03-29 20:13 -------- d-----w c:\program files\MSN Messenger
2009-03-20 16:58 . 2009-03-20 16:58 -------- d-----w c:\documents and settings\All Users\Application Data\abelhadigital.com
2009-03-20 16:58 . 2009-03-20 16:58 -------- d-----w c:\program files\abelhadigital.com
2009-03-20 16:57 . 2009-03-20 16:57 -------- d-sha-r c:\program files\Golden Filter Pro
2009-03-20 15:04 . 2009-03-20 15:04 268 ---ha-w C:\sqmdata04.sqm
2009-03-20 15:04 . 2009-03-20 15:04 244 ---ha-w C:\sqmnoopt04.sqm
2009-03-19 16:06 . 2009-03-19 16:06 172 ---ha-w C:\sqmnoopt03.sqm
2009-03-19 16:06 . 2009-03-19 16:06 172 ---ha-w C:\sqmdata03.sqm
2009-03-19 16:06 . 2009-03-19 16:06 244 ---ha-w C:\sqmnoopt02.sqm
2009-03-19 16:06 . 2009-03-19 16:06 232 ---ha-w C:\sqmdata02.sqm
2009-03-19 16:05 . 2009-03-19 16:05 280 ---ha-w C:\sqmdata01.sqm
2009-03-19 16:05 . 2009-03-19 16:05 244 ---ha-w C:\sqmnoopt01.sqm
2009-03-17 23:24 . 2009-03-17 23:24 268 ---ha-w C:\sqmdata00.sqm
2009-03-17 23:24 . 2009-03-17 23:24 244 ---ha-w C:\sqmnoopt00.sqm
2009-03-17 23:21 . 2009-03-17 23:21 -------- d-----w c:\program files\ESET
2009-03-17 23:21 . 2009-03-17 23:21 -------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-03-17 18:57 . 2009-03-17 13:47 166455 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-17 18:53 . 2009-03-17 18:53 -------- d-----w c:\program files\VideoLAN
2009-03-17 18:53 . 2009-03-17 18:53 -------- d-----w c:\program files\K-Lite Codec Pack
2009-03-17 18:52 . 2009-03-17 18:52 -------- d-----w c:\program files\Java
2009-03-17 18:52 . 2009-03-17 18:52 -------- d-----w c:\program files\Common Files\Java
2009-03-17 18:51 . 2009-03-17 18:51 -------- d-----w c:\program files\Common Files\xing shared
2009-03-17 18:51 . 2009-03-17 18:51 -------- d-----w c:\program files\Common Files\Real
2009-03-17 18:51 . 2009-03-17 18:51 -------- d-----w c:\program files\Real
2009-03-17 18:51 . 2009-03-17 18:36 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-03-17 18:51 . 2009-03-17 18:36 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-03-17 18:49 . 2009-03-17 18:49 -------- d-----w c:\program files\GRETECH
2009-03-17 18:37 . 2009-03-17 18:37 -------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2009-03-17 18:36 . 2009-03-17 18:36 -------- d-----w c:\program files\CyberLink
2009-03-17 18:36 . 2009-03-17 13:55 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-17 18:35 . 2009-03-17 18:35 -------- d-----w c:\program files\Common Files\Adobe
2009-03-17 18:25 . 2009-03-17 18:25 -------- d-----w c:\program files\Common Files\L&H
2009-03-17 18:25 . 2009-03-17 18:25 -------- d-----w c:\program files\Microsoft.NET
2009-03-17 18:25 . 2009-03-17 18:25 -------- d-----w c:\program files\Microsoft ActiveSync
2009-03-17 18:24 . 2009-03-17 18:24 -------- d-----w c:\program files\Microsoft Works
2009-03-17 18:10 . 2009-03-17 18:08 197 ----a-w C:\csb.log
2009-03-17 18:10 . 2009-03-17 18:08 -------- d-----w c:\program files\Realtek
2009-03-17 18:08 . 2009-03-17 18:08 429 ----a-w C:\RHDSetup.log
2009-03-17 18:08 . 2009-03-17 18:08 315392 ----a-w c:\windows\HideWin.exe
2009-03-17 13:56 . 2009-03-17 13:56 -------- d-----w c:\program files\Intel
2009-03-17 13:55 . 2009-03-17 13:55 -------- d-----w c:\program files\Browser Configuration Utility
2009-03-17 13:55 . 2009-03-17 13:55 -------- d-----w c:\program files\Gigabyte
2009-03-17 13:48 . 2009-03-17 13:48 -------- d-----w c:\program files\microsoft frontpage
2009-03-17 13:44 . 2009-03-17 13:44 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-06 14:44 . 2004-08-04 12:00 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-04 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-04 12:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 10:20 . 2004-08-04 12:00 723456 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2004-08-04 12:00 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2004-08-04 12:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:20 . 2004-08-04 12:00 616960 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:19 . 2004-08-04 12:00 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-06 17:22 . 2004-08-04 12:00 2136064 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 17:14 . 2004-08-04 12:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 16:54 . 2004-08-04 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 16:49 . 2004-08-03 22:59 2015744 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 20:08 . 2004-08-04 12:00 55808 ----a-w c:\windows\system32\secur32.dll
.
------- Sigcheck -------
[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\sfcfiles.dll
[-] 2007-09-07 00:24 1580544 6E266AAF4168B3569A330C61AB01F6B4 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="m‘|\ü" [X]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-05 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-05 137752]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-09-18 29696]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-09-29 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-17 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-02-13 16857600]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
is-IEQ2V.lnk - c:\documents and settings\Administrator\Desktop\Virus Removal Tool\is-IEQ2V\startup.exe [2009-4-20 65536]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-3-17 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-02-20 33800]
R1 is-IEQ2Vdrv;is-IEQ2Vdrv;c:\windows\system32\DRIVERS\52215723.sys [2008-07-08 148496]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\ESSVR.EXE [2008-07-17 80392]
R2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2004-08-04 3584]
.
Contents of the 'Scheduled Tasks' folder
2009-04-20 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 14:39]
2009-04-12 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8239549124.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 21:52]
2009-04-21 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-09 19:18]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-GoldenFilterPro - c:\program files\Golden Filter Pro\GFPro.exe

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-04-21 14:24
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-04-21 14:25
ComboFix-quarantined-files.txt 2009-04-21 11:25
Pre-Run: 20,107,001,856 bytes free
Post-Run: 20,151,881,728 bytes free
224 --- E O F --- 2009-04-17 00:02


===============================================


وهذا تقرير الهاي جاك


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:30:20 PM, on 4/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\Administrator\Desktop\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GEST] m‘|\ü
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [GoldenFilterPro] C:\Program Files\Golden Filter Pro\GFPro.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: is-IEQ2V.lnk = C:\Documents and Settings\Administrator\Desktop\Virus Removal Tool\is-IEQ2V\startup.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 5184 bytes
​

 

[Demo-dashDemo-dash is verified member.]

خلاص مو مشكلة ,, من تقرير الهاي جاك احذف القيم التالية

R3 - Default URLSearchHook is missing


O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


O4 - HKLM\..\Run: [GEST] m‘|\ü


O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u


O4 - Startup: is-IEQ2V.lnk = C:\Documents and Settings\Administrator\Desktop\Virus Removal Tool\is-IEQ2V\startup.exe


O4 - Global Startup: hp psc 1000 series.lnk = ?



O4 - Global Startup: hpoddt01.exe.lnk = ?

طريقة الحذف

ثم نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التوافق : ويندوز اكسبيفقط

شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

​

عطل برنامج الحمايه واستخدم اداة SmitfraudFix​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور

​

​

ثم ركب هالإعدادات

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

واعمل فحص شامل للجهاز

​

 

[الامل والحياه]

طيب طيب راح اطبق

بس بنسبه لاداء الثانيه الكاسبر وقفها عن التحميل

شوف هذي الصوره

 

[Demo-dashDemo-dash is verified member.]

طيب طيب راح اطبق

بس بنسبه لاداء الثانيه الكاسبر وقفها عن التحميل

شوف هذي الصوره

بالنسبه للأداها الثانيه هي سليمه ومافيه اي اشكال ودائم نستخدمها هنا للصيانه ... لذلك دوم احنا نقول عطل برامج الحمايه .. قبل البدء بالتحميل