O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
Nasty
To be fixed immediately! This entry was classified from our visitors as bهذا الملف لا يمسح رغم المحاوله اكثر من مره
كيف ازيله
للبحث في شبكة لكِ النسائية:
|
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
Nasty
To be fixed immediately! This entry was classified from our visitors as bهذا الملف لا يمسح رغم المحاوله اكثر من مره
كيف ازيله
اختي هل هذه القيمة الوحيدة هاتي التقرير كامل اشوفة
وان كانت هي جربي هالملف نزلية وشغليه
http://filaty.com/f/903/1.204/Autoru...r_2.0.rar.html
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:37:26 م, on 10/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Clear History\ClearHistory.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\??????????????????????????????????????????????? ?s and Settings\user\Desktop\Nokia PC Suite 6\PCSync2.exe
C:\??????????????????????????????????????????????? ?s and Settings\user\Desktop\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX04.828\Hijack This 2.0.2.exe
C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX05.000\Hijack This 2.0.2.exe
C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX05.125\Hijack This 2.0.2.exe
C:\Program Files\WinRar\WinRAR.exe
C:\Program Files\WinRar\WinRAR.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\dumprep.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ClearHistory] C:\Program Files\Clear History\ClearHistory.exe -hidden
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [user] C:\??????????????????????????????????????????????? ?s and Settings\user\user.exe /i
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\?????????????????????????????????????????????? ??s and Settings\user\Desktop\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\?????????????????????????????????????????????? ??s and Settings\user\Desktop\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O20 - AppInit_DLLs: emqsys.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AshEvtSvc - Unknown owner - C:\WINDOWS\System32\AshEvtSvc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Office Source Engine oseRpcLocator (oseRpcLocator) - Unknown owner - C:\WINDOWS\system32\arpb.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
--
End of file - 5204 bytes
هذا هو التقرير المطلوب
وعند تشغيل قاتل الفيرسات الذى تكرمت باعطائى رابطه اجد الجهاز ينطفى لوحده
هل فى امكانيه ان ادخل على مكان هذا الملف الخطر وامسحه
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit
هذا هو الملف والله اعلم
ايضا عملت سكان باداه اخرى وكانت النتيجه
[/URL]
آخر مرة عدل بواسطة اسالك الجنه : 10-03-2009 في 03:31 PM
أختاري Delete لما يظهرلك المربع
وشوفي جربي الاصلاح مرة ثانية
الروابط المفضلة