כנראה יש לי וירוס במחשב

[שלמה]

ל-drshatil

דפי האינטרנט לא ניפתחים בקישורי קבצים שרשמת בפעם האחרונה.

[שלמה]

ל-itsho

עוד לא ניסיתי את הפתרון שלך אבל אם זה COMBOFIX אז ניסיתי אתמול וזה לא פתר את הבעיות המצויינות.

[oded]

 

http://www.kellys-korner-xp.com/regs_edits/restoreregistry.r eg

[itsho]

ציטוט:

"אם זה COMBOFIX" ???

 

א. תעלה לכאן את הדוח שcombofix נתן לך.

ב. תנסה להשתמש בmbam 

http://www.malwarebytes.org/mbam.php

תוריד, תעדכן, ותעשה סריקה מלאה (זה יכול לקחת גם לילה שלם)

[שלמה]

זה הדו"ח שה-COMO הוציא לי

ComboFix 09-01-08.04 – Administrator 01/09/2009 13:27:45.3 – NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1255.1.1037.18.1015.701 [GMT 2:00]
Running from: c:\documents and settings\Administrator\שולחן העבודה\סרטים לרכב\ComboFix.exe
 * Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((   Files Created from 2008-12-09 to 2009-01-09  )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-09 07:59 ——— d—–w c:\documents and settings\Administrator\Application Data\Skype
2009-01-09 07:53 ——— d—a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-09 07:13 ——— d—–w c:\documents and settings\Administrator\Application Data\skypePM
2009-01-09 05:16 ——— d—–w c:\program files\securedie
2009-01-09 05:16 ——— d—–w c:\documents and settings\All Users\Application Data\BufferZone
2009-01-09 05:13 ——— d–h–w c:\documents and settings\Administrator\Application Data\drivers
2009-01-09 02:20 ——— d—–w c:\program files\eMule
2009-01-07 19:12 ——— d—–w c:\program files\CCleaner
2009-01-07 16:02 ——— d—–w c:\program files\Alwil Software
2009-01-07 15:18 67,678 —-a-w c:\windows\system32\wint ems.exe.vir
2009-01-07 14:58 ——— d—–w c:\documents and settings\All Users\Application Data\Simply Super Software
2009-01-07 14:58 ——— d—–w c:\documents and settings\Administrator\Application Data\Simply Super Software
2009-01-07 11:17 ——— d—–w c:\program files\Common Files\AVSMedia
2009-01-07 11:04 ——— d—–w c:\documents and settings\All Users\Application Data\AVS4YOU
2009-01-07 11:04 ——— d—–w c:\documents and settings\Administrator\Application Data\AVSMedia
2009-01-07 08:15 ——— d—–w c:\program files\Easy Video Splitter
2009-01-06 09:39 ——— d—–w c:\program files\WinAVI Video Converter
2009-01-06 08:31 ——— d—–w c:\documents and settings\Administrator\Application Data\Thinstall
2008-12-27 17:25 ——— d—–w c:\program files\Unlocker
2008-12-20 12:10 ——— d—–w c:\program files\StepMania CVS
2008-12-13 10:49 ——— d—–w c:\program files\NovaLogic
2008-12-12 17:15 ——— d–h–w c:\program files\InstallShield Installation Information
2008-12-12 17:14 ——— d—–w c:\program files\SmartSound Software
2008-12-12 17:14 ——— d—–w c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2008-12-12 17:12 ——— d—–w c:\program files\Pinnacle
2008-12-12 17:05 ——— d—–w c:\documents and settings\All Users\Application Data\Pinnacle
2008-12-07 20:41 ——— d—–w c:\documents and settings\Administrator\Application Data\SmartDraw
2008-12-07 20:33 ——— d—–w c:\program files\MoNooN
2008-12-07 20:27 796,672 —-a-w c:\windows\GPInstall.ex e
2008-12-04 21:48 ——— d—–w c:\program files\Malwarebytes' Anti-Malware
2008-12-03 17:52 38,496 —-a-w c:\windows\system32\driv ers\mbamswissarmy.sys
2008-12-03 17:52 15,504 —-a-w c:\windows\system32\driv ers\mbam.sys
2008-11-23 16:16 ——— d—–w c:\program files\K-Lite Codec Pack
2008-11-23 08:30 ——— d—–w c:\documents and settings\Administrator\Application Data\Media Player Classic
2008-11-23 08:22 ——— d—–w c:\documents and settings\Administrator\Application Data\Media Player Classic(2)
2008-11-16 07:00 ——— d—–w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-07 22:16 315,392 —-a-w c:\windows\HideWin.exe
.

(((((((((((((((((((((((((((((   snapshot@Fri 01-09-2009_10.00.01.00   )))))))))))))))))))))))))))))))))))))))))
.
– 2009-01-09 07:17:21 40,128 —-a-w c:\windows\system32\p erfc009.dat
+ 2009-01-09 10:33:02 40,128 —-a-w c:\windows\system32\p erfc009.dat
– 2009-01-09 07:17:21 40,112 —-a-w c:\windows\system32\p erfc00d.dat
+ 2009-01-09 10:33:02 40,112 —-a-w c:\windows\system32\p erfc00d.dat
– 2009-01-09 07:17:21 311,740 —-a-w c:\windows\system32\ perfh009.dat
+ 2009-01-09 10:33:02 311,740 —-a-w c:\windows\system32\ perfh009.dat
– 2009-01-09 07:17:21 247,950 —-a-w c:\windows\system32\ perfh00d.dat
+ 2009-01-09 10:33:02 247,950 —-a-w c:\windows\system32\ perfh00d.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{cd36797a-70f3-4acd-8825-623d3b896881}"= "c:\program files\securedie\tbsecu.dll" [09/06/2007 12:28 PM 1453080]

[HKEY_CLASSES_ROOT\clsid\{cd36797a-70f3-4acd-8825-623d3b896881}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cd36797a-70f3-4acd-8825-623d3b896881}]
09/06/2007 12:28 PM 1453080 –a—— c:\program files\securedie\tbsecu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{cd36797a-70f3-4acd-8825-623d3b896881}"= "c:\program files\securedie\tbsecu.dll" [09/06/2007 12:28 PM 1453080]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CD36797A-70F3-4ACD-8825-623D3B896881}"= "c:\program files\securedie\tbsecu.dll" [09/06/2007 12:28 PM 1453080]

[HKEY_CLASSES_ROOT\clsid\{cd36797a-70f3-4acd-8825-623d3b896881}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [08/26/2004 05:53 PM 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [08/26/2004 05:53 PM 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= vdrcodec.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^תפריט התחלה^תוכניות^הפעלה^802.11g USB 2.0 adapter Setting.lnk]
path=c:\documents and settings\Administrator\תפריט התחלה\תוכניות\הפעלה\802.11g USB 2.0 adapter Setting.lnk
backup=c:\windows\pss\802.11g USB 2.0 adapter Setting.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
–a—— 01/07/2009 06:02 PM 81000 c:\progra~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
–a—— 07/11/2007 04:09 PM 20480 c:\windows\FixCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
–a—— 10/27/2006 12:47 AM 31016 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
–a—— 11/13/2006 01:39 PM 1289000 c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
-ra—— 11/08/2007 09:56 AM 166424 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
-ra—— 11/08/2007 09:56 AM 141848 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
–a—— 02/26/2008 02:08 PM 2289664 c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
–a—— 01/19/2007 12:54 PM 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
–a—— 02/18/2008 04:29 PM 2221352 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
–a—— 03/25/2008 01:33 PM 570664 c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
-ra—— 11/08/2007 09:56 AM 137752 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
–a—— 03/10/2004 04:26 PM 406016 c:\windows\system32\PSDrvCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra—— 09/23/2008 02:17 PM 21755688 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
–a—— 05/10/2007 01:18 PM 835584 c:\windows\vsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
–a—— 01/18/2008 03:55 PM 270336 c:\windows\tsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
–a—— 01/07/2009 05:17 PM 6144 c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r——- 10/25/2007 05:57 AM 16855552 c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r——- 10/11/2007 05:04 AM 1826816 c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:Act iveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:Ac tiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:Act iveSync Application
"c:\\Program Files\\NovaLogic\\Delta Force 2\\Update.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\drivers\l251x86.sys [2008-11-08 30720]
S1 aswSP;avast! Self Protection; [x]
S4 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys –> c:\windows\system32\DRIVERS\aswFsBlk.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e16280a4-ad1d-11dd-a752-000b6b6fdf0c}]
\Shell\Auto\command – gb32.exe
\Shell\AutoRun\command – c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL gb32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
——- Supplementary Scan ——-
.
uStart Page = hxxp://www.link4u.co.il/
uInternet Connection Wizard,ShellNext = iexplore
IE: &ייצוא אל Microsoft Excel – c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

************************************************************ **************

catchme 0.3.1367 W2K/XP/Vista – rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-09 13:28:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

************************************************************ **************
.
——————— LOCKED REGISTRY KEYS ———————

[HKEY_USERS\Administrator\Software\Microsoft\  M*NULL*i*NULL*c*NULL*r*NULL*o*NULL*s*NULL*o*NULL*f*NULL*t*NULL* *NULL*M*NULL*a*NULL*n*NULL*a*NULL*g*NULL*e*NULL*m*NULL*e*NULL*n*NULL*t*NULL* *NULL*C*NULL*o*NULL*n*NULL*s*NULL*o*NULL*l*NULL*e*NULL*\Recent File List]
"File1"="c:\\WINDOWS\\system32\\Com\\comexp.msc"
"File2"="c:\\WINDOWS\\system32\\services.msc"
"File3"="c:\\WINDOWS\\system32\\compmgmt.msc"
"File4"="c:\\WINDOWS\\system32\\ciadv.msc"

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
"VRegSpecialValueName"=dword:000000aa
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Implemented Categories]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\InprocServer32]
"VRegSpecialValueName"=dword:000000aa
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Microsoft\Windows NT\CurrentVersion\Windows]
@Denied: (Full) (Everyone)
@Denied: (Full) (Everyone)
"VRegSpecialValueName"=dword:000000aa
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff, 68,51,30,29,10,d7,\
  62,40,2d,c8,28,51,af,b0,29,a3,98,6e,60,31,4e,6a,cd,46,0b,e2, 63,26,f1,3f,c8,\
  ff,68,c3,50,58,81,2a,ee,41,8f,e2,63,26,f1,3f,c8,ff,68,98,49, 9f,57,7a,07,06,\
  12,bf,99,a4,0c

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d, 96,f5,9c,b6,cf,3c,\
  f5,65,e1,71,3b,04,66,8b,46,0d,96,30,4a,47,5c,80,e0,d5,9a,6a, 9c,d6,61,af,45,\
  84,18,87,e2,22,a1,48,73,93,bc,6a,9c,d6,61,af,45,84,18,88,7c, d8,6b,27,74,ec,\
  39,8f,31,24,9b

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9, 26,d1,2d,85,0b,47,\
  3d,a4,ba,25,da,ec,7e,55,20,c9,26,f4,31,0f,1b,63,0b,55,f3,ff, 7c,85,e0,43,d4,\
  0e,fe,62,66,51,f1,ad,5d,8d,c3,25,da,ec,7e,55,20,c9,26,13,45, 82,66,95,a5,a2,\
  7e,15,54,39,55

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74, f7,25,1c,dd,34,fa,\
  65,5c,b7,3e,1e,9e,e0,57,5a,93,61,00,7d,75,01,e7,0a,81,b0,86, 8c,21,01,be,91,\
  eb,e7,2d,f0,5a,de,9d,12,e3,24,3e,1e,9e,e0,57,5a,93,61,6e,c8, 84,c6,88,01,48,\
  2f,3c,2e,a6,cc

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c, 05,b0,f2,be,02,fc,\
  ab,aa,b0,cd,44,cd,b9,a6,33,6c,cd,2e,62,4a,1e,5b,34,1b,b9,f5, 1d,4d,73,a8,13,\
  5c,05,07,76,e0,55,63,be,24,6c,f5,1d,4d,73,a8,13,5c,05,23,36, 66,28,16,b6,13,\
  2a,b8,f8,1d,ed

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e, ab,02,c6,ee,c7,ef,\
  4e,5c,b4,b0,18,ed,a7,3f,8d,37,a4,04,40,30,22,32,ca,c3,b5,df, 20,58,62,78,6b,\
  cf,c8,54,22,54,22,e4,15,58,af,df,20,58,62,78,6b,cf,c8,b0,15, 84,5b,e8,bb,56,\
  47,ac,db,95,f3

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a, ea,86,c0,22,a2,13,\
  df,b6,16,31,77,e1,ba,b1,f8,68,02,1f,f1,4a,b0,2f,af,0c,97,fb, a7,78,e6,12,2f,\
  9a,ea,d7,58,5a,00,50,08,d2,3e,97,20,4e,9a,c7,f1,35,ee,cc,d7, 03,23,75,20,b0,\
  b0,38,b9,5d,a3

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96, ab,6f,7b,fc,29,e7,\
  19,f3,6a,83,6c,56,8b,a0,85,96,ab,84,5e,ea,6f,da,d4,44,b9,01, 3a,48,fc,e8,04,\
  4a,f1,0b,a9,c6,e6,93,b3,7e,c1,83,6c,56,8b,a0,85,96,ab,f4,98, ec,e0,cd,66,63,\
  e3,a4,d9,fb,97

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b, 94,ce,66,ea,b6,e4,\
  30,ed,66,51,fa,6e,91,28,9e,14,cc,62,2e,9a,f4,ec,9f,3f,56,f6, 0f,4e,58,98,5b,\
  89,c9,41,3b,9d,85,93,01,46,0d,b2,46,9a,e2,1b,fe,1b,94,6c,f4, cc,34,1c,4e,bf,\
  8c,0a,85,72,0c

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa, 78,16,aa,7a,95,5c,\
  e5,43,69,b1,cd,45,5a,a8,c4,f8,b9,c7,19,b2,e5,ce,3d,b9,eb,3d, ce,ea,26,2d,45,\
  aa,78,92,e8,81,62,87,5f,32,28,b1,cd,45,5a,a8,c4,f8,b9,33,a5, e2,f1,24,3f,a1,\
  fd,f3,96,aa,72

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f, 6b,90,da,08,f5,a2,\
  8f,7f,c7,e3,0e,66,d5,eb,bc,2f,6b,6b,bb,d5,04,d9,f2,32,21,2a, b7,cc,b5,b9,7f,\
  41,e7,54,dd,33,3e,51,c2,94,ac,e3,0e,66,d5,eb,bc,2f,6b,d4,bc, 96,51,f7,dc,87,\
  1b,30,82,8c,67

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f, 9c,7f,57,49,49,49,\
  15,70,93,fa,ea,66,7f,d4,3b,6b,70,e6,1d,99,1b,3e,f6,f7,4c,6c, 43,2d,1e,aa,22,\
  2f,9c,8c,00,94,5a,8a,ea,50,86,6c,43,2d,1e,aa,22,2f,9c,24,2b, 2f,72,68,0b,2f,\
  f9,07,94,80,49
.
Completion time: 01/09/2009 13:29:24
ComboFix-quarantined-files.txt  2009-01-09 11:29:23
ComboFix2.txt  2009-01-09 08:05:40

Pre-Run: 66,155,671,552 bytes free
Post-Run: 66,162,970,624 bytes free

290

[oded]

לא ענית מה יצא מהקישור שנתתי לך (תיקון לאלו שלא נפתחו )

http://www.kellys-korner-xp.com/regs_edits/restoreregistry.r eg

[שלמה]

לא יצא כלום הבעיה נשארה כשהיתה

 

[oded]

הייתי מציע לך פתרון מאד פשוט בעל כמה אפשרויות

בקישור הזה הייתי מתחיל מסעיף 4 ,כאשר אם לא יעזור כלום תבצע את הסעיף האחרון שבמליון אחוז יעזור .

http://hofshi.co.cc/study/fixxp.htm

[שלמה]

שלום

בסופו של דבר החלטתי לפרמט את המחשב וכרגע הכל בסדר פרט לשאלה נוספת קטנה ולא קשרוה לקודמת

לאחר הפירמוט כשמדליקים את המחשב יש צורך ללחוץ על מקש F1 כדי שהמחשב ימשיך לעלות אני חושב שזה הגדרה ששונתה בביוס בכדי שיקרא קודם ממנו לצורך ביצוע הפחרמוט אבל מה צריך לשנות כדי שהמחשב יעלה ללא מגע נוסף

בתודה

שלמה

[oded]

הכנס לביוס( אם לא בצעת שם שינוי אחרי הפרמוט )

נווט ל לשונית boot

שם תעביר את ההארדיסק לשורה הראשונה

ואת ההסידירום לשורה השניה .

אישור.

אם אין לך סיסמת כניסה אזי המחשב יעלה ישירות.

[מאת]

תגובות