مشكله فولدر Antorun.inf

[cute0angel0]

السلام عليكم

اريد حل لمشكلتى ضرورى!!
عندى فولدر فى جميع برتشناتى اسمه Antorun.inf لا يريد ان يحذف ولا استطيع ان افعل اى شىء فى الجهاز مسحت كل البرامج اللى عندى وسطبت اكثر من نسخه اكس بى معدله وغير معدله ولسه موجود هل الحل مثل ما يقوله المهندس عندى الفرومات ولكن عندى اشياء منذ 6 سنين ولا اريدها ان تضيع اريد حل لو تكرمتوا بجد انا تعبت من كتر الفيروسات دى

 

[Enter]

والله مافهمت منك شي انت عندك فولد وتخاف تسوي فورمات وينمسح ؟؟
اذا كان هذا قصدك ليه ماتنقل الفولدر الى سي دي والا فلاش مموري .!!!
بعدين انت جربت تحذفه في الوضع الامن ..!!!​

 

[boob77]

حمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes

انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

يجب ان تكون جميع النوافذ مغلقة تماما
لا تلمس الماوس نهائيا عند الاستخدام
--------------------------------------------

( 2 )

واعمل تقرير للهايجاك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم

 

[cute0angel0]

السلام عليكم

شكرا على الموضوع بعتذر فى التاخير على الرد لان كنت بفتح النت عن طريق سايبر لان جهازى كان بايظ عملت الطريقه ومعايا التقرير اعمل ايه بقى
وعندى مشكله تانيه كل لما افتح اى فولدر يطلع ملف الامر CMD هل هذا فايروس ولا ايه

وهل ليها حل

دا تقرير ComboFix

ComboFix 08-11-05.02 - A.n.G.e.L 11/06/2008 10:26:26.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.54 [GMT 2:00]
Running from: c:\documents and settings\Designer\My Documents\Downloads\Programs\ComboFix.exe
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
/wow section - STAGE 41

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\resycled
c:\resycled\boot.com
c:\windows\system32\kdreq.exe
.
((((((((((((((((((((((((( Files Created from 2008-10-06 to 2008-11-06 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-06 08:27 --------- d-----w c:\documents and settings\Designer\Application Data\DMCache
2008-11-05 12:38 --------- d-----w c:\program files\PowerArchiver
2008-11-04 06:10 --------- d-----w c:\program files\Windows Live
2008-11-04 06:09 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-03 21:17 --------- d-----w c:\documents and settings\Designer\Application Data\Wildfire
2008-11-03 15:33 --------- d-----w c:\documents and settings\All Users\Application Data\Downloaded Installations
2008-11-03 15:16 --------- d-----w c:\documents and settings\Designer\Application Data\PC Suite
2008-11-03 15:15 --------- d-----w c:\program files\DIFX
2008-11-03 15:15 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2008-11-03 11:48 --------- d-----w c:\program files\Windows Live Messenger MeRo Edition v5.1
2008-11-03 11:44 --------- d-----w c:\documents and settings\All Users\Application Data\ConeXware
2008-11-03 11:13 --------- d-----w c:\program files\Resource Tuner
2008-11-03 11:13 --------- d-----w c:\documents and settings\Designer\Application Data\Resource Tuner
2008-11-03 08:04 --------- d-----w c:\documents and settings\Designer\Application Data\IDM
2008-11-03 04:53 --------- d-----w c:\program files\GlobFX
2008-10-31 02:20 --------- d-----w c:\program files\Microsoft Virtual PC
2008-10-27 11:39 --------- d-----w c:\program files\TaskSwitchXP
2008-10-27 11:37 --------- d-----w c:\documents and settings\All Users\Application Data\VMware
2008-10-27 11:31 --------- d-----w c:\documents and settings\Designer\Application Data\VMware
2008-10-27 10:44 --------- d-----w c:\documents and settings\LocalService\Application Data\VMware
2008-10-27 10:22 --------- d-----w c:\program files\Common Files\Softwin
2008-10-27 10:21 --------- d-----w c:\program files\Connectix
2008-10-25 16:27 --------- d-----w c:\program files\PowerISO
2008-10-25 11:15 --------- d-----w c:\program files\PopCap Games
2008-10-25 11:08 --------- d-----w c:\program files\microsoft frontpage
2008-10-25 10:09 --------- d-----w c:\program files\MeRo Flash Player
2008-10-25 07:23 --------- d-----w c:\documents and settings\Designer\Application Data\cleaner1
2008-10-25 02:39 --------- d---a-w c:\program files\Designer Tools
2008-10-24 01:51 --------- d-----w c:\program files\Flash Player 9
2008-10-24 01:47 --------- d-----w c:\program files\stopcut
2008-10-23 23:28 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-10-23 23:28 286,720 ------w c:\windows\Setup1.exe
2008-10-23 13:13 --------- d-----w c:\program files\Easy RealMedia Tools
2008-10-23 10:50 --------- d-----w c:\program files\MeRo USB Disk Security
2008-10-22 12:15 --------- d-----w c:\documents and settings\Designer\Application Data\Mikrotik
2008-10-21 01:48 --------- d-----w c:\program files\%temp&
2008-10-21 01:37 --------- d-----w c:\program files\ESET
2008-10-20 06:34 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-10-20 06:20 --------- d-----w c:\program files\Sakhr
2008-10-20 06:17 --------- d-----w c:\program files\MagicISO
2008-10-17 00:55 --------- d-----w c:\documents and settings\Designer\Application Data\Thinstall
2008-10-17 00:30 --------- d-----w c:\program files\Cool Beans NFO Creator
2008-10-16 18:25 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-16 18:25 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-16 16:51 --------- d-----w c:\program files\7-Zip
2008-10-16 14:20 --------- d-----w c:\program files\Inno Setup 5
2008-10-16 13:17 --------- d-----w c:\program files\Internet Download Manager
2008-10-16 04:31 --------- d-----w c:\program files\MeRo
2008-10-16 04:31 --------- d-----w c:\program files\K-Lite Codec Pack
2008-10-15 07:19 --------- d-----w c:\program files\ma-config.com
2008-10-15 07:19 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2008-10-15 01:59 --------- d-----w c:\documents and settings\Designer\Application Data\Malwarebytes
2008-10-15 01:59 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-11 14:06 --------- d-----w c:\program files\Common Files\Adobe
2008-10-11 01:24 --------- d-----w c:\program files\Common Files\SWF Studio
2008-10-11 01:22 993,360 ----a-w c:\windows\Don't Touch My Computer 2.scr
2008-10-11 01:22 45,056 ----a-w c:\windows\NCUNINST.EXe
2008-10-11 01:22 40,960 ----a-w c:\windows\NCLAUNCH.EXe
2008-10-11 01:22 --------- d-----w c:\program files\NCBuy
2008-10-11 01:20 --------- d-----w c:\program files\Ss-Tools
2008-10-10 21:12 --------- d-----w c:\documents and settings\Designer\Application Data\PE Explorer
2008-10-10 20:40 --------- d-----w c:\documents and settings\All Users\Application Data\ProQuant
2008-10-10 19:07 --------- d-----w c:\program files\Circle Developement
2008-10-10 18:28 --------- d-----w c:\program files\AviSynth 2.5
2008-10-10 18:27 --------- d-----w c:\program files\AC3Filter
2008-10-08 15:32 --------- d-----w c:\documents and settings\Designer\Application Data\Skype
2008-10-08 15:14 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-10-08 15:13 --------- d-----w c:\program files\Yahoo!
2008-10-08 15:13 --------- d-----w c:\program files\Skype
2008-10-08 15:13 --------- d-----w c:\program files\Common Files\Skype
2008-10-08 15:13 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-10-08 15:04 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-10-08 10:44 --------- d-----w c:\program files\IECustomizer.com
2008-10-07 17:26 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound
2008-10-07 10:51 --------- d-----w c:\program files\Reference Assemblies
2008-10-07 10:51 --------- d-----w c:\program files\MSBuild
2008-10-07 00:00 61,440 ----a-w c:\windows\xspeech.dll
2008-10-06 12:56 --------- d-----w c:\program files\Winamp
2008-10-06 01:02 --------- d-----w c:\program files\FirmTools
2008-10-06 01:01 720,896 ----a-w c:\windows\iun6002.exe
2008-10-05 13:38 --------- d-----w c:\program files\hkSFV
2008-10-05 09:50 --------- d-----w c:\documents and settings\Designer\Application Data\IEPro
2008-10-04 14:19 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-04 14:02 --------- d-----w c:\program files\UltraISO
2008-10-04 14:02 --------- d-----w c:\program files\Common Files\EZB Systems
2008-10-03 20:55 --------- d-----w c:\documents and settings\Designer\Application Data\Ahead
2008-10-03 19:10 --------- d-----w c:\program files\Ahead
2008-10-03 19:09 --------- d-----w c:\program files\Common Files\Ahead
2008-10-03 12:19 --------- d-----w c:\program files\Alcohol Soft
2008-10-03 12:14 685,816 ----a-w c:\windows\system32\drivers\sptd.sys
2008-10-02 07:58 --------- d-----w c:\program files\Java
2008-10-02 07:57 --------- d-----w c:\program files\Common Files\Java
2008-10-02 07:40 --------- d-----w c:\program files\DAMN NFO Viewer
2008-10-02 04:18 --------- d-----w c:\documents and settings\Designer\Application Data\Executor
2008-10-02 03:27 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-02 03:27 --------- d-----w c:\program files\USB Vibration
2008-10-01 19:38 --------- d-----w c:\program files\Open Subfolder
2008-10-01 19:37 --------- d-----w c:\program files\MuvEnum
2008-10-01 19:18 --------- d-----w c:\program files\Unlocker
2008-10-01 05:38 --------- d-----w c:\documents and settings\All Users\Application Data\Sandlot Games
.
((((((((((((((((((((((((((((( snapshot@Sat 10-25-2008_ 9.20.48.85 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-03 11:43:34 65,952 ----a-r c:\windows\Installer\{06DC337B-7790-478F-9F3D-15950D1B3374}\POWERARC.exe
+ 2008-11-04 06:03:17 344,064 ----a-r c:\windows\Installer\{22D21696-C06C-4692-97A0-066F45066364}\Icon_WinRAR.exe
+ 2008-11-04 06:03:17 323,584 ----a-r c:\windows\Installer\{22D21696-C06C-4692-97A0-066F45066364}\NewIcon.exe
+ 2008-11-03 15:15:58 53,248 ----a-r c:\windows\Installer\{79880ACC-B5AB-486A-B95D-03F55DF3F9C6}\NewShortcut1_F8354160C274433BBE3A7DFC0058E931.exe
+ 2008-11-04 06:06:30 241,664 ----a-r c:\windows\Installer\{EAE7910E-5FF8-4322-8935-2A20AA2D28AF}\NewIcon1.exe
+ 2008-11-04 06:06:30 241,664 ----a-r c:\windows\Installer\{EAE7910E-5FF8-4322-8935-2A20AA2D28AF}\NewIcon2.exe
- 2008-02-12 15:59:48 69,120 ----a-w c:\windows\NOTEPAD.EXE
+ 2004-06-24 22:00:00 860,160 ----a-w c:\windows\NOTEPAD.EXE
+ 2008-03-19 00:06:30 38,912 -c--a-w c:\windows\RUN_SAFE_DELETING.exe
- 2008-10-21 08:45:01 9,728 ----a-w c:\windows\system32\BASSMOD.dll
+ 2008-10-28 11:49:18 34,308 ----a-w c:\windows\system32\BASSMOD.dll
+ 2007-04-09 12:27:07 31,548 ----a-w c:\windows\system32\drivers\scdemu.sys
+ 2007-02-17 22:15:34 232,816 ----a-w c:\windows\system32\drivers\VMM.sys
+ 2007-01-29 04:20:34 59,280 ----a-w c:\windows\system32\drivers\VMNetSrv.sys
+ 2008-10-05 03:16:26 235,936 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil10a.exe
- 2008-10-11 19:07:46 74,649 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-11-03 06:10:20 88,590 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2006-05-29 06:26:36 50,688 ----a-w c:\windows\system32\nmwcdcls.dll
- 2008-10-23 15:50:57 71,982 ----a-w c:\windows\system32\perfc009.dat
+ 2008-10-31 02:21:51 71,982 ----a-w c:\windows\system32\perfc009.dat
- 2008-10-23 15:50:57 442,298 ----a-w c:\windows\system32\perfh009.dat
+ 2008-10-31 02:21:51 442,298 ----a-w c:\windows\system32\perfh009.dat
- 2007-01-19 09:53:04 51,056 -c--a-w c:\windows\system32\sirenacm.dll
+ 2008-07-17 12:38:54 51,712 ----a-w c:\windows\system32\sirenacm.dll
+ 2007-01-29 04:20:34 144,800 ----a-w c:\windows\system32\VMNetSrv.dll
+ 2008-07-17 17:52:00 56,360 ----a-w c:\windows\system32\WBHELP2.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [02/12/2008 05:59 PM 15360]
"USB Safely Remove"="c:\program files\USB Safely Remove\USBSafelyRemove.exe" [10/21/2007 07:23 PM 2447360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [10/16/2008 06:48 AM 2607616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [07/01/2008 09:01 AM 1447168]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [02/12/2008 05:59 PM 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
USBGuard.lnk - c:\program files\MeRo USB Disk Security\USBGuard.exe [10/16/2008 4:46:50 PM 3743744]
c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
Utility Tray.lnk - c:\windows\system32\sistray.exe [9/30/2008 12:19:55 PM 331776]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoUserNameInStartMenu"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoInternetIcon"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\windows\system32
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
-ra------ 07/09/2001 11:50 AM 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 06/10/2008 04:27 AM 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TransBar]
--a------ 06/01/2005 09:41 PM 65536 c:\windows\Designer\transbar\Transbar.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\Windows Live Messenger MeRo Edition v5.1\\msnmsgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 Eset_TrialReset_serv;Eset TrialReset;c:\windows\Eset_TrialReset_serv.exe [07/27/2008 12:27 PM 69632]
S3 ATE_PROCMON;ATE_PROCMON;c:\program files\Anti Trojan Elite\ATEPMon.sys [ ]
S3 hid8101;hid8101;c:\windows\system32\drivers\hid8101.sys [12/22/2007 09:34 AM 31888]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\Optional_Programs.exe
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-c:\windows\system32\kdreq.exe - c:\windows\system32\kdreq.exe
MSConfigStartUp-kdreq - c:\windows\system32\kdreq.exe

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.microsoft.com
R0 -: HKLM-Main,Start Page = hxxp://www.microsoft.com
R0 -: HKLM-Main,Window Title = Microsoft Internet Explorer
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/keyword/%s
O8 -: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
O8 -: Download FLV video with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
O8 -: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
O9 -: {323AF0A7-690A-47D9-819B-348831CC7DC5} - c:\program files\IECustomizer.com\IEButtons\SearchIECThemes.htm
O9 -: {472A296E-D7C1-4A70-8511-5039B09EBDDB} - :document.='http://www.iecustomizer.com/iethemes'
O9 -: {B9844E33-6201-47AA-B30A-BCA3363C2BFA} - c:\program files\IECustomizer.com\Tools\IETheme.exe
O9 -: {000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\IEPro\iepro.dll
O9 -: {323AF0A7-690A-47D9-819B-348831CC7DC5} - c:\program files\IECustomizer.com\IEButtons\SearchIECThemes.htm -
O9 -: {472A296E-D7C1-4A70-8511-5039B09EBDDB} - :document.='http://www.iecustomizer.com/iethemes' -
O9 -: {B9844E33-6201-47AA-B30A-BCA3363C2BFA} - c:\program files\IECustomizer.com\Tools\IETheme.exe -
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-11-06 10:45:35
Windows 5.1.2600 Service Pack 3, v.3311 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: c:\windows\explorer.exe
-> ?:\windows\System32\CSCDLL.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\ESET\ESET Smart Security\ekrn.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wscntfy.exe
c:\program files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 11/06/2008 10:49:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-06 08:49:16
ComboFix2.txt 2008-10-25 07:23:49
Pre-Run: 2,685,804,544 bytes free
Post-Run: 2,710,724,608 bytes free
260


ودا تقرير

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:54:33 ص, on 06/11/2008
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\Eset_TrialReset_serv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\USB Safely Remove\USBSafelyRemove.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\MeRo USB Disk Security\USBGuard.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Designer Tools\HIJACK.EXE
C:\Program Files\internet explorer\iexplore.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [USB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: USBGuard.lnk = C:\Program Files\MeRo USB Disk Security\USBGuard.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: IE Theme Search Bar - {323AF0A7-690A-47D9-819B-348831CC7DC5} - C:\Program Files\IECustomizer.com\IEButtons\SearchIECThemes.htm
O9 - Extra 'Tools' menuitem: Free Themes for Internet Explorer - {323AF0A7-690A-47D9-819B-348831CC7DC5} - C:\Program Files\IECustomizer.com\IEButtons\SearchIECThemes.htm
O9 - Extra button: (no name) - {472A296E-D7C1-4A70-8511-5039B09EBDDB} - :document.='http://www.iecustomizer.com/iethemes' (file missing)
O9 - Extra 'Tools' menuitem: Online Themes Gallery - {472A296E-D7C1-4A70-8511-5039B09EBDDB} - :document.='http://www.iecustomizer.com/iethemes' (file missing)
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll (file missing)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll (file missing)
O9 - Extra button: Themes - {B9844E33-6201-47AA-B30A-BCA3363C2BFA} - C:\Program Files\IECustomizer.com\Tools\IETheme.exe
O9 - Extra 'Tools' menuitem: Themes - {B9844E33-6201-47AA-B30A-BCA3363C2BFA} - C:\Program Files\IECustomizer.com\Tools\IETheme.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Eset TrialReset (Eset_TrialReset_serv) - Everstrike Software - C:\WINDOWS\Eset_TrialReset_serv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\Windows Live Messenger Khalid Edition v5.5 Arabic\usnsvc.exe (file missing)
--
End of file - 6668 bytes

ممكن اعرف اعمل ايه بعد كدا

 

[ghanoom]

أخي الكريم , فيما يتعلق بعد امكانية حذف مجلد Autorun.inf فهذه مشكلة بسيطة جدا , فالسب كما يظهر من التقرير انك تملك برنامج MeRo USB Disk Security , حسنا قم بتشغيل هذا البرنامج ثم اختر Usb tools , , و بعدها اضغط على زر cancel immunity و انشاء الله بعدها رح تنحذف جميع مجلدات Autorun.inf من كامل الهارد

 

[كراك الفيستا]

هذا فايروس الاوتو رن فديتك

ما يروح بالفورمات حتى

تستطيع حذفة عن طريق فرمته الاقراص كلها فرمته كاملة وليست سريعة

وهناك عده ادوات و حلول لحذفة

افتح الاقراص المصابة بـه بـ الوين رار

وقم بحذف الفايروس واي ملف يحمل مثل اسمة قم بحذفة ثم ريستارت

ثم استخدم هذه الاداه الكفيلة بازالته

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

او

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وبعد ما تسوي ريستارت افتح الاقراص الي كانت مصابة بالفايروس وتآكد من خلو الفايروس

..~