اطفاء خاصية الاوتورن من الرجستري //كيف؟

  • بادئ الموضوع بادئ الموضوع goldenboyah
  • تاريخ البدء تاريخ البدء
  • المشاهدات 1,155
G

goldenboyah

زيزوومي جديد
إنضم
18 ديسمبر 2007
المشاركات
10
مستوى التفاعل
0
النقاط
20
غير متصل
السلام عليكم

صادفني مرة من المرات ان رايت موضوع و تجاهلت وانا الان بامس الحاجة اليه

وهو كيف اقدر افعل او الغي خاصية الاوتورن من الـ regedit
ياليت تقلولي وين اروح يمين شمال علشان اصل للمطلوب :)


تحياتي لكم
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
وعليكم السلام

اخوي ما يحتاج تدخل على regedit


استخدم هذه الأداة



اداة تصفير مفاتيح مسجل النظام الى الحالة الافتراضيه
وذلك بعد الاصابه من الفيروسات

6bb33494d4tv1-1.gif

الحجم : 365 كيلوبايت
التوافق : ويندوز اكسبي ( فقط )

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



واخبرنا بالنتائج​
 
توقيع : AbOdy
تأييد 0
شكرا لك على سرعة ردك

ولكن انا لم الاحظ شىء // ما زال لا يفتح بشكل اوتوماتيكي

الصراحة ملف الاوتورن في الفلاش ديسك مش سي دي

وهذا الي مكتوب

[autorun]
OPEN=deeb.exe
أنقر للتوسيع...

واسم الملف autorun.inf

المفروض كل شي تمام

بس اتوقع في خلل صغير والله اعلم


انت ما كملتلي حل الموضوع :
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



معلش انا بغلبك بجد سامحني
بس شو اعمل ؟؟
ربنا يجعلو في ميزان حسناتك

وتصبح على الف خير
 
تأييد 0
مرحبا اخي

الصراحة ملف الاوتورن في الفلاش ديسك مش سي دي
أنقر للتوسيع...

اشبك الفلاشه في الكمبيوتر اولا ثم استخدم هذي الاداه


عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم



 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
لحمايه الفلاشه مستقبلا بعد حذف الفايروسات

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


^^واوتورن وطقتها

/////////////////////////////////////////////////////////////

وهنا موضوع قد يفيدك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
تفضل لقد وضعت التقرير هنا :
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


وقام الاخ
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
مشكوراً بوضع النقاط التي يجب حذفها
وقد نفذت كل شىء
ولكن المشكلة ما زالت موجودة
 
تأييد 0
هذا هو التقرير



ComboFix 08-08-19.02 - Ahmed 08/20/2008 19:55:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.1360 [GMT 3:00]
Running from: C:\Documents and Settings\Ahmed\My Documents\Downloads\Programs\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Ahmed\Application Data\macromedia\Flash Player\#Shareds\A2UM8WJJ\interclick.com
C:\Documents and Settings\Ahmed\Application Data\macromedia\Flash Player\#Shareds\A2UM8WJJ\interclick.com\ud.sol
C:\Documents and Settings\Ahmed\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#int erclick.com
C:\Documents and Settings\Ahmed\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#int erclick.com\settings.sol
C:\WINDOWS\system32\304f10.exe
C:\WINDOWS\system32\3165ff.exe
C:\WINDOWS\system32\31d821.exe
C:\WINDOWS\system32\321922.exe
C:\WINDOWS\system32\325e49.exe
C:\WINDOWS\system32\32a63f.exe
C:\WINDOWS\system32\330893.exe
C:\WINDOWS\system32\335e06.exe
C:\WINDOWS\system32\340850.exe
C:\WINDOWS\system32\34b950.exe
C:\WINDOWS\system32\4c0b58.exe
C:\WINDOWS\system32\4c5c37.exe
C:\WINDOWS\system32\4c9ece.exe
C:\WINDOWS\system32\4cea10.exe
C:\WINDOWS\system32\4d2ff2.exe
C:\WINDOWS\system32\4d7f99.exe
C:\WINDOWS\system32\4dc964.exe
C:\WINDOWS\system32\4e1dbd.exe
C:\WINDOWS\system32\4e64c9.exe
C:\WINDOWS\system32\63e453.exe
C:\WINDOWS\system32\64a571.exe
C:\WINDOWS\system32\65c7d8.exe
C:\WINDOWS\system32\66326a.exe
C:\WINDOWS\system32\6692ba.exe
C:\WINDOWS\system32\66eb3a.exe
C:\WINDOWS\system32\6751f3.exe
C:\WINDOWS\system32\67b0cc.exe
C:\WINDOWS\system32\680d73.exe
C:\WINDOWS\system32\68697e.exe
C:\WINDOWS\system32\7e118f.exe
C:\WINDOWS\system32\7e6d1c.exe
C:\WINDOWS\system32\7eea99.exe
C:\WINDOWS\system32\7f4c03.exe
C:\WINDOWS\system32\7fb154.exe
C:\WINDOWS\system32\804269.exe
C:\WINDOWS\system32\80a73d.exe
C:\WINDOWS\system32\810701.exe
C:\WINDOWS\system32\819e9e.exe
C:\WINDOWS\system32\823734.exe
C:\WINDOWS\system32\97f4c1.exe
C:\WINDOWS\system32\98507e.exe
C:\WINDOWS\system32\98bd13.exe
C:\WINDOWS\system32\990c5b.exe
C:\WINDOWS\system32\99648e.exe
C:\WINDOWS\system32\99b2bd.exe
C:\WINDOWS\system32\9a07d2.exe
C:\WINDOWS\system32\9a547b.exe
C:\WINDOWS\system32\9a9ee2.exe
C:\WINDOWS\system32\9adf47.exe
C:\WINDOWS\system32\a375b.exe
C:\WINDOWS\system32\a398d.exe
C:\WINDOWS\system32\a4054.exe
C:\WINDOWS\system32\a4499.exe
C:\WINDOWS\system32\a4d44.exe
C:\WINDOWS\system32\a516b.exe
C:\WINDOWS\system32\a5a44.exe
C:\WINDOWS\system32\a5e6b.exe
C:\WINDOWS\system32\a6716.exe
C:\WINDOWS\system32\a6b3c.exe
C:\WINDOWS\system32\b016cb.exe
C:\WINDOWS\system32\b1adb7.exe
C:\WINDOWS\system32\b28cad.exe
C:\WINDOWS\system32\b34cf0.exe
C:\WINDOWS\system32\b43ec2.exe
C:\WINDOWS\system32\b54b22.exe
C:\WINDOWS\system32\b60961.exe
C:\WINDOWS\system32\b615a5.exe
C:\WINDOWS\system32\b67365.exe
C:\WINDOWS\system32\b682d6.exe
C:\WINDOWS\system32\cbd40d.exe
C:\WINDOWS\system32\ccd570.exe
C:\WINDOWS\system32\cd14ab.exe
C:\WINDOWS\system32\cd5203.exe
C:\WINDOWS\system32\cd91ea.exe
C:\WINDOWS\system32\cdcfce.exe
C:\WINDOWS\system32\ce113c.exe
C:\WINDOWS\system32\ce527b.exe
C:\WINDOWS\system32\ce9214.exe
C:\WINDOWS\system32\ceccbc.exe
C:\WINDOWS\system32\kakle.dll
I:\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-07-20 to 2008-08-20 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-08-20 17:00 --------- d-----w C:\Documents and Settings\Ahmed\Application Data\DMCache
2008-08-20 16:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-20 16:57 688,160 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-20 16:57 5,528 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-20 16:57 31,260 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-20 16:57 3,594,784 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-20 06:56 --------- d-----w C:\Program Files\Symantec
2008-08-20 06:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-19 19:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-19 17:11 --------- d-----w C:\Program Files\Privacy Guardian
2008-08-18 19:38 18,048 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-08-18 19:38 165,376 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-08-18 14:49 --------- d-----w C:\Documents and Settings\Ahmed\Application Data\Skype
2008-08-18 14:16 --------- d-----w C:\Documents and Settings\Ahmed\Application Data\skypePM
2008-08-17 09:19 --------- d-----w C:\Program Files\الدليل الفلسطيني 2007
2008-08-17 05:13 --------- d-----w C:\Program Files\AutorunRemover
2008-08-17 03:41 --------- d-----w C:\Program Files\EvilLyrics
2008-08-16 21:25 --------- d-----w C:\Program Files\Common Files\DirectX
2008-08-16 21:24 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-08-15 19:08 4,674,789 ----a-w C:\WINDOWS\system32\ahlawy.scr
2008-08-15 19:08 --------- d-----w C:\Program Files\Al-Ahly Club
2008-08-15 13:37 --------- d-----w C:\Program Files\Skype
2008-08-15 13:37 --------- d-----w C:\Program Files\Common Files\Skype
2008-08-15 13:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-08-15 13:02 --------- d-----w C:\Program Files\Blackstar
2008-08-15 08:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-08-14 20:10 0 ----a-w C:\httpwwwnbacomrssnba_rssxml.dat
2008-08-13 13:00 --------- d-----w C:\Program Files\iVocalize Web Conference 4
2008-08-12 04:49 --------- d-----w C:\Program Files\MSN Messenger
2008-08-12 04:49 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-12 04:49 --------- d-----w C:\Program Files\Circle Developement
2008-08-09 04:23 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-08-09 04:23 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-08-09 03:57 --------- d-----w C:\Program Files\Kaspersky Lab
2008-08-09 03:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-08 12:56 --------- d-----w C:\Program Files\Cooolsoft
2008-08-07 20:58 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-07 18:34 --------- d-----w C:\Documents and Settings\Ahmed\Application Data\Leadertech
2008-08-05 12:33 90,112 ----a-w C:\WINDOWS\system32\agsaami.dll
2008-08-05 12:33 610,304 ----a-w C:\WINDOWS\system32\agsaamg.dll
2008-08-05 12:33 372,736 ----a-w C:\WINDOWS\system32\agsaamc.dll
2008-08-05 12:33 2,535,424 ----a-w C:\WINDOWS\system32\agsaamj.dll
2008-08-05 12:33 196,608 ----a-w C:\WINDOWS\system32\maag.dll
2008-08-05 12:33 1,986,560 ----a-w C:\WINDOWS\system32\akll.dll
2008-08-05 12:33 1,245,184 ----a-w C:\WINDOWS\system32\bkll.dll
2008-08-05 12:33 1,212,416 ----a-w C:\WINDOWS\system32\ckll.dll
2008-08-05 12:33 --------- d-----w C:\Program Files\Real_SC
2008-08-05 06:57 --------- d-----w C:\Program Files\RCrawler
2008-08-05 04:05 --------- d-----w C:\Documents and Settings\Ahmed\Application Data\Ulead Systems
2008-08-05 04:04 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-08-05 04:04 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-05 04:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-08-05 04:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\InterVideo
2008-08-05 04:03 --------- d-----w C:\Program Files\Windows Media Components
2008-08-05 04:03 --------- d-----w C:\Program Files\Ulead Systems
2008-08-05 04:03 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-08-05 02:42 --------- d-----w C:\Program Files\Internet Download Manager
2008-08-04 20:09 --------- d-----w C:\Documents and Settings\Ahmed\Application Data\IDM
2008-08-04 18:44 --------- d-----w C:\Program Files\Deskshare
2008-08-04 03:33 --------- d-----w C:\Documents and Settings\Ahmed\Application Data\stupid mess media
2008-08-03 11:42 --------- d-----w C:\Documents and Settings\Ahmed\Application Data\Hide IP NG
2008-08-03 10:12 --------- d-----w C:\Program Files\EA SPORTS
2008-08-03 08:19 64,650 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-08-03 08:19 6,114 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-08-03 08:19 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-08-02 06:41 --------- d-----w C:\Program Files\Super Internet TV
2008-08-02 06:39 --------- d-----w C:\Program Files\Chicken Invaders 3
2008-08-01 18:51 --------- d-----w C:\Documents and Settings\Ahmed\Application Data\Nuotex
2008-08-01 15:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\InterAction studios
2008-08-01 14:53 --------- d-----w C:\Program Files\ReflexiveArcade
2008-07-26 20:02 --------- d-----w C:\Program Files\OpenAL
2008-07-23 10:10 720,896 ----a-w C:\WINDOWS\iun6002.exe
2008-07-22 10:14 --------- d-----w C:\Program Files\GTA_Myriad_Islands.CPR
2008-07-20 10:42 --------- d-----w C:\Documents and Settings\Ahmed\Application Data\GameHouse
2008-07-19 20:38 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-19 07:07 --------- d-----w C:\Program Files\Google
2008-07-18 13:06 --------- d-----w C:\Documents and Settings\Ahmed\Application Data\UNOUndercover
2008-07-18 13:05 --------- d-----w C:\Program Files\GameHouse
2008-07-16 20:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Fast Warn Ooze Info
2008-07-16 13:21 --------- d-----w C:\Documents and Settings\Ahmed\Application Data\Steganos VPN
2008-07-16 11:59 --------- d-----w C:\Program Files\Steganos Internet Anonym VPN
2008-07-16 11:55 --------- d-----w C:\Program Files\VMNetSrv
2008-07-14 03:43 --------- d-----w C:\Program Files\AxBx
2008-07-13 19:28 --------- d-----w C:\Program Files\Windows Live
2008-07-12 14:05 --------- d-----w C:\Program Files\OpenVPN
2008-07-12 13:27 --------- d-----w C:\Program Files\j2 Messenger 4.2
2008-07-12 13:27 --------- d-----w C:\Documents and Settings\Ahmed\Application Data\j2 Messenger
2008-07-12 13:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\j2 Messenger 4.2 Setup
2008-07-12 12:34 352,256 ----a-w C:\WINDOWS\eSellerateEngine.dll
2008-07-12 11:31 --------- d-----w C:\Documents and Settings\Ahmed\Application Data\Media Player Classic
2008-07-12 11:30 --------- d-----w C:\Program Files\Ringz Studio
2008-07-12 11:30 --------- d-----w C:\Program Files\Common Files\Real
2008-07-12 11:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-12 08:27 --------- d-----w C:\Program Files\Khayal IE
2008-07-10 19:31 --------- d-----w C:\Documents and Settings\Ahmed\Application Data\Wizzl BV
2008-07-10 18:55 --------- d-----w C:\Program Files\LeapFTP
2008-07-10 18:45 --------- d-----w C:\Program Files\VisualRoute Lite Edition
2008-07-10 18:44 --------- d-----w C:\Program Files\Java
2008-07-10 18:37 --------- d-----w C:\Program Files\Common Files\Java
2008-07-09 11:04 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Ahead
.

------- Sigcheck -------

06/13/2007 01:23 PM 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\explorer.exe
08/04/2004 01:56 AM 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
06/13/2007 01:23 PM 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\system32\dllcache\explorer.exe

07/30/2007 08:19 PM 68440 84d9a61860272d6177d46c86b8431557 C:\WINDOWS\system32\wuauclt.exe
07/30/2007 08:19 PM 68440 84d9a61860272d6177d46c86b8431557 C:\WINDOWS\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [01/19/2007 12:54 PM 5674352]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [12/12/2007 01:01 AM 929712]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 07:24 PM 1694208]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [09/06/2007 04:08 PM 136136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/04/2007 12:14 PM 8491008]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM 132496]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06/30/2008 07:34 PM 185896]
"is-DVO3V"="C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-DVO3V\is-DVO3V.exe" [06/07/2008 03:26 PM 217088]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [04/25/2008 06:21 PM 201992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 01:56 AM 15360]

C:\Documents and Settings\Ahmed\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2008-07-02 12:39:23 157000]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoUserNameInStartMenu"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{51C55F9E-C308-4c95-89AB-8858D8AFD819}"= "C:\Program Files\ParetoLogic\Anti-Spyware\PASShlExt.dll" [10/24/2007 09:59 PM 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKLM\~\startupfolder\C:^Documents and Settings^Ahmed^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ahmed^Start Menu^Programs^Startup^RocketDock.lnk]
backup=C:\WINDOWS\pss\RocketDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ahmed^Start Menu^Programs^Startup^TransBar.lnk]
backup=C:\WINDOWS\pss\TransBar.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ahmed^Start Menu^Programs^Startup^UberIcon.lnk]
backup=C:\WINDOWS\pss\UberIcon.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ahmed^Start Menu^Programs^Startup^Webshots.lnk]
backup=C:\WINDOWS\pss\Webshots.lnkStartup
path=C:\Documents and Settings\Ahmed\Start Menu\Programs\Startup\Webshots.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^Ahmed^Start Menu^Programs^Startup^Y'z Shadow.lnk]
backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^j2 4.2.lnk]
backup=C:\WINDOWS\pss\j2 4.2.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\basefunk
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooze info 4 shim
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wizzl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--------- 09/13/2006 12:12 PM 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
--a------ 09/06/2007 04:08 PM 136136 C:\Program Files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\j2 4.2]
--a------ 07/14/2006 11:03 PM 107008 C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 10/13/2004 07:24 PM 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 07/01/2008 05:28 AM 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 10/04/2007 12:14 PM 8491008 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ParetoLogic Anti-Spyware]
--a------ 10/24/2007 09:59 PM 2643312 C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Crawler]
--a------ 02/03/2004 09:06 AM 454656 C:\PROGRA~1\RCrawler\rcrawler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 05/30/2008 03:54 PM 21718312 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyClean]
--a------ 01/16/2008 03:00 AM 4460544 C:\Program Files\Netcom3 Cleaner\SpyClean.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StormCodec_Helper]
--a------ 11/26/2006 09:30 PM 97357 C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--------- 06/30/2008 07:34 PM 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 07/01/2008 05:28 AM 15872 C:\Program Files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
--a------ 03/03/2007 02:12 PM 341488 C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-ra------ 05/03/2005 07:43 PM 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-ra------ 01/09/2008 04:25 PM 16859648 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"D:\\Program Files\\Steam\\steamapps\\cd4star\\condition zero\\hl.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\LeapFTP\\LeapFTP.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"D:\\Program Files\\Steam\\steamapps\\cd4star\\counter-strike\\hl.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"D:\\Program Files\\Steam\\steamapps\\cd4star\\dedicated server\\hlds.exe"=
"D:\\Program Files\\Steam\\steamapps\\cd4star2030\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"D:\\Program Files\\THQ\\MotoGP URT 3\\motogp.exe"=
"D:\\Program Files\\Helicopter Strike Force\\game.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [01/29/2008 06:29 PM]
R1 is-DVO3Vdrv;is-DVO3Vdrv;C:\WINDOWS\system32\drivers\80761574.sys [03/05/2008 11:41 AM]
R2 SVPNStarter;Steganos VPN Starter Service;C:\Program Files\Steganos Internet Anonym VPN\SVPNStarter.exe [02/16/2007 04:35 PM]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [09/12/2003 05:26 AM]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [09/12/2003 05:26 AM]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [10/29/2003 10:02 AM]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [03/25/2008 08:07 PM]
R3 tap0801;TAP-Win32 Adapter V8;C:\WINDOWS\system32\DRIVERS\tap0801.sys [02/15/2007 08:48 PM]
R3 tap0901;TAP-Win32 Adapter V9;C:\WINDOWS\system32\DRIVERS\tap0901.sys [01/30/2008 03:41 AM]
S2 is-DVO3V;is-DVO3V;C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-DVO3V\is-DVO3V.exe [06/07/2008 03:26 PM]
S3 Netcom3;NetCom3 Service;C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe [11/18/2006 07:36 PM]
.
s of the 'Scheduled Tasks' folder

2008-08-19 C:\WINDOWS\Tasks\Pareto UNS.job
- C:\Program Files\Common Files\ParetoLogic\UUS\UUS.dll\Pareto_Update.exe []
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-MsnMsgr - C:\Program Files\Windows Live\Messenger\msnmsgr.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Ahmed\Application Data\Mozilla\Firefox\Profiles\mdenf540.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://uk.msn.com/
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
.

************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-08-20 20:00:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Webshots\Webshots.scr
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Ringz Studio\Storm Codec\mplayerc.exe
.
************************************************** ************************
.
Completion time: 08/20/2008 20:11:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-20 17:11:05

Pre-Run: 4,012,711,936 bytes free
Post-Run: 4,044,648,448 bytes free

361 --- E O F --- 2008-08-17 05:15:04
أنقر للتوسيع...

و شغلت
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


وهذا هو التقرير

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:03:43 م, on 20/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Steganos Internet Anonym VPN\SVPNStarter.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Webshots\webshots.scr
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Ahmed\My Documents\My Received Files\fg672p.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Ringz Studio\Storm Codec\mplayerc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ahmed\My Documents\Downloads\Programs\Zyzoom_HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 127.0.0.1:8580
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [is-DVO3V] "C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-DVO3V\is-DVO3V.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{CE58B02E-DBBF-4546-ABE6-87403FB2835B}: NameServer = 212.19.48.14
O17 - HKLM\System\CCS\Services\Tcpip\..\{D72A12D5-94C9-4F3C-B336-985C90856292}: NameServer = 213.244.72.31 212.14.234.36
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: is-DVO3V - Kaspersky Lab - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-DVO3V\is-DVO3V.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Steganos VPN Starter Service (SVPNStarter) - Unknown owner - C:\Program Files\Steganos Internet Anonym VPN\SVPNStarter.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O24 - Desktop Component 0: (no name) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


--
End of file - 7936 bytes
أنقر للتوسيع...

وتم حذف هذه القيم :


O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM

O17 - HKLM\System\CCS\Services\Tcpip\..\{CE58B02E-DBBF-4546-ABE6-87403FB2835B}: NameServer =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


O17 - HKLM\System\CCS\Services\Tcpip\..\{D72A12D5-94C9-4F3C-B336-985C90856292}: NameServer =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


O23 - Service: is-DVO3V - Kaspersky Lab - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-DVO3V\is-DVO3V.exe

O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe


O24 - Desktop Component 0: (no name) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
أنقر للتوسيع...


ووما زال الجهاز لا يقرا ملف الاوتورن الي في الفلاش



شو المشكلة ؟؟؟؟؟؟؟
ارجو الرد


تحياتي الكم


 
التعديل الأخير بواسطة المشرف:
تأييد 0
لماذا لا يوجد رد ؟؟؟؟؟؟؟ :(
 
تأييد 0
شو يا جماعة ؟؟ شكلكو نسيتوني يا مشرفين زي زوووم :(
 
تأييد 0
ليش مطنشيني ؟؟؟؟؟؟؟؟؟؟؟؟؟
بجد والله زعلت منكم
 
تأييد 0
4up
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى