كيف التخلص من فيروس autorun

سعيد المصرى · 12 فبراير 2008

السلام عيكم ورحمة الله وبركاته
اخوانى فى الله بالله عليكم انجدونى فى ازالة هذا الفيروس اللعين
هذا الفيروس موجود فى كل الدريفات عندى ولم استطع ازالته لا بالكاسبر سكى ولا بالنود ولا باى اداه بالله عليكم ساعدونى باقصى سرعة

سعيد المصرى · 12 فبراير 2008

وينك يا استاذ زيزوم
بالله عليك ساعدنى فى حل المشكلة ارجوك

badr1960 · 12 فبراير 2008

أخي سعيد استعمل avast وانشاء الله تصل الى حل يعجبك بحول الله
الرابط من هنا أنا أستعمله

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

mezouari · 12 فبراير 2008

عذرا بتعديل العنوان لينم عن فحوى الموضوع و بالنقل الى القسم المناسب

سعيد المصرى · 12 فبراير 2008

بارك الله فيكم جميعا

MAAX · 13 فبراير 2008

هذا الموضوع بيفيدك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

سعيد المصرى · 13 فبراير 2008

مشكور استاذ شسويله ولكن كل هذه البرامج والادوات لم تاتى بجديد والفيروسات تذهب وعند عمل ريستارت للجهاز تعود من جديد ولا اعرف ما العمل

D_OMAR_TECHNO · 13 فبراير 2008

السلام عليكم ورحمة الله وبركاته

اخي الكريم استخدم اي برنامج من برامج الاخوة المشاركين بالرد على موضوعك ومن ثم ادخل على نافذة ستارت
ومن ثم على نافذة ران run
واكتب temp
واضغط انتر ونضف ما تراه من ملفات
ومن ثم كرر الحالة واكتب %temp% وكذلك انضف ما تراه
ومن ثم كرر الحالة واكتب prefetch وكذلك نضف ما تراه

واطفي جهازك وشغله

والان انشاء الله تخلصت من وباء الاوتو ران

مع تحياتي

MAAX · 13 فبراير 2008

استخدم الاداة اللي اعطيتك ثم قم باخفاء المجلدات المخفية

ولاخفائها اعمل كما الصور

ثم اضغط موافق وتختفي هذه الملفات

ثم نظف جهازك كالتالي

نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التوافق : ويندوز اكسبيفقط

شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

سعيد المصرى · 13 فبراير 2008

بارك الله فيك استاذى الكريم ولكن انظر الصورة التالية للموقع الذى ارفقته سيادتك حيث لايوجد رابط تحميل للملف

[/IMG]

boob77 · 13 فبراير 2008

اعمل مثل ما قال لك اخوي شسويله

ثم نزل هالاداة واعمل فحص

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ثم هالاداة لتنظيف الجهاز

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

سعيد المصرى · 13 فبراير 2008

boob77 قال:
اعمل مثل ما قال لك اخوي شسويله

ثم نزل هالاداة واعمل فحص

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ثم هالاداة لتنظيف الجهاز

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

جزاك الله خيرا ولكن الاداة او الرابط الثانى يعطى لايمكن العثور على الملقم

boob77 · 13 فبراير 2008

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

سعيد المصرى · 14 فبراير 2008

بالله عليكم ساعدونى لم تفلح اى محاولة ولا اى برنامج من برامج ازالة الاوتورن اللعين ولا اعرف ماذا افعل به

MAAX · 14 فبراير 2008

جرب هذا الموضوع

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

زيزوووم · 14 فبراير 2008

طيب اعمل تقرير هايجاك
حمل هذا الملف وشغله ,, لحظات يظهر لك تقرير
انسخه والصقه بردك القادم

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

سعيد المصرى · 14 فبراير 2008

.
--------------------------\\\ Start Report Of HijackThis ---------------
.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:31:22 ص, on 01/01/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\ELmasry\Desktop\General_Removal\General_Removal.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\ELmasry\LOCALS~1\Temp\bntoz\runn.exe
C:\WINDOWS\System32\cmd.exe
C:\DOCUME~1\ELmasry\LOCALS~1\Temp\bntoz\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

F2 - REG:system.ini: l=Explorer.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
--
End of file - 3424 bytes
.
.
--------------------------\\\ End Report Of Of HijackThis ---------------
.
.
.
.
--------------------------\\\ Start Report Of Running Processes ---------------
.
==================================================
Process Name : smss.exe
ProcessID : 564
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.0 (xpclient.010817-1148)
Description : Windows NT Session Manager
Company : Microsoft Corporation
Window Title :
File Size : 45,568
File Created Date : 23/08/2001 10:00:00 ص
File Modified Date : 23/08/2001 10:00:00 ص
Filename : C:\WINDOWS\System32\smss.exe
Base Address : 0x48580000
Created On : 01/01/2007 05:18:47 ص
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 364 K
Mem Usage Peak : 2128 K
Page Faults : 665
Pagefile Usage : 164 K
Pagefile Peak Usage : 1928 K
File Attributes : A
==================================================
==================================================
Process Name : csrss.exe
ProcessID : 620
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.0 (xpclient.010817-1148)
Description : Client Server Runtime Process
Company : Microsoft Corporation
Window Title :
File Size : 4,096
File Created Date : 23/08/2001 10:00:00 ص
File Modified Date : 23/08/2001 10:00:00 ص
Filename : C:\WINDOWS\system32\csrss.exe
Base Address : 0x4A680000
Created On : 01/01/2007 05:18:49 ص
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4216 K
Mem Usage Peak : 4532 K
Page Faults : 7049
Pagefile Usage : 1812 K
Pagefile Peak Usage : 1812 K
File Attributes : A
==================================================
==================================================
Process Name : winlogon.exe
ProcessID : 644
Priority : High
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.0 (xpclient.010817-1148)
Description : Windows NT Logon Application
Company : Microsoft Corporation
Window Title :
File Size : 430,080
File Created Date : 23/08/2001 10:00:00 ص
File Modified Date : 23/08/2001 10:00:00 ص
Filename : C:\WINDOWS\system32\winlogon.exe
Base Address : 0x01000000
Created On : 01/01/2007 05:18:50 ص
Visible Windows : 0
Hidden Windows : 1
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2940 K
Mem Usage Peak : 10492 K
Page Faults : 4942
Pagefile Usage : 5408 K
Pagefile Peak Usage : 6692 K
File Attributes : A
==================================================
==================================================
Process Name : services.exe
ProcessID : 688
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.0 (xpclient.010817-1148)
Description : Services and Controller app
Company : Microsoft Corporation
Window Title :
File Size : 101,376
File Created Date : 23/08/2001 10:00:00 ص
File Modified Date : 23/08/2001 10:00:00 ص
Filename : C:\WINDOWS\system32\services.exe
Base Address : 0x01000000
Created On : 01/01/2007 05:18:50 ص
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2680 K
Mem Usage Peak : 3116 K
Page Faults : 864
Pagefile Usage : 1400 K
Pagefile Peak Usage : 1864 K
File Attributes : A
==================================================
==================================================
Process Name : lsass.exe
ProcessID : 700
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.0 (xpclient.010817-1148)
Description : LSA l (Export Version)
Company : Microsoft Corporation
Window Title :
File Size : 11,776
File Created Date : 23/08/2001 10:00:00 ص
File Modified Date : 23/08/2001 10:00:00 ص
Filename : C:\WINDOWS\system32\lsass.exe
Base Address : 0x01000000
Created On : 01/01/2007 05:18:50 ص
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1212 K
Mem Usage Peak : 4892 K
Page Faults : 2192
Pagefile Usage : 3156 K
Pagefile Peak Usage : 3400 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 880
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.0 (xpclient.010817-1148)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 12,800
File Created Date : 23/08/2001 10:00:00 ص
File Modified Date : 23/08/2001 10:00:00 ص
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 01/01/2007 05:18:50 ص
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 3572 K
Mem Usage Peak : 3576 K
Page Faults : 1009
Pagefile Usage : 1456 K
Pagefile Peak Usage : 1556 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 980
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.0 (xpclient.010817-1148)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 12,800
File Created Date : 23/08/2001 10:00:00 ص
File Modified Date : 23/08/2001 10:00:00 ص
Filename : C:\WINDOWS\System32\svchost.exe
Base Address : 0x01000000
Created On : 01/01/2007 05:18:50 ص
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 13244 K
Mem Usage Peak : 13916 K
Page Faults : 9224
Pagefile Usage : 9116 K
Pagefile Peak Usage : 28212 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1144
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.0 (xpclient.010817-1148)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 12,800
File Created Date : 23/08/2001 10:00:00 ص
File Modified Date : 23/08/2001 10:00:00 ص
Filename : C:\WINDOWS\System32\svchost.exe
Base Address : 0x01000000
Created On : 01/01/2007 05:18:50 ص
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 2884 K
Mem Usage Peak : 3008 K
Page Faults : 862
Pagefile Usage : 1132 K
Pagefile Peak Usage : 1300 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1176
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.0 (xpclient.010817-1148)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 12,800
File Created Date : 23/08/2001 10:00:00 ص
File Modified Date : 23/08/2001 10:00:00 ص
Filename : C:\WINDOWS\System32\svchost.exe
Base Address : 0x01000000
Created On : 01/01/2007 05:18:50 ص
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 3352 K
Mem Usage Peak : 3360 K
Page Faults : 879
Pagefile Usage : 1292 K
Pagefile Peak Usage : 1316 K
File Attributes : A
==================================================
==================================================
Process Name : spoolsv.exe
ProcessID : 1276
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.0 (XPClient.010817-1148)
Description : Spooler SubSystem App
Company : Microsoft Corporation
Window Title :
File Size : 51,200
File Created Date : 23/08/2001 10:00:00 ص
File Modified Date : 23/08/2001 10:00:00 ص
Filename : C:\WINDOWS\system32\spoolsv.exe
Base Address : 0x01000000
Created On : 01/01/2007 05:18:50 ص
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 3788 K
Mem Usage Peak : 3820 K
Page Faults : 1033
Pagefile Usage : 2716 K
Pagefile Peak Usage : 2876 K
File Attributes : A
==================================================
==================================================
Process Name : igfxtray.exe
ProcessID : 1696
Priority : Normal
Product Name : Intel(R) Common User Interface
Version : 3.0.0.4436
Description : igfxTray Module
Company : Intel Corporation
Window Title :
File Size : 98,304
File Created Date : 31/12/2006 11:14:45 م
File Modified Date : 28/11/2005 05:55:14 ص
Filename : C:\WINDOWS\System32\igfxtray.exe
Base Address : 0x00400000
Created On : 01/01/2007 05:18:52 ص
Visible Windows : 0
Hidden Windows : 2
User Name : ELGHANDO-FQN4SI\ELmasry
Mem Usage : 2860 K
Mem Usage Peak : 2868 K
Page Faults : 734
Pagefile Usage : 832 K
Pagefile Peak Usage : 2260 K
File Attributes : AR
==================================================
==================================================
Process Name : hkcmd.exe
ProcessID : 1708
Priority : Normal
Product Name : Intel(R) Common User Interface
Version : 3.0.0.4436
Description : hkcmd Module
Company : Intel Corporation
Window Title :
File Size : 77,824
File Created Date : 31/12/2006 11:14:46 م
File Modified Date : 28/11/2005 05:52:00 ص
Filename : C:\WINDOWS\System32\hkcmd.exe
Base Address : 0x00400000
Created On : 01/01/2007 05:18:52 ص
Visible Windows : 0
Hidden Windows : 12
User Name : ELGHANDO-FQN4SI\ELmasry
Mem Usage : 2340 K
Mem Usage Peak : 2348 K
Page Faults : 595
Pagefile Usage : 648 K
Pagefile Peak Usage : 724 K
File Attributes : AR
==================================================
==================================================
Process Name : igfxpers.exe
ProcessID : 1716
Priority : Normal
Product Name : Intel(R) Common User Interface
Version : 3.0.0.4436
Description : persistence Module
Company : Intel Corporation
Window Title :
File Size : 118,784
File Created Date : 31/12/2006 11:14:46 م
File Modified Date : 28/11/2005 05:55:58 ص
Filename : C:\WINDOWS\System32\igfxpers.exe
Base Address : 0x00400000
Created On : 01/01/2007 05:18:52 ص
Visible Windows : 0
Hidden Windows : 2
User Name : ELGHANDO-FQN4SI\ELmasry
Mem Usage : 2276 K
Mem Usage Peak : 2284 K
Page Faults : 580
Pagefile Usage : 592 K
Pagefile Peak Usage : 616 K
File Attributes : AR
==================================================
==================================================
Process Name : egui.exe
ProcessID : 1744
Priority : Normal
Product Name : ESET Smart Security
Version : 3.0.621
Description : Eset GUI
Company : ESET
Window Title :
File Size : 1,443,072
File Created Date : 21/12/2007 06:21:06 ص
File Modified Date : 21/12/2007 06:21:06 ص
Filename : C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
Base Address : 0x00400000
Created On : 01/01/2007 05:18:52 ص
Visible Windows : 0
Hidden Windows : 2
User Name : ELGHANDO-FQN4SI\ELmasry
Mem Usage : 5648 K
Mem Usage Peak : 5648 K
Page Faults : 1643
Pagefile Usage : 1556 K
Pagefile Peak Usage : 1556 K
File Attributes : A
==================================================
==================================================
Process Name : ctfmon.exe
ProcessID : 1808
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.0 (xpclient.010817-1148)
Description : CTF Loader
Company : Microsoft Corporation
Window Title :
File Size : 13,312
File Created Date : 23/08/2001 10:00:00 ص
File Modified Date : 23/08/2001 10:00:00 ص
Filename : C:\WINDOWS\System32\ctfmon.exe
Base Address : 0x00400000
Created On : 01/01/2007 05:18:52 ص
Visible Windows : 0
Hidden Windows : 5
User Name : ELGHANDO-FQN4SI\ELmasry
Mem Usage : 1928 K
Mem Usage Peak : 1928 K
Page Faults : 556
Pagefile Usage : 468 K
Pagefile Peak Usage : 496 K
File Attributes : A
==================================================
==================================================
Process Name : msmsgs.exe
ProcessID : 1816
Priority : Normal
Product Name : Messenger
Version : 4.0.0155
Description : Messenger Client
Company : Microsoft Corporation
Window Title :
File Size : 1,077,277
File Created Date : 31/12/2006 10:32:57 م
File Modified Date : 02/08/2001 05:14:34 ص
Filename : C:\Program Files\Messenger\msmsgs.exe
Base Address : 0x00400000
Created On : 01/01/2007 05:18:52 ص
Visible Windows : 0
Hidden Windows : 9
User Name : ELGHANDO-FQN4SI\ELmasry
Mem Usage : 1672 K
Mem Usage Peak : 3736 K
Page Faults : 1361
Pagefile Usage : 1944 K
Pagefile Peak Usage : 2944 K
File Attributes : A
==================================================
==================================================
Process Name : ekrn.exe
ProcessID : 2012
Priority : Normal
Product Name : ESET Smart Security
Version : 3.0.621
Description : Eset Service
Company : ESET
Window Title :
File Size : 468,224
File Created Date : 21/12/2007 06:21:16 ص
File Modified Date : 21/12/2007 06:21:16 ص
Filename : C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
Base Address : 0x00400000
Created On : 01/01/2007 05:18:58 ص
Visible Windows : 0
Hidden Windows : 3
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 32988 K
Mem Usage Peak : 36208 K
Page Faults : 114627
Pagefile Usage : 30660 K
Pagefile Peak Usage : 58784 K
File Attributes : A
==================================================
==================================================
Process Name : explorer.exe
ProcessID : 128
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.00.2600.0000 (xpclient.010817-1148)
Description : Windows Explorer
Company : Microsoft Corporation
Window Title : Program Manager
File Size : 1,000,960
File Created Date : 23/08/2001 10:00:00 ص
File Modified Date : 23/08/2001 10:00:00 ص
Filename : C:\WINDOWS\explorer.exe
Base Address : 0x01000000
Created On : 01/01/2007 05:23:35 ص
Visible Windows : 2
Hidden Windows : 25
User Name : ELGHANDO-FQN4SI\ELmasry
Mem Usage : 16216 K
Mem Usage Peak : 16388 K
Page Faults : 12056
Pagefile Usage : 8036 K
Pagefile Peak Usage : 9936 K
File Attributes : A
==================================================
==================================================
Process Name : General_Removal.exe
ProcessID : 1648
Priority : Normal
Product Name : GeneralVirusRemoval
Version : 1.00
Description :
Company : Yaman
Window Title : General Removal Tool
File Size : 351,744
File Created Date : 01/01/2007 03:25:16 ص
File Modified Date : 08/02/2008 04:19:12 ص
Filename : C:\Documents and Settings\ELmasry\Desktop\General_Removal\General_Removal.exe
Base Address : 0x00400000
Created On : 01/01/2007 05:25:20 ص
Visible Windows : 3
Hidden Windows : 5
User Name : ELGHANDO-FQN4SI\ELmasry
Mem Usage : 8184 K
Mem Usage Peak : 8184 K
Page Faults : 3157
Pagefile Usage : 3956 K
Pagefile Peak Usage : 3956 K
File Attributes : A
==================================================
==================================================
Process Name : IEXPLORE.EXE
ProcessID : 748
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.00.2600.0000 (xpclient.010817-1148)
Description : Internet Explorer
Company : Microsoft Corporation
Window Title : كيف التخلص من فيروس autorun - الصفحة 2 - زيزوووم للأمن والحمايه - Microsoft Internet Explorer
File Size : 91,136
File Created Date : 31/12/2006 10:33:37 م
File Modified Date : 23/08/2001 12:00:00 م
Filename : C:\Program Files\Internet Explorer\IEXPLORE.EXE
Base Address : 0x00400000
Created On : 01/01/2007 05:26:14 ص
Visible Windows : 4
Hidden Windows : 57
User Name : ELGHANDO-FQN4SI\ELmasry
Mem Usage : 8360 K
Mem Usage Peak : 34720 K
Page Faults : 34583
Pagefile Usage : 28436 K
Pagefile Peak Usage : 28472 K
File Attributes : A
==================================================
==================================================
Process Name : runn.exe
ProcessID : 1572
Priority : Normal
Product Name :
Version :
Description :
Company :
Window Title :
File Size : 71,680
File Created Date : 01/01/2007 03:27:19 ص
File Modified Date : 31/01/2008 11:24:26 م
Filename : C:\DOCUME~1\ELmasry\LOCALS~1\Temp\bntoz\runn.exe
Base Address : 0x00400000
Created On : 01/01/2007 05:31:21 ص
Visible Windows : 0
Hidden Windows : 0
User Name : ELGHANDO-FQN4SI\ELmasry
Mem Usage : 1652 K
Mem Usage Peak : 1728 K
Page Faults : 469
Pagefile Usage : 484 K
Pagefile Peak Usage : 560 K
File Attributes : A
==================================================
==================================================
Process Name : cmd.exe
ProcessID : 172
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.0 (xpclient.010817-1148)
Description : Windows Command Processor
Company : Microsoft Corporation
Window Title :
File Size : 375,808
File Created Date : 23/08/2001 10:00:00 ص
File Modified Date : 23/08/2001 10:00:00 ص
Filename : C:\WINDOWS\System32\cmd.exe
Base Address : 0x4AD00000
Created On : 01/01/2007 05:31:21 ص
Visible Windows : 0
Hidden Windows : 1
User Name : ELGHANDO-FQN4SI\ELmasry
Mem Usage : 1424 K
Mem Usage Peak : 1492 K
Page Faults : 407
Pagefile Usage : 1484 K
Pagefile Peak Usage : 1560 K
File Attributes : A
==================================================
==================================================
Process Name : wmiprvse.exe
ProcessID : 1092
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.0 (xpclient.010817-1148)
Description : WMI
Company : Microsoft Corporation
Window Title :
File Size : 203,264
File Created Date : 31/12/2006 10:32:23 م
File Modified Date : 23/08/2001 12:00:00 م
Filename : C:\WINDOWS\System32\wbem\wmiprvse.exe
Base Address : 0x01000000
Created On : 01/01/2007 05:31:22 ص
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 3768 K
Mem Usage Peak : 3768 K
Page Faults : 949
Pagefile Usage : 2272 K
Pagefile Peak Usage : 2272 K
File Attributes : A
==================================================
==================================================
Process Name : CProcess.exe
ProcessID : 1236
Priority : Normal
Product Name : CurrProcess
Version : 1.11
Description : CurrProcess
Company : NirSoft
Window Title :
File Size : 35,840
File Created Date : 01/01/2007 03:27:19 ص
File Modified Date : 14/07/2005 05:46:34 ص
Filename : C:\DOCUME~1\ELmasry\LOCALS~1\Temp\bntoz\CProcess.exe
Base Address : 0x00400000
Created On : 01/01/2007 05:31:22 ص
Visible Windows : 0
Hidden Windows : 0
User Name : ELGHANDO-FQN4SI\ELmasry
Mem Usage : 1936 K
Mem Usage Peak : 1952 K
Page Faults : 671
Pagefile Usage : 768 K
Pagefile Peak Usage : 768 K
File Attributes : A
==================================================
.
.
--------------------------\\\ End Report Of Running Processes ---------------
.
.
.
.
--------------------------\\\ Windows XP Startup List ---------------
.
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
autocheck autochk *
autocheck autochk *
Auto Check Utility
Microsoft Corporation
5.01.2600.0000
c:\windows\system32\autochk.exe
HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
rdpclip
rdpclip
RDP Clip Monitor
Microsoft Corporation
5.01.2600.0000
c:\windows\system32\rdpclip.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
userinit.exe
userinit.exe
Userinit Logon Application
Microsoft Corporation
5.01.2600.0000
c:\windows\system32\userinit.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\l
Explorer.exe
Explorer.exe
Windows Explorer
Microsoft Corporation
6.00.2600.0000
c:\windows\explorer.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IMJPMIG8.1
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
Microsoft IME
Microsoft Corporation
8.01.3201.0000
c:\windows\ime\imjp8_1\imjpmig.exe
PHIME2002ASync
C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
Intelligent IME version 2002a
Microsoft Corporation
5.02.0000.1815
c:\windows\system32\ime\tintlgnt\tintsetp.exe
PHIME2002A
C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
Intelligent IME version 2002a
Microsoft Corporation
5.02.0000.1815
c:\windows\system32\ime\tintlgnt\tintsetp.exe
igfxtray
C:\WINDOWS\System32\igfxtray.exe
igfxTray Module
Intel Corporation
3.00.0000.4436
c:\windows\system32\igfxtray.exe
igfxhkcmd
C:\WINDOWS\System32\hkcmd.exe
hkcmd Module
Intel Corporation
3.00.0000.4436
c:\windows\system32\hkcmd.exe
igfxpers
C:\WINDOWS\System32\igfxpers.exe
persistence Module
Intel Corporation
3.00.0000.4436
c:\windows\system32\igfxpers.exe
egui
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
Eset GUI
ESET
3.00.0621.0000
c:\program files\eset\eset nod32 antivirus\egui.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE
C:\WINDOWS\System32\ctfmon.exe
CTF Loader
Microsoft Corporation
5.01.2600.0000
c:\windows\system32\ctfmon.exe
MSMSGS
"C:\Program Files\Messenger\msmsgs.exe" /background
Messenger Client
Microsoft Corporation
4.00.0000.0155
c:\program files\messenger\msmsgs.exe
.
.
----------- End Report ---------------
هذا هو التقرير

زيزوووم · 14 فبراير 2008

لاهنت ياغالي ,,
اضغط هذه الملفات >>> المحدده باللون الاخضر
وارفعها هنا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

سعيد المصرى · 14 فبراير 2008

اقوم الان بحذف الفيروسات واكتشفت ان سبب رجوعها هوملف System Volume Information
وبداخله ملف باسم_restore{0657ACC9-40AE-4658-8789-8B979A171F85}
وبداخل هذا الملف ملف تيكست ولم استطع حذفه او التعديل عليه باسم change.log
وبداخله مكتوب الاتى
ü ïح« è \ D e v i c e \ H a r d d i s k V o l u m e 4 \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 0 6 5 7 A C C 9 - 4 0 A E - 4 6 5 8 - 8 7 8 9 - 8 B 9 7 9 A 1 7 1 F 8 5 } \ R P 4 \ c h a n g e . l o g ü † ïح« ] " \ a u t o r u n . i n f A U T O R U N . I N F † ؛ ïح« ^ 4 \ R e c y c l e d \ d e s k t o p . i n i " A 0 0 0 1 1 1 8 . i n i D E S K T O P . I N I ؛ z ïح« _ \ R e c y c l e d R E C Y C L E D z

زيزوووم · 14 فبراير 2008

ودي والله نساعدك

لكن نحتاج تعاونك معناا

زيزوومي جديد

توقيع : سعيد المصرى

زيزوومي جديد

توقيع : سعيد المصرى

زيزوومى مبدع

عضو شرف

توقيع : mezouari

زيزوومي جديد

توقيع : سعيد المصرى

عضوشرف

زيزوومي جديد

توقيع : سعيد المصرى

زيزوومي جديد

عضوشرف

زيزوومي جديد

توقيع : سعيد المصرى

زيزوومى فضى

زيزوومي جديد

توقيع : سعيد المصرى

زيزوومى فضى

زيزوومي جديد

توقيع : سعيد المصرى

عضوشرف

عضو شرف

زيزوومي جديد

توقيع : سعيد المصرى

عضو شرف

زيزوومي جديد

توقيع : سعيد المصرى

عضو شرف