فايروس autorun.inf انتشر في جهازي

اخواني لقد انتشر في جهازي فايروس AUTORUN.INF وفي جميع الدرايفرات وقمت بعمل فورمات للجهاز لدرايفر السي فقط ولم ينحذف الفايروس قمت بتركيب برنامج الحماية افاست الاصدار المنزلي ولم يكتشفه قمت بتركيب برنامج USB Disk Security الخاص بحماية الفلاش ولم يتغير اي شي امل مساعدتي وهذه صوره للمشكلة مع العلم ان النظام الذي هو عندي XP SP3




هذا تقرير هياجك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:13 ص, on 03/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth
Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\AvaFind\AvaFind.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\WIDCOMM\Bluetooth
Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727
\mscorsvw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\srvany.exe
C:\WINDOWS\KMService.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity
Solution\ServiceLayer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity
Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity
Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity
Solution\Transports\NclBCBTSrv.exe
C:\Program Files\Internet Download
Manager\IEMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend
Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection
Wizard,ShellNext = http://go.microsoft.com/fwlink/?
LinkId=74005
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Window Title = Microsoft Internet
Explorer
R3 - URLSearchHook: MessengerPlusLive Saudi Arabia
TB Toolbar - {f78a8f02-19ee-4de8-8ea7-6138e8b524f4}
- C:\Program
Files\MessengerPlusLive_Saudi_Arabia_TB\tbMes1.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-
17B458C2A3A8} - C:\Program Files\Internet Download
Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-
A596-FA578C2EBDC3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-
30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3
\Office14\GROOVEEX.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-
B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6
\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-
4ABF-8ECC-5164760863C6} - C:\Program Files\Common
Files\Microsoft Shared\Windows
Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-
BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14
\URLREDIR.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-
A1AD-4243D8127440} - C:\Program
Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044
-A445-435b-BC74-9C25C1C588A9} - C:\Program
Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-
4C07-BC86-EABFE594F69C} - C:\Program
Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: MessengerPlusLive Saudi Arabia TB Toolbar
- {f78a8f02-19ee-4de8-8ea7-6138e8b524f4} -
C:\Program
Files\MessengerPlusLive_Saudi_Arabia_TB\tbMes1.dll
O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-
4066-A1AD-4243D8127440} - C:\Program
Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: MessengerPlusLive Saudi Arabia TB
Toolbar - {f78a8f02-19ee-4de8-8ea7-6138e8b524f4} -
C:\Program
Files\MessengerPlusLive_Saudi_Arabia_TB\tbMes1.dll
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program
Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 9.0
\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program
Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [USB Antivirus] C:\Program
Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program
Files\Microsoft Office\Office14\BCSSync.exe"
/DelayServices
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1
\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32
\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet
Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [AvaFind] "C:\Program
Files\AvaFind\AvaFind.exe" /minimized
O4 - HKCU\..\Run: [RocketDock] "C:\Program
Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program
Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE]
C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL
SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32
/s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE]
C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK
SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32
/s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE]
C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32
/s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE]
C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32
/s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send to &Bluetooth
Device... - C:\Program Files\WIDCOMM\Bluetooth
Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet
Download Manager - C:\Program Files\Internet
Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet
Download Manager - C:\Program Files\Internet
Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet
Download Manager - C:\Program Files\Internet
Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-
AAA5-00401C608501} - C:\Program Files\Java\jre6
\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-
4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft
Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote -
{2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program
Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ملاحظات OneNote الم&رتبطة - {789FE86F-6FC4-
46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft
Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: ملاحظات OneNote الم&رتبطة -
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program
Files\Microsoft Office\Office14
\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-
82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-
BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.c
ab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5
-A672-00B0D022E945} - C:\Program Files\Common
Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: avast! iAVS4 Control Service
(aswUpdSv) - ALWIL Software - C:\Program Files\Alwil
Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software -
C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software
- C:\Program Files\Alwil Software\Avast4
\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software -
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) -
Broadcom Corporation. - C:\Program
Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Java Quick Starter
(JavaQuickStarterService) - Sun Microsystems, Inc. -
C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KMService - Unknown owner -
C:\WINDOWS\system32\srvany.exe
O23 - Service: ServiceLayer - Nokia - C:\Program
Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) -
SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service
(wltrysvc) - Unknown owner - C:\WINDOWS\System32
\WLTRYSVC.EXE
--
End of file - 9388 bytes


وهذا رابط التقرير الاخر

http://up-master.com/data/runscanner_125.rar

الثاني
http://up-master.com/data/hijackthis_9.rar

وفي انتظار الرد من الجميع ومشكور لكم








أكثر...