[تم الحل]الفيروسات جننتنى عاوزلها حل :(

[نسمهa 13]

السلام عليكــم ورحمـة الله وبركاتــة ،،

 

الحقينى يازمرده جهازى متلغم فيروسات

 

لقيته بقا تقيل والنت مبقاش راضى يفتح

 

والدنيا بقت بايظه خالص

 

فرحت عملتله اسكان ببرنامج Malwarebytes' Anti-Malware146

 

وبعدين عملتله اسكان ببرنامج افيرا انتى فيرس

 

بس مكنتش محدثه البرامج دى

 

عشان النت مكنش شغال

 

وبعدها الكمبيوتر بقا اخف من الاول وغيرت نسخة ويندوز واشتغل

 

النت بفضل الله

 

بس انا عارفه ان لسه فيه فيروسات تانيه

 

اعمل ايه الحقينى

 

على فكره انا بقالى شهور شغاله على الكمبيوتر من

 

غير انتى فيرس ودا اللى سبب الكارثه دى كلها :neutral:

[*زمـــردة* 59]

وعليكم السلام ورحمة الله وبركاته

 

حياكِ الله ياحبيبة

 

ماهذا الذى اسمعه؟

 

ومن من ؟ من نسومة ؟ لأ لااصدق جهازك بدون انتى فيرس شهور !!!

 

كدة برضو ياجميل يطلع منك الكلام ده

 

طيب شوفى بقا لأنى مضطرة اخرج الآن

 

اعملى تحديث للمالوير + تحديث للأفيرا

 

واعملى اسكان بس ببرنامج برنامج ماشى

 

بعد ماتخلصى خالص فضلاً اريد تقرير

 

وياريت تضعى لى تقرير قبل ماتستعملى البرنامجين

 

وتقرير بعد الاستعمال حتى نحدد إذا كانت هذه البرامج فعالة مع الفيرس أم لا؟

 

بانتظارك نسومة الحبيبة

 

بالتوفيق وموعدنا غداً بمشيئة الله

[نسمهa 13]

شفتى بقا اللى حصلى نتيجة اهمالى :(

 

لعله خير :(

 

جبتلك تقرير قبل التحديث وبااذن الله

 

بكره هحدثهم زى ماقلتى واجيبلك تقرير تانى

 

تفضل التقرير المبدئى وربنا يستر :(

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 02:04:23 م, on 01/01/2000

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Internet Download Manager\IDMan.exe

C:\Program Files\Internet Download Manager\IEMonitor.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

 

--

End of file - 2981 bytes

[نسمهa 13]

حبيبتى انا لسه انبارح مسطبه ويندوز جديد

 

فمكنتش لسه سطبت عليه برامج الا برنامج الياهو

 

ولقيت الصفحه دى خرجتلى ومش فاهمه ايه دى

[*زمـــردة* 59]

وعليكم السلام ورحمة الله وبركاته

 

حياكِ الله ياحبيبة

 

خير بإذن الله

 

بالنسبة للتقرير فليس هناك مشكلة به فقط بننتظر نتيجة المالوير

 

بالنسبة للصفحة ستجدى حلها هنا بإذن الله

 

https://akhawat.islamway.net/forum/index.ph...=245816&hl=

 

مشاركة رقم 20

 

بالتوفيق وبانتظارك

[نسمهa 13]

السلام عليكــم ورحمـة الله وبركاتــة ،،

 

حبيبتى اسفه على التأخير بس

 

النت جننى كل اما احاول احدث الانتى فيرس ميحدثوش

 

والحمد لله النهارده حدثت الافيرا وعملت بيه اسكان

 

طلعلى 15 فيرس

 

صورتلك نهاية الاسكان

 

 

ودوست على كلمة report اللى فى الصورة

 

فطلعتلى التقرير دا

 

 

 

Premium Security Suite

Report file date: 01 يناير, 2000 14:24

 

Scanning for 2963178 virus strains and unwanted programs.

 

The program is running as an unrestricted full version.

Online services are available:

 

Licensee : nesmat ali

Serial number : 2210841108-ISECE-0000001

Platform : Windows XP

Windows version : (Service Pack 2) [5.1.2600]

Boot mode : Normally booted

Username : SYSTEM

Computer name : COMPUMAGIC

 

Version information:

BUILD.DAT : 10.0.0.542 43194 Bytes 19/04/2010 15:06:00

AVSCAN.EXE : 10.0.3.0 433832 Bytes 01/04/2010 11:37:02

AVSCAN.DLL : 10.0.3.0 46440 Bytes 01/04/2010 11:57:02

LUKE.DLL : 10.0.2.3 104296 Bytes 07/03/2010 17:32:09

LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 22:40:44

VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 08:05:36

VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 18:27:49

VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 16:37:42

VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 15:37:42

VBASE004.VDF : 7.10.4.203 1579008 Bytes 05/03/2010 10:29:03

VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 11:31:00

VBASE006.VDF : 7.10.7.218 2294784 Bytes 02/06/2010 11:33:16

VBASE007.VDF : 7.10.9.165 4840960 Bytes 23/07/2010 11:40:40

VBASE008.VDF : 7.10.11.133 3454464 Bytes 13/09/2010 11:45:43

VBASE009.VDF : 7.10.11.134 2048 Bytes 13/09/2010 11:45:45

VBASE010.VDF : 7.10.11.135 2048 Bytes 13/09/2010 11:45:46

VBASE011.VDF : 7.10.11.136 2048 Bytes 13/09/2010 11:45:48

VBASE012.VDF : 7.10.11.137 2048 Bytes 13/09/2010 11:45:49

VBASE013.VDF : 7.10.11.165 172032 Bytes 15/09/2010 11:46:16

VBASE014.VDF : 7.10.11.202 144384 Bytes 18/09/2010 11:47:53

VBASE015.VDF : 7.10.11.231 129024 Bytes 21/09/2010 11:48:16

VBASE016.VDF : 7.10.12.4 126464 Bytes 23/09/2010 11:48:29

VBASE017.VDF : 7.10.12.38 146944 Bytes 27/09/2010 11:48:39

VBASE018.VDF : 7.10.12.64 133120 Bytes 29/09/2010 11:49:44

VBASE019.VDF : 7.10.12.99 134144 Bytes 01/10/2010 11:52:02

VBASE020.VDF : 7.10.12.122 131584 Bytes 05/10/2010 11:53:42

VBASE021.VDF : 7.10.12.148 119296 Bytes 07/10/2010 11:54:05

VBASE022.VDF : 7.10.12.175 142848 Bytes 11/10/2010 11:55:30

VBASE023.VDF : 7.10.12.198 131584 Bytes 13/10/2010 11:56:33

VBASE024.VDF : 7.10.12.216 133120 Bytes 14/10/2010 11:57:37

VBASE025.VDF : 7.10.12.238 137728 Bytes 18/10/2010 11:58:38

VBASE026.VDF : 7.10.12.254 129536 Bytes 20/10/2010 11:59:00

VBASE027.VDF : 7.10.13.22 137728 Bytes 22/10/2010 11:59:20

VBASE028.VDF : 7.10.13.23 2048 Bytes 22/10/2010 11:59:23

VBASE029.VDF : 7.10.13.24 2048 Bytes 22/10/2010 11:59:25

VBASE030.VDF : 7.10.13.25 2048 Bytes 22/10/2010 11:59:26

VBASE031.VDF : 7.10.13.27 12288 Bytes 22/10/2010 11:59:37

Engineversion : 8.2.4.84

AEVDF.DLL : 8.1.2.1 106868 Bytes 01/01/2000 12:15:47

AESCRIPT.DLL : 8.1.3.45 1368443 Bytes 01/01/2000 12:15:37

AESCN.DLL : 8.1.6.1 127347 Bytes 01/01/2000 12:15:03

AESBX.DLL : 8.1.3.1 254324 Bytes 01/01/2000 12:16:05

AERDL.DLL : 8.1.9.2 635252 Bytes 01/01/2000 12:14:58

AEPACK.DLL : 8.2.3.11 471416 Bytes 01/01/2000 12:13:53

AEOFFICE.DLL : 8.1.1.8 201081 Bytes 01/01/2000 12:13:05

AEHEUR.DLL : 8.1.2.36 2974072 Bytes 01/01/2000 12:12:55

AEHELP.DLL : 8.1.14.0 246134 Bytes 01/01/2000 12:03:03

AEGEN.DLL : 8.1.3.23 401779 Bytes 01/01/2000 12:02:29

AEEMU.DLL : 8.1.2.0 393588 Bytes 01/01/2000 12:01:16

AECORE.DLL : 8.1.17.0 196982 Bytes 01/01/2000 12:01:03

AEBB.DLL : 8.1.1.0 53618 Bytes 01/01/2000 12:00:51

AVWINLL.DLL : 10.0.0.0 19304 Bytes 14/01/2010 11:02:28

AVPREF.DLL : 10.0.0.0 44904 Bytes 14/01/2010 11:02:23

AVREP.DLL : 10.0.0.8 62209 Bytes 18/02/2010 15:47:40

AVREG.DLL : 10.0.3.0 53096 Bytes 01/04/2010 11:35:28

AVSCPLR.DLL : 10.0.3.0 83816 Bytes 01/04/2010 11:39:33

AVARKT.DLL : 10.0.0.14 227176 Bytes 01/04/2010 11:21:44

AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26/01/2010 08:52:23

SQLITE3.DLL : 3.6.19.0 355688 Bytes 28/01/2010 11:57:05

AVSMTP.DLL : 10.0.0.17 63848 Bytes 16/03/2010 14:38:38

NETNT.DLL : 10.0.0.0 11624 Bytes 19/02/2010 13:40:04

RCIMAGE.DLL : 10.0.0.32 2899304 Bytes 01/04/2010 11:57:19

RCTEXT.DLL : 10.0.53.0 97128 Bytes 09/04/2010 13:14:22

 

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:, D:,

Process scan........................: on

Extended process scan...............: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

 

Start of the scan: 01 يناير, 2000 14:24

 

Starting search for hidden objects.

 

The scan of running processes will be started

Scan process 'rsmsink.exe' - '28' Module(s) have been scanned

Scan process 'msdtc.exe' - '41' Module(s) have been scanned

Scan process 'dllhost.exe' - '59' Module(s) have been scanned

Scan process 'dllhost.exe' - '46' Module(s) have been scanned

Scan process 'vssvc.exe' - '49' Module(s) have been scanned

Scan process 'avscan.exe' - '66' Module(s) have been scanned

Scan process 'avcenter.exe' - '82' Module(s) have been scanned

Scan process 'avmailc.exe' - '40' Module(s) have been scanned

Scan process 'alg.exe' - '35' Module(s) have been scanned

Scan process 'AVWEBGRD.EXE' - '35' Module(s) have been scanned

Scan process 'avshadow.exe' - '27' Module(s) have been scanned

Scan process 'avguard.exe' - '75' Module(s) have been scanned

Scan process 'avfwsvc.exe' - '54' Module(s) have been scanned

Scan process 'ymsgr_tray.exe' - '28' Module(s) have been scanned

Scan process 'acacao.exe' - '5' Module(s) have been scanned

Scan process 'ctfmon.exe' - '24' Module(s) have been scanned

Scan process 'avgnt.exe' - '62' Module(s) have been scanned

Scan process 'realsched.exe' - '26' Module(s) have been scanned

Scan process 'hkcmd.exe' - '29' Module(s) have been scanned

Scan process 'igfxtray.exe' - '26' Module(s) have been scanned

Scan process 'sched.exe' - '56' Module(s) have been scanned

Scan process 'spoolsv.exe' - '51' Module(s) have been scanned

Scan process 'Explorer.EXE' - '73' Module(s) have been scanned

Scan process 'svchost.exe' - '46' Module(s) have been scanned

Scan process 'svchost.exe' - '32' Module(s) have been scanned

Scan process 'svchost.exe' - '152' Module(s) have been scanned

Scan process 'svchost.exe' - '40' Module(s) have been scanned

Scan process 'svchost.exe' - '53' Module(s) have been scanned

Scan process 'lsass.exe' - '60' Module(s) have been scanned

Scan process 'services.exe' - '44' Module(s) have been scanned

Scan process 'winlogon.exe' - '60' Module(s) have been scanned

Scan process 'csrss.exe' - '14' Module(s) have been scanned

Scan process 'smss.exe' - '2' Module(s) have been scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

 

Starting to scan executable files (registry).

The registry was scanned ( '328' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\Documents and Settings\Administrator\Local Settings\Temp\ccccid.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

Begin scan in 'D:\' <منوعات>

D:\PROGRAMS\بنامج قفل الملفات برقم سرى\lockfolderxpv3.5patchtsrh.zip

[0] Archive type: ZIP

[DETECTION] Is the TR/Horse.HZW Trojan

--> patch.exe

[DETECTION] Is the TR/Horse.HZW Trojan

D:\System Volume Information\_restore{091756AF-7AF7-41DC-B4CA-B385A6EB0F43}\RP38\A0159799.exe

[DETECTION] Contains recognition pattern of the WORM/Agent.143872 worm

D:\System Volume Information\_restore{92085F4B-C967-4ED0-8249-F29B1A15A10F}\RP15\A0031073.exe

[DETECTION] Is the TR/Crypt.PEPM.Gen Trojan

D:\System Volume Information\_restore{FA1F59D0-CB94-4390-AF53-9FDD3625BF0D}\RP20\A0010875.dll

[DETECTION] Is the TR/Vapsup.abcs Trojan

D:\System Volume Information\_restore{FA1F59D0-CB94-4390-AF53-9FDD3625BF0D}\RP20\A0011696.EXE

[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan

D:\System Volume Information\_restore{FA1F59D0-CB94-4390-AF53-9FDD3625BF0D}\RP20\A0011702.EXE

[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan

D:\System Volume Information\_restore{FA1F59D0-CB94-4390-AF53-9FDD3625BF0D}\RP20\A0011819.EXE

[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan

D:\System Volume Information\_restore{FA1F59D0-CB94-4390-AF53-9FDD3625BF0D}\RP20\A0011821.EXE

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

D:\System Volume Information\_restore{FA1F59D0-CB94-4390-AF53-9FDD3625BF0D}\RP20\A0011824.EXE

[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan

D:\System Volume Information\_restore{FA1F59D0-CB94-4390-AF53-9FDD3625BF0D}\RP20\A0011830.EXE

[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan

D:\System Volume Information\_restore{FA1F59D0-CB94-4390-AF53-9FDD3625BF0D}\RP20\A0011850.EXE

[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan

D:\System Volume Information\_restore{FA1F59D0-CB94-4390-AF53-9FDD3625BF0D}\RP20\A0011852.EXE

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

D:\العاب\الالعاب الحلوه\Feeding Frenzy 2\PopUninstall.exe

[DETECTION] Is the TR/Agent.143360.CB Trojan

D:\العاب\العاب احمد\Red Alert2\RA2.EXE

[DETECTION] Is the TR/Dldr.Agent.edgk Trojan

 

Beginning disinfection:

D:\العاب\العاب احمد\Red Alert2\RA2.EXE

[DETECTION] Is the TR/Dldr.Agent.edgk Trojan

[NOTE] The file was moved to the quarantine directory under the name '32015969.qua'.

D:\العاب\الالعاب الحلوه\Feeding Frenzy 2\PopUninstall.exe

[DETECTION] Is the TR/Agent.143360.CB Trojan

[NOTE] The file was moved to the quarantine directory under the name '2ad4751d.qua'.

D:\System Volume Information\_restore{FA1F59D0-CB94-4390-AF53-9FDD3625BF0D}\RP20\A0011852.EXE

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '78cb2c36.qua'.

D:\System Volume Information\_restore{FA1F59D0-CB94-4390-AF53-9FDD3625BF0D}\RP20\A0011850.EXE

[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan

[NOTE] The file was moved to the quarantine directory under the name '1efc63f4.qua'.

D:\System Volume Information\_restore{FA1F59D0-CB94-4390-AF53-9FDD3625BF0D}\RP20\A0011830.EXE

[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan

[NOTE] The file was moved to the quarantine directory under the name '5b784eca.qua'.

D:\System Volume Information\_restore{FA1F59D0-CB94-4390-AF53-9FDD3625BF0D}\RP20\A0011824.EXE

[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan

[NOTE] The file was moved to the quarantine directory under the name '24637cab.qua'.

D:\System Volume Information\_restore{FA1F59D0-CB94-4390-AF53-9FDD3625BF0D}\RP20\A0011821.EXE

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '68db50e0.qua'.

D:\System Volume Information\_restore{FA1F59D0-CB94-4390-AF53-9FDD3625BF0D}\RP20\A0011819.EXE

[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan

[NOTE] The file was moved to the quarantine directory under the name '14c310b0.qua'.

D:\System Volume Information\_restore{FA1F59D0-CB94-4390-AF53-9FDD3625BF0D}\RP20\A0011702.EXE

[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan

[NOTE] The file was moved to the quarantine directory under the name '39993ffd.qua'.

D:\System Volume Information\_restore{FA1F59D0-CB94-4390-AF53-9FDD3625BF0D}\RP20\A0011696.EXE

[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan

[NOTE] The file was moved to the quarantine directory under the name '20f10467.qua'.

D:\System Volume Information\_restore{FA1F59D0-CB94-4390-AF53-9FDD3625BF0D}\RP20\A0010875.dll

[DETECTION] Is the TR/Vapsup.abcs Trojan

[NOTE] The file was moved to the quarantine directory under the name '4cad2857.qua'.

D:\System Volume Information\_restore{92085F4B-C967-4ED0-8249-F29B1A15A10F}\RP15\A0031073.exe

[DETECTION] Is the TR/Crypt.PEPM.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '3d1411c2.qua'.

D:\System Volume Information\_restore{091756AF-7AF7-41DC-B4CA-B385A6EB0F43}\RP38\A0159799.exe

[DETECTION] Contains recognition pattern of the WORM/Agent.143872 worm

[NOTE] The file was moved to the quarantine directory under the name '330d2105.qua'.

D:\PROGRAMS\بنامج قفل الملفات برقم سرى\lockfolderxpv3.5patchtsrh.zip

[DETECTION] Is the TR/Horse.HZW Trojan

[NOTE] The file was moved to the quarantine directory under the name '766a5b87.qua'.

C:\Documents and Settings\Administrator\Local Settings\Temp\ccccid.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '7f615f27.qua'.

 

 

End of the scan: 01 يناير, 2000 15:14

Used time: 49:41 Minute(s)

 

The scan has been done completely.

 

2002 Scanned directories

257925 Files were scanned

15 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

15 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

257910 Files not concerned

1495 Archives were scanned

0 Warnings

15 Notes

137561 Objects were scanned with rootkit scan

0 Hidden objects were found

 

==========

 

بالنسبه لبرنامج المالوير

 

لسه محدثتوش

 

فربنا ييسر وهحدثه واعمل بيه اسكان

[نسمهa 13]

السلام عليكــم ورحمـة الله وبركاتــة ،،

 

حبيبتى اسفه على التأخير بس

 

النت جننى كل اما احاول احدث الانتى فيرس ميحدثوش

 

والحمد لله النهارده حدثت الافيرا وعملت بيه اسكان

 

طلعلى 15 فيرس

 

صورتلك نهاية الاسكان

 

 

ودوست على كلمة report اللى فى الصورة

 

فطلعتلى التقرير دا

 

 

 

Premium Security Suite

Report file date: 01 يناير, 2000 14:24

 

Scanning for 2963178 virus strains and unwanted programs.

 

The program is running as an unrestricted full version.

Online services are available:

 

Licensee : nesmat ali

Serial number : 2210841108-ISECE-0000001

Platform : Windows XP

Windows version : (Service Pack 2) [5.1.2600]

Boot mode : Normally booted

Username : SYSTEM

Computer name : COMPUMAGIC

 

Version information:

BUILD.DAT : 10.0.0.542 43194 Bytes 19/04/2010 15:06:00

AVSCAN.EXE : 10.0.3.0 433832 Bytes 01/04/2010 11:37:02

AVSCAN.DLL : 10.0.3.0 46440 Bytes 01/04/2010 11:57:02

LUKE.DLL : 10.0.2.3 104296 Bytes 07/03/2010 17:32:09

LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 22:40:44

VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 08:05:36

VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 18:27:49

VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 16:37:42

VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 15:37:42

VBASE004.VDF : 7.10.4.203 1579008 Bytes 05/03/2010 10:29:03

VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 11:31:00

VBASE006.VDF : 7.10.7.218 2294784 Bytes 02/06/2010 11:33:16

VBASE007.VDF : 7.10.9.165 4840960 Bytes 23/07/2010 11:40:40

VBASE008.VDF : 7.10.11.133 3454464 Bytes 13/09/2010 11:45:43

VBASE009.VDF : 7.10.11.134 2048 Bytes 13/09/2010 11:45:45

VBASE010.VDF : 7.10.11.135 2048 Bytes 13/09/2010 11:45:46

VBASE011.VDF : 7.10.11.136 2048 Bytes 13/09/2010 11:45:48

VBASE012.VDF : 7.10.11.137 2048 Bytes 13/09/2010 11:45:49

VBASE013.VDF : 7.10.11.165 172032 Bytes 15/09/2010 11:46:16

VBASE014.VDF : 7.10.11.202 144384 Bytes 18/09/2010 11:47:53

VBASE015.VDF : 7.10.11.231 129024 Bytes 21/09/2010 11:48:16

VBASE016.VDF : 7.10.12.4 126464 Bytes 23/09/2010 11:48:29

VBASE017.VDF : 7.10.12.38 146944 Bytes 27/09/2010 11:48:39

VBASE018.VDF : 7.10.12.64 133120 Bytes 29/09/2010 11:49:44

VBASE019.VDF : 7.10.12.99 134144 Bytes 01/10/2010 11:52:02

VBASE020.VDF : 7.10.12.122 131584 Bytes 05/10/2010 11:53:42

VBASE021.VDF : 7.10.12.148 119296 Bytes 07/10/2010 11:54:05

VBASE022.VDF : 7.10.12.175 142848 Bytes 11/10/2010 11:55:30

VBASE023.VDF : 7.10.12.198 131584 Bytes 13/10/2010 11:56:33

VBASE024.VDF : 7.10.12.216 133120 Bytes 14/10/2010 11:57:37

VBASE025.VDF : 7.10.12.238 137728 Bytes 18/10/2010 11:58:38

VBASE026.VDF : 7.10.12.254 129536 Bytes 20/10/2010 11:59:00

VBASE027.VDF : 7.10.13.22 137728 Bytes 22/10/2010 11:59:20

VBASE028.VDF : 7.10.13.23 2048 Bytes 22/10/2010 11:59:23

VBASE029.VDF : 7.10.13.24 2048 Bytes 22/10/2010 11:59:25

VBASE030.VDF : 7.10.13.25 2048 Bytes 22/10/2010 11:59:26

VBASE031.VDF : 7.10.13.27 12288 Bytes 22/10/2010 11:59:37

Engineversion : 8.2.4.84

AEVDF.DLL : 8.1.2.1 106868 Bytes 01/01/2000 12:15:47

AESCRIPT.DLL : 8.1.3.45 1368443 Bytes 01/01/2000 12:15:37

AESCN.DLL : 8.1.6.1 127347 Bytes 01/01/2000 12:15:03

AESBX.DLL : 8.1.3.1 254324 Bytes 01/01/2000 12:16:05

AERDL.DLL : 8.1.9.2 635252 Bytes 01/01/2000 12:14:58

AEPACK.DLL : 8.2.3.11 471416 Bytes 01/01/2000 12:13:53

AEOFFICE.DLL : 8.1.1.8 201081 Bytes 01/01/2000 12:13:05

AEHEUR.DLL : 8.1.2.36 2974072 Bytes 01/01/2000 12:12:55

AEHELP.DLL : 8.1.14.0 246134 Bytes 01/01/2000 12:03:03

AEGEN.DLL : 8.1.3.23 401779 Bytes 01/01/2000 12:02:29

AEEMU.DLL : 8.1.2.0 393588 Bytes 01/01/2000 12:01:16

AECORE.DLL : 8.1.17.0 196982 Bytes 01/01/2000 12:01:03

AEBB.DLL : 8.1.1.0 53618 Bytes 01/01/2000 12:00:51

AVWINLL.DLL : 10.0.0.0 19304 Bytes 14/01/2010 11:02:28

AVPREF.DLL : 10.0.0.0 44904 Bytes 14/01/2010 11:02:23

AVREP.DLL : 10.0.0.8 62209 Bytes 18/02/2010 15:47:40

AVREG.DLL : 10.0.3.0 53096 Bytes 01/04/2010 11:35:28

AVSCPLR.DLL : 10.0.3.0 83816 Bytes 01/04/2010 11:39:33

AVARKT.DLL : 10.0.0.14 227176 Bytes 01/04/2010 11:21:44

AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26/01/2010 08:52:23

SQLITE3.DLL : 3.6.19.0 355688 Bytes 28/01/2010 11:57:05

AVSMTP.DLL : 10.0.0.17 63848 Bytes 16/03/2010 14:38:38

NETNT.DLL : 10.0.0.0 11624 Bytes 19/02/2010 13:40:04

RCIMAGE.DLL : 10.0.0.32 2899304 Bytes 01/04/2010 11:57:19

RCTEXT.DLL : 10.0.53.0 97128 Bytes 09/04/2010 13:14:22

 

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:, D:,

Process scan........................: on

Extended process scan...............: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

 

Start of the scan: 01 يناير, 2000 14:24

 

Starting search for hidden objects.

 

The scan of running processes will be started

Scan process 'rsmsink.exe' - '28' Module(s) have been scanned

Scan process 'msdtc.exe' - '41' Module(s) have been scanned

Scan process 'dllhost.exe' - '59' Module(s) have been scanned

Scan process 'dllhost.exe' - '46' Module(s) have been scanned

Scan process 'vssvc.exe' - '49' Module(s) have been scanned

Scan process 'avscan.exe' - '66' Module(s) have been scanned

Scan process 'avcenter.exe' - '82' Module(s) have been scanned

Scan process 'avmailc.exe' - '40' Module(s) have been scanned

Scan process 'alg.exe' - '35' Module(s) have been scanned

Scan process 'AVWEBGRD.EXE' - '35' Module(s) have been scanned

Scan process 'avshadow.exe' - '27' Module(s) have been scanned

Scan process 'avguard.exe' - '75' Module(s) have been scanned

Scan process 'avfwsvc.exe' - '54' Module(s) have been scanned

Scan process 'ymsgr_tray.exe' - '28' Module(s) have been scanned

Scan process 'acacao.exe' - '5' Module(s) have been scanned

Scan process 'ctfmon.exe' - '24' Module(s) have been scanned

Scan process 'avgnt.exe' - '62' Module(s) have been scanned

Scan process 'realsched.exe' - '26' Module(s) have been scanned

Scan process 'hkcmd.exe' - '29' Module(s) have been scanned

Scan process 'igfxtray.exe' - '26' Module(s) have been scanned

Scan process 'sched.exe' - '56' Module(s) have been scanned

Scan process 'spoolsv.exe' - '51' Module(s) have been scanned

Scan process 'Explorer.EXE' - '73' Module(s) have been scanned

Scan process 'svchost.exe' - '46' Module(s) have been scanned

Scan process 'svchost.exe' - '32' Module(s) have been scanned

Scan process 'svchost.exe' - '152' Module(s) have been scanned

Scan process 'svchost.exe' - '40' Module(s) have been scanned

Scan process 'svchost.exe' - '53' Module(s) have been scanned

Scan process 'lsass.exe' - '60' Module(s) have been scanned

Scan process 'services.exe' - '44' Module(s) have been scanned

Scan process 'winlogon.exe' - '60' Module(s) have been scanned

Scan process 'csrss.exe' - '14' Module(s) have been scanned

Scan process 'smss.exe' - '2' Module(s) have been scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

 

Starting to scan executable files (registry).

The registry was scanned ( '328' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\Documents and Settings\Administrator\Local Settings\Temp\ccccid.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

Begin scan in 'D:\' <منوعات>

D:\PROGRAMS\بنامج قفل الملفات برقم سرى\lockfolderxpv3.5patchtsrh.zip

[0] Archive type: ZIP

[DETECTION] Is the TR/Horse.HZW Trojan

--> patch.exe

[DETECTION] Is the TR/Horse.HZW Trojan

D:\System Volume Information\_restore{091756AF-7AF7-41DC-B4CA-B385A6EB0F43}\RP38\A0159799.exe

[DETECTION] Contains recognition pattern of the WORM/Agent.143872 worm

D:\System Volume Information\_restore{92085F4B-C967-4ED0-8249-F29B1A15A10F}\RP15\A0031073.exe

[DETECTION] Is the TR/Crypt.PEPM.Gen Trojan

D:\System Volume Information\_restore{FA1F59D0-CB94-4390-AF53-9FDD3625BF0D}\RP20\A0010875.dll

[DETECTION] Is the TR/Vapsup.abcs Trojan

D:\System Volume Information\_restore{FA1F59D0-CB94-4390-AF53-9FDD3625BF0D}\RP20\A0011696.EXE

[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan

D:\System Volume Information\_restore{FA1F59D0-CB94-4390-AF53-9FDD3625BF0D}\RP20\A0011702.EXE

[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan

D:\System Volume Information\_restore{FA1F59D0-CB94-4390-AF53-9FDD3625BF0D}\RP20\A0011819.EXE

[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan

D:\System Volume Information\_restore{FA1F59D0-CB94-4390-AF53-9FDD3625BF0D}\RP20\A0011821.EXE

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

D:\System Volume Information\_restore{FA1F59D0-CB94-4390-AF53-9FDD3625BF0D}\RP20\A0011824.EXE

[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan

D:\System Volume Information\_restore{FA1F59D0-CB94-4390-AF53-9FDD3625BF0D}\RP20\A0011830.EXE

[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan

D:\System Volume Information\_restore{FA1F59D0-CB94-4390-AF53-9FDD3625BF0D}\RP20\A0011850.EXE

[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan

D:\System Volume Information\_restore{FA1F59D0-CB94-4390-AF53-9FDD3625BF0D}\RP20\A0011852.EXE

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

D:\العاب\الالعاب الحلوه\Feeding Frenzy 2\PopUninstall.exe

[DETECTION] Is the TR/Agent.143360.CB Trojan

D:\العاب\العاب احمد\Red Alert2\RA2.EXE

[DETECTION] Is the TR/Dldr.Agent.edgk Trojan

 

Beginning disinfection:

D:\العاب\العاب احمد\Red Alert2\RA2.EXE

[DETECTION] Is the TR/Dldr.Agent.edgk Trojan

[NOTE] The file was moved to the quarantine directory under the name '32015969.qua'.

D:\العاب\الالعاب الحلوه\Feeding Frenzy 2\PopUninstall.exe

[DETECTION] Is the TR/Agent.143360.CB Trojan

[NOTE] The file was moved to the quarantine directory under the name '2ad4751d.qua'.

D:\System Volume Information\_restore{FA1F59D0-CB94-4390-AF53-9FDD3625BF0D}\RP20\A0011852.EXE

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '78cb2c36.qua'.

D:\System Volume Information\_restore{FA1F59D0-CB94-4390-AF53-9FDD3625BF0D}\RP20\A0011850.EXE

[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan

[NOTE] The file was moved to the quarantine directory under the name '1efc63f4.qua'.

D:\System Volume Information\_restore{FA1F59D0-CB94-4390-AF53-9FDD3625BF0D}\RP20\A0011830.EXE

[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan

[NOTE] The file was moved to the quarantine directory under the name '5b784eca.qua'.

D:\System Volume Information\_restore{FA1F59D0-CB94-4390-AF53-9FDD3625BF0D}\RP20\A0011824.EXE

[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan

[NOTE] The file was moved to the quarantine directory under the name '24637cab.qua'.

D:\System Volume Information\_restore{FA1F59D0-CB94-4390-AF53-9FDD3625BF0D}\RP20\A0011821.EXE

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '68db50e0.qua'.

D:\System Volume Information\_restore{FA1F59D0-CB94-4390-AF53-9FDD3625BF0D}\RP20\A0011819.EXE

[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan

[NOTE] The file was moved to the quarantine directory under the name '14c310b0.qua'.

D:\System Volume Information\_restore{FA1F59D0-CB94-4390-AF53-9FDD3625BF0D}\RP20\A0011702.EXE

[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan

[NOTE] The file was moved to the quarantine directory under the name '39993ffd.qua'.

D:\System Volume Information\_restore{FA1F59D0-CB94-4390-AF53-9FDD3625BF0D}\RP20\A0011696.EXE

[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan

[NOTE] The file was moved to the quarantine directory under the name '20f10467.qua'.

D:\System Volume Information\_restore{FA1F59D0-CB94-4390-AF53-9FDD3625BF0D}\RP20\A0010875.dll

[DETECTION] Is the TR/Vapsup.abcs Trojan

[NOTE] The file was moved to the quarantine directory under the name '4cad2857.qua'.

D:\System Volume Information\_restore{92085F4B-C967-4ED0-8249-F29B1A15A10F}\RP15\A0031073.exe

[DETECTION] Is the TR/Crypt.PEPM.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '3d1411c2.qua'.

D:\System Volume Information\_restore{091756AF-7AF7-41DC-B4CA-B385A6EB0F43}\RP38\A0159799.exe

[DETECTION] Contains recognition pattern of the WORM/Agent.143872 worm

[NOTE] The file was moved to the quarantine directory under the name '330d2105.qua'.

D:\PROGRAMS\بنامج قفل الملفات برقم سرى\lockfolderxpv3.5patchtsrh.zip

[DETECTION] Is the TR/Horse.HZW Trojan

[NOTE] The file was moved to the quarantine directory under the name '766a5b87.qua'.

C:\Documents and Settings\Administrator\Local Settings\Temp\ccccid.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '7f615f27.qua'.

 

 

End of the scan: 01 يناير, 2000 15:14

Used time: 49:41 Minute(s)

 

The scan has been done completely.

 

2002 Scanned directories

257925 Files were scanned

15 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

15 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

257910 Files not concerned

1495 Archives were scanned

0 Warnings

15 Notes

137561 Objects were scanned with rootkit scan

0 Hidden objects were found

 

==========

 

بالنسبه لبرنامج المالوير

 

لسه محدثتوش

 

فربنا ييسر وهحدثه واعمل بيه اسكان

[نسمهa 13]

حبيبتى عملت تقرير بعد ماعملت اسكان بالافيرا

 

دا التقرير

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 03:54:08 م, on 01/01/2000

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\acacao.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\K-Lite Codec Pack\Real\rpbrowserrecordplugin.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [bluetooth] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\acacao.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O23 - Service: Avira FireWall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe

O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

 

--

End of file - 3641 bytes

 

 

 

=======

 

طمنينى :mrgreen:

[*زمـــردة* 59]

وعليكم السلام ورحمة الله وبركاته

 

حياكِ الله ياحبيبة

 

خير بإذن الله

 

كتير كدة نسومة 15 مرة واحدة : (

 

فى قيمتين فى التقرير لكن سنتركهم للمالوير هو يقوم بالواجب

 

بعد انتهاء الفحص ارفقى لى تقرير المالوير

 

 

بالتوفيق وبانتظارك

[نسمهa 13]

دا تالت تسطيب اعمله

 

قبل كدا عملت تسطيب قبل مااحدث البرنامج

 

طلعلى حوالى 36 فيرس :(

 

والمالوير كان طلع حوالى 18

 

والله المستعان

 

========

 

اسفه ياحبيبه على تكرار المشاركات

 

بس والله جات غصب عنى

 

حبيبتى انا حطتلك تقرير الافيرا

 

وتقرير بـ HijackThis

 

عشان خفتك تفتكرى ان المشاركات مكرره

 

فمتاخديش بالك من التقرير التانى :)

 

هحدث بااذن الله المالوير واعمل بيه اسكان وربنا ييسر

[*زمـــردة* 59]

ولا يهمك نسومة

 

المنتدى اليوم عمال يكرر فى المشاركات : )

 

الله ييسر الأحوال ويضبط بإذن الله

 

طيب معلش عارفة هتتعبى شوية لكن بإذن الله بعد ماتخلصى عالفيروسات ستشعرين بالانجاز

 

فقط لدى معلومة مهمة حبيت اقولها لك بما إنك كل ماتعملى فحص تلاقى فيروسات تانى

 

أثناء عمل السكان على الجهاز لاندخل أى برتيشن ولا نفتح اى برنامج المتاح لنا فى هذا الوقت النت فقط

 

وذلك حتى لاينتقل الفيرس اثناء فتحنا أى برتيشن بعد تنظيفه

 

بعد انتهاء الفحص ارفقى لى تقرير المالوير

 

بانتظارك

[نسمهa 13]

حاضر ياحبيبه

 

هنفذ اللى قلتى عليه بااذن الله وربنا ييسر يارب

[نسمهa 13]

حبيبتى جيت احدث المالوير النت كان ضعيف

 

فعملت بيه اسكان من غير تحديث فظهرلى دا

[*زمـــردة* 59]

حبيبتى جيت احدث المالوير النت كان ضعيف

 

فعملت بيه اسكان من غير تحديث فظهرلى دا

ماالذى ظهرنسومة؟

 

مش واضح شىء بانتظارك

[نسمهa 13]

ماالذى ظهرنسومة؟

 

مش واضح شىء بانتظارك

 

لا لا خلاص دى حاجه وراحت لحالها ههههه

 

==========

 

انا حدثت المالوير

 

وعملت بيه اسكان بـ perform quick scan

 

و بـ perform full scan

 

وبـــ perform flash scan

 

وهضع لكى التقارير لكل واحد منهم فى مشاركة مستقله بالترتيب بااذن الله تعالى

[نسمهa 13]

اولا لما عملت اسكان بــ perform quick scan

 

دى الملفات الخبيثه اللى وجدتها

 

 

 

ودا التقرير

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Database version: 4949

 

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

 

01/01/2000 01:07:59 م

mbam-log-2000-01-01 (13-07-59).txt

 

Scan type: Quick scan

Objects scanned: 130554

Time elapsed: 12 minute(s), 43 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

[نسمهa 13]

ثانيا

 

لما عملت اسكان بـ perform full scan

 

ظهرلى الملفات الخبيثه دى

 

 

 

ودا التقرير

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Database version: 4949

 

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

 

01/01/2000 02:00:51 م

mbam-log-2000-01-01 (14-00-51).txt

 

Scan type: Full scan (C:\|D:\|)

Objects scanned: 165330

Time elapsed: 47 minute(s), 34 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

D:\PROGRAMS\المالوير كامل\malwarebytes' anti-malware patch.exe (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.

[نسمهa 13]

ثالثا

 

لما عملت اسكان بــperform flash scan

 

ظهرلى دا

 

 

ودا التقرير

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Database version: 4949

 

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

 

01/01/2000 02:06:07 م

mbam-log-2000-01-01 (14-06-07).txt

 

Scan type: Flash scan

Objects scanned: 103203

Time elapsed: 1 minute(s), 35 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

[نسمهa 13]

دلوقت بااذن الله ههجيب بقا تقرير على الجهاز كله ببرنامج

 

HijackThis

[نسمهa 13]

دا التقرير على الجهاز كله

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 02:34:42 م, on 01/01/2000

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\acacao.exe

C:\Program Files\Internet Download Manager\IDMan.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Download Manager\IEMonitor.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [stormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [bluetooth] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\acacao.exe

O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

 

--

End of file - 3675 bytes

[*زمـــردة* 59]

اولا لما عملت اسكان بــ perform quick scan

 

دى الملفات الخبيثه اللى وجدتها

 

 

 

ودا التقرير

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Database version: 4949

 

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

 

01/01/2000 01:07:59 م

mbam-log-2000-01-01 (13-07-59).txt

 

Scan type: Quick scan

Objects scanned: 130554

Time elapsed: 12 minute(s), 43 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

حياكِ الله نسومة

 

الحمد لله التقارير نظيفة مابها شىء

 

هذا التقرير مثلاً هو بيعتبر غلق تحديث الويندوز مش تمام وستجدى إن علامة التحديث الصفراء ظهرت عندك بجانب الساعة

 

كذلك ستجدى علامة الفايروول الحمراء ظاهرة ايضاً لذلك لاتقلقى من هذا التقرير ويمكنكِ غلقهما مرة اخرى.

[*زمـــردة* 59]

ثانيا

 

لما عملت اسكان بـ perform full scan

 

ظهرلى الملفات الخبيثه دى

 

 

 

ودا التقرير

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Database version: 4949

 

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

 

01/01/2000 02:00:51 م

mbam-log-2000-01-01 (14-00-51).txt

 

Scan type: Full scan (C:\|D:\|)

Objects scanned: 165330

Time elapsed: 47 minute(s), 34 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

D:\PROGRAMS\المالوير كامل\malwarebytes' anti-malware patch.exe (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.

هنا الحمد لله مافى سوى باتش المالوير طبعاً بيتعامل معاه كأى باتش : )

[*زمـــردة* 59]

ثالثا

 

لما عملت اسكان بــperform flash scan

 

ظهرلى دا

 

 

ودا التقرير

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Database version: 4949

 

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

 

01/01/2000 02:06:07 م

mbam-log-2000-01-01 (14-06-07).txt

 

Scan type: Flash scan

Objects scanned: 103203

Time elapsed: 1 minute(s), 35 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

طيب هنا هل ركبتى فلاشة فى الجهاز ؟

 

لأن هذا الخيار لفحص الفلاشة

 

إذا نعم فبتكون الفلاشة كدة تمام ونظيفة

 

وإذا لاياجميل يبقى لازم توصلى الفلاشة وتعملى سكان بهذا الخيار

[*زمـــردة* 59]

بالنسبة لتقرير الهايجاك فليس به شىء

 

الآن هل هناك اى مشكلة تواجهك على الجهاز

 

أى مشكلة حتى ولو بسيطة اكتبيها حتى نفكر فى الخطوة الجديدة

 

بانتظارك بارك الله فيكِ

[نسمهa 13]

اولا جزاكى جزاكى جزاكى الله خيرا

 

وربنا يكرمك يارب

 

والحمد لله انى اخيرا تخلصت من الفيروسات دى

 

بجد كانت مجننانى

 

طيب هنا هل ركبتى فلاشة فى الجهاز ؟

 

لا مكنتش مركباها عشان مكنتش اعرف

 

ان الاختيار دا معناه غحص الفلاشه

 

معلش اختك جاهله :mrgreen:

 

الآن هل هناك اى مشكلة تواجهك على الجهاز

 

أى مشكلة حتى ولو بسيطة اكتبيها حتى نفكر فى الخطوة الجديدة

 

بانتظارك بارك الله فيكِ

 

الحمد لله ياحبيبتى بفضل الله ثم بفضلك

 

معدش عندى اى مشكله الحمد لله يارب

 

جزاكى الله خيراا

 

ربنا يكرمك يارب

 

========

 

بس عندى اسستفسار

 

انا حاليا مسطبه الافيرا

 

اخليه ولااحذفه واسطب الـ avg افضل

 

ايهم افضل؟