جهازي مليء بالفيروسات

  • بادئ الموضوع بادئ الموضوع روزيتا
  • تاريخ البدء تاريخ البدء
  • المشاهدات 2,764
ر

روزيتا

زيزوومي نشيط
إنضم
2 أبريل 2009
المشاركات
112
مستوى التفاعل
3
النقاط
120
الإقامة
Egypt
غير متصل
السلام عليكم ورحمة الله وبركاته

جهازي مليء بالفيروسات
وتقيل جدا في الاقلاع
وحولت اسط نسخة ويندوز جديده
لكن لا يتم اقلاع النسخه من السي دي
press any key to bot from cd
اضغط اي مفتاح لكن بلا فائده
وهذا تقرير الهاي جاك

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:11:11 م, on 29/05/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\Program

Files\ColorSoft\AntiARP\AntiARPClientLoader.exe
C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Documents and Settings\All Users\Application

Data\IBUpdaterService\ibsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\All Users\Application

Data\IBUpdaterService\ibsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Microsoft

Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\VistaDrive\VistaDrive.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir

Desktop\AVWEBGRD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Download

Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Zyzoom_Forum_Tools\zyzoom.exe
C:\Zyzoom_Forum_Tools\zyzoom.exe
C:\Zyzoom_Forum_Tools\zHijak.com

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


SearchSource=10&ctid=CT3032526
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,SearchAssistant =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Window Title = Lenovo XP 7 Style
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-

17B458C2A3A8} - C:\Program Files\Internet Download

Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-

A596-FA578C2EBDC3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for

Internet Explorer - {3049C3E9-B461-4BC5-8870-

4C09146192CA} - C:\Documents and Settings\All

Users\Application

Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserr

ecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-

90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-

4C02-4ABF-8ECC-5164760863C6} - C:\Program

Files\Common Files\Microsoft Shared\Windows

Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4

-8F7B-F1F7851A4497} - C:\Program

Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-

A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-

4C07-BC86-EABFE594F69C} - C:\Program

Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program

Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [VistaDrive]

C:\WINDOWS\VistaDrive\VistaDrive.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32

\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32

\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd]

C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\program

files\real\realplayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE]

C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet

Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE]

C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL

SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32

advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User

'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE]

C:\WINDOWS\system32\CTFMON.EXE (User

'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32

advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User

'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE]

C:\WINDOWS\system32\CTFMON.EXE (User

'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32

advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User

'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE]

C:\WINDOWS\system32\CTFMON.EXE (User 'Default

user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32

advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User

'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet

Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet

Explorer\Control Panel present
O8 - Extra context menu item: &تصدير إلى Microsoft Excel -

res://C:\PROGRA~1\MICROS~1\OFFICE11

\EXCEL.EXE/3000
O8 - Extra context menu item: Download all links with IDM

- C:\Program Files\Internet Download

Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM -

C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل باستخدام داون لود إكسبريس -

C:\Program Files\Download Express\Add_Url.htm
O9 - Extra button: Click to call with Skype - {898EA8C8-

E7FF-479B-8935-AEC46303B9E5} - C:\Program

Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype -

{898EA8C8-E7FF-479B-8935-AEC46303B9E5} -

C:\Program Files\Skype\Toolbars\Internet

Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-

B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1

\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-

82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-

BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype-ie-addon-data - {91774881-D725-

4E58-B298-07617B9B86A8} - C:\Program

Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader -

{438755C2-A8BA-11D1-B96B-00A0C90312E1} -

C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache

daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} -

C:\WINDOWS\system32\browseui.dll
O23 - Service: AntiARP Client Loader

(AntiARPClientLoader) - Unknown owner - C:\Program

Files\ColorSoft\AntiARP\AntiARPClientLoader.exe
O23 - Service: Avira FireWall (AntiVirFirewallService) -

Avira Operations GmbH & Co. KG - C:\Program

Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira Mail Protection (AntiVirMailService) -

Avira Operations GmbH & Co. KG - C:\Program

Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) -

Avira Operations GmbH & Co. KG - C:\Program

Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) -

Avira Operations GmbH & Co. KG - C:\Program

Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) -

Avira Operations GmbH & Co. KG - C:\Program

Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Updater Service (IBUpdaterService) -

Unknown owner - C:\Documents and Settings\All

Users\Application Data\IBUpdaterService\ibsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) -

Sun Microsystems, Inc. - C:\Program Files\Java\jre6

\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service

(MozillaMaintenance) - Mozilla Foundation - C:\Program

Files\Mozilla Maintenance Service\maintenanceservice.exe

--
End of file - 8638 bytes

 

ترتيب حسب التاريخ ترتيب حسب الأصوات
جزاكم الله خيرا
طيب ممكن برنامج حمايه يكون خفيف علي الجهاز
ويكون كويس
 

تأييد 0
توقيع : format
تأييد 0
السلام عليكم ورحمة الله وبركاته
عندي مشكله بعد تسطيب النورتون ولأول مره اعمل فحص كامل للجهاز
وقفلت بعدها الجهاز
لكن لما جيت اشغله الجهاز بعد ما بيقلع
بيظهر رساله قبل ما بيدخل لسطح المكتب
loading personal seting
وبيعلق الجهاز لفتره لحد ما تحمل
وبيعمل كده في كل مره افتح فيها الجهاز
 
تأييد 0
حمل الاداة من هذا الموضوع

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


واعمل تقرير هايجاك

------------------

3b3ce221851b60a78bfa55cbd704e323.jpg
 
توقيع : format
تأييد 0
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 07:00:27 م, on 25/08/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\VistaDrive\VistaDrive.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\CTFMON.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Loaris\Trojan Remover 1.2\ltr12.exe
C:\Zyzoom_Forum_Tools\zyzoom.exe
C:\Zyzoom_Forum_Tools\zHijak.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Lenovo XP 7 Style
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: تحميل باستخدام داون لود إكسبريس - C:\Program Files\Download Express\Add_Url.htm
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

--
End of file - 5478 bytes

 
تأييد 0
الجهاز بيعلق كل لما افتحه وبيقوم بمسح كل اللي موجود
my document
وبيظهر مستطيل peronal setting loading
مسحتnorton
لكن بلا جدوي
مش عارفه اعمل اه؟؟
 
تأييد 0
روزيتا قال:
الجهاز بيعلق كل لما افتحه وبيقوم بمسح كل اللي موجود
my document
وبيظهر مستطيل peronal setting loading
مسحتnorton
لكن بلا جدوي
مش عارفه اعمل اه؟؟
أنقر للتوسيع...

السلام عليكم اختي الكريمة

قومي بحذف جميع برامج الحماية عندك

قمومي بتحميل هذه الاداه من اي الرابطين في هذه الصفحة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


بعد تحميل الاداة قومي بتحديث الاداة مباشرة بالضغط على Update

بعد الانتهاء من التحديث نختار Scan Spyware ونختار All drivers

واخيرا Scan & Clean

الاداة سريعة في البحث ولن تاخذ وقتا كثيرا

بعد الانتهاء من الفحص اضغطي على View Log واحفظي التقرير وارفقيه بالمشاركة القادمة عند الانتهاء من الفحص سننتقل للخطوة الثانية ان شاء الله

e31c78d006e1d3cc1a40ee4ac778f1f4.png
7db795f4429daafa7754cbfe3c6c3d0d.jpg



 
توقيع : haitham653
تأييد 0
هذا هو التقرير

29 اغسطس 2012 20:56:42 - **********************************************************

29 اغسطس 2012 20:56:42 - MWAV - eScanAV AntiVirus Toolkit.

29 اغسطس 2012 20:56:42 - Copyright © MicroWorld Technologies

29 اغسطس 2012 20:56:42 - **********************************************************

29 اغسطس 2012 20:56:42 - Source: C:\DOCUME~1\TEMPLE~1.000\MYDOCU~1\DOWNLO~1\Programs\mwav.exe

29 اغسطس 2012 20:56:42 - Version 12.0.245 (C:\DOCUMENTS AND SETTINGS\TEMP.LENOVO_XP.000\LOCAL SETTINGS\TEMP\MEXE.COM)

29 اغسطس 2012 20:56:42 - Log File: C:\Documents and Settings\TEMP.LENOVO_XP.000\Local Settings\Temp\MWAV.LOG

29 اغسطس 2012 20:56:42 - MWAV Registered: TRUE

29 اغسطس 2012 20:56:42 - User Account: Administrator (Administrator Mode)

29 اغسطس 2012 20:56:42 - OS Type: Windows Workstation

29 اغسطس 2012 20:56:42 - OS: Windows XP [OS Install Date: 21 Sep 2011 16:52:25]

29 اغسطس 2012 20:56:42 - Ver: Service Pack 3 (Build 2600)

29 اغسطس 2012 20:56:42 - System Up Time: 2 Hours, 25 Minutes, 16 Seconds



29 اغسطس 2012 20:56:42 - Windows Root Folder: C:\WINDOWS

29 اغسطس 2012 20:56:42 - Windows Sys32 Folder: C:\WINDOWS\system32

29 اغسطس 2012 20:56:46 - DHCP NameServer: 163.121.128.134 163.121.128.135 192.168.1.1

29 اغسطس 2012 20:56:46 - Interface0 DHCPNameServer: 163.121.128.134 163.121.128.135 192.168.1.1

29 اغسطس 2012 20:56:46 - Local Fixed Drives: c:\,d:\,e:\,f:\,g:\

29 اغسطس 2012 20:56:46 - MWAV Mode: Scan and Clean files (for viruses, adware and spyware)

29 اغسطس 2012 20:56:46 - [CREATED ZIP FILE: C:\Documents and Settings\TEMP.LENOVO_XP.000\Local Settings\Temp\pinfect.zip]



29 اغسطس 2012 20:56:46 - ****** Files/Folders created/modified during last fortnight in Windows and ROOT Folder ******

29 اغسطس 2012 20:56:48 - C:\WINDOWS\capicom.dll (511328), 22-Aug-2012, Microsoft Corporation, CAPICOM Module

29 اغسطس 2012 20:56:48 - C:\WINDOWS\system32\D3DCompiler_42.dll (1974616), 15-Aug-2012, Microsoft Corporation, Microsoft® DirectX for Windows®

29 اغسطس 2012 20:56:48 - C:\WINDOWS\system32\d3dx10_42.dll (453456), 15-Aug-2012, Microsoft Corporation, Microsoft® DirectX for Windows®

29 اغسطس 2012 20:56:49 - C:\WINDOWS\system32\d3dx11_42.dll (235344), 15-Aug-2012, Microsoft Corporation, Microsoft® DirectX for Windows®

29 اغسطس 2012 20:56:49 - C:\WINDOWS\system32\D3DX9_42.dll (1892184), 15-Aug-2012, Microsoft Corporation, Microsoft® DirectX for Windows®

29 اغسطس 2012 20:56:49 - C:\WINDOWS\system32\MRT.exe (59884088), 15-Aug-2012, Microsoft Corporation, Microsoft Windows Malicious Software Removal Tool

29 اغسطس 2012 20:56:49 - C:\WINDOWS\system32\msvcp71.dll (499712), 14-Aug-2012, Microsoft Corporation, Microsoft® Visual Studio .NET

29 اغسطس 2012 20:56:49 - C:\WINDOWS\system32\msvcr71.dll (348160), 14-Aug-2012, Microsoft Corporation, Microsoft® Visual Studio .NET

29 اغسطس 2012 20:56:49 - C:\WINDOWS\system32\pncrt.dll (272896), 14-Aug-2012, Progressive Networks

29 اغسطس 2012 20:56:49 - C:\WINDOWS\system32\pndx5016.dll (6656), 14-Aug-2012, RealNetworks, Inc., RealPlayer (32-bit) 5.0 Beta 1

29 اغسطس 2012 20:56:49 - C:\WINDOWS\system32\pndx5032.dll (5632), 14-Aug-2012, RealNetworks, Inc., RealPlayer (32-bit) 5.0 Beta 1

29 اغسطس 2012 20:56:49 - C:\WINDOWS\system32\rmoc3260.dll (198864), 14-Aug-2012, RealNetworks, Inc., Real Player(tm) ActiveX Control

29 اغسطس 2012 20:56:49 - C:\WINDOWS\system32\spmsgXP_2k3.dll (16928), 22-Aug-2012, Microsoft Corporation, Microsoft® Windows® Operating System

29 اغسطس 2012 20:56:49 - C:\WINDOWS\system32\WdfCoInstaller01009.dll (1461992), 22-Aug-2012, Microsoft Corporation, Microsoft® Windows® Operating System

29 اغسطس 2012 20:56:49 - C:\WINDOWS\system32\dllcache\browser.dll (78336), 15-Aug-2012, Microsoft Corporation, Microsoft® Windows® Operating System

29 اغسطس 2012 20:56:49 - C:\WINDOWS\system32\dllcache\localspl.dll (346112), 15-Aug-2012, Microsoft Corporation, Microsoft® Windows® Operating System

29 اغسطس 2012 20:56:49 - C:\WINDOWS\system32\dllcache\netapi32.dll (339968), 15-Aug-2012, Microsoft Corporation, Microsoft® Windows® Operating System

29 اغسطس 2012 20:56:49 - C:\WINDOWS\system32\drivers\BTOWSFF.sys (27200), 20-Aug-2012, Toolwiz.com, Toolwiz File Engine

29 اغسطس 2012 20:56:49 - C:\WINDOWS\system32\drivers\BTOWSVF.sys (43584), 20-Aug-2012, Toolwiz.com, Toolwiz TimeFreeze 2012

29 اغسطس 2012 20:56:49 - C:\WINDOWS\system32\drivers\KSafeDISK.sys (48192), 20-Aug-2012, Toolwiz.com, Toolwiz BSafe 2011

29 اغسطس 2012 20:56:52 - C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\Arabic.bin (20972), 29-Aug-2012 [Added C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\Arabic.bin to ZIP FILE]

29 اغسطس 2012 20:56:52 - C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\bdc.exe (182792), 29-Aug-2012, BitDefender, BitDefender Console Scanner

29 اغسطس 2012 20:56:52 - C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\bdfltlib2k.dll (231944), 29-Aug-2012, MicroWorld Technologies Inc., eScan for Windows

29 اغسطس 2012 20:56:52 - C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\Czech.bin (24312), 29-Aug-2012 [Added C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\Czech.bin to ZIP FILE]

29 اغسطس 2012 20:56:52 - C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\Danish.bin (22783), 29-Aug-2012 [Added C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\Danish.bin to ZIP FILE]

29 اغسطس 2012 20:56:52 - C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\Dutch.bin (25747), 29-Aug-2012 [Added C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\Dutch.bin to ZIP FILE]

29 اغسطس 2012 20:56:52 - C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\encdec.dll (223528), 29-Aug-2012, MicroWorld Technologies Inc., eScan/MailScan/eConceal

29 اغسطس 2012 20:56:52 - C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\English.bin (21933), 29-Aug-2012 [Added C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\English.bin to ZIP FILE]

29 اغسطس 2012 20:56:52 - C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\erootdrv.sys (22920), 29-Aug-2012, MicroWorld Technologies Inc., eScan/MWAV

29 اغسطس 2012 20:56:52 - C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\Finnish.bin (22857), 29-Aug-2012 [Added C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\Finnish.bin to ZIP FILE]

29 اغسطس 2012 20:56:52 - C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\French.bin (27235), 29-Aug-2012 [Added C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\French.bin to ZIP FILE]

29 اغسطس 2012 20:56:52 - C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\Greek.bin (25082), 29-Aug-2012 [Added C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\Greek.bin to ZIP FILE]

29 اغسطس 2012 20:56:52 - C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\Hebrew.bin (19553), 29-Aug-2012 [Added C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\Hebrew.bin to ZIP FILE]

29 اغسطس 2012 20:56:52 - C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\Hungarian.bin (26080), 29-Aug-2012 [Added C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\Hungarian.bin to ZIP FILE]

29 اغسطس 2012 20:56:52 - C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\Japanese.bin (24297), 29-Aug-2012 [Added C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\Japanese.bin to ZIP FILE]

29 اغسطس 2012 20:56:52 - C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\Korean.bin (20135), 29-Aug-2012 [Added C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\Korean.bin to ZIP FILE]

29 اغسطس 2012 20:56:52 - C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\mexe.com (760168), 29-Aug-2012, MicroWorld Technologies Inc., MicroWorld AntiVirus Toolkit Utility (MWAV)

29 اغسطس 2012 20:56:52 - C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\msvclnt.dll (249128), 29-Aug-2012, MicroWorld Technologies Inc., MailScan

29 اغسطس 2012 20:56:52 - C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\mwavdwnl.exe (931112), 29-Aug-2012, MicroWorld Technologies Inc., eScan

29 اغسطس 2012 20:56:52 - C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\MWAVSCAN.COM (760168), 29-Aug-2012, MicroWorld Technologies Inc., MicroWorld AntiVirus Toolkit Utility (MWAV)

29 اغسطس 2012 20:56:52 - C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\Norwegian.bin (21964), 29-Aug-2012 [Added C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\Norwegian.bin to ZIP FILE]

29 اغسطس 2012 20:56:52 - C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\Polish.bin (24221), 29-Aug-2012 [Added C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\Polish.bin to ZIP FILE]

29 اغسطس 2012 20:56:52 - C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\Portuguese(Brazil).bin (25071), 29-Aug-2012 [Added C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\Portuguese(Brazil).bin to ZIP FILE]

29 اغسطس 2012 20:56:52 - C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\Portuguese.bin (26260), 29-Aug-2012 [Added C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\Portuguese.bin to ZIP FILE]

29 اغسطس 2012 20:56:52 - C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\red32.dll (11048), 29-Aug-2012, Microsoft Corporation, Microsoft® Windows® Operating System

29 اغسطس 2012 20:56:52 - C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\Reload.exe (184104), 29-Aug-2012, MicroWorld Technologies Inc., eScan for Windows

29 اغسطس 2012 20:56:52 - C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\Russian.bin (26126), 29-Aug-2012 [Added C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\Russian.bin to ZIP FILE]

29 اغسطس 2012 20:56:52 - C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\setpriv.exe (82216), 29-Aug-2012, MicroWorld Technologies Inc., eScan AntiVirus Toolkit Utility

29 اغسطس 2012 20:56:52 - C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\SimChin.bin (16408), 29-Aug-2012 [Added C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\SimChin.bin to ZIP FILE]

29 اغسطس 2012 20:56:52 - C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\Spanish.bin (27753), 29-Aug-2012 [Added C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\Spanish.bin to ZIP FILE]

29 اغسطس 2012 20:56:53 - C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\SWEDISH.bin (24082), 29-Aug-2012 [Added C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\SWEDISH.bin to ZIP FILE]

29 اغسطس 2012 20:56:53 - C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\Thai.bin (21976), 29-Aug-2012 [Added C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\Thai.bin to ZIP FILE]

29 اغسطس 2012 20:56:53 - C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\TradChin.bin (16949), 29-Aug-2012 [Added C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\TradChin.bin to ZIP FILE]

29 اغسطس 2012 20:56:53 - C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\trufos.dll (353792), 29-Aug-2012, MicroWorld Technologies Inc., eScan for Windows

29 اغسطس 2012 20:56:53 - C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\Turkish.bin (22253), 29-Aug-2012 [Added C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\Turkish.bin to ZIP FILE]

29 اغسطس 2012 20:56:53 - C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\unregx.exe (93480), 29-Aug-2012, MicroWorld Technologies Inc., MicroWorld AntiVirus Toolkit Utility

29 اغسطس 2012 20:56:53 - C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\viewtcp.exe (576296), 29-Aug-2012, MicroWorld Technologies Inc., ViewTCP

29 اغسطس 2012 20:56:53 - C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\~DF7EB5.tmp (196608), 29-Aug-2012 [Unable to Add C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\~DF7EB5.tmp to ZIP FILE! ResultCode: 512]

29 اغسطس 2012 20:56:53 - C:\Documents and Settings\All Users\Application Data\1345651013.bdinstall.bin (1904653), 22-Aug-2012

29 اغسطس 2012 20:56:53 - C:\Documents and Settings\All Users\Application Data\1345828096.bdinstall.bin (104980), 24-Aug-2012 [Added C:\Documents and Settings\All Users\Application Data\1345828096.bdinstall.bin to ZIP FILE]

29 اغسطس 2012 20:56:53 - C:\Documents and Settings\All Users\Application Data\1345828107.bdinstall.bin (49350), 24-Aug-2012 [Added C:\Documents and Settings\All Users\Application Data\1345828107.bdinstall.bin to ZIP FILE]

29 اغسطس 2012 20:56:53 - C:\Documents and Settings\All Users\Application Data\1345828134.bdinstall.bin (49349), 24-Aug-2012 [Added C:\Documents and Settings\All Users\Application Data\1345828134.bdinstall.bin to ZIP FILE]

29 اغسطس 2012 20:56:53 - C:\Documents and Settings\All Users\Application Data\1345829992.bdinstall.bin (49620), 24-Aug-2012 [Added C:\Documents and Settings\All Users\Application Data\1345829992.bdinstall.bin to ZIP FILE]

29 اغسطس 2012 20:56:53 - C:\Documents and Settings\All Users\Application Data\1345834827.bdinstall.bin (49619), 24-Aug-2012 [Added C:\Documents and Settings\All Users\Application Data\1345834827.bdinstall.bin to ZIP FILE]

29 اغسطس 2012 20:56:53 - C:\Documents and Settings\All Users\Application Data\1345892131.bdinstall.bin (194105), 25-Aug-2012 [Added C:\Documents and Settings\All Users\Application Data\1345892131.bdinstall.bin to ZIP FILE]



29 اغسطس 2012 20:56:53 - C:\WINDOWS\$hf_mig$, 21-Sep-2011 [H] [Folder]

29 اغسطس 2012 20:56:53 - C:\WINDOWS\$NtUninstallWdf01009$, 22-Aug-2012 [H] [Folder]

29 اغسطس 2012 20:56:53 - C:\WINDOWS\Fonts, 21-Sep-2011 [SR] [Folder]

29 اغسطس 2012 20:56:53 - C:\WINDOWS\inf, 21-Sep-2011 [H] [Folder]

29 اغسطس 2012 20:56:53 - C:\WINDOWS\Logs, 15-Aug-2012 [Folder]

29 اغسطس 2012 20:56:53 - C:\WINDOWS\Offline Web Pages, 21-Sep-2011 [Folder]

29 اغسطس 2012 20:56:53 - C:\WINDOWS\PIF, 01-Jul-2012 [H] [Folder]

29 اغسطس 2012 20:56:53 - C:\WINDOWS\system32\GroupPolicy, 12-Oct-2011 [H] [Folder]

29 اغسطس 2012 20:56:53 - C:\WINDOWS\system32\Microsoft, 21-Sep-2011 [Folder]

29 اغسطس 2012 20:56:53 - C:\WINDOWS\system32\windowspowershell, 26-Aug-2012 [Folder]

29 اغسطس 2012 20:56:53 - C:\Autorun.inf, 26-Aug-2012 [HSR] [Folder]

29 اغسطس 2012 20:56:53 - C:\Program autodesk, 15-Aug-2012 [Folder]

29 اغسطس 2012 20:56:53 - C:\UsbFix, 26-Aug-2012 [Folder]

29 اغسطس 2012 20:56:53 - C:\vip600, 27-Aug-2012 [Folder]

29 اغسطس 2012 20:56:53 - C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\msohtml, 29-Aug-2012 [Folder]

29 اغسطس 2012 20:56:53 - C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\msohtml1, 29-Aug-2012 [Folder]

29 اغسطس 2012 20:56:53 - C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\plugins, 29-Aug-2012 [Folder]

29 اغسطس 2012 20:56:53 - C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\plugtmp, 29-Aug-2012 [Folder]

29 اغسطس 2012 20:56:53 - C:\DOCUME~1\TEMPLE~1.000\LOCALS~1\Temp\WPDNSE, 29-Aug-2012 [Folder]

29 اغسطس 2012 20:56:53 - C:\Documents and Settings\TEMP.LENOVO_XP.000\Application Data\Adobe, 29-Aug-2012 [Folder]

29 اغسطس 2012 20:56:53 - C:\Documents and Settings\TEMP.LENOVO_XP.000\Application Data\DMCache, 29-Aug-2012 [Folder]

29 اغسطس 2012 20:56:53 - C:\Documents and Settings\TEMP.LENOVO_XP.000\Application Data\Identities, 29-Aug-2012 [Folder]

29 اغسطس 2012 20:56:53 - C:\Documents and Settings\TEMP.LENOVO_XP.000\Application Data\IDM, 29-Aug-2012 [Folder]

29 اغسطس 2012 20:56:53 - C:\Documents and Settings\TEMP.LENOVO_XP.000\Application Data\Macromedia, 29-Aug-2012 [Folder]

29 اغسطس 2012 20:56:53 - C:\Documents and Settings\TEMP.LENOVO_XP.000\Application Data\Microsoft, 29-Aug-2012 [Folder]

29 اغسطس 2012 20:56:53 - C:\Documents and Settings\TEMP.LENOVO_XP.000\Application Data\Mozilla, 29-Aug-2012 [Folder]

29 اغسطس 2012 20:56:53 - C:\Documents and Settings\TEMP.LENOVO_XP.000\Application Data\Real, 29-Aug-2012 [Folder]

29 اغسطس 2012 20:56:53 - C:\Documents and Settings\TEMP.LENOVO_XP.000\Application Data\Yahoo!, 29-Aug-2012 [Folder]

29 اغسطس 2012 20:56:53 - C:\Documents and Settings\TEMP.LENOVO_XP.000\Application Data\..\Application Data, 29-Aug-2012
[Folder]

29 اغسطس 2012 20:56:53 - C:\Documents and Settings\TEMP.LENOVO_XP.000\Application Data\..\Desktop, 29-Aug-2012 [Folder]

29 اغسطس 2012 20:56:53 - C:\Documents and Settings\TEMP.LENOVO_XP.000\Application Data\..\IETldCache, 29-Aug-2012 [HS] [Folder]

29 اغسطس 2012 20:56:53 - C:\Documents and Settings\TEMP.LENOVO_XP.000\Application Data\..\Local Settings, 29-Aug-2012 [H] [Folder]

29 اغسطس 2012 20:56:53 - C:\Documents and Settings\TEMP.LENOVO_XP.000\Application Data\..\My Documents, 29-Aug-2012 [Folder]

29 اغسطس 2012 20:56:53 - C:\Documents and Settings\TEMP.LENOVO_XP.000\Application Data\..\NetHood, 29-Aug-2012 [H] [Folder]

29 اغسطس 2012 20:56:53 - C:\Documents and Settings\TEMP.LENOVO_XP.000\Application Data\..\Recent, 29-Aug-2012
[Folder]

29 اغسطس 2012 20:56:53 - C:\Documents and Settings\TEMP.LENOVO_XP.000\Application Data\..\SendTo, 29-Aug-2012
[Folder]

29 اغسطس 2012 20:56:53 - C:\Documents and Settings\TEMP.LENOVO_XP.000\Application Data\..\Start Menu, 29-Aug-2012 [Folder]

29 اغسطس 2012 20:56:53 - C:\Documents and Settings\TEMP.LENOVO_XP.000\Application Data\..\Templates, 29-Aug-2012 [H] [Folder]

29 اغسطس 2012 20:56:53 - C:\Documents and Settings\All Users\Application Data\Autodesk, 15-Aug-2012 [Folder]

29 اغسطس 2012 20:56:53 - C:\Documents and Settings\All Users\Application Data\BDLogging, 22-Aug-2012 [Folder]

29 اغسطس 2012 20:56:53 - C:\Documents and Settings\All Users\Application Data\FLEXnet, 15-Aug-2012 [Folder]

29 اغسطس 2012 20:56:53 - C:\Documents and Settings\All Users\Application Data\Microsoft, 21-Sep-2011 [Folder]

29 اغسطس 2012 20:56:53 - C:\Documents and Settings\All Users\Application Data\MicroWorld, 29-Aug-2012 [Folder]

29 اغسطس 2012 20:56:53 - C:\Documents and Settings\All Users\Application Data\open-config, 26-Aug-2012 [Folder]

29 اغسطس 2012 20:56:53 - C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro, 26-Aug-2012 [Folder]

29 اغسطس 2012 20:56:53 - C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}, 18-Aug-2012 [Folder]

29 اغسطس 2012 20:56:53 - C:\Documents and Settings\All Users\Application Data\..\Application Data, 21-Sep-2011
[Folder]

29 اغسطس 2012 20:56:53 - C:\Documents and Settings\All Users\Application Data\..\DRM, 21-Sep-2011 [HS] [Folder]

29 اغسطس 2012 20:56:53 - C:\Documents and Settings\All Users\Application Data\..\Templates, 21-Sep-2011 [H] [Folder]

29 اغسطس 2012 20:56:53 - C:\Program Files\Autodesk, 15-Aug-2012 [Folder]

29 اغسطس 2012 20:56:53 - C:\Program Files\Bitdefender, 22-Aug-2012 [Folder]

29 اغسطس 2012 20:56:53 - C:\Program Files\Loaris, 25-Aug-2012 [Folder]

29 اغسطس 2012 20:56:53 - C:\Program Files\PC Optimizer Pro, 26-Aug-2012 [Folder]

29 اغسطس 2012 20:56:53 - C:\Program Files\StartupSlowFix, 26-Aug-2012 [Folder]

29 اغسطس 2012 20:56:53 - C:\Program Files\ToolwizCareFree, 18-Aug-2012 [Folder]

29 اغسطس 2012 20:56:53 - C:\Program Files\WindowsUpdate, 21-Sep-2011 [H] [Folder]

29 اغسطس 2012 20:56:53 - C:\Program Files\Common Files\Autodesk Shared, 15-Aug-2012 [Folder]

29 اغسطس 2012 20:56:53 - C:\Program Files\Common Files\Bitdefender, 22-Aug-2012 [Folder]

29 اغسطس 2012 20:56:53 - C:\Program Files\Common Files\Macrovision Shared, 15-Aug-2012 [Folder]

29 اغسطس 2012 20:56:53 - C:\Program Files\Common Files\xing shared, 14-Aug-2012 [Folder]



29 اغسطس 2012 20:56:53 - *********************************************************************************************



29 اغسطس 2012 20:56:53 - Latest Date of files inside MWAV: Mon Jun 18 13:59:57 2012.

29 اغسطس 2012 20:56:53 - Plugins FileCount: 916 Sign Version: 7.42646

29 اغسطس 2012 20:56:56 - ** Create Value of "1001" in "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" : DWORD:1

29 اغسطس 2012 20:56:56 - ** Create Value of "1004" in "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" : DWORD:3

29 اغسطس 2012 20:56:56 - ** Create Value of "1001" in "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" : DWORD:1

29 اغسطس 2012 20:56:56 - ** Create Value of "1004" in "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" : DWORD:3

29 اغسطس 2012 20:56:56 - ** Changed Value of "HomePage" in "HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel" from DWORD:1 to DWORD:0

29 اغسطس 2012 20:56:56 - ** Changed Value of "HomePage" in "HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel" from DWORD:1 to DWORD:0

29 اغسطس 2012 20:56:56 - ** Changed Value of "HKEY_CLASSES_ROOT\.htm" from "FirefoxHTML" to "htmlfile"

29 اغسطس 2012 20:56:56 - ** Changed Value of "HKEY_CLASSES_ROOT\.html" from "FirefoxHTML" to "htmlfile"

29 اغسطس 2012 20:57:01 - Loading/Creating FileScan Database C:\Documents and Settings\All Users\Application Data\MicroWorld\MWAV\ESCANDBX.MDB [Log: C:\Documents and Settings\TEMP.LENOVO_XP.000\Local Settings\Temp\ESCANDB.LOG]

29 اغسطس 2012 20:57:04 - Loaded/Created FileScan Database...

29 اغسطس 2012 20:57:04 - Loading AV Library [DB]...

29 اغسطس 2012 20:59:16 - ArchiveScan: DISABLED

29 اغسطس 2012 20:59:22 - AV Library Loaded [DB-DIRECT].

29 اغسطس 2012 20:59:22 - MWAV doing self scanning...

29 اغسطس 2012 20:59:22 - MWAV files are clean.
29 اغسطس 2012 20:59:31 - ArchiveScan: DISABLED
29 اغسطس 2012 20:59:31 - Virus Database Date: 18 Jun 2012
29 اغسطس 2012 20:59:31 - Virus Database Count: 7305297
29 اغسطس 2012 20:59:41 - Downloading AntiVirus and Anti-Spyware Databases...
29 اغسطس 2012 21:01:39 - Downloads Aborted!
29 اغسطس 2012 21:01:46 - Downloading AntiVirus and Anti-Spyware Databases...
29 اغسطس 2012 21:02:08 - Downloads Aborted!

29 اغسطس 2012 21:02:12 - **********************************************************
29 اغسطس 2012 21:02:12 - MWAV - eScanAV AntiVirus Toolkit.
29 اغسطس 2012 21:02:12 - Copyright © MicroWorld Technologies
29 اغسطس 2012 21:02:12 -
29 اغسطس 2012 21:02:12 - Support: support@escanav.com
29 اغسطس 2012 21:02:12 - Web:
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

29 اغسطس 2012 21:02:12 - **********************************************************
29 اغسطس 2012 21:02:12 - Version 12.0.245[DB] (C:\DOCUMENTS AND SETTINGS\TEMP.LENOVO_XP.000\LOCAL SETTINGS\TEMP\MEXE.COM)
29 اغسطس 2012 21:02:12 - Log File: C:\Documents and Settings\TEMP.LENOVO_XP.000\Local Settings\Temp\MWAV.LOG
29 اغسطس 2012 21:02:12 - User Account: Administrator (Administrator Mode)
29 اغسطس 2012 21:02:12 - Windows Root Folder: C:\WINDOWS
29 اغسطس 2012 21:02:12 - Windows Sys32 Folder: C:\WINDOWS\system32
29 اغسطس 2012 21:02:12 - OS: Windows XP [OS Install Date: 21 Sep 2011 16:52:25]
29 اغسطس 2012 21:02:12 - Ver: Service Pack 3 (Build 2600)
29 اغسطس 2012 21:02:12 - Latest Date of files inside MWAV: Mon Jun 18 13:59:57 2012.
29 اغسطس 2012 21:02:12 - Plugins FileCount: 916 Sign Version: 7.42646

29 اغسطس 2012 21:02:12 - Options Selected by User:
29 اغسطس 2012 21:02:12 - Memory Check: Enabled
29 اغسطس 2012 21:02:12 - Registry Check: Enabled
29 اغسطس 2012 21:02:12 - StartUp Folder Check: Enabled
29 اغسطس 2012 21:02:12 - System Folder Check: Enabled
29 اغسطس 2012 21:02:12 - Services Check: Enabled
29 اغسطس 2012 21:02:12 - Scan Spyware: Disabled
29 اغسطس 2012 21:02:12 - Scan Archives: Disabled
29 اغسطس 2012 21:02:12 - Drive Check Option Disabled
29 اغسطس 2012 21:02:12 - Folder Check: Disabled
29 اغسطس 2012 21:02:12 - SCAN: All_Files
29 اغسطس 2012 21:02:12 - MWAV Mode: Scan and Clean files (for viruses, adware and spyware)

29 اغسطس 2012 21:02:12 - Scanning DNS Records...
29 اغسطس 2012 21:02:13 - Scanning Master Boot Record (Kernel)...

29 اغسطس 2012 21:02:15 - ***** Scanning Memory Files *****
29 اغسطس 2012 21:02:29 - Please Wait Exiting Application...

29 اغسطس 2012 21:02:31 - ***** Scanning complete. *****

29 اغسطس 2012 21:02:31 - Total Objects Scanned: 40
29 اغسطس 2012 21:02:31 - Total Critical Objects: 0
29 اغسطس 2012 21:02:31 - Total Disinfected Objects: 0
29 اغسطس 2012 21:02:31 - Total Objects Renamed: 0
29 اغسطس 2012 21:02:31 - Total Deleted Objects: 0
29 اغسطس 2012 21:02:31 - Total Errors: 0
29 اغسطس 2012 21:02:31 - Time Elapsed: 00:00:17
29 اغسطس 2012 21:02:31 - Virus Database Date: 18 Jun 2012
29 اغسطس 2012 21:02:31 - Virus Database Count: 7305297

29 اغسطس 2012 21:02:31 - Scan Completed.

29 اغسطس 2012 21:02:38 - Virus Database Date: 18 Jun 2012
29 اغسطس 2012 21:02:38 - Virus Database Count: 7305297
29 اغسطس 2012 21:02:40 - Downloading AntiVirus and Anti-Spyware Databases...
29 اغسطس 2012 21:58:34 - Update Not Successful!
29 اغسطس 2012 22:15:08 - Downloading AntiVirus and Anti-Spyware Databases...
29 اغسطس 2012 23:13:40 - Update Successful...
29 اغسطس 2012 23:15:55 - Indexed Spyware Databases Successfully Created...
29 اغسطس 2012 23:16:00 - Old Sign Version: 7.42646 New Sign Version: 7.43262
29 اغسطس 2012 23:21:21 - Reload of AntiVirus Signatures successfully done.
29 اغسطس 2012 23:21:21 - Virus Database Date: 29 Aug 2012
29 اغسطس 2012 23:21:21 - Virus Database Count: 7545972

29 اغسطس 2012 23:21:50 - Options Selected by User:
29 اغسطس 2012 23:21:50 - Memory Check: Enabled
29 اغسطس 2012 23:21:50 - Registry Check: Enabled
29 اغسطس 2012 23:21:50 - StartUp Folder Check: Enabled
29 اغسطس 2012 23:21:50 - System Folder Check: Enabled
29 اغسطس 2012 23:21:50 - Services Check: Enabled
29 اغسطس 2012 23:21:50 - Scan Spyware: Disabled
29 اغسطس 2012 23:21:50 - Scan Archives: Disabled
29 اغسطس 2012 23:21:50 - Drive Check Option Disabled
29 اغسطس 2012 23:21:50 - Folder Check: Disabled
29 اغسطس 2012 23:21:50 - SCAN: All_Files
29 اغسطس 2012 23:21:50 - MWAV Mode: Scan and Clean files (for viruses, adware and spyware)

29 اغسطس 2012 23:21:50 - Scanning Master Boot Record (Kernel)...

29 اغسطس 2012 23:21:52 - ***** Scanning Memory Files *****
29 اغسطس 2012 23:22:01 - ScanFile (C:\WINDOWS\system32\USERENV.dll) took 5078 ms
29 اغسطس 2012 23:23:40 - Scanning File C:\WINDOWS\svchost.exe
29 اغسطس 2012 23:23:41 - Process C:\WINDOWS\svchost.exe found running in Memory...
29 اغسطس 2012 23:23:41 - *** Terminating Infected Process C:\WINDOWS\svchost.exe...
29 اغسطس 2012 23:23:43 - *** Termination Successful.
29 اغسطس 2012 23:23:44 - File C:\WINDOWS\svchost.exe infected by "Rootkit.52167 (DB)" Virus! Action Taken: File Deleted.


29 اغسطس 2012 23:24:58 - ***** Scanning Registry Files *****

29 اغسطس 2012 23:26:02 - ***** Scanning StartUp Folders *****

29 اغسطس 2012 23:26:02 - ***** Scanning Service Files *****
29 اغسطس 2012 23:26:18 - ERROR(2)!!! Invalid Entry "C:\WINDOWS\svchost.exe". Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\system32.
29 اغسطس 2012 23:26:22 - ERROR(2)!!! Invalid Entry system32\DRIVERS\xAntiArp.sys. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\xAntiArp.
29 اغسطس 2012 23:26:22 - ** Non-Standard ProtocolDefault Zone defined in [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults/about] with value of [4].
29 اغسطس 2012 23:26:22 - Clearing Temporary sub-folders as Spyware/Adware found in system...
29 اغسطس 2012 23:26:30 - Few files will be deleted *ONLY* on reboot...
29 اغسطس 2012 23:26:30 - ** Value in HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

29 اغسطس 2012 23:26:30 - ** Value in HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

29 اغسطس 2012 23:26:30 - ** Value in HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\main/Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


29 اغسطس 2012 23:26:30 - ***** Scanning System32 Folders *****


29 اغسطس 2012 23:33:35 - ***** Checking for specific ITW Viruses *****
29 اغسطس 2012 23:33:35 - [Morto] Setting value of HKLM\SYSTEM\CurrentControlSet\Control\Windows/NoPopUpsOnBoot to [0]
29 اغسطس 2012 23:33:35 - Object "MortoWorm" found in File System! Action Taken: Entries Removed.


29 اغسطس 2012 23:33:35 - ***** Scanning complete. *****

29 اغسطس 2012 23:33:35 - Memory/System Found Infected!!! Rescanning all objects to ensure that system is clean...

29 اغسطس 2012 23:33:35 - Options Selected by User:
29 اغسطس 2012 23:33:35 - Memory Check: Enabled
29 اغسطس 2012 23:33:35 - Registry Check: Enabled
29 اغسطس 2012 23:33:35 - StartUp Folder Check: Enabled
29 اغسطس 2012 23:33:35 - System Folder Check: Enabled
29 اغسطس 2012 23:33:35 - Services Check: Enabled
29 اغسطس 2012 23:33:35 - Scan Spyware: Disabled
29 اغسطس 2012 23:33:35 - Scan Archives: Disabled
29 اغسطس 2012 23:33:35 - Drive Check Option Disabled
29 اغسطس 2012 23:33:35 - Folder Check: Disabled
29 اغسطس 2012 23:33:35 - SCAN: All_Files
29 اغسطس 2012 23:33:35 - MWAV Mode: Scan and Clean files (for viruses, adware and spyware)

29 اغسطس 2012 23:33:36 - Scanning Master Boot Record (Kernel)...

29 اغسطس 2012 23:33:37 - ***** Scanning Memory Files *****

29 اغسطس 2012 23:35:41 - ***** Scanning Registry Files *****

29 اغسطس 2012 23:36:16 - ***** Scanning StartUp Folders *****

29 اغسطس 2012 23:36:16 - ***** Scanning Service Files *****
29 اغسطس 2012 23:36:38 - ** Non-Standard ProtocolDefault Zone defined in [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults/about] with value of [4].
29 اغسطس 2012 23:36:38 - Clearing Temporary sub-folders as Spyware/Adware found in system...
29 اغسطس 2012 23:36:41 - Few files will be deleted *ONLY* on reboot...
29 اغسطس 2012 23:36:41 - ** Value in HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

29 اغسطس 2012 23:36:41 - ** Value in HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

29 اغسطس 2012 23:36:41 - ** Value in HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\main/Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


29 اغسطس 2012 23:36:41 - ***** Scanning System32 Folders *****

29 اغسطس 2012 23:44:16 - Memory Infected by virus. User requested to scan all local drives

29 اغسطس 2012 23:44:16 - ***** Scanning All Drives *****
29 اغسطس 2012 23:44:17 - ***** C:,D:,E:,F:,G: *****
29 اغسطس 2012 23:44:17 - Scanning C:\ Drive
29 اغسطس 2012 23:46:42 - ScanFile (C:\Documents and Settings\Administrator\Local Settings\Application Data\ToolwizCareFree\UninstallToolwizCare.exe) took 6719 ms
29 اغسطس 2012 23:47:43 - Scanning File C:\Documents and Settings\Administrator\My Documents\Downloads\Compressed\My Pictures\Readme-??.htm
29 اغسطس 2012 23:47:43 - ERROR(3)!!! ScanFile fails for C:\Documents and Settings\Administrator\My Documents\Downloads\Compressed\My Pictures\Readme-??.htm
29 اغسطس 2012 23:48:53 - Scanning File C:\Documents and Settings\Administrator\My Documents\Downloads\Programs\TFC.exe
29 اغسطس 2012 23:48:53 - File C:\Documents and Settings\Administrator\My Documents\Downloads\Programs\TFC.exe infected by "TROJ_GEN.USJ08MO (ES)" Virus! Action Taken: File Renamed.

29 اغسطس 2012 23:52:17 - Scanning File C:\Documents and Settings\TEMP.LENOVO_XP\My Documents\Downloads\VLCMediaPlayerSetup.exe
29 اغسطس 2012 23:52:17 - File C:\Documents and Settings\TEMP.LENOVO_XP\My Documents\Downloads\VLCMediaPlayerSetup.exe infected by "Win32/Somoto.A (ES)" Virus! Action Taken: File Renamed.

29 اغسطس 2012 23:54:51 - ScanFile (C:\Documents and Settings\TEMP.LENOVO_XP.000\My Documents\Downloads\Programs\mwav.exe) took 5219 ms
30 اغسطس 2012 00:05:11 - ScanFile (C:\Program autodesk\AutoCAD 2012 - English\Help\scripts\ACR\search-entries0.js) took 5469 ms
30 اغسطس 2012 00:08:37 - C:\Program autodesk\AutoCAD 2012 - English\pdfnet.res not Scanned. Possibly password protected...
30 اغسطس 2012 00:26:41 - C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\DATA\master.mdf not Scanned. Possibly password protected...
30 اغسطس 2012 00:26:41 - C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\DATA\mastlog.ldf not Scanned. Possibly password protected...
30 اغسطس 2012 00:26:41 - C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\DATA\model.mdf not Scanned. Possibly password protected...
30 اغسطس 2012 00:26:41 - C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\DATA\modellog.ldf not Scanned. Possibly password protected...
30 اغسطس 2012 00:26:41 - C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\DATA\MSDBData.mdf not Scanned. Possibly password protected...
30 اغسطس 2012 00:26:41 - C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\DATA\MSDBLog.ldf not Scanned. Possibly password protected...
30 اغسطس 2012 00:26:41 - C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\DATA\tempdb.mdf not Scanned. Possibly password protected...
30 اغسطس 2012 00:26:41 - C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\DATA\templog.ldf not Scanned. Possibly password protected...
30 اغسطس 2012 00:30:57 - Scanning File C:\System Volume Information\_restore{DFF78D78-8083-4798-9F8C-6CD121271C2C}\RP10\A0000931.exe
30 اغسطس 2012 00:30:58 - File C:\System Volume Information\_restore{DFF78D78-8083-4798-9F8C-6CD121271C2C}\RP10\A0000931.exe infected by "Rootkit.52167 (DB)" Virus! Action Taken: File Deleted.

30 اغسطس 2012 00:30:59 - Scanning File C:\System Volume Information\_restore{DFF78D78-8083-4798-9F8C-6CD121271C2C}\RP10\A0000932.exe
30 اغسطس 2012 00:30:59 - File C:\System Volume Information\_restore{DFF78D78-8083-4798-9F8C-6CD121271C2C}\RP10\A0000932.exe infected by "TROJ_GEN.USJ08MO (ES)" Virus! Action Taken: File Renamed.

30 اغسطس 2012 00:54:56 - ScanFile (C:\WINDOWS\Installer\101c283.msp) took 6968 ms
30 اغسطس 2012 00:56:55 - ScanFile (C:\WINDOWS\Installer\3c99c7.msp) took 5297 ms
30 اغسطس 2012 01:08:39 - C:\WINDOWS\system32\CatRoot2\tmp.edb not Scanned. Possibly password protected...
30 اغسطس 2012 01:08:47 - C:\WINDOWS\system32\config\default not Scanned. Possibly password protected...
30 اغسطس 2012 01:08:47 - C:\WINDOWS\system32\config\SAM not Scanned. Possibly password protected...
30 اغسطس 2012 01:08:47 - C:\WINDOWS\system32\config\SECURITY not Scanned. Possibly password protected...
30 اغسطس 2012 01:08:47 - C:\WINDOWS\system32\config\software not Scanned. Possibly password protected...
30 اغسطس 2012 01:08:48 - C:\WINDOWS\system32\config\system not Scanned. Possibly password protected...
30 اغسطس 2012 01:17:26 - ScanFile (C:\WinSetupFromUSB\files\qemu\qemu-system-x86_64.exe) took 11843 ms
30 اغسطس 2012 01:17:37 - Scanning File C:\Zyzoom_Forum_Tools\TFC.exe
30 اغسطس 2012 01:17:37 - File C:\Zyzoom_Forum_Tools\TFC.exe infected by "TROJ_GEN.USJ08MO (ES)" Virus! Action Taken: File Renamed.

30 اغسطس 2012 01:17:41 - Scanning D:\ Drive
30 اغسطس 2012 01:19:52 - Scanning File D:\fromdex_top\6\Music\?أنشودة لبيك لا شريك لك- منشد عصام فتحي? - YouTube.flv
30 اغسطس 2012 01:19:52 - ERROR(3)!!! ScanFile fails for D:\fromdex_top\6\Music\?أنشودة لبيك لا شريك لك- منشد عصام فتحي? - YouTube.flv
30 اغسطس 2012 01:19:55 - Scanning File D:\fromdex_top\6\Video\?نشيد لبيك اللهم? - YouTube.flv
30 اغسطس 2012 01:19:55 - ERROR(3)!!! ScanFile fails for D:\fromdex_top\6\Video\?نشيد لبيك اللهم? - YouTube.flv
30 اغسطس 2012 01:22:19 - ScanFile (D:\fromdex_top\mikroC PRO for PIC\mikroProg Suite installer\mikroProg_Suite_For_PIC_v102_setup.exe) took 5250 ms
30 اغسطس 2012 01:25:43 - Scanning File D:\islamic\?أشتقت اليك...أنشوده منتهى الروعه للمنشد أحمد سعيد? - YouTube
30 اغسطس 2012 01:25:43 - ERROR(3)!!! ScanFile fails for D:\islamic\?أشتقت اليك...أنشوده منتهى الروعه للمنشد أحمد سعيد? - YouTube
30 اغسطس 2012 01:35:04 - Scanning E:\ Drive
30 اغسطس 2012 01:35:39 - Scanning File E:\Loaris Trojan Remover v1.2.5.3 FULL\Loaris Trojan Remover v1.2.5.3 FULL\Loaris Trojan Remover Patch.exe
30 اغسطس 2012 01:35:41 - File E:\Loaris Trojan Remover v1.2.5.3 FULL\Loaris Trojan Remover v1.2.5.3 FULL\Loaris Trojan Remover Patch.exe infected by "Trojan.Generic.7646869 (DB)" Virus! Action Taken: File Renamed.

30 اغسطس 2012 01:35:53 - Scanning File E:\System Volume Information\_restore{DFF78D78-8083-4798-9F8C-6CD121271C2C}\RP10\A0000934.exe
30 اغسطس 2012 01:35:54 - File E:\System Volume Information\_restore{DFF78D78-8083-4798-9F8C-6CD121271C2C}\RP10\A0000934.exe infected by "Trojan.Generic.7646869 (DB)" Virus! Action Taken: File Renamed.

30 اغسطس 2012 01:36:18 - Scanning File E:\Video\?اعلان دايم كل واتمزج واغنيه زنجا زنجا?‎ - YouTube.flv
30 اغسطس 2012 01:36:18 - ERROR(3)!!! ScanFile fails for E:\Video\?اعلان دايم كل واتمزج واغنيه زنجا زنجا?‎ - YouTube.flv
30 اغسطس 2012 01:36:18 - Scanning File E:\Video\?يا ما كان ..جديد مشارى راشد2011? - YouTube.flv
30 اغسطس 2012 01:36:18 - ERROR(3)!!! ScanFile fails for E:\Video\?يا ما كان ..جديد مشارى راشد2011? - YouTube.flv
30 اغسطس 2012 01:36:32 - Scanning File E:\مصر\YouTube - ?أحمد السقا - زي ما هي حبها - مافيا?‎.flv
30 اغسطس 2012 01:36:32 - ERROR(3)!!! ScanFile fails for E:\مصر\YouTube - ?أحمد السقا - زي ما هي حبها - مافيا?‎.flv
30 اغسطس 2012 01:36:32 - Scanning File E:\مصر\YouTube - ?ابنك يقولك يا بطل- عبد الحليم حافظ Egypt October 1973(yum Kabbor)?‎.flv
30 اغسطس 2012 01:36:32 - ERROR(3)!!! ScanFile fails for E:\مصر\YouTube - ?ابنك يقولك يا بطل- عبد الحليم حافظ Egypt October 1973(yum Kabbor)?‎.flv
30 اغسطس 2012 01:36:32 - Scanning File E:\مصر\YouTube - ?احلف بسماها و بترابها?‎.flv
30 اغسطس 2012 01:36:32 - ERROR(3)!!! ScanFile fails for E:\مصر\YouTube - ?احلف بسماها و بترابها?‎.flv
30 اغسطس 2012 01:36:32 - Scanning File E:\مصر\YouTube - ?تحذير لكل مصري خارج مصر - لا تسمع و لا تشاهد هذه الأغنية?‎.flv
30 اغسطس 2012 01:36:32 - ERROR(3)!!! ScanFile fails for E:\مصر\YouTube - ?تحذير لكل مصري خارج مصر - لا تسمع و لا تشاهد هذه الأغنية?‎.flv
30 اغسطس 2012 01:36:32 - Scanning File E:\مصر\YouTube - ?عبد الحليم - احنا الشعب -دمشق 1960?‎.flv
30 اغسطس 2012 01:36:32 - ERROR(3)!!! ScanFile fails for E:\مصر\YouTube - ?عبد الحليم - احنا الشعب -دمشق 1960?‎.flv
30 اغسطس 2012 01:36:33 - Scanning File E:\مصر\?أغنية- أسيبك لمين - محمد عباس? - YouTube.flv
30 اغسطس 2012 01:36:33 - ERROR(3)!!! ScanFile fails for E:\مصر\?أغنية- أسيبك لمين - محمد عباس? - YouTube.flv
30 اغسطس 2012 01:36:33 - Scanning File E:\مصر\?اغانى فيلم امريكا شيكا بيكا يعنى ايه كلمة وطن? - YouTube.flv
30 اغسطس 2012 01:36:33 - ERROR(3)!!! ScanFile fails for E:\مصر\?اغانى فيلم امريكا شيكا بيكا يعنى ايه كلمة وطن? - YouTube.flv
30 اغسطس 2012 01:36:33 - Scanning File E:\مصر\?كليب مصر بلادى انتاج قناة الناس? - YouTube.flv
30 اغسطس 2012 01:36:33 - ERROR(3)!!! ScanFile fails for E:\مصر\?كليب مصر بلادى انتاج قناة الناس? - YouTube.flv
30 اغسطس 2012 01:36:33 - Scanning File E:\مصر\?محمد ثروت فى حب مصر _قصة حياة الشهيد ابراهيم الرفاعى .wmv? - YouTube.flv
30 اغسطس 2012 01:36:33 - ERROR(3)!!! ScanFile fails for E:\مصر\?محمد ثروت فى حب مصر _قصة حياة الشهيد ابراهيم الرفاعى .wmv? - YouTube.flv
30 اغسطس 2012 01:36:33 - Scanning File E:\مصر\?واحد وطننا - محمد عباس? - YouTube.flv
30 اغسطس 2012 01:36:33 - ERROR(3)!!! ScanFile fails for E:\مصر\?واحد وطننا - محمد عباس? - YouTube.flv
30 اغسطس 2012 01:36:33 - Scanning File E:\?قناة الناس أناشيد العيد ابني سألني أبو عمار? - YouTube.flv
30 اغسطس 2012 01:36:33 - ERROR(3)!!! ScanFile fails for E:\?قناة الناس أناشيد العيد ابني سألني أبو عمار? - YouTube.flv
30 اغسطس 2012 01:36:33 - Scanning File E:\?كليب فرحة العيد من قناة الناس? - YouTube.flv
30 اغسطس 2012 01:36:33 - ERROR(3)!!! ScanFile fails for E:\?كليب فرحة العيد من قناة الناس? - YouTube.flv
30 اغسطس 2012 01:36:33 - Scanning File E:\?نشيد شيطاني رجع من تاني للمنشد احمد سعيد? - YouTube.flv
30 اغسطس 2012 01:36:33 - ERROR(3)!!! ScanFile fails for E:\?نشيد شيطاني رجع من تاني للمنشد احمد سعيد? - YouTube.flv
30 اغسطس 2012 01:36:33 - Scanning F:\ Drive
30 اغسطس 2012 01:41:25 - Scanning G:\ Drive
30 اغسطس 2012 01:42:19 - ScanFile (G:\autocad\autocad\AutoCAD 2012 English 32bit\AutoCAD 2012 English 32bit\3rdParty\x86\NET\2\NetFx20.exe) took 16593 ms
30 اغسطس 2012 01:49:51 - G:\autocad\autocad\AutoCAD 2012 English 32bit\AutoCAD 2012 English 32bit\x86\acad\Program Files\Root\pdfnet.res not Scanned. Possibly password protected...
30 اغسطس 2012 01:53:07 - G:\autocad\autocad\AutoCAD 2012 English 32bit\AutoCAD 2012 English 32bit\x86\en-US\Components\adr2012\program files\Autodesk\Autodesk Design Review 2012\EComposite\pdfnet.res not Scanned. Possibly password protected...
30 اغسطس 2012 02:00:16 - Scanning File G:\micro\micro programs\7.8_SP2\?????????.txt
30 اغسطس 2012 02:00:16 - ERROR(3)!!! ScanFile fails for G:\micro\micro programs\7.8_SP2\?????????.txt
30 اغسطس 2012 02:00:23 - ScanFile (G:\micro\micro programs\mikroc_pro_pic_2011_v520\mikroC_PRO_PIC_2011_Build.5.40.exe) took 6594 ms
30 اغسطس 2012 02:18:33 - Scanning File G:\ألمشروع\project very important\project very important\algorithms2\code\????.url
30 اغسطس 2012 02:18:33 - ERROR(3)!!! ScanFile fails for G:\ألمشروع\project very important\project very important\algorithms2\code\????.url
30 اغسطس 2012 02:18:54 - Scanning File G:\احمد غياض\Autodesk 2010 Products Keygen\Keygen\x86.exe
30 اغسطس 2012 02:18:55 - File G:\احمد غياض\Autodesk 2010 Products Keygen\Keygen\x86.exe infected by "Application.Keygen.CD (DB)" Virus! Action Taken: File Renamed.

30 اغسطس 2012 02:20:27 - Scanning File G:\حاجات ايمن وغاده\project very important\algorithms2\code\????.url
30 اغسطس 2012 02:20:27 - ERROR(3)!!! ScanFile fails for G:\حاجات ايمن وغاده\project very important\algorithms2\code\????.url
30 اغسطس 2012 02:21:47 - ScanFile (G:\حاجات ايمن وغاده\ايمن\visual studio 2005\msdn\dotNetFramework\dotnetfx.exe) took 16937 ms
30 اغسطس 2012 02:28:44 - ScanFile (G:\حاجات ايمن وغاده\ايمن\visual studio 2005\vs\wcu\dotNetFramework\dotnetfx.exe) took 16250 ms
30 اغسطس 2012 02:29:02 - ScanFile (G:\حاجات ايمن وغاده\ايمن\visual studio 2005\vs\wcu\dotNetFramework\x64\NetFx64.exe) took 17156 ms
30 اغسطس 2012 02:29:23 - ScanFile (G:\حاجات ايمن وغاده\ايمن\visual studio 2005\vs\wcu\SDK\x64\setup.exe) took 14906 ms

30 اغسطس 2012 02:29:51 - ***** Checking for specific ITW Viruses *****

30 اغسطس 2012 02:29:51 - ***** Scanning complete. *****

30 اغسطس 2012 02:29:51 - Total Objects Scanned: 156876
30 اغسطس 2012 02:29:51 - Total Critical Objects: 10
30 اغسطس 2012 02:29:51 - Total Disinfected Objects: 1
30 اغسطس 2012 02:29:51 - Total Objects Renamed: 7
30 اغسطس 2012 02:29:51 - Total Deleted Objects: 2
30 اغسطس 2012 02:29:51 - Total Errors: 2
30 اغسطس 2012 02:29:51 - Time Elapsed: 03:07:44
30 اغسطس 2012 02:29:51 - Virus Database Date: 29 Aug 2012
30 اغسطس 2012 02:29:51 - Virus Database Count: 7545972

30 اغسطس 2012 02:29:51 - Scan Completed.

 
تأييد 0
السلام عليكم اختي الكريمة وعذرا على التاخير في الرد

من تقرير اداة ال eScan

e7f98f52c9f34c5efadea7d991543f32.jpg

واضح ان النظام كان مصابا بروتكيت وتم حذفه بنجاح

f62cd046310eb8249537ee690b43c406.jpg


ايضا هنالك اصابات خطرة لبعض الديدان حيث كانت تعمل في الذاكرة , قامت باغلاق عدد كبير ملفات الرجستري بالنظام

تم حذف الاصابة بنجاح

e22d53c16f661a66102d73c4a732bb44.jpg


ملخص الفحص تم التعامل بنجاح مع جميع الاصابات وعددها 10 وتم وتصحيح الاخطاء الموجودة في النظام

اريد منك الان حذف الملفات المؤقتة واصلاح اخطاء الرجستري ببرنامج ccleaner

التحميل من هنا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


شرح البرنامج من هنا

SeCuRiTy-DZ قال:
69f9ad30195c31bba5cc91bd5b0896df.png



أختي حملي البرنامج و قومي بتنظيف جهازكـ بـ:
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
أنقر للتوسيع...


المفروض ان تكون مشكلتك قد حلت بانتظار ردك وبالتوفيق ان شاء الله

 
توقيع : haitham653
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى