فايروس خطير اعدم جهازي

  • بادئ الموضوع بادئ الموضوع s.a.w
  • تاريخ البدء تاريخ البدء
  • المشاهدات 3,154
الحالة
مغلق و غير مفتوح للمزيد من الردود.
S

s.a.w

زيزوومي نشيط
إنضم
20 فبراير 2008
المشاركات
178
مستوى التفاعل
0
النقاط
200
الإقامة
ksa
غير متصل
السلام عليكم ورحمه الله وبركاته

اعزائي صارت لي مشكله اني دخلت موقع وحملت مقطع صوت واول ماحملته طلع لي الكاسبر تنبيه
ومن بعدها طفى جهازي وفرمت الجهاز وركبت ويندوز ومن اثبت برنامج مجرد ماحط الماوس
على البرنامج تختفي النافذه حق البرنامج

مع العلم اني فرمته لكن بلا جدوى

افيدوني بالله
 

توقيع : s.a.w
ترتيب حسب التاريخ ترتيب حسب الأصوات
:(
شلون
طيب الفايروس هذا وين في قرص c&d&e?

لاني انا فرمت الجهاز امس والمفروض انه يزيل مع الفرمته
 

توقيع : s.a.w
تأييد 0
s.a.w قال:
:(
شلون
طيب الفايروس هذا وين في قرص c&d&e?

لاني انا فرمت الجهاز امس والمفروض انه يزيل مع الفرمته
أنقر للتوسيع...

موجود ببرامج بدء التشغيل
وانا غير متأكد اذا هو فيروس او برنامج ضار او سليم
لكن بكل الاحوال لا يحذف
 
تأييد 0
طيب اخوي الان انا فرمت الجهاز ولا ركبت برامج كثيره يمكن 4 برامج

كيف مازال في بدء التشغيل
ادري اشغلتك معي بس تحلمنا واانا اخوك :)
العذر والسموحه ...

شوف اخوي السالفه كانت كيف انا اخذت مقطع اذان من جهاز شخص وكانت في فلاش ميموري
وعند تشغيلي لها علقت بالجهاز واطفاء الجهاز ومن ثم عند تشغيله لم اجد المقطع في الجهاز ولا
الميموري وبعدها بدات المشكله
 
توقيع : s.a.w
تأييد 0
يعطيك العافيه اخوي نوور
 
تأييد 0
s.a.w قال:
طيب اخوي الان انا فرمت الجهاز ولا ركبت برامج كثيره يمكن 4 برامج

كيف مازال في بدء التشغيل
ادري اشغلتك معي بس تحلمنا واانا اخوك :)
العذر والسموحه ...

شوف اخوي السالفه كانت كيف انا اخذت مقطع اذان من جهاز شخص وكانت في فلاش ميموري
وعند تشغيلي لها علقت بالجهاز واطفاء الجهاز ومن ثم عند تشغيله لم اجد المقطع في الجهاز ولا
الميموري وبعدها بدات المشكله
أنقر للتوسيع...

اسطوانة الويندوز شكلها مضروبه
عشان كذا تعمل فورمات ,, والفايروسات ما زالت موجوده ,,


شوف وقت عملية التنظيف ,, ارجو عدم استخدام اي اسطوانة
او فتح اي ملف او اي برنامج

لاهنت اعمل التالي
( اولااا )
حمل هذا الملف

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes

انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم


---------------------------


( ثانياا )
اعمل تقرير هايجاك
حمل هذا الملف وشغله ,, لحظات يظهر لك تقرير
انسخه والصقه بردك القادم

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 
تأييد 0
مشكور اخوي زيزوم الان عملت الفحص لكن ماطفى الجهاز طلع لي مستند نص


ComboFix 08-02-20.2 - Palestine 02/20/2008 20:48:36.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.34 [GMT 3:00] Running from: C:\Documents and Settings\Palestine\My Documents\Downloads\Programs\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-01-20 to 2008-02-20 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-20 11:50 --------- d-----w C:\Documents and Settings\Palestine\Application Data\Media Player Classic 2008-02-20 03:17 --------- d-----w C:\Documents and Settings\Palestine\Application Data\CyberScrub 2008-02-20 03:17 --------- d-----w C:\Documents and Settings\Palestine\Application Data\cleaner 2008-02-20 02:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee 2008-02-20 00:10 --------- d-----w C:\Documents and Settings\Palestine\Application Data\Skype 2008-02-20 00:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2008-02-19 23:55 --------- d-----w C:\Program Files\Common Files\xing shared 2008-02-19 23:54 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll 2008-02-19 23:54 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll 2008-02-19 23:54 --------- d-----w C:\Program Files\Real 2008-02-19 23:54 --------- d-----w C:\Program Files\Common Files\Real 2008-02-19 23:53 --------- d-----w C:\Program Files\Skype 2008-02-19 23:53 --------- d-----w C:\Program Files\Common Files\Skype 2008-02-19 23:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-02-19 23:49 --------- d-----w C:\Program Files\Yahoo! 2008-02-19 23:49 --------- d-----w C:\Program Files\CCleaner 2008-02-19 23:48 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-02-19 23:40 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-02-19 23:38 --------- d-----w C:\Program Files\MP3Resizer 2008-02-19 23:28 --------- d-----w C:\Program Files\Windows Live 2008-02-19 23:11 --------- d-----w C:\Program Files\Common Files\Ahead 2008-02-19 23:11 --------- d-----w C:\Program Files\Ahead 2008-02-19 23:10 --------- d-----w C:\Program Files\Foxit Software 2008-02-19 23:01 6,120 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd 2008-02-19 23:01 50,918 ----a-w C:\WINDOWS\BricoPackUninst.cmd 2008-02-19 23:01 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll 2008-02-19 22:57 --------- d-----w C:\Program Files\Internet Download Manager 2008-02-19 22:57 --------- d-----w C:\Documents and Settings\Palestine\Application Data\IDM 2008-02-19 22:57 --------- d-----w C:\Documents and Settings\Palestine\Application Data\DMCache 2008-02-19 22:54 108,330 ----a-w C:\Documents and Settings\All Users\Application Data\firstlsp.reg.dat 2008-02-19 22:54 --------- d-----w C:\Program Files\AntiVir PersonalEdition Premium 2008-02-19 22:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Premium 2008-02-19 22:39 --------- d-----w C:\Program Files\Texas Instruments Inc 2008-02-19 22:38 --------- d-----w C:\Program Files\Synaptics 2008-02-19 22:38 --------- d-----w C:\Program Files\HPQ 2008-02-19 22:36 --------- d-----w C:\Program Files\Intel 2008-02-19 22:33 --------- d-----w C:\Program Files\Analog Devices 2008-02-19 22:32 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-19 22:32 --------- d-----w C:\Program Files\Hewlett-Packard 2008-02-19 22:31 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-02-19 22:31 --------- d-----w C:\Program Files\Broadcom 2008-02-19 22:27 --------- d-----w C:\Program Files\MSXML 4.0 2008-02-19 22:24 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-12-24 10:49 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll 2007-12-03 23:33 682,496 ----a-w C:\WINDOWS\system32\divx.dll 2007-11-29 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-11-29 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2006-03-14 09:47 30,738 ----a-w C:\WINDOWS\Media\Windows Vista Unofficial Sound Scheme.reg . ------- Sigcheck ------- "C:\WINDOWS\system32\wininet.dll" ----a-w 813,568 2007-04-15 20:23:48 C:\WINDOWS\system32\wininet.dll ------w 818,688 2006-10-17 17:33:40 C:\WINDOWS\system32\dllcache\wininet.dll "C:\WINDOWS\explorer.exe" ----a-w 974,848 2007-03-28 11:33:50 C:\WINDOWS\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM 15360] "IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [04/26/2007 06:30 PM 895672] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [02/20/2008 02:48 AM 5728112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [05/20/2005 09:11 AM 925696] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [05/06/2005 02:06 PM 716800] "AGRSMMSG"="AGRSMMSG.exe" [12/12/2005 03:00 PM 88203 C:\WINDOWS\AGRSMMSG.exe] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/31/2006 04:01 PM 761946] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [03/02/2006 03:39 PM 131072] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [06/06/2006 10:09 AM 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [06/06/2006 10:06 AM 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [06/06/2006 10:10 AM 118784] "avgnt"="C:\Program Files\AntiVir PersonalEdition Premium\avgnt.exe" [04/02/2007 10:35 AM 327720] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM 155648] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [02/20/2008 02:54 AM 185896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="regsvr32 /s /n /i:u l32" [] C:\Documents and Settings\Palestine\Start Menu\Programs\Startup\ RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 01:05:02 630784] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HideRunAsVerb"= 1 (0x1) "NoDesktopCleanupWizard"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) R2 AntiVirMailService;AntiVir PersonalEdition Premium MailGuard;"C:\Program Files\AntiVir PersonalEdition Premium\avmailc.exe" [04/04/2007 11:57 AM] R2 AVEService;AntiVir PersonalEdition Premium MailGuard helper service;"C:\Program Files\AntiVir PersonalEdition Premium\avesvc.exe" [02/26/2007 11:33 AM] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-02-20 20:49:22 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.2894] -> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll . Completion time: 02/20/2008 20:49:49
 
توقيع : s.a.w
تأييد 0
هذا تقريري الهايجاك

.
--------------------------\\\ Start Report Of HijackThis ---------------
.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:56:39 م, on 20/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\AntiVir PersonalEdition Premium\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\AntiVir PersonalEdition Premium\avesvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Palestine\My Documents\Downloads\Programs\Zyzoom_HijackThis.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\PALEST~1\LOCALS~1\Temp\bntoz\runn.exe
C:\WINDOWS\system32\cmd.exe
C:\DOCUME~1\PALEST~1\LOCALS~1\Temp\bntoz\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u l32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u l32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u l32 (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)

--
End of file - 6249 bytes
.
.
--------------------------\\\ End Report Of Of HijackThis ---------------
.
.
.
.
--------------------------\\\ Start Report Of Running Processes ---------------
.
==================================================
Process Name : smss.exe
ProcessID : 396
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows NT Session Manager
Company : Microsoft Corporation
Window Title :
File Size : 50,688
File Created Date : 17/06/1425 10:56:58 م
File Modified Date : 17/06/1425 10:56:58 م
Filename : C:\WINDOWS\System32\smss.exe
Base Address : 0x48580000
Created On : 13/02/1429 07:45:43 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 80 K
Mem Usage Peak : 408 K
Page Faults : 194
Pagefile Usage : 168 K
Pagefile Peak Usage : 1676 K
File Attributes : A
==================================================

==================================================
Process Name : csrss.exe
ProcessID : 812
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Client Server Runtime Process
Company : Microsoft Corporation
Window Title :
File Size : 6,144
File Created Date : 17/06/1425 10:56:50 م
File Modified Date : 17/06/1425 10:56:50 م
Filename : C:\WINDOWS\system32\csrss.exe
Base Address : 0x4A680000
Created On : 13/02/1429 07:45:45 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2912 K
Mem Usage Peak : 3640 K
Page Faults : 14338
Pagefile Usage : 1904 K
Pagefile Peak Usage : 2012 K
File Attributes : A
==================================================

==================================================
Process Name : winlogon.exe
ProcessID : 836
Priority : High
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows NT Logon Application
Company : Microsoft Corporation
Window Title :
File Size : 502,272
File Created Date : 17/06/1425 10:56:58 م
File Modified Date : 17/06/1425 10:56:58 م
Filename : C:\WINDOWS\system32\winlogon.exe
Base Address : 0x01000000
Created On : 13/02/1429 07:45:47 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2832 K
Mem Usage Peak : 10820 K
Page Faults : 8233
Pagefile Usage : 4324 K
Pagefile Peak Usage : 5528 K
File Attributes : A
==================================================

==================================================
Process Name : services.exe
ProcessID : 884
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Services and Controller app
Company : Microsoft Corporation
Window Title :
File Size : 108,032
File Created Date : 17/06/1425 10:56:56 م
File Modified Date : 17/06/1425 10:56:56 م
Filename : C:\WINDOWS\system32\services.exe
Base Address : 0x01000000
Created On : 13/02/1429 07:45:49 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1800 K
Mem Usage Peak : 3532 K
Page Faults : 2124
Pagefile Usage : 1780 K
Pagefile Peak Usage : 2068 K
File Attributes : A
==================================================

==================================================
Process Name : lsass.exe
ProcessID : 896
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : LSA l (Export Version)
Company : Microsoft Corporation
Window Title :
File Size : 13,312
File Created Date : 17/06/1425 10:56:52 م
File Modified Date : 17/06/1425 10:56:52 م
Filename : C:\WINDOWS\system32\lsass.exe
Base Address : 0x01000000
Created On : 13/02/1429 07:45:49 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1328 K
Mem Usage Peak : 5244 K
Page Faults : 4137
Pagefile Usage : 2452 K
Pagefile Peak Usage : 2648 K
File Attributes : A
==================================================

==================================================
Process Name : svchost.exe
ProcessID : 1040
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 17/06/1425 10:56:58 م
File Modified Date : 17/06/1425 10:56:58 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 13/02/1429 07:45:50 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1780 K
Mem Usage Peak : 5452 K
Page Faults : 2206
Pagefile Usage : 2984 K
Pagefile Peak Usage : 23652 K
File Attributes : A
==================================================

==================================================
Process Name : svchost.exe
ProcessID : 1108
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 17/06/1425 10:56:58 م
File Modified Date : 17/06/1425 10:56:58 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 13/02/1429 07:45:51 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 1744 K
Mem Usage Peak : 4536 K
Page Faults : 1657
Pagefile Usage : 2052 K
Pagefile Peak Usage : 2184 K
File Attributes : A
==================================================

==================================================
Process Name : svchost.exe
ProcessID : 1144
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 17/06/1425 10:56:58 م
File Modified Date : 17/06/1425 10:56:58 م
Filename : C:\WINDOWS\System32\svchost.exe
Base Address : 0x01000000
Created On : 13/02/1429 07:45:51 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 17316 K
Mem Usage Peak : 17588 K
Page Faults : 16383
Pagefile Usage : 17016 K
Pagefile Peak Usage : 17372 K
File Attributes : A
==================================================

==================================================
Process Name : svchost.exe
ProcessID : 1292
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 17/06/1425 10:56:58 م
File Modified Date : 17/06/1425 10:56:58 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 13/02/1429 07:45:51 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 1276 K
Mem Usage Peak : 3120 K
Page Faults : 2115
Pagefile Usage : 1488 K
Pagefile Peak Usage : 1664 K
File Attributes : A
==================================================

==================================================
Process Name : svchost.exe
ProcessID : 1436
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 17/06/1425 10:56:58 م
File Modified Date : 17/06/1425 10:56:58 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 13/02/1429 07:45:51 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 1504 K
Mem Usage Peak : 4028 K
Page Faults : 1538
Pagefile Usage : 1680 K
Pagefile Peak Usage : 1728 K
File Attributes : A
==================================================

==================================================
Process Name : spoolsv.exe
ProcessID : 1724
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2696 (xpsp.050610-1527)
Description : Spooler SubSystem App
Company : Microsoft Corporation
Window Title :
File Size : 57,856
File Created Date : 28/03/1428 08:23:30 م
File Modified Date : 28/03/1428 08:23:30 م
Filename : C:\WINDOWS\system32\spoolsv.exe
Base Address : 0x01000000
Created On : 13/02/1429 07:45:53 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 724 K
Mem Usage Peak : 4016 K
Page Faults : 1643
Pagefile Usage : 3196 K
Pagefile Peak Usage : 3396 K
File Attributes : A
==================================================

==================================================
Process Name : avguard.exe
ProcessID : 1760
Priority : Normal
Product Name : AntiVir Workstation
Version : 7.00.00.52
Description : Antivirus On-Access Service
Company : Avira GmbH
Window Title :
File Size : 204,840
File Created Date : 12/02/1429 10:54:26 م
File Modified Date : 10/03/1428 09:58:20 ص
Filename : C:\Program Files\AntiVir PersonalEdition Premium\avguard.exe
Base Address : 0x00400000
Created On : 13/02/1429 07:45:54 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 928 K
Mem Usage Peak : 47828 K
Page Faults : 51219
Pagefile Usage : 53984 K
Pagefile Peak Usage : 63096 K
File Attributes : A
==================================================

==================================================
Process Name : smax4pnp.exe
ProcessID : 532
Priority : Normal
Product Name : SMax4PNP Application
Version : 6, 0, 0, 20
Description : SMax4PNP
Company : Analog Devices, Inc.
Window Title :
File Size : 925,696
File Created Date : 12/04/1426 06:11:06 ص
File Modified Date : 12/04/1426 06:11:06 ص
Filename : C:\Program Files\Analog Devices\Core\smax4pnp.exe
Base Address : 0x00400000
Created On : 13/02/1429 07:45:59 م
Visible Windows : 0
Hidden Windows : 3
User Name : PALESTIN-529C73\Palestine
Mem Usage : 660 K
Mem Usage Peak : 4308 K
Page Faults : 1533
Pagefile Usage : 2468 K
Pagefile Peak Usage : 2496 K
File Attributes : A
==================================================

==================================================
Process Name : AGRSMMSG.exe
ProcessID : 564
Priority : Normal
Product Name : Agere SoftModem Messaging Applet
Version : 2.1.59 2.1.59 08/24/2005 16:24:34
Description : SoftModem Messaging Applet
Company : Agere Systems
Window Title :
File Size : 88,203
File Created Date : 12/02/1429 10:37:21 م
File Modified Date : 12/11/1426 12:00:46 م
Filename : C:\WINDOWS\AGRSMMSG.exe
Base Address : 0x00400000
Created On : 13/02/1429 07:45:59 م
Visible Windows : 0
Hidden Windows : 2
User Name : PALESTIN-529C73\Palestine
Mem Usage : 496 K
Mem Usage Peak : 2696 K
Page Faults : 775
Pagefile Usage : 928 K
Pagefile Peak Usage : 952 K
File Attributes : A
==================================================

==================================================
Process Name : SynTPEnh.exe
ProcessID : 576
Priority : Normal
Product Name : Synaptics Pointing Device Driver
Version : 8.2.23 31Mar06
Description : Synaptics TouchPad Enhancements
Company : Synaptics, Inc.
Window Title :
File Size : 761,946
File Created Date : 12/02/1429 10:38:18 م
File Modified Date : 02/03/1427 01:01:48 م
Filename : C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Base Address : 0x00400000
Created On : 13/02/1429 07:46:00 م
Visible Windows : 0
Hidden Windows : 8
User Name : PALESTIN-529C73\Palestine
Mem Usage : 1192 K
Mem Usage Peak : 4828 K
Page Faults : 1461
Pagefile Usage : 1656 K
Pagefile Peak Usage : 1772 K
File Attributes : A
==================================================

==================================================
Process Name : QlbCtrl.exe
ProcessID : 600
Priority : Normal
Product Name : HP Quick Launch Buttons
Version : 6, 0, 4, 1
Description : QLB Controller
Company : Hewlett-Packard Development Company, L.P.
Window Title :
File Size : 131,072
File Created Date : 12/02/1429 10:38:52 م
File Modified Date : 02/02/1427 12:39:42 م
Filename : C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
Base Address : 0x00400000
Created On : 13/02/1429 07:46:00 م
Visible Windows : 0
Hidden Windows : 4
User Name : PALESTIN-529C73\Palestine
Mem Usage : 1288 K
Mem Usage Peak : 4224 K
Page Faults : 2146
Pagefile Usage : 2828 K
Pagefile Peak Usage : 2828 K
File Attributes : A
==================================================

==================================================
Process Name : igfxtray.exe
ProcessID : 612
Priority : Normal
Product Name : Intel(R) Common User Interface
Version : 3.0.0.4609
Description : igfxTray Module
Company : Intel Corporation
Window Title :
File Size : 94,208
File Created Date : 10/05/1427 07:09:58 ص
File Modified Date : 10/05/1427 07:09:58 ص
Filename : C:\WINDOWS\system32\igfxtray.exe
Base Address : 0x00400000
Created On : 13/02/1429 07:46:00 م
Visible Windows : 0
Hidden Windows : 2
User Name : PALESTIN-529C73\Palestine
Mem Usage : 1528 K
Mem Usage Peak : 3492 K
Page Faults : 1377
Pagefile Usage : 1180 K
Pagefile Peak Usage : 2620 K
File Attributes : A
==================================================

==================================================
Process Name : hkcmd.exe
ProcessID : 620
Priority : Normal
Product Name : Intel(R) Common User Interface
Version : 3.0.0.4609
Description : hkcmd Module
Company : Intel Corporation
Window Title :
File Size : 77,824
File Created Date : 10/05/1427 07:06:44 ص
File Modified Date : 10/05/1427 07:06:44 ص
Filename : C:\WINDOWS\system32\hkcmd.exe
Base Address : 0x00400000
Created On : 13/02/1429 07:46:00 م
Visible Windows : 0
Hidden Windows : 12
User Name : PALESTIN-529C73\Palestine
Mem Usage : 764 K
Mem Usage Peak : 2952 K
Page Faults : 1040
Pagefile Usage : 940 K
Pagefile Peak Usage : 1020 K
File Attributes : A
==================================================

==================================================
Process Name : igfxpers.exe
ProcessID : 628
Priority : Normal
Product Name : Intel(R) Common User Interface
Version : 3.0.0.4609
Description : persistence Module
Company : Intel Corporation
Window Title :
File Size : 118,784
File Created Date : 10/05/1427 07:10:40 ص
File Modified Date : 10/05/1427 07:10:40 ص
Filename : C:\WINDOWS\system32\igfxpers.exe
Base Address : 0x00400000
Created On : 13/02/1429 07:46:00 م
Visible Windows : 0
Hidden Windows : 2
User Name : PALESTIN-529C73\Palestine
Mem Usage : 716 K
Mem Usage Peak : 2968 K
Page Faults : 1030
Pagefile Usage : 848 K
Pagefile Peak Usage : 888 K
File Attributes : A
==================================================

==================================================
Process Name : avgnt.exe
ProcessID : 636
Priority : Normal
Product Name : AntiVir Workstation
Version : 7.00.04.05
Description : Antivirus System Tray Tool
Company : Avira GmbH
Window Title :
File Size : 327,720
File Created Date : 12/02/1429 10:54:26 م
File Modified Date : 15/03/1428 07:35:14 ص
Filename : C:\Program Files\AntiVir PersonalEdition Premium\avgnt.exe
Base Address : 0x00400000
Created On : 13/02/1429 07:46:00 م
Visible Windows : 0
Hidden Windows : 3
User Name : PALESTIN-529C73\Palestine
Mem Usage : 540 K
Mem Usage Peak : 6824 K
Page Faults : 228619
Pagefile Usage : 1808 K
Pagefile Peak Usage : 4188 K
File Attributes : A
==================================================

==================================================
Process Name : realsched.exe
ProcessID : 676
Priority : Normal
Product Name : RealPlayer (32-bit)
Version : 0.1.1.45
Description : RealNetworks Scheduler
Company : RealNetworks, Inc.
Window Title :
File Size : 185,896
File Created Date : 12/02/1429 11:54:33 م
File Modified Date : 12/02/1429 11:54:34 م
Filename : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Base Address : 0x00400000
Created On : 13/02/1429 07:46:01 م
Visible Windows : 0
Hidden Windows : 2
User Name : PALESTIN-529C73\Palestine
Mem Usage : 192 K
Mem Usage Peak : 3004 K
Page Faults : 7068
Pagefile Usage : 1112 K
Pagefile Peak Usage : 1144 K
File Attributes : A
==================================================

==================================================
Process Name : ctfmon.exe
ProcessID : 684
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : CTF Loader
Company : Microsoft Corporation
Window Title :
File Size : 15,360
File Created Date : 17/06/1425 10:56:50 م
File Modified Date : 17/06/1425 10:56:50 م
Filename : C:\WINDOWS\system32\ctfmon.exe
Base Address : 0x00400000
Created On : 13/02/1429 07:46:01 م
Visible Windows : 0
Hidden Windows : 5
User Name : PALESTIN-529C73\Palestine
Mem Usage : 1356 K
Mem Usage Peak : 3216 K
Page Faults : 1158
Pagefile Usage : 1060 K
Pagefile Peak Usage : 1060 K
File Attributes : A
==================================================

==================================================
Process Name : IDMan.exe
ProcessID : 860
Priority : Normal
Product Name : Internet Download Manager (IDM)
Version : 5.09.5
Description : Internet Download Manager (IDM)
Company : Tonec Inc.
Window Title :
File Size : 895,672
File Created Date : 09/04/1428 03:21:20 م
File Modified Date : 09/04/1428 03:30:46 م
Filename : C:\Program Files\Internet Download Manager\IDMan.exe
Base Address : 0x00400000
Created On : 13/02/1429 07:46:03 م
Visible Windows : 0
Hidden Windows : 7
User Name : PALESTIN-529C73\Palestine
Mem Usage : 6344 K
Mem Usage Peak : 7128 K
Page Faults : 8595
Pagefile Usage : 6184 K
Pagefile Peak Usage : 6612 K
File Attributes : A
==================================================

==================================================
Process Name : MsnMsgr.Exe
ProcessID : 1244
Priority : Normal
Product Name : Messenger
Version : 8.5.1288.0816
Description : Windows Live Messenger
Company : Microsoft Corporation
Window Title :
File Size : 5,728,112
File Created Date : 03/08/1428 01:19:34 م
File Modified Date : 12/02/1429 11:48:56 م
Filename : C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
Base Address : 0x00400000
Created On : 13/02/1429 07:46:04 م
Visible Windows : 1
Hidden Windows : 18
User Name : PALESTIN-529C73\Palestine
Mem Usage : 4592 K
Mem Usage Peak : 19272 K
Page Faults : 11550
Pagefile Usage : 10364 K
Pagefile Peak Usage : 10928 K
File Attributes : A
==================================================

==================================================
Process Name : RocketDock.exe
ProcessID : 1300
Priority : Normal
Product Name :
Version :
Description :
Company :
Window Title : RocketDock
File Size : 630,784
File Created Date : 29/02/1428 10:05:02 م
File Modified Date : 29/02/1428 10:05:02 م
Filename : C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
Base Address : 0x00400000
Created On : 13/02/1429 07:46:06 م
Visible Windows : 9
Hidden Windows : 6
User Name : PALESTIN-529C73\Palestine
Mem Usage : 1452 K
Mem Usage Peak : 6700 K
Page Faults : 4026
Pagefile Usage : 2720 K
Pagefile Peak Usage : 3064 K
File Attributes : A
==================================================

==================================================
Process Name : sched.exe
ProcessID : 1404
Priority : Normal
Product Name : Scheduler
Version : 7.00.00.46
Description : Antivirus Scheduler
Company : Avira GmbH
Window Title :
File Size : 57,896
File Created Date : 12/02/1429 10:54:26 م
File Modified Date : 29/03/1428 12:32:58 م
Filename : C:\Program Files\AntiVir PersonalEdition Premium\sched.exe
Base Address : 0x00400000
Created On : 13/02/1429 07:46:07 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2444 K
Mem Usage Peak : 5556 K
Page Faults : 31889
Pagefile Usage : 2100 K
Pagefile Peak Usage : 3372 K
File Attributes : A
==================================================

==================================================
Process Name : avesvc.exe
ProcessID : 1460
Priority : Normal
Product Name : AVE Service
Version : 7.0.0.26
Description : Antivirus Engine Service
Company : Avira GmbH
Window Title :
File Size : 45,096
File Created Date : 12/02/1429 10:54:26 م
File Modified Date : 09/02/1428 08:33:12 ص
Filename : C:\Program Files\AntiVir PersonalEdition Premium\avesvc.exe
Base Address : 0x00400000
Created On : 13/02/1429 07:46:08 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 268 K
Mem Usage Peak : 44156 K
Page Faults : 31514
Pagefile Usage : 35460 K
Pagefile Peak Usage : 67212 K
File Attributes : A
==================================================

==================================================
Process Name : hpqwmiex.exe
ProcessID : 1592
Priority : Normal
Product Name : hpqwmiex Module
Version : 2, 0, 1, 6
Description : hpqwmiex Module
Company : Hewlett-Packard Development Company, L.P.
Window Title :
File Size : 98,304
File Created Date : 12/02/1429 10:38:52 م
File Modified Date : 11/12/1426 09:23:56 ص
Filename : C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
Base Address : 0x00400000
Created On : 13/02/1429 07:46:12 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 424 K
Mem Usage Peak : 3760 K
Page Faults : 1221
Pagefile Usage : 2256 K
Pagefile Peak Usage : 2304 K
File Attributes : A
==================================================

==================================================
Process Name : avmailc.exe
ProcessID : 1640
Priority : Normal
Product Name : AntiVir Mail Guard
Version : 7.00.01.35
Description : Antivirus MailScanner Service
Company : Avira GmbH
Window Title :
File Size : 143,400
File Created Date : 12/02/1429 10:54:26 م
File Modified Date : 17/03/1428 08:57:02 ص
Filename : C:\Program Files\AntiVir PersonalEdition Premium\avmailc.exe
Base Address : 0x00400000
Created On : 13/02/1429 07:46:13 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 400 K
Mem Usage Peak : 3320 K
Page Faults : 1183
Pagefile Usage : 1496 K
Pagefile Peak Usage : 1512 K
File Attributes : A
==================================================

==================================================
Process Name : firefox.exe
ProcessID : 1000
Priority : Normal
Product Name : Firefox
Version : 1.8.1.9: 2007102514
Description : Firefox
Company : Mozilla Corporation
Window Title : فايروس خطير اعدم جهازي - الصفحة 2 - زيزوووم للأمن والحمايه - موزيلا فايرفوكس
File Size : 7,649,128
File Created Date : 12/02/1429 11:07:40 م
File Modified Date : 15/10/1428 05:51:50 ص
Filename : C:\Program Files\Mozilla Firefox\firefox.exe
Base Address : 0x00400000
Created On : 13/02/1429 07:46:17 م
Visible Windows : 1
Hidden Windows : 20
User Name : PALESTIN-529C73\Palestine
Mem Usage : 71504 K
Mem Usage Peak : 106764 K
Page Faults : 472779
Pagefile Usage : 92236 K
Pagefile Peak Usage : 99500 K
File Attributes : A
==================================================

==================================================
Process Name : wmiprvse.exe
ProcessID : 356
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : WMI
Company : Microsoft Corporation
Window Title :
File Size : 218,112
File Created Date : 12/02/1429 10:23:39 م
File Modified Date : 18/06/1425 01:56:58 ص
Filename : C:\WINDOWS\system32\wbem\wmiprvse.exe
Base Address : 0x01000000
Created On : 13/02/1429 07:46:25 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 956 K
Mem Usage Peak : 5460 K
Page Faults : 2152
Pagefile Usage : 1996 K
Pagefile Peak Usage : 2840 K
File Attributes : A
==================================================

==================================================
Process Name : alg.exe
ProcessID : 2244
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Application Layer Gateway Service
Company : Microsoft Corporation
Window Title :
File Size : 44,544
File Created Date : 17/06/1425 10:56:48 م
File Modified Date : 17/06/1425 10:56:48 م
Filename : C:\WINDOWS\System32\alg.exe
Base Address : 0x01000000
Created On : 13/02/1429 07:46:30 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 688 K
Mem Usage Peak : 3760 K
Page Faults : 1179
Pagefile Usage : 1344 K
Pagefile Peak Usage : 1356 K
File Attributes : A
==================================================

==================================================
Process Name : Zyzoom_HijackThis.exe
ProcessID : 2320
Priority : Normal
Product Name : HijackThis
Version : 2.00.0002
Description : HijackThis
Company : Trend Micro Inc.
Window Title : Trend Micro HijackThis - v2.0.2
File Size : 396,288
File Created Date : 13/02/1429 01:36:02 ص
File Modified Date : 13/02/1429 01:37:50 ص
Filename : C:\Documents and Settings\Palestine\My Documents\Downloads\Programs\Zyzoom_HijackThis.exe
Base Address : 0x00400000
Created On : 13/02/1429 07:46:32 م
Visible Windows : 2
Hidden Windows : 5
User Name : PALESTIN-529C73\Palestine
Mem Usage : 1380 K
Mem Usage Peak : 9524 K
Page Faults : 8301
Pagefile Usage : 4004 K
Pagefile Peak Usage : 5448 K
File Attributes : A
==================================================

==================================================
Process Name : IEMonitor.exe
ProcessID : 2932
Priority : Normal
Product Name : IEMonitor Application
Version : 3, 0, 0, 1
Description : Internet Download Manager agent for click monitoring in IE-based browsers
Company : Tonec Inc.
Window Title :
File Size : 251,576
File Created Date : 09/04/1428 03:17:02 م
File Modified Date : 02/02/1428 02:53:54 م
Filename : C:\Program Files\Internet Download Manager\IEMonitor.exe
Base Address : 0x00400000
Created On : 13/02/1429 07:46:43 م
Visible Windows : 0
Hidden Windows : 3
User Name : PALESTIN-529C73\Palestine
Mem Usage : 1988 K
Mem Usage Peak : 7036 K
Page Faults : 2156
Pagefile Usage : 3872 K
Pagefile Peak Usage : 7264 K
File Attributes : A
==================================================

==================================================
Process Name : explorer.exe
ProcessID : 1396
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.00.2900.2894 (xpsp.060424-0312)
Description : Windows Explorer
Company : Microsoft Corporation
Window Title : Programs
File Size : 974,848
File Created Date : 10/03/1428 11:33:50 ص
File Modified Date : 10/03/1428 11:33:50 ص
Filename : C:\WINDOWS\explorer.exe
Base Address : 0x01000000
Created On : 13/02/1429 08:49:26 م
Visible Windows : 3
Hidden Windows : 36
User Name : PALESTIN-529C73\Palestine
Mem Usage : 22200 K
Mem Usage Peak : 22268 K
Page Faults : 9897
Pagefile Usage : 14800 K
Pagefile Peak Usage : 14860 K
File Attributes : A
==================================================

==================================================
Process Name : wmiprvse.exe
ProcessID : 4000
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : WMI
Company : Microsoft Corporation
Window Title :
File Size : 218,112
File Created Date : 12/02/1429 10:23:39 م
File Modified Date : 18/06/1425 01:56:58 ص
Filename : C:\WINDOWS\system32\wbem\wmiprvse.exe
Base Address : 0x01000000
Created On : 13/02/1429 08:55:53 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 5760 K
Mem Usage Peak : 5760 K
Page Faults : 1472
Pagefile Usage : 3012 K
Pagefile Peak Usage : 3012 K
File Attributes : A
==================================================

==================================================
Process Name : runn.exe
ProcessID : 1172
Priority : Normal
Product Name :
Version :
Description :
Company :
Window Title :
File Size : 71,680
File Created Date : 13/02/1429 05:55:52 م
File Modified Date : 23/01/1429 10:24:26 م
Filename : C:\DOCUME~1\PALEST~1\LOCALS~1\Temp\bntoz\runn.exe
Base Address : 0x00400000
Created On : 13/02/1429 08:56:38 م
Visible Windows : 0
Hidden Windows : 0
User Name : PALESTIN-529C73\Palestine
Mem Usage : 2232 K
Mem Usage Peak : 2240 K
Page Faults : 637
Pagefile Usage : 736 K
Pagefile Peak Usage : 824 K
File Attributes : A
==================================================

==================================================
Process Name : cmd.exe
ProcessID : 3896
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows Command Processor
Company : Microsoft Corporation
Window Title :
File Size : 415,232
File Created Date : 26/06/1425 03:00:00 ص
File Modified Date : 26/06/1425 03:00:00 ص
Filename : C:\WINDOWS\system32\cmd.exe
Base Address : 0x4AD00000
Created On : 13/02/1429 08:56:38 م
Visible Windows : 0
Hidden Windows : 1
User Name : PALESTIN-529C73\Palestine
Mem Usage : 2988 K
Mem Usage Peak : 3056 K
Page Faults : 839
Pagefile Usage : 2136 K
Pagefile Peak Usage : 2212 K
File Attributes : A
==================================================

==================================================
Process Name : CProcess.exe
ProcessID : 1328
Priority : Normal
Product Name : CurrProcess
Version : 1.11
Description : CurrProcess
Company : NirSoft
Window Title :
File Size : 35,840
File Created Date : 13/02/1429 05:55:52 م
File Modified Date : 08/06/1426 04:46:34 ص
Filename : C:\DOCUME~1\PALEST~1\LOCALS~1\Temp\bntoz\CProcess.exe
Base Address : 0x00400000
Created On : 13/02/1429 08:56:39 م
Visible Windows : 0
Hidden Windows : 0
User Name : PALESTIN-529C73\Palestine
Mem Usage : 2264 K
Mem Usage Peak : 2312 K
Page Faults : 893
Pagefile Usage : 956 K
Pagefile Peak Usage : 1012 K
File Attributes : A
==================================================

.
.
--------------------------\\\ End Report Of Running Processes ---------------
.
.
.
.
--------------------------\\\ Windows XP Startup List ---------------
.

HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
autocheck autochk *
autocheck autochk *
Auto Check Utility
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\autochk.exe

HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
rdpclip
rdpclip
RDP Clip Monitor
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\rdpclip.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
Userinit Logon Application
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\userinit.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\l
Explorer.exe
Explorer.exe
Windows Explorer
Microsoft Corporation
6.00.2900.2894
c:\windows\explorer.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SoundMAXPnP
C:\Program Files\Analog Devices\Core\smax4pnp.exe
SMax4PNP
Analog Devices, Inc.
6.00.0000.0020
c:\program files\analog devices\core\smax4pnp.exe
SoundMAX
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
Audio Control Panel
Analog Devices, Inc.
5.02.0000.0008
c:\program files\analog devices\soundmax\smax4.exe
AGRSMMSG
AGRSMMSG.exe
SoftModem Messaging Applet
Agere Systems
2.01.0059.0000
c:\windows\agrsmmsg.exe
SynTPEnh
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Synaptics TouchPad Enhancements
Synaptics, Inc.
8.02.0023.0000
c:\program files\synaptics\syntp\syntpenh.exe
QlbCtrl
%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
QLB Controller
Hewlett-Packard Development Company, L.P.
6.00.0004.0001
c:\program files\hewlett-packard\hp quick launch buttons\qlbctrl.exe
igfxtray
C:\WINDOWS\system32\igfxtray.exe
igfxTray Module
Intel Corporation
3.00.0000.4609
c:\windows\system32\igfxtray.exe
igfxhkcmd
C:\WINDOWS\system32\hkcmd.exe
hkcmd Module
Intel Corporation
3.00.0000.4609
c:\windows\system32\hkcmd.exe
igfxpers
C:\WINDOWS\system32\igfxpers.exe
persistence Module
Intel Corporation
3.00.0000.4609
c:\windows\system32\igfxpers.exe
avgnt
"C:\Program Files\AntiVir PersonalEdition Premium\avgnt.exe" /min
Antivirus System Tray Tool
Avira GmbH
7.00.0004.0005
c:\program files\antivir personaledition premium\avgnt.exe
NeroFilterCheck
C:\WINDOWS\system32\NeroCheck.exe
NeroCheck
Ahead Software Gmbh
1.00.0000.0002
c:\windows\system32\nerocheck.exe
TkBellExe
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
RealNetworks Scheduler
RealNetworks, Inc.
0.01.0001.0045
c:\program files\common files\real\update_ob\realsched.exe

C:\Documents and Settings\Palestine\Start Menu\Programs\Startup
RocketDock.lnk
C:\Documents and Settings\Palestine\Start Menu\Programs\Startup\RocketDock.lnk
c:\windows\bricopacks\vista inspirat 2\rocketdock\rocketdock.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE
C:\WINDOWS\system32\ctfmon.exe
CTF Loader
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\ctfmon.exe
IDMan
C:\Program Files\Internet Download Manager\IDMan.exe /onboot
Internet Download Manager (IDM)
Tonec Inc.
5.00.0009.0005
c:\program files\internet download manager\idman.exe
MsnMsgr
"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
Windows Live Messenger
Microsoft Corporation
8.05.1288.0816
c:\program files\windows live\messenger\msnmsgr.exe
.
.
----------- End Report ---------------
 
توقيع : s.a.w
تأييد 0
تقرير الاداة مهم

طيب حمل الملف هذا ,, وقم بتشغيله
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


بعدها اعد تشغيل الاداة السابقه ,, وارفع التقرير هنا
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 
تأييد 0
توقيع : s.a.w
تأييد 0
الحين الحمد لله ,,
باقي عندك قيم ويجب تعديلها ,, حمل الملف هذا وقم بتشغيله
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


بعدهااا ,, انصحك بحذف الافيرا انتي فايروس واستخدام الكاسبر بدلااا منه​
 
تأييد 0
مشكووووور زيزوووم وجاري التجربه

جعله الله في ميزان حسناتك ابجرب وارجع
 
توقيع : s.a.w
تأييد 0
ضغطت عليه وماجا شي

انا استخدم الافيرا لانه يكشف بعض الباتشات المشفره
 
توقيع : s.a.w
تأييد 0
s.a.w قال:
ضغطت عليه وماجا شي

انا استخدم الافيرا لانه يكشف بعض الباتشات المشفره
أنقر للتوسيع...

:noskjiuyweat: ياغالي انا مسويه لك ,, وحاطه سكاتي بدون رسائل :noskjiuyweat:


الافيرا ماعليه بعد ,,

لكن احفظ اداة المكافي اللي عندك ,, واستخدمها كل فتره



بالتوفيق​
 
تأييد 0
يعني الان جهاز سليم اخوي تركي؟

ويعطيك الف عافيه والله يالقرم ماقصرت اتعبتك معي

لكن وش نسوي مالنا غنى عنكم :$

جعله ثواااب لوالديك

وهم ماقصر معي شسويله بعد يعطيه الف عافيه واشكر جهودكم المستمره
 
توقيع : s.a.w
تأييد 0
هلا اخوي بعد كل الجهود اللتي قمنا بها وبالنهاية الفايرس مازال بجهازي وعندي مشااااكل كثيره بالجهاز
حتى لو بغيت اعمل اظهار للمفات المخفيه لاتطلع وعند تثبيتي لاي برنامج يحصل تهنيق للجهاز باستمرار
مع العلم اني اتبعت الخطوات كلها وقمت بعمل كل الطرائق اللي ذكرتم وايضا تم مسح المفضله من جهازي لوحده
وقمت بالبحث بالمكافي وظهرت لي عده فيروسات فما اعلم ماهو الحل افيدووووني جزاكم الله خير
بنتظار ردودكم الكريمة :frown::frown:
 
توقيع : s.a.w
تأييد 0
get-2-2008-8rb_com_br8yofmx.jpg
 
توقيع : s.a.w
تأييد 0
هذه النتائج بعد الفحص عن طريق المكافي ومازالت المشكله مستمرة
 
توقيع : s.a.w
تأييد 0
عزالله اني قلت لك استخدم الكاسبر ,,

لاهنت عطني تقرير المكافي
 
تأييد 0
تفضل اخوي هذا التقرير

13/02/1429 05:38:21 ص Engine version =5200.2160
13/02/1429 05:38:21 ص AntiVirus DAT version =5195.0000
13/02/1429 05:38:21 ص Number of detection signatures in EXTRA.DAT =None
13/02/1429 05:38:21 ص Names of detection signatures in EXTRA.DAT =None
13/02/1429 05:38:15 ص Scan Started PALESTIN-529C73\Palestine On-Demand Scan
13/02/1429 05:38:34 ص Deleted Palestine HKEY_USERS\S-1-5-21-583907252-115176313-725345543-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|HIDEFILEEXT W32/Autorun.worm.g(Virus)
13/02/1429 05:38:38 ص Deleted Palestine HIDEFILEEXT W32/Autorun.worm.g(Virus)
13/02/1429 05:38:38 ص Deleted Palestine HKEY_USERS\S-1-5-21-583907252-115176313-725345543-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|HIDDEN W32/Autorun.worm.g(Virus)
13/02/1429 05:38:38 ص Deleted Palestine HIDDEN W32/Autorun.worm.g(Virus)
13/02/1429 05:38:38 ص Deleted Palestine HKEY_USERS\S-1-5-21-583907252-115176313-725345543-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|SUPERHIDDEN W32/Autorun.worm.g(Virus)
13/02/1429 05:38:38 ص Deleted Palestine SUPERHIDDEN W32/Autorun.worm.g(Virus)
13/02/1429 05:38:38 ص Deleted Palestine HKEY_USERS\S-1-5-21-583907252-115176313-725345543-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|SHOWSUPERHIDDEN W32/Autorun.worm.g(Virus)
13/02/1429 05:38:38 ص Deleted Palestine SHOWSUPERHIDDEN W32/Autorun.worm.g(Virus)
13/02/1429 05:38:38 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
13/02/1429 05:38:38 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
13/02/1429 05:38:38 ص Cleaned Palestine HKCR\.REG| W32/Autorun.worm.g(Virus)
13/02/1429 05:38:38 ص Cleaned Palestine HKCR\.VBS| W32/Autorun.worm.g(Virus)
13/02/1429 05:38:38 ص Deleted Palestine C:\WINDOWS\KILLER.EXE W32/Autorun.worm.g(Virus)
13/02/1429 05:38:38 ص Deleted Palestine C:\WINDOWS\killer.exe W32/Autorun.worm.g(Virus)
13/02/1429 05:38:40 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
13/02/1429 05:38:40 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
13/02/1429 05:38:40 ص Deleted Palestine HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Runonce W32/Autorun.worm.g(Virus)
13/02/1429 05:38:40 ص Deleted Palestine C:\WINDOWS\SMSS.EXE W32/Autorun.worm.g(Virus)
13/02/1429 05:38:40 ص Deleted Palestine C:\WINDOWS\smss.exe W32/Autorun.worm.g(Virus)
13/02/1429 05:38:43 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
13/02/1429 05:38:43 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
13/02/1429 05:38:43 ص Cleaned Palestine HKCR\.REG| W32/Autorun.worm.g(Virus)
13/02/1429 05:38:43 ص Cleaned Palestine HKCR\.VBS| W32/Autorun.worm.g(Virus)
13/02/1429 05:38:44 ص Deleted Palestine HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Runonce W32/Autorun.worm.g(Virus)
13/02/1429 05:38:44 ص Deleted Palestine D:\SMSS.EXE W32/Autorun.worm.g(Virus)
13/02/1429 05:38:44 ص Deleted Palestine D:\smss.exe W32/Autorun.worm.g(Virus)
13/02/1429 05:38:45 ص Deleted Palestine c:\documents and settings\palestine\s\palestine@real[2].txt\00000000.ie -Real(Potentially Unwanted Program)
13/02/1429 05:38:45 ص Deleted Palestine c:\documents and settings\palestine\s\palestine@real[2].txt\00000000.ie -Real(Potentially Unwanted Program)
13/02/1429 05:38:45 ص Deleted Palestine c:\documents and settings\palestine\s\palestine@guide.real[1].txt\00000000.ie -Real(Potentially Unwanted Program)
13/02/1429 05:38:58 ص Deleted Palestine c:\autorun.inf Generic!atr(Trojan)
13/02/1429 05:38:59 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
13/02/1429 05:38:59 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
13/02/1429 05:38:59 ص Deleted Palestine C:\FUNNY UST SCANDAL.AVI.EXE W32/Autorun.worm.g(Virus)
13/02/1429 05:38:59 ص Deleted Palestine c:\Funny UST Scandal.avi.exe W32/Autorun.worm.g(Virus)
13/02/1429 05:38:59 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
13/02/1429 05:38:59 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
13/02/1429 05:38:59 ص Deleted Palestine C:\SMSS.EXE W32/Autorun.worm.g(Virus)
13/02/1429 05:38:59 ص Deleted Palestine c:\smss.exe W32/Autorun.worm.g(Virus)
13/02/1429 05:39:02 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
13/02/1429 05:39:02 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
13/02/1429 05:39:02 ص Deleted Palestine C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\STARTUP\LSASS.EXE W32/Autorun.worm.g(Virus)
13/02/1429 05:39:02 ص Deleted Palestine c:\Documents and Settings\All Users\Start Menu\Programs\Startup\lsass.exe W32/Autorun.worm.g(Virus)
13/02/1429 05:42:04 ص Deleted Palestine c:\WINDOWS\autorun.inf Generic!atr(Trojan)
13/02/1429 05:42:05 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
13/02/1429 05:42:05 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
13/02/1429 05:42:06 ص Deleted Palestine C:\WINDOWS\FUNNY UST SCANDAL.EXE W32/Autorun.worm.g(Virus)
13/02/1429 05:42:06 ص Deleted Palestine c:\WINDOWS\Funny UST Scandal.exe W32/Autorun.worm.g(Virus)
13/02/1429 05:42:07 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
13/02/1429 05:42:07 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
13/02/1429 05:42:07 ص Deleted Palestine C:\WINDOWS\KILLER.EXE W32/Autorun.worm.g(Virus)
13/02/1429 05:42:07 ص Deleted Palestine c:\WINDOWS\killer.exe W32/Autorun.worm.g(Virus)
13/02/1429 05:42:08 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
13/02/1429 05:42:08 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
13/02/1429 05:42:08 ص Deleted Palestine C:\WINDOWS\SMSS.EXE W32/Autorun.worm.g(Virus)
13/02/1429 05:42:08 ص Deleted Palestine c:\WINDOWS\smss.exe W32/Autorun.worm.g(Virus)
13/02/1429 05:45:05 ص Deleted Palestine d:\autorun.inf Generic!atr(Trojan)
13/02/1429 05:45:05 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
13/02/1429 05:45:05 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
13/02/1429 05:45:06 ص Deleted Palestine D:\FUNNY UST SCANDAL.AVI.EXE W32/Autorun.worm.g(Virus)
13/02/1429 05:45:06 ص Deleted Palestine d:\Funny UST Scandal.avi.exe W32/Autorun.worm.g(Virus)
13/02/1429 05:49:21 ص Deleted Palestine D:\SYSTEM VOLUME INFORMATION\_RESTORE{37A5B5AF-B575-4357-A4E8-88DA771B642F}\RP75\A0030644.EXE Tool-Evid(Potentially Unwanted Program)
13/02/1429 05:49:21 ص Deleted Palestine d:\System Volume Information\_restore{37A5B5AF-B575-4357-A4E8-88DA771B642F}\RP75\A0030644.exe\A0030644.exe Tool-Evid(Potentially Unwanted Program)
13/02/1429 05:51:02 ص Deleted (Clean failed because the detection isn't cleanable) Palestine d:\System Volume Information\_restore{37A5B5AF-B575-4357-A4E8-88DA771B642F}\RP75\A0030796.exe New Malware.aq(Trojan)
13/02/1429 05:51:03 ص Deleted Palestine D:\SYSTEM VOLUME INFORMATION\_RESTORE{37A5B5AF-B575-4357-A4E8-88DA771B642F}\RP75\A0030799.EXE W32/Sdbot.worm.gen.bj(Virus)
13/02/1429 05:51:03 ص Deleted Palestine d:\System Volume Information\_restore{37A5B5AF-B575-4357-A4E8-88DA771B642F}\RP75\A0030799.exe W32/Sdbot.worm.gen.bj(Virus)
13/02/1429 05:51:04 ص Deleted Palestine d:\System Volume Information\_restore{E328F9BE-4891-4EA8-AA85-0536C8AC3748}\RP1\A0000755.inf Generic!atr(Trojan)
13/02/1429 05:51:18 ص Deleted Palestine e:\autorun.inf Generic!atr(Trojan)
13/02/1429 05:51:18 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
13/02/1429 05:51:18 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
13/02/1429 05:51:18 ص Deleted Palestine E:\FUNNY UST SCANDAL.AVI.EXE W32/Autorun.worm.g(Virus)
13/02/1429 05:51:18 ص Deleted Palestine e:\Funny UST Scandal.avi.exe W32/Autorun.worm.g(Virus)
13/02/1429 05:51:19 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
13/02/1429 05:51:19 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
13/02/1429 05:51:19 ص Deleted Palestine E:\SMSS.EXE W32/Autorun.worm.g(Virus)
13/02/1429 05:51:19 ص Deleted Palestine e:\smss.exe W32/Autorun.worm.g(Virus)
13/02/1429 05:51:20 ص Deleted Palestine e:\System Volume Information\_restore{E328F9BE-4891-4EA8-AA85-0536C8AC3748}\RP1\A0000756.inf Generic!atr(Trojan)
13/02/1429 05:51:58 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
13/02/1429 05:51:58 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
13/02/1429 05:51:58 ص Deleted Palestine G:\FUNNY UST SCANDAL.AVI.EXE W32/Autorun.worm.g(Virus)
13/02/1429 05:52:00 ص Deleted Palestine g:\Funny UST Scandal.avi.exe W32/Autorun.worm.g(Virus)
13/02/1429 05:52:02 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
13/02/1429 05:52:02 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
13/02/1429 05:52:03 ص Deleted Palestine G:\SMSS.EXE W32/Autorun.worm.g(Virus)
13/02/1429 05:52:04 ص Deleted Palestine g:\smss.exe W32/Autorun.worm.g(Virus)
13/02/1429 05:52:24 ص No Action Taken (Clean failed because the detection isn't cleanable) Palestine g:\New Folder\Q.BoyZ.exe New Win32(Virus)
13/02/1429 05:53:45 ص Scan Summary PALESTIN-529C73\Palestine Scan Summary
13/02/1429 05:53:45 ص Scan Summary PALESTIN-529C73\Palestine Processes scanned : 68
13/02/1429 05:53:45 ص Scan Summary PALESTIN-529C73\Palestine Processes detected : 26
13/02/1429 05:53:45 ص Scan Summary PALESTIN-529C73\Palestine Processes cleaned : 10
13/02/1429 05:53:45 ص Scan Summary PALESTIN-529C73\Palestine Boot sectors scanned : 4
13/02/1429 05:53:45 ص Scan Summary PALESTIN-529C73\Palestine Boot sectors detected: 0
13/02/1429 05:53:45 ص Scan Summary PALESTIN-529C73\Palestine Boot sectors cleaned : 0
13/02/1429 05:53:45 ص Scan Summary PALESTIN-529C73\Palestine Files scanned : 14382
13/02/1429 05:53:45 ص Scan Summary PALESTIN-529C73\Palestine Files with detections: 21
13/02/1429 05:53:45 ص Scan Summary PALESTIN-529C73\Palestine File detections : 56
13/02/1429 05:53:45 ص Scan Summary PALESTIN-529C73\Palestine Files cleaned : 0
13/02/1429 05:53:45 ص Scan Summary PALESTIN-529C73\Palestine Files deleted : 20
13/02/1429 05:53:45 ص Scan Summary PALESTIN-529C73\Palestine Files not scanned : 33
13/02/1429 05:53:45 ص Scan Summary PALESTIN-529C73\Palestine Scan Summary (Registry Scanning)
13/02/1429 05:53:45 ص Scan Summary PALESTIN-529C73\Palestine Keys scanned : 17198
13/02/1429 05:53:45 ص Scan Summary PALESTIN-529C73\Palestine Keys detected : 0
13/02/1429 05:53:45 ص Scan Summary PALESTIN-529C73\Palestine Keys cleaned : 0
13/02/1429 05:53:45 ص Scan Summary PALESTIN-529C73\Palestine Keys deleted : 0
13/02/1429 05:53:45 ص Scan Summary PALESTIN-529C73\Palestine Scan Summary ( Scanning)
13/02/1429 05:53:45 ص Scan Summary PALESTIN-529C73\Palestine s scanned : 14
13/02/1429 05:53:45 ص Scan Summary PALESTIN-529C73\Palestine s detected : 3
13/02/1429 05:53:45 ص Scan Summary PALESTIN-529C73\Palestine s cleaned : 0
13/02/1429 05:53:45 ص Scan Summary PALESTIN-529C73\Palestine s deleted : 3
13/02/1429 05:53:45 ص Scan Summary PALESTIN-529C73\Palestine Run time : 0:15:30
13/02/1429 05:53:45 ص Scan Complete PALESTIN-529C73\Palestine On-Demand Scan

13/02/1429 08:03:53 ص Engine version =5200.2160
13/02/1429 08:03:53 ص AntiVirus DAT version =5195.0000
13/02/1429 08:03:53 ص Number of detection signatures in EXTRA.DAT =None
13/02/1429 08:03:53 ص Names of detection signatures in EXTRA.DAT =None
13/02/1429 08:03:45 ص Scan Started PALESTIN-529C73\Palestine On-Demand Scan
13/02/1429 08:06:48 ص Deleted (Clean failed because the detection isn't cleanable) Palestine c:\QUARANTINE\7d82145333ab0.bup Exploit-1Table.a(Trojan)
13/02/1429 08:16:22 ص Scan Summary PALESTIN-529C73\Palestine Scan Summary
13/02/1429 08:16:22 ص Scan Summary PALESTIN-529C73\Palestine Processes scanned : 38
13/02/1429 08:16:22 ص Scan Summary PALESTIN-529C73\Palestine Processes detected : 0
13/02/1429 08:16:22 ص Scan Summary PALESTIN-529C73\Palestine Processes cleaned : 0
13/02/1429 08:16:22 ص Scan Summary PALESTIN-529C73\Palestine Boot sectors scanned : 3
13/02/1429 08:16:22 ص Scan Summary PALESTIN-529C73\Palestine Boot sectors detected: 0
13/02/1429 08:16:22 ص Scan Summary PALESTIN-529C73\Palestine Boot sectors cleaned : 0
13/02/1429 08:16:22 ص Scan Summary PALESTIN-529C73\Palestine Files scanned : 14526
13/02/1429 08:16:22 ص Scan Summary PALESTIN-529C73\Palestine Files with detections: 1
13/02/1429 08:16:22 ص Scan Summary PALESTIN-529C73\Palestine File detections : 1
13/02/1429 08:16:22 ص Scan Summary PALESTIN-529C73\Palestine Files cleaned : 0
13/02/1429 08:16:22 ص Scan Summary PALESTIN-529C73\Palestine Files deleted : 1
13/02/1429 08:16:22 ص Scan Summary PALESTIN-529C73\Palestine Files not scanned : 23
13/02/1429 08:16:22 ص Scan Summary PALESTIN-529C73\Palestine Scan Summary (Registry Scanning)
13/02/1429 08:16:22 ص Scan Summary PALESTIN-529C73\Palestine Keys scanned : 17194
13/02/1429 08:16:22 ص Scan Summary PALESTIN-529C73\Palestine Keys detected : 0
13/02/1429 08:16:22 ص Scan Summary PALESTIN-529C73\Palestine Keys cleaned : 0
13/02/1429 08:16:22 ص Scan Summary PALESTIN-529C73\Palestine Keys deleted : 0
13/02/1429 08:16:22 ص Scan Summary PALESTIN-529C73\Palestine Scan Summary ( Scanning)
13/02/1429 08:16:22 ص Scan Summary PALESTIN-529C73\Palestine s scanned : 2
13/02/1429 08:16:22 ص Scan Summary PALESTIN-529C73\Palestine s detected : 0
13/02/1429 08:16:22 ص Scan Summary PALESTIN-529C73\Palestine s cleaned : 0
13/02/1429 08:16:22 ص Scan Summary PALESTIN-529C73\Palestine s deleted : 0
13/02/1429 08:16:22 ص Scan Summary PALESTIN-529C73\Palestine Run time : 0:12:37
13/02/1429 08:16:22 ص Scan Complete PALESTIN-529C73\Palestine On-Demand Scan

13/02/1429 06:43:05 م Engine version =5200.2160
13/02/1429 06:43:05 م AntiVirus DAT version =5195.0000
13/02/1429 06:43:05 م Number of detection signatures in EXTRA.DAT =None
13/02/1429 06:43:05 م Names of detection signatures in EXTRA.DAT =None
13/02/1429 06:42:59 م Scan Started PALESTIN-529C73\Palestine On-Demand Scan
13/02/1429 07:07:24 م Scan Summary PALESTIN-529C73\Palestine Scan Summary
13/02/1429 07:07:24 م Scan Summary PALESTIN-529C73\Palestine Processes scanned : 111
13/02/1429 07:07:24 م Scan Summary PALESTIN-529C73\Palestine Processes detected : 0
13/02/1429 07:07:24 م Scan Summary PALESTIN-529C73\Palestine Processes cleaned : 0
13/02/1429 07:07:24 م Scan Summary PALESTIN-529C73\Palestine Boot sectors scanned : 3
13/02/1429 07:07:24 م Scan Summary PALESTIN-529C73\Palestine Boot sectors detected: 0
13/02/1429 07:07:24 م Scan Summary PALESTIN-529C73\Palestine Boot sectors cleaned : 0
13/02/1429 07:07:24 م Scan Summary PALESTIN-529C73\Palestine Files scanned : 15002
13/02/1429 07:07:24 م Scan Summary PALESTIN-529C73\Palestine Files with detections: 0
13/02/1429 07:07:24 م Scan Summary PALESTIN-529C73\Palestine File detections : 0
13/02/1429 07:07:24 م Scan Summary PALESTIN-529C73\Palestine Files cleaned : 0
13/02/1429 07:07:24 م Scan Summary PALESTIN-529C73\Palestine Files deleted : 0
13/02/1429 07:07:24 م Scan Summary PALESTIN-529C73\Palestine Files not scanned : 19
13/02/1429 07:07:24 م Scan Summary PALESTIN-529C73\Palestine Scan Summary (Registry Scanning)
13/02/1429 07:07:24 م Scan Summary PALESTIN-529C73\Palestine Keys scanned : 17178
13/02/1429 07:07:24 م Scan Summary PALESTIN-529C73\Palestine Keys detected : 0
13/02/1429 07:07:24 م Scan Summary PALESTIN-529C73\Palestine Keys cleaned : 0
13/02/1429 07:07:24 م Scan Summary PALESTIN-529C73\Palestine Keys deleted : 0
13/02/1429 07:07:24 م Scan Summary PALESTIN-529C73\Palestine Scan Summary ( Scanning)
13/02/1429 07:07:24 م Scan Summary PALESTIN-529C73\Palestine s scanned : 5
13/02/1429 07:07:24 م Scan Summary PALESTIN-529C73\Palestine s detected : 0
13/02/1429 07:07:24 م Scan Summary PALESTIN-529C73\Palestine s cleaned : 0
13/02/1429 07:07:24 م Scan Summary PALESTIN-529C73\Palestine s deleted : 0
13/02/1429 07:07:24 م Scan Summary PALESTIN-529C73\Palestine Run time : 0:24:25
13/02/1429 07:07:24 م Scan Complete PALESTIN-529C73\Palestine On-Demand Scan

14/02/1429 01:04:22 ص Engine version =5200.2160
14/02/1429 01:04:22 ص AntiVirus DAT version =5195.0000
14/02/1429 01:04:22 ص Number of detection signatures in EXTRA.DAT =None
14/02/1429 01:04:22 ص Names of detection signatures in EXTRA.DAT =None
14/02/1429 01:04:16 ص Scan Started PALESTIN-529C73\Palestine On-Demand Scan
14/02/1429 01:04:22 ص Scan Summary PALESTIN-529C73\Palestine Scan Summary
14/02/1429 01:04:22 ص Scan Summary PALESTIN-529C73\Palestine Processes scanned : 0
14/02/1429 01:04:22 ص Scan Summary PALESTIN-529C73\Palestine Processes detected : 0
14/02/1429 01:04:22 ص Scan Summary PALESTIN-529C73\Palestine Processes cleaned : 0
14/02/1429 01:04:22 ص Scan Summary PALESTIN-529C73\Palestine Boot sectors scanned : 0
14/02/1429 01:04:22 ص Scan Summary PALESTIN-529C73\Palestine Boot sectors detected: 0
14/02/1429 01:04:22 ص Scan Summary PALESTIN-529C73\Palestine Boot sectors cleaned : 0
14/02/1429 01:04:22 ص Scan Summary PALESTIN-529C73\Palestine Files scanned : 0
14/02/1429 01:04:22 ص Scan Summary PALESTIN-529C73\Palestine Files with detections: 0
14/02/1429 01:04:22 ص Scan Summary PALESTIN-529C73\Palestine File detections : 0
14/02/1429 01:04:22 ص Scan Summary PALESTIN-529C73\Palestine Files cleaned : 0
14/02/1429 01:04:22 ص Scan Summary PALESTIN-529C73\Palestine Files deleted : 0
14/02/1429 01:04:22 ص Scan Summary PALESTIN-529C73\Palestine Files not scanned : 0
14/02/1429 01:04:22 ص Scan Summary PALESTIN-529C73\Palestine Scan Summary (Registry Scanning)
14/02/1429 01:04:22 ص Scan Summary PALESTIN-529C73\Palestine Keys scanned : 0
14/02/1429 01:04:22 ص Scan Summary PALESTIN-529C73\Palestine Keys detected : 0
14/02/1429 01:04:22 ص Scan Summary PALESTIN-529C73\Palestine Keys cleaned : 0
14/02/1429 01:04:22 ص Scan Summary PALESTIN-529C73\Palestine Keys deleted : 0
14/02/1429 01:04:22 ص Scan Summary PALESTIN-529C73\Palestine Scan Summary ( Scanning)
14/02/1429 01:04:22 ص Scan Summary PALESTIN-529C73\Palestine s scanned : 0
14/02/1429 01:04:22 ص Scan Summary PALESTIN-529C73\Palestine s detected : 0
14/02/1429 01:04:22 ص Scan Summary PALESTIN-529C73\Palestine s cleaned : 0
14/02/1429 01:04:22 ص Scan Summary PALESTIN-529C73\Palestine s deleted : 0
14/02/1429 01:04:22 ص Scan Summary PALESTIN-529C73\Palestine Run time : 0:00:06
14/02/1429 01:04:22 ص Scan Terminated PALESTIN-529C73\Palestine On-Demand Scan

14/02/1429 05:00:14 ص Engine version =5200.2160
14/02/1429 05:00:14 ص AntiVirus DAT version =5195.0000
14/02/1429 05:00:14 ص Number of detection signatures in EXTRA.DAT =None
14/02/1429 05:00:14 ص Names of detection signatures in EXTRA.DAT =None
14/02/1429 05:00:08 ص Scan Started PALESTIN-529C73\Palestine On-Demand Scan
14/02/1429 05:00:21 ص Deleted Palestine HKEY_USERS\S-1-5-21-583907252-115176313-725345543-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|HIDEFILEEXT W32/Autorun.worm.g(Virus)
14/02/1429 05:00:22 ص Deleted Palestine HIDEFILEEXT W32/Autorun.worm.g(Virus)
14/02/1429 05:00:22 ص Deleted Palestine HKEY_USERS\S-1-5-21-583907252-115176313-725345543-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|HIDDEN W32/Autorun.worm.g(Virus)
14/02/1429 05:00:22 ص Deleted Palestine HIDDEN W32/Autorun.worm.g(Virus)
14/02/1429 05:00:22 ص Deleted Palestine HKEY_USERS\S-1-5-21-583907252-115176313-725345543-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|SUPERHIDDEN W32/Autorun.worm.g(Virus)
14/02/1429 05:00:22 ص Deleted Palestine SUPERHIDDEN W32/Autorun.worm.g(Virus)
14/02/1429 05:00:22 ص Deleted Palestine HKEY_USERS\S-1-5-21-583907252-115176313-725345543-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|SHOWSUPERHIDDEN W32/Autorun.worm.g(Virus)
14/02/1429 05:00:22 ص Deleted Palestine SHOWSUPERHIDDEN W32/Autorun.worm.g(Virus)
14/02/1429 05:00:22 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
14/02/1429 05:00:22 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
14/02/1429 05:00:22 ص Cleaned Palestine HKCR\.REG| W32/Autorun.worm.g(Virus)
14/02/1429 05:00:22 ص Cleaned Palestine HKCR\.VBS| W32/Autorun.worm.g(Virus)
14/02/1429 05:00:22 ص Deleted Palestine C:\WINDOWS\KILLER.EXE W32/Autorun.worm.g(Virus)
14/02/1429 05:00:22 ص Deleted Palestine C:\WINDOWS\killer.exe W32/Autorun.worm.g(Virus)
14/02/1429 05:00:24 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
14/02/1429 05:00:24 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
14/02/1429 05:00:24 ص Deleted Palestine HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Runonce W32/Autorun.worm.g(Virus)
14/02/1429 05:00:24 ص Deleted Palestine C:\WINDOWS\SMSS.EXE W32/Autorun.worm.g(Virus)
14/02/1429 05:00:24 ص Deleted Palestine C:\WINDOWS\smss.exe W32/Autorun.worm.g(Virus)
14/02/1429 05:00:37 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
14/02/1429 05:00:37 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
14/02/1429 05:00:37 ص Deleted Palestine C:\FUNNY UST SCANDAL.AVI.EXE W32/Autorun.worm.g(Virus)
14/02/1429 05:00:37 ص Deleted Palestine c:\Funny UST Scandal.avi.exe W32/Autorun.worm.g(Virus)
14/02/1429 05:00:38 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
14/02/1429 05:00:38 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
14/02/1429 05:00:38 ص Deleted Palestine C:\SMSS.EXE W32/Autorun.worm.g(Virus)
14/02/1429 05:00:38 ص Deleted Palestine c:\smss.exe W32/Autorun.worm.g(Virus)
14/02/1429 05:00:38 ص Deleted Palestine c:\autorun.inf\autorun.inf Generic!atr(Trojan)
14/02/1429 05:00:41 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
14/02/1429 05:00:41 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
14/02/1429 05:00:41 ص Deleted Palestine C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\STARTUP\LSASS.EXE W32/Autorun.worm.g(Virus)
14/02/1429 05:00:41 ص Deleted Palestine c:\Documents and Settings\All Users\Start Menu\Programs\Startup\lsass.exe W32/Autorun.worm.g(Virus)
14/02/1429 05:00:53 ص Deleted Palestine C:\DOCUMENTS AND SETTINGS\PALESTINE\DESKTOP\COMBOFIX.EXE RemAdm-ProcLaunch!171(Remote Admin Tool)
14/02/1429 05:01:08 ص Deleted (Clean failed) Palestine c:\Documents and Settings\Palestine\Desktop\ComboFix.exe\PSEXEC.CFEXE RemAdm-ProcLaunch!171(Remote Admin Tool)
14/02/1429 05:01:25 ص Deleted Palestine C:\DOCUMENTS AND SETTINGS\PALESTINE\MY DOCUMENTS\DOWNLOADS\PROGRAMS\NEW FOLDER\ZYZOOM_AUTORUN_VIRUSES_CLEANER_1-1429.EXE PrcViewer(Potentially Unwanted Program)
14/02/1429 05:01:36 ص Deleted (Clean failed) Palestine c:\Documents and Settings\Palestine\My Documents\Downloads\Programs\New Folder\Zyzoom_Autorun_Viruses_cleaner_1-1429.exe\ZYZOOM_PROCESS.EXE PrcViewer(Potentially Unwanted Program)
14/02/1429 05:01:54 ص Deleted Palestine C:\DOCUMENTS AND SETTINGS\PALESTINE\MY DOCUMENTS\DOWNLOADS\PROGRAMS\ZYZOOM_AUTORUN_VIRUSES_CLEANER\ZYZOOM_PROCESS.EXE PrcViewer(Potentially Unwanted Program)
14/02/1429 05:01:54 ص Deleted Palestine c:\Documents and Settings\Palestine\My Documents\Downloads\Programs\Zyzoom_Autorun_Viruses_cleaner\zyzoom_PROCESS.exe PrcViewer(Potentially Unwanted Program)
14/02/1429 05:04:14 ص Deleted Palestine c:\WINDOWS\autorun.inf Generic!atr(Trojan)
14/02/1429 05:04:14 ص Deleted Palestine HKEY_USERS\S-1-5-21-583907252-115176313-725345543-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|HIDEFILEEXT W32/Autorun.worm.g(Virus)
14/02/1429 05:04:14 ص Deleted Palestine HIDEFILEEXT W32/Autorun.worm.g(Virus)
14/02/1429 05:04:14 ص Deleted Palestine HKEY_USERS\S-1-5-21-583907252-115176313-725345543-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|HIDDEN W32/Autorun.worm.g(Virus)
14/02/1429 05:04:14 ص Deleted Palestine HIDDEN W32/Autorun.worm.g(Virus)
14/02/1429 05:04:14 ص Deleted Palestine HKEY_USERS\S-1-5-21-583907252-115176313-725345543-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|SUPERHIDDEN W32/Autorun.worm.g(Virus)
14/02/1429 05:04:14 ص Deleted Palestine SUPERHIDDEN W32/Autorun.worm.g(Virus)
14/02/1429 05:04:14 ص Deleted Palestine HKEY_USERS\S-1-5-21-583907252-115176313-725345543-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|SHOWSUPERHIDDEN W32/Autorun.worm.g(Virus)
14/02/1429 05:04:14 ص Deleted Palestine SHOWSUPERHIDDEN W32/Autorun.worm.g(Virus)
14/02/1429 05:04:14 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
14/02/1429 05:04:14 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
14/02/1429 05:04:15 ص Deleted Palestine C:\WINDOWS\FUNNY UST SCANDAL.EXE W32/Autorun.worm.g(Virus)
14/02/1429 05:04:15 ص Deleted Palestine c:\WINDOWS\Funny UST Scandal.exe W32/Autorun.worm.g(Virus)
14/02/1429 05:06:50 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
14/02/1429 05:06:50 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
14/02/1429 05:06:50 ص Deleted Palestine D:\FUNNY UST SCANDAL.AVI.EXE W32/Autorun.worm.g(Virus)
14/02/1429 05:06:50 ص Deleted Palestine d:\Funny UST Scandal.avi.exe W32/Autorun.worm.g(Virus)
14/02/1429 05:06:50 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
14/02/1429 05:06:50 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
14/02/1429 05:06:50 ص Deleted Palestine D:\SMSS.EXE W32/Autorun.worm.g(Virus)
14/02/1429 05:06:50 ص Deleted Palestine d:\smss.exe W32/Autorun.worm.g(Virus)
14/02/1429 05:06:51 ص Deleted Palestine d:\autorun.inf\autorun.inf Generic!atr(Trojan)
14/02/1429 05:10:22 ص Deleted Palestine HKEY_USERS\S-1-5-21-583907252-115176313-725345543-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|HIDEFILEEXT W32/Autorun.worm.g(Virus)
14/02/1429 05:10:22 ص Deleted Palestine HIDEFILEEXT W32/Autorun.worm.g(Virus)
14/02/1429 05:10:22 ص Deleted Palestine HKEY_USERS\S-1-5-21-583907252-115176313-725345543-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|HIDDEN W32/Autorun.worm.g(Virus)
14/02/1429 05:10:22 ص Deleted Palestine HIDDEN W32/Autorun.worm.g(Virus)
14/02/1429 05:10:22 ص Deleted Palestine HKEY_USERS\S-1-5-21-583907252-115176313-725345543-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|SUPERHIDDEN W32/Autorun.worm.g(Virus)
14/02/1429 05:10:22 ص Deleted Palestine SUPERHIDDEN W32/Autorun.worm.g(Virus)
14/02/1429 05:10:22 ص Deleted Palestine HKEY_USERS\S-1-5-21-583907252-115176313-725345543-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|SHOWSUPERHIDDEN W32/Autorun.worm.g(Virus)
14/02/1429 05:10:22 ص Deleted Palestine SHOWSUPERHIDDEN W32/Autorun.worm.g(Virus)
14/02/1429 05:10:22 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
14/02/1429 05:10:22 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
14/02/1429 05:10:22 ص Cleaned Palestine HKCR\.REG| W32/Autorun.worm.g(Virus)
14/02/1429 05:10:22 ص Cleaned Palestine HKCR\.VBS| W32/Autorun.worm.g(Virus)
14/02/1429 05:10:22 ص Deleted Palestine E:\FUNNY UST SCANDAL.AVI.EXE W32/Autorun.worm.g(Virus)
14/02/1429 05:10:22 ص Deleted Palestine e:\Funny UST Scandal.avi.exe W32/Autorun.worm.g(Virus)
14/02/1429 05:10:22 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
14/02/1429 05:10:22 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
14/02/1429 05:10:23 ص Deleted Palestine HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Runonce W32/Autorun.worm.g(Virus)
14/02/1429 05:10:23 ص Deleted Palestine E:\SMSS.EXE W32/Autorun.worm.g(Virus)
14/02/1429 05:10:23 ص Deleted Palestine e:\smss.exe W32/Autorun.worm.g(Virus)
14/02/1429 05:10:23 ص Deleted Palestine e:\autorun.inf\autorun.inf Generic!atr(Trojan)
14/02/1429 05:12:16 ص Scan Summary PALESTIN-529C73\Palestine Scan Summary
14/02/1429 05:12:16 ص Scan Summary PALESTIN-529C73\Palestine Processes scanned : 57
14/02/1429 05:12:16 ص Scan Summary PALESTIN-529C73\Palestine Processes detected : 19
14/02/1429 05:12:16 ص Scan Summary PALESTIN-529C73\Palestine Processes cleaned : 6
14/02/1429 05:12:16 ص Scan Summary PALESTIN-529C73\Palestine Boot sectors scanned : 3
14/02/1429 05:12:16 ص Scan Summary PALESTIN-529C73\Palestine Boot sectors detected: 0
14/02/1429 05:12:16 ص Scan Summary PALESTIN-529C73\Palestine Boot sectors cleaned : 0
14/02/1429 05:12:16 ص Scan Summary PALESTIN-529C73\Palestine Files scanned : 15223
14/02/1429 05:12:16 ص Scan Summary PALESTIN-529C73\Palestine Files with detections: 15
14/02/1429 05:12:16 ص Scan Summary PALESTIN-529C73\Palestine File detections : 61
14/02/1429 05:12:16 ص Scan Summary PALESTIN-529C73\Palestine Files cleaned : 0
14/02/1429 05:12:16 ص Scan Summary PALESTIN-529C73\Palestine Files deleted : 15
14/02/1429 05:12:16 ص Scan Summary PALESTIN-529C73\Palestine Files not scanned : 23
14/02/1429 05:12:16 ص Scan Summary PALESTIN-529C73\Palestine Scan Summary (Registry Scanning)
14/02/1429 05:12:16 ص Scan Summary PALESTIN-529C73\Palestine Keys scanned : 18153
14/02/1429 05:12:16 ص Scan Summary PALESTIN-529C73\Palestine Keys detected : 0
14/02/1429 05:12:16 ص Scan Summary PALESTIN-529C73\Palestine Keys cleaned : 0
14/02/1429 05:12:16 ص Scan Summary PALESTIN-529C73\Palestine Keys deleted : 0
14/02/1429 05:12:16 ص Scan Summary PALESTIN-529C73\Palestine Scan Summary ( Scanning)
14/02/1429 05:12:16 ص Scan Summary PALESTIN-529C73\Palestine s scanned : 6
14/02/1429 05:12:16 ص Scan Summary PALESTIN-529C73\Palestine s detected : 0
14/02/1429 05:12:16 ص Scan Summary PALESTIN-529C73\Palestine s cleaned : 0
14/02/1429 05:12:16 ص Scan Summary PALESTIN-529C73\Palestine s deleted : 0
14/02/1429 05:12:16 ص Scan Summary PALESTIN-529C73\Palestine Run time : 0:12:08
14/02/1429 05:12:16 ص Scan Complete PALESTIN-529C73\Palestine On-Demand Scan

14/02/1429 05:26:01 ص Engine version =5200.2160
14/02/1429 05:26:01 ص AntiVirus DAT version =5195.0000
14/02/1429 05:26:01 ص Number of detection signatures in EXTRA.DAT =None
14/02/1429 05:26:01 ص Names of detection signatures in EXTRA.DAT =None
14/02/1429 05:25:53 ص Scan Started PALESTIN-529C73\Palestine On-Demand Scan
14/02/1429 05:26:09 ص Deleted Palestine HKEY_USERS\S-1-5-21-583907252-115176313-725345543-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|HIDEFILEEXT W32/Autorun.worm.g(Virus)
14/02/1429 05:26:10 ص Deleted Palestine HIDEFILEEXT W32/Autorun.worm.g(Virus)
14/02/1429 05:26:10 ص Deleted Palestine HKEY_USERS\S-1-5-21-583907252-115176313-725345543-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|HIDDEN W32/Autorun.worm.g(Virus)
14/02/1429 05:26:11 ص Deleted Palestine HIDDEN W32/Autorun.worm.g(Virus)
14/02/1429 05:26:11 ص Deleted Palestine HKEY_USERS\S-1-5-21-583907252-115176313-725345543-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|SUPERHIDDEN W32/Autorun.worm.g(Virus)
14/02/1429 05:26:11 ص Deleted Palestine SUPERHIDDEN W32/Autorun.worm.g(Virus)
14/02/1429 05:26:11 ص Deleted Palestine HKEY_USERS\S-1-5-21-583907252-115176313-725345543-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|SHOWSUPERHIDDEN W32/Autorun.worm.g(Virus)
14/02/1429 05:26:11 ص Deleted Palestine SHOWSUPERHIDDEN W32/Autorun.worm.g(Virus)
14/02/1429 05:26:11 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
14/02/1429 05:26:11 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
14/02/1429 05:26:11 ص Cleaned Palestine HKCR\.REG| W32/Autorun.worm.g(Virus)
14/02/1429 05:26:11 ص Cleaned Palestine HKCR\.VBS| W32/Autorun.worm.g(Virus)
14/02/1429 05:26:12 ص Deleted Palestine C:\WINDOWS\KILLER.EXE W32/Autorun.worm.g(Virus)
14/02/1429 05:26:12 ص Deleted Palestine C:\WINDOWS\killer.exe W32/Autorun.worm.g(Virus)
14/02/1429 05:26:15 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
14/02/1429 05:26:15 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
14/02/1429 05:26:15 ص Cleaned Palestine HKCR\.REG| W32/Autorun.worm.g(Virus)
14/02/1429 05:26:15 ص Cleaned Palestine HKCR\.VBS| W32/Autorun.worm.g(Virus)
14/02/1429 05:26:15 ص Deleted Palestine HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Runonce W32/Autorun.worm.g(Virus)
14/02/1429 05:26:15 ص Deleted Palestine C:\WINDOWS\SMSS.EXE W32/Autorun.worm.g(Virus)
14/02/1429 05:26:15 ص Deleted Palestine C:\WINDOWS\smss.exe W32/Autorun.worm.g(Virus)
14/02/1429 05:26:31 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
14/02/1429 05:26:31 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
14/02/1429 05:26:31 ص Deleted Palestine C:\FUNNY UST SCANDAL.AVI.EXE W32/Autorun.worm.g(Virus)
14/02/1429 05:26:31 ص Deleted Palestine c:\Funny UST Scandal.avi.exe W32/Autorun.worm.g(Virus)
14/02/1429 05:26:32 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
14/02/1429 05:26:32 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
14/02/1429 05:26:32 ص Deleted Palestine C:\SMSS.EXE W32/Autorun.worm.g(Virus)
14/02/1429 05:26:32 ص Deleted Palestine c:\smss.exe W32/Autorun.worm.g(Virus)
14/02/1429 05:26:33 ص Deleted Palestine c:\autorun.inf\autorun.inf Generic!atr(Trojan)
14/02/1429 05:26:36 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
14/02/1429 05:26:36 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
14/02/1429 05:26:36 ص Deleted Palestine C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\STARTUP\LSASS.EXE W32/Autorun.worm.g(Virus)
14/02/1429 05:26:36 ص Deleted Palestine c:\Documents and Settings\All Users\Start Menu\Programs\Startup\lsass.exe W32/Autorun.worm.g(Virus)
14/02/1429 05:30:19 ص Deleted Palestine c:\WINDOWS\autorun.inf Generic!atr(Trojan)
14/02/1429 05:30:20 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
14/02/1429 05:30:20 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
14/02/1429 05:30:21 ص Deleted Palestine C:\WINDOWS\FUNNY UST SCANDAL.EXE W32/Autorun.worm.g(Virus)
14/02/1429 05:30:21 ص Deleted Palestine c:\WINDOWS\Funny UST Scandal.exe W32/Autorun.worm.g(Virus)
14/02/1429 05:30:22 ص Deleted Palestine HKEY_USERS\S-1-5-21-583907252-115176313-725345543-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|HIDEFILEEXT W32/Autorun.worm.g(Virus)
14/02/1429 05:30:22 ص Deleted Palestine HIDEFILEEXT W32/Autorun.worm.g(Virus)
14/02/1429 05:30:22 ص Deleted Palestine HKEY_USERS\S-1-5-21-583907252-115176313-725345543-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|HIDDEN W32/Autorun.worm.g(Virus)
14/02/1429 05:30:22 ص Deleted Palestine HIDDEN W32/Autorun.worm.g(Virus)
14/02/1429 05:30:22 ص Deleted Palestine HKEY_USERS\S-1-5-21-583907252-115176313-725345543-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|SUPERHIDDEN W32/Autorun.worm.g(Virus)
14/02/1429 05:30:22 ص Deleted Palestine SUPERHIDDEN W32/Autorun.worm.g(Virus)
14/02/1429 05:30:22 ص Deleted Palestine HKEY_USERS\S-1-5-21-583907252-115176313-725345543-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|SHOWSUPERHIDDEN W32/Autorun.worm.g(Virus)
14/02/1429 05:30:22 ص Deleted Palestine SHOWSUPERHIDDEN W32/Autorun.worm.g(Virus)
14/02/1429 05:30:22 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
14/02/1429 05:30:22 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
14/02/1429 05:30:22 ص Deleted Palestine C:\WINDOWS\KILLER.EXE W32/Autorun.worm.g(Virus)
14/02/1429 05:30:22 ص Deleted Palestine c:\WINDOWS\killer.exe W32/Autorun.worm.g(Virus)
15/02/1429 01:04:16 ص Engine version =5200.2160
15/02/1429 01:04:16 ص AntiVirus DAT version =5195.0000
15/02/1429 01:04:16 ص Number of detection signatures in EXTRA.DAT =None
15/02/1429 01:04:16 ص Names of detection signatures in EXTRA.DAT =None
15/02/1429 01:04:10 ص Scan Started PALESTIN-529C73\Palestine On-Demand Scan
15/02/1429 01:11:24 ص Deleted Palestine HKEY_USERS\S-1-5-21-583907252-115176313-725345543-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|HIDEFILEEXT W32/Autorun.worm.g(Virus)
15/02/1429 01:11:25 ص Deleted Palestine HIDEFILEEXT W32/Autorun.worm.g(Virus)
15/02/1429 01:11:25 ص Deleted Palestine HKEY_USERS\S-1-5-21-583907252-115176313-725345543-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|HIDDEN W32/Autorun.worm.g(Virus)
15/02/1429 01:11:25 ص Deleted Palestine HIDDEN W32/Autorun.worm.g(Virus)
15/02/1429 01:11:25 ص Deleted Palestine HKEY_USERS\S-1-5-21-583907252-115176313-725345543-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|SHOWSUPERHIDDEN W32/Autorun.worm.g(Virus)
15/02/1429 01:11:25 ص Deleted Palestine SHOWSUPERHIDDEN W32/Autorun.worm.g(Virus)
15/02/1429 01:11:25 ص Deleted Palestine HKEY_USERS\S-1-5-21-583907252-115176313-725345543-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|SUPERHIDDEN W32/Autorun.worm.g(Virus)
15/02/1429 01:11:25 ص Deleted Palestine SUPERHIDDEN W32/Autorun.worm.g(Virus)
15/02/1429 01:11:25 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
15/02/1429 01:11:25 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
15/02/1429 01:11:26 ص Deleted Palestine D:\FUNNY UST SCANDAL.AVI.EXE W32/Autorun.worm.g(Virus)
15/02/1429 01:11:26 ص Deleted Palestine d:\Funny UST Scandal.avi.exe W32/Autorun.worm.g(Virus)
15/02/1429 01:11:26 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
15/02/1429 01:11:26 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
15/02/1429 01:11:26 ص Deleted Palestine D:\SMSS.EXE W32/Autorun.worm.g(Virus)
15/02/1429 01:11:26 ص Deleted Palestine d:\smss.exe W32/Autorun.worm.g(Virus)
15/02/1429 01:11:27 ص Deleted Palestine d:\autorun.inf\autorun.inf Generic!atr(Trojan)
15/02/1429 01:15:45 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
15/02/1429 01:15:46 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
15/02/1429 01:15:47 ص Deleted Palestine E:\FUNNY UST SCANDAL.AVI.EXE W32/Autorun.worm.g(Virus)
15/02/1429 01:15:47 ص Deleted Palestine e:\Funny UST Scandal.avi.exe W32/Autorun.worm.g(Virus)
15/02/1429 01:15:47 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
15/02/1429 01:15:47 ص Cleaned Palestine HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|l W32/Autorun.worm.g(Virus)
15/02/1429 01:15:47 ص Deleted Palestine E:\SMSS.EXE W32/Autorun.worm.g(Virus)
15/02/1429 01:15:47 ص Deleted Palestine e:\smss.exe W32/Autorun.worm.g(Virus)
15/02/1429 01:15:48 ص Deleted Palestine e:\autorun.inf\autorun.inf Generic!atr(Trojan)
15/02/1429 01:18:19 ص Scan Summary PALESTIN-529C73\Palestine Scan Summary
15/02/1429 01:18:19 ص Scan Summary PALESTIN-529C73\Palestine Processes scanned : 39
15/02/1429 01:18:19 ص Scan Summary PALESTIN-529C73\Palestine Processes detected : 0
15/02/1429 01:18:19 ص Scan Summary PALESTIN-529C73\Palestine Processes cleaned : 0
15/02/1429 01:18:19 ص Scan Summary PALESTIN-529C73\Palestine Boot sectors scanned : 4
15/02/1429 01:18:19 ص Scan Summary PALESTIN-529C73\Palestine Boot sectors detected: 0
15/02/1429 01:18:19 ص Scan Summary PALESTIN-529C73\Palestine Boot sectors cleaned : 0
15/02/1429 01:18:19 ص Scan Summary PALESTIN-529C73\Palestine Files scanned : 15389
15/02/1429 01:18:19 ص Scan Summary PALESTIN-529C73\Palestine Files with detections: 6
15/02/1429 01:18:19 ص Scan Summary PALESTIN-529C73\Palestine File detections : 26
15/02/1429 01:18:19 ص Scan Summary PALESTIN-529C73\Palestine Files cleaned : 0
15/02/1429 01:18:19 ص Scan Summary PALESTIN-529C73\Palestine Files deleted : 6
15/02/1429 01:18:19 ص Scan Summary PALESTIN-529C73\Palestine Files not scanned : 23
15/02/1429 01:18:19 ص Scan Summary PALESTIN-529C73\Palestine Scan Summary (Registry Scanning)
15/02/1429 01:18:19 ص Scan Summary PALESTIN-529C73\Palestine Keys scanned : 18569
15/02/1429 01:18:19 ص Scan Summary PALESTIN-529C73\Palestine Keys detected : 0
15/02/1429 01:18:19 ص Scan Summary PALESTIN-529C73\Palestine Keys cleaned : 0
15/02/1429 01:18:19 ص Scan Summary PALESTIN-529C73\Palestine Keys deleted : 0
15/02/1429 01:18:19 ص Scan Summary PALESTIN-529C73\Palestine Scan Summary ( Scanning)
15/02/1429 01:18:19 ص Scan Summary PALESTIN-529C73\Palestine s scanned : 4
15/02/1429 01:18:19 ص Scan Summary PALESTIN-529C73\Palestine s detected : 0
15/02/1429 01:18:19 ص Scan Summary PALESTIN-529C73\Palestine s cleaned : 0
15/02/1429 01:18:19 ص Scan Summary PALESTIN-529C73\Palestine s deleted : 0
15/02/1429 01:18:19 ص Scan Summary PALESTIN-529C73\Palestine Run time : 0:14:09
15/02/1429 01:18:19 ص Scan Complete PALESTIN-529C73\Palestine On-Demand Scan

15/02/1429 05:32:56 ص Engine version =5200.2160
15/02/1429 05:32:56 ص AntiVirus DAT version =5195.0000
15/02/1429 05:32:56 ص Number of detection signatures in EXTRA.DAT =None
15/02/1429 05:32:56 ص Names of detection signatures in EXTRA.DAT =None
15/02/1429 05:32:50 ص Scan Started PALESTIN-529C73\Palestine On-Demand Scan
15/02/1429 05:44:52 ص Engine version =5200.2160
15/02/1429 05:44:52 ص AntiVirus DAT version =5195.0000
15/02/1429 05:44:52 ص Number of detection signatures in EXTRA.DAT =None
15/02/1429 05:44:52 ص Names of detection signatures in EXTRA.DAT =None
15/02/1429 05:44:44 ص Scan Started PALESTIN-529C73\Palestine On-Demand Scan
15/02/1429 06:05:02 ص Scan Summary PALESTIN-529C73\Palestine Scan Summary
15/02/1429 06:05:02 ص Scan Summary PALESTIN-529C73\Palestine Processes scanned : 43
15/02/1429 06:05:02 ص Scan Summary PALESTIN-529C73\Palestine Processes detected : 0
15/02/1429 06:05:02 ص Scan Summary PALESTIN-529C73\Palestine Processes cleaned : 0
15/02/1429 06:05:02 ص Scan Summary PALESTIN-529C73\Palestine Boot sectors scanned : 3
15/02/1429 06:05:02 ص Scan Summary PALESTIN-529C73\Palestine Boot sectors detected: 0
15/02/1429 06:05:02 ص Scan Summary PALESTIN-529C73\Palestine Boot sectors cleaned : 0
15/02/1429 06:05:02 ص Scan Summary PALESTIN-529C73\Palestine Files scanned : 15508
15/02/1429 06:05:02 ص Scan Summary PALESTIN-529C73\Palestine Files with detections: 0
15/02/1429 06:05:02 ص Scan Summary PALESTIN-529C73\Palestine File detections : 0
15/02/1429 06:05:02 ص Scan Summary PALESTIN-529C73\Palestine Files cleaned : 0
15/02/1429 06:05:02 ص Scan Summary PALESTIN-529C73\Palestine Files deleted : 0
15/02/1429 06:05:02 ص Scan Summary PALESTIN-529C73\Palestine Files not scanned : 26
15/02/1429 06:05:02 ص Scan Summary PALESTIN-529C73\Palestine Scan Summary (Registry Scanning)
15/02/1429 06:05:02 ص Scan Summary PALESTIN-529C73\Palestine Keys scanned : 18582
15/02/1429 06:05:02 ص Scan Summary PALESTIN-529C73\Palestine Keys detected : 0
15/02/1429 06:05:02 ص Scan Summary PALESTIN-529C73\Palestine Keys cleaned : 0
15/02/1429 06:05:02 ص Scan Summary PALESTIN-529C73\Palestine Keys deleted : 0
15/02/1429 06:05:02 ص Scan Summary PALESTIN-529C73\Palestine Scan Summary ( Scanning)
15/02/1429 06:05:02 ص Scan Summary PALESTIN-529C73\Palestine s scanned : 28
15/02/1429 06:05:02 ص Scan Summary PALESTIN-529C73\Palestine s detected : 0
15/02/1429 06:05:02 ص Scan Summary PALESTIN-529C73\Palestine s cleaned : 0
15/02/1429 06:05:02 ص Scan Summary PALESTIN-529C73\Palestine s deleted : 0
15/02/1429 06:05:02 ص Scan Summary PALESTIN-529C73\Palestine Run time : 0:20:18
15/02/1429 06:05:02 ص Scan Complete PALESTIN-529C73\Palestine On-Demand Scan
 
توقيع : s.a.w
تأييد 0
يعطيك العافية ,,
نفس الاصابه وانا اخوك ,,

الافيرا ما يكتشف هذا الفايروس !!!


على العموم ,, استخدم اداة تنظيف الجهاز من فيروسات اوتو رن Autorun بآخر تحديث
وفيها الفايروس اللي عندك بالجهاز

رابط التحميل ,,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


شغلها واتركها حتى تعيد تشغيل جهازك (( تستغرق العملية أكثر من 10 دقائق تقريبا ))


-----------------------------

واحذف الافيرا واستخدم بدلاا منه الكاسبر سكاي ,,
اعمل له تحديث وافحص جهازك بالكامل

رابط التحميل
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


رابط اعدادات البرنامج
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 
تأييد 0
الحالة
مغلق و غير مفتوح للمزيد من الردود.
عودة
أعلى