خليك من malwarebytes هذي نتائج Avira Primeum Sequrity suite 2009 :
Premium Security Suite
Report file date: 13 رجب, 1430 02:21
Scanning for 1446709 virus strains and unwanted programs.
Licensee : Shady Hamoody2005
Serial number : 1104538129-ISECE-0001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : ALAAMERI-E7E90C
Version information:
BUILD.DAT : 9.0.0.377 29019 Bytes 16/06/1430 16:46:00
AVSCAN.EXE : 9.0.3.6 466689 Bytes 20/06/1430 18:07:51
AVSCAN.DLL : 9.0.3.0 40705 Bytes 03/03/1430 07:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 25/02/1430 08:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 03/03/1430 07:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/1429 09:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 02/07/1430 20:15:44
ANTIVIR2.VDF : 7.1.4.173 306688 Bytes 10/07/1430 16:41:44
ANTIVIR3.VDF : 7.1.4.180 29696 Bytes 11/07/1430 15:40:08
Engineversion : 8.2.0.204
AEVDF.DLL : 8.1.1.1 106868 Bytes 20/06/1430 18:07:50
AESCRIPT.DLL : 8.1.2.13 426362 Bytes 10/07/1430 14:41:27
AESCN.DLL : 8.1.2.3 127347 Bytes 20/06/1430 18:07:50
AERDL.DLL : 8.1.2.2 438642 Bytes 10/07/1430 14:41:20
AEPACK.DLL : 8.1.3.18 401783 Bytes 20/06/1430 18:07:50
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 24/06/1430 18:16:58
AEHEUR.DLL : 8.1.0.137 1823095 Bytes 04/07/1430 17:45:53
AEHELP.DLL : 8.1.3.6 205174 Bytes 20/06/1430 18:07:49
AEGEN.DLL : 8.1.1.48 348532 Bytes 10/07/1430 14:41:12
AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/1429 11:32:40
AECORE.DLL : 8.1.6.12 180599 Bytes 20/06/1430 18:07:49
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/1429 11:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 14/12/1429 05:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 07/12/1429 07:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 24/01/1430 11:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 07/12/1429 07:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 20/06/1430 18:07:50
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 04/02/1430 07:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 02/02/1430 12:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 07/02/1430 05:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 07/12/1429 07:32:10
RCIMAGE.DLL : 9.0.0.25 2902785 Bytes 20/06/1430 18:07:49
RCTEXT.DLL : 9.0.37.0 90369 Bytes 20/06/1430 18:07:49
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Start of the scan: 13 رجب, 1430 02:21
Starting search for hidden objects.
'22914' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'IEMonitor.exe' - '1' Module(s) have been scanned
Scan process 'avwebgrd.exe' - '1' Module(s) have been scanned
Scan process 'avmailc.exe' - '1' Module(s) have been scanned
Scan process 'hsssrv.exe' - '1' Module(s) have been scanned
Scan process 'IDMan.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'openvpnas.exe' - '1' Module(s) have been scanned
Scan process 'sm56hlpr.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'S3Trayp.exe' - '1' Module(s) have been scanned
Scan process 'VTTimer.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'avfwsvc.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
31 processes with 31 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '46' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\Alaameri\My Documents\Downloads\Compressed\HJGImO03311607.zip
[0] Archive type: ZIP
--> Cyberlink.PowerDVD.Deluxe.v7.0.Multilingual.Incl.Keymaker-CORE/keygen.exe
[DETECTION] Is the TR/PSW.Banker.BA Trojan
C:\Documents and Settings\Alaameri\My Documents\Downloads\Compressed\windows-1256__WinZip File جديد.zip
[0] Archive type: ZIP
--> keygen.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Documents and Settings\Alaameri\My Documents\Downloads\Compressed\Ww.Opp.Pir.part2_2.rar
[0] Archive type: RAR
--> Ww.Opp.Pir\Prince of Persia - Warrior Within\tpop2u.c19
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\Alaameri\My Documents\Downloads\Compressed\Ww.Opp.Pir.part3.rar
[0] Archive type: RAR
--> Ww.Opp.Pir\Prince of Persia - Warrior Within\tpop2u.c39
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\Alaameri\My Documents\Downloads\Compressed\Ww.Opp.Pir.part4.rar
[0] Archive type: RAR
--> Ww.Opp.Pir\Prince of Persia - Warrior Within\tpop2u.c58
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\Alaameri\My Documents\Downloads\Compressed\onlinea1.com_gamebooster v1.0_by mhammede\gamebooster v1.0.EXE
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Documents and Settings\Alaameri\My Documents\Prince Of Persia Warrior Within 2 Rip File's\Ww.Opp.Pir.part2_2.rar
[0] Archive type: RAR
--> Ww.Opp.Pir\Prince of Persia - Warrior Within\tpop2u.c19
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\Alaameri\My Documents\Prince Of Persia Warrior Within 2 Rip File's\Ww.Opp.Pir.part3.rar
[0] Archive type: RAR
--> Ww.Opp.Pir\Prince of Persia - Warrior Within\tpop2u.c39
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\Alaameri\My Documents\Prince Of Persia Warrior Within 2 Rip File's\Ww.Opp.Pir.part4.rar
[0] Archive type: RAR
--> Ww.Opp.Pir\Prince of Persia - Warrior Within\tpop2u.c58
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
Begin scan in 'D:\'
D:\Prince Of Persia\Ww.Opp.Pir.part2_2.rar
[0] Archive type: RAR
--> Ww.Opp.Pir\Prince of Persia - Warrior Within\tpop2u.c19
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Prince Of Persia\Ww.Opp.Pir.part3.rar
[0] Archive type: RAR
--> Ww.Opp.Pir\Prince of Persia - Warrior Within\tpop2u.c39
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Prince Of Persia\Ww.Opp.Pir.part4.rar
[0] Archive type: RAR
--> Ww.Opp.Pir\Prince of Persia - Warrior Within\tpop2u.c58
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Vice City\Vice City\P.GTA-ViceCity.part2.rar
[0] Archive type: RAR
--> Grand Theft Auto Vice City Portable\tecmain.uha
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Vice City\Vice City\P.GTA-ViceCity.part3.rar
[0] Archive type: RAR
--> Grand Theft Auto Vice City Portable\tecsnd2.uha
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\أهم البرامج بعد الفورمات\3RBLOADIZ.COM-SUPERAntiSpyware Pro 4.20.1046 برنامج أقوى حماية من ملفات التجسس.rar
[0] Archive type: RAR
--> 3RBLOADIZ.COM-SUPERAntiSpyware Pro 4.20.1046 Final\3RBLOADIZ.COM-SUPERAntiSpyware Pro 4.20.1046 Final\SUPERAntiSpyware Pro 4.20.1046 Final\Patch.exe
[DETECTION] Is the TR/Patch.FS Trojan
D:\أهم البرامج بعد الفورمات\PC-Pitstop[1].Optimize.v1.5.12.1.incl.GenericPatcher-appZplaneT.rar
[0] Archive type: RAR
--> PC-Pitstop.Optimize.v1.5.12.1.incl.GenericPatcher-appZplaneT\!patch fares alahlam dont forget me\optimze.15x.patcher.exe
[DETECTION] Is the TR/Virtl.17099 Trojan
D:\أهم البرامج بعد الفورمات\شفر أي مجلد تبيه.rar
[0] Archive type: RAR
--> Folder Lock 5.7.9\Folder Lock v5.7.9.exe
[DETECTION] Is the TR/Agent.4385135 Trojan
Beginning disinfection:
C:\Documents and Settings\Alaameri\My Documents\Downloads\Compressed\HJGImO03311607.zip
[NOTE] The file was moved to '4a96e79c.qua'!
C:\Documents and Settings\Alaameri\My Documents\Downloads\Compressed\windows-1256__WinZip File جديد.zip
[NOTE] The file was moved to '4abde7bb.qua'!
C:\Documents and Settings\Alaameri\My Documents\Downloads\Compressed\onlinea1.com_gamebooster v1.0_by mhammede\gamebooster v1.0.EXE
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4abce7b4.qua'!
D:\أهم البرامج بعد الفورمات\3RBLOADIZ.COM-SUPERAntiSpyware Pro 4.20.1046 برنامج أقوى حماية من ملفات التجسس.rar
[NOTE] The file was moved to '4a91e7a5.qua'!
D:\أهم البرامج بعد الفورمات\PC-Pitstop[1].Optimize.v1.5.12.1.incl.GenericPatcher-appZplaneT.rar
[NOTE] The file was moved to '4a7ce797.qua'!
D:\أهم البرامج بعد الفورمات\شفر أي مجلد تبيه.rar
[NOTE] The file was moved to '5080ed95.qua'!
End of the scan: 13 رجب, 1430 02:35
Used time: 12:37 Minute(s)
The scan has been done completely.
2524 Scanned directories
98350 Files were scanned
6 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
6 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
98342 Files not concerned
816 Archives were scanned
24 Warnings
8 Notes
22914 Objects were scanned with rootkit scan
0 Hidden objects were found
ملاحظة تم اكتشاف 6 تهديدات ومسح 6
وهذا تقرير الهايجاك بعد استخدام افيرا :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:39:30 ص, on 05/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.1:5555
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: خدمة تحديث Google (gupdate1c9f06c5abd2810) (gupdate1c9f06c5abd2810) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe (file missing)
--
End of file - 5753 bytes
هاه ابشر انمسح الفايروس ؟!
.png)
.png)
