فيروس W32/polip.A كيف أتخلص منه..!!

  • بادئ الموضوع بادئ الموضوع Bo Moataz
  • تاريخ البدء تاريخ البدء
  • المشاهدات 2,374
B

Bo Moataz

زيزوومي نشيط
إنضم
26 سبتمبر 2008
المشاركات
109
مستوى التفاعل
0
النقاط
120
غير متصل
السلام عليكم

شحالكم ياقوم عساكم بصحة و سلامة ..دووم :smile:

الموضوع مبين من العنوان ..

إشلون أحذف هالفيروس الملتصق بكثير من الملفات اللي في السيستم دون حذف هذه الملفات أو عطبهاا
يعني مجرد حذف الفيرووس فقط

إن شاء الله أجد عنكم الحل ...!!

وشـكـرآآ,,
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
عليكم السلام

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes

انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

ثم

حمل هذا البرنامج
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
 
التعديل الأخير بواسطة المشرف:
توقيع : sport
تأييد 0
هذا التقرير الأول :

كود: 
ComboFix 08-10-08.05 - Mostshar iblees 10/10/2008  3:12:11.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1256.1.1025.18.310 [GMT 3:00]
Running from: C:\Documents and Settings\Mostshar iblees\??? ??????\ComboFix.exe

[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


(((((((((((((((((((((((((   Files Created from 2008-09-10 to 2008-10-10  )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-10 00:22    ---------    d-----w    C:\Documents and Settings\Mostshar iblees\Application Data\DMCache
2008-10-08 02:27    ---------    d-----w    C:\Program Files\Microsoft Silverlight
2008-10-08 02:02    ---------    d-----w    C:\Program Files\Portable's - Anti Virus
2008-10-06 00:56    ---------    d-----w    C:\Documents and Settings\Mostshar iblees\Application Data\Resource Tuner
2008-10-06 00:54    ---------    d-----w    C:\Program Files\Resource Tuner
2008-10-04 21:36    ---------    d-----w    C:\Program Files\Common Files\xing shared
2008-10-04 21:36    ---------    d-----w    C:\Program Files\Common Files\Real
2008-10-04 21:35    ---------    d-----w    C:\Program Files\Real
2008-10-04 20:37    155,995    ----a-w    C:\WINDOWS\java\Packages\WT7LNJ7T.ZIP
2008-10-04 20:36    ---------    d-----w    C:\Program Files\JavaSoft
2008-10-02 02:46    ---------    d-----w    C:\Program Files\Acoustica Mixcraft
2008-10-01 19:02    ---------    d-----w    C:\Program Files\FlashGet
2008-09-29 18:55    ---------    d-----w    C:\Documents and Settings\Mostshar iblees\Application Data\AntiVir PersonalEdition Premium
2008-09-29 18:43    ---------    d-----w    C:\Program Files\Avira
2008-09-29 18:43    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Avira
2008-09-29 18:32    ---------    d-----w    C:\Program Files\Kaspersky Lab
2008-09-29 18:31    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-29 17:15    342,528    ----a-w    C:\WINDOWS\winhlp32.exe
2008-09-29 17:14    208,384    ----a-w    C:\WINDOWS\regedit.exe
2008-09-29 06:17    ---------    d-----w    C:\Documents and Settings\Mostshar iblees\Application Data\Thinstall
2008-09-29 05:09    ---------    d-----w    C:\Program Files\Portable
2008-09-28 14:02    ---------    d-----w    C:\Program Files\BreakPoint Software
2008-09-26 20:38    ---------    d-----w    C:\Program Files\MSN Messenger
2008-09-26 20:35    ---------    d-----w    C:\Program Files\Windows Live
2008-09-26 02:31    ---------    d-----w    C:\Program Files\Photo Brush
2008-09-26 00:02    ---------    d-----w    C:\Program Files\Microsoft SQL Server Compact Edition
2008-09-25 23:18    ---------    dcsh--w    C:\Program Files\Common Files\WindowsLiveInstaller
2008-09-25 23:16    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-25 21:44    ---------    d-----w    C:\Program Files\Microsoft.NET
2008-09-25 20:34    ---------    d-----w    C:\Program Files\Sun
2008-09-25 20:33    ---------    d-----w    C:\Program Files\Java
2008-09-25 20:24    ---------    d-----w    C:\Program Files\Common Files\Java
2008-09-24 22:51    ---------    d-----w    C:\Documents and Settings\Mostshar iblees\Application Data\AdobeUM
2008-09-24 22:12    ---------    d-----w    C:\Program Files\LtUcx
2008-09-24 21:51    ---------    d-----w    C:\Program Files\Common Files\Adobe
2008-09-24 16:50    ---------    d-----w    C:\Program Files\Mp3tag
2008-09-24 16:50    ---------    d-----w    C:\Documents and Settings\Mostshar iblees\Application Data\Mp3tag
2008-09-24 00:39    ---------    d-----w    C:\Program Files\Bee Icons
2008-09-23 23:40    16,299,862    ------w    C:\$Persi0.sys
2008-09-23 23:40    ---------    d-----w    C:\Program Files\Faronics
2008-09-23 16:11    ---------    d-----w    C:\Program Files\WinPcap
2008-09-23 00:38    ---------    d-----w    C:\Program Files\TuneUp Utilities 2008
2008-09-23 00:37    ---------    d-----w    C:\Documents and Settings\Mostshar iblees\Application Data\TuneUp Software
2008-09-23 00:37    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-09-23 00:36    ---------    d-----w    C:\Program Files\Common Files\Wise Installation Wizard
2008-09-22 23:14    ---------    d-----w    C:\Program Files\IntelliTamper
2008-09-22 23:13    ---------    d-----w    C:\Program Files\Acunetix
2008-09-22 22:25    ---------    d--h--w    C:\Program Files\InstallShield Installation Information
2008-09-22 22:24    ---------    d-----w    C:\Program Files\Common Files\InstallShield
2008-09-22 22:23    774,144    ----a-w    C:\WINDOWS\iun6002.exe
2008-09-22 22:23    ---------    d-----w    C:\Program Files\Macromedia
2008-09-22 20:37    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-09-21 02:35    ---------    d-----w    C:\Program Files\No-IP
2008-09-21 01:24    ---------    d-----w    C:\Program Files\Internet Download Manager
2008-09-21 01:21    ---------    d-----w    C:\Program Files\Windows Media Connect 2
2008-09-21 01:00    ---------    d-----w    C:\Program Files\Realtek Sound Manager
2008-09-21 01:00    ---------    d-----w    C:\Program Files\Realtek AC97
2008-09-21 01:00    ---------    d-----w    C:\Program Files\AvRack
2008-09-20 21:17    ---------    d-----w    C:\Documents and Settings\Mostshar iblees\Application Data\IDM
2008-09-20 20:41    ---------    d-----w    C:\Program Files\Innovatools
2008-09-20 19:58    ---------    d-----w    C:\Program Files\Messenger Plus! Live
2008-09-20 18:40    ---------    d-----w    C:\Program Files\K-Lite Codec Pack
2008-09-20 18:40    ---------    d-----w    C:\Documents and Settings\Mostshar iblees\Application Data\Media Player Classic
2008-09-20 16:12    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-20 01:00    ---------    d-----w    C:\Program Files\microsoft frontpage
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/15/2008 03:00 PM 15360]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [09/20/2008 05:29 AM 2562560]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [09/26/2008 11:38 PM 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM 144784]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [09/29/2008 10:11 PM 266497]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/05/2008 12:35 AM 185896]
"SoundMan"="SOUNDMAN.EXE" [08/03/2006 12:12 AM 577536 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [04/15/2008 03:00 PM 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\Documents and Settings\\All Users\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DfLogon]
06/28/2007 08:39 PM 65536 C:\WINDOWS\system32\LogonDll.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

R0 DeepFrz;DeepFrz;C:\WINDOWS\system32\drivers\DeepFrz.sys [06/28/2007 08:45 PM 131472]
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [01/29/2008 06:29 PM 32784]
R2 AcuWVSScheduler;Acunetix WVS Scheduler;C:\Program Files\Acunetix\Web Vulnerability Scanner 4\WVSScheduler.exe [07/17/2006 02:51 PM 571904]
R2 AntiVirMailService;AntiVir PersonalEdition Premium MailGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [09/29/2008 10:11 PM 164097]
R2 AVEService;AntiVir PersonalEdition Premium MailGuard helper service;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [09/29/2008 10:11 PM 41217]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [04/15/2008 03:00 PM 14336]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [03/13/2008 07:02 PM 26640]
S3 SetupNTGLM7X;SetupNTGLM7X;G:\NTGLM7X.sys [ ]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [09/23/2008 03:37 AM 306432]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5327CEFD-8E71-6179-783A-FA26614F6F72}]
E:\Poison\zxz00007.exe
.
s of the 'Scheduled Tasks' folder

2008-09-23 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe [12/21/2007 03:17 PM]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Mostshar iblees\Application Data\Mozilla\Firefox\Profiles\jsb3mc4n.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-10 03:22:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\LogonDll.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\frzstate2k.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\No-IP\DUC20.exe
.
**************************************************************************
.
Completion time: 10/10/2008  3:25:16 - machine was rebooted [Mostshar iblees]
ComboFix-quarantined-files.txt  2008-10-10 00:25:10

Pre-Run: 10,149,326,848 bytes free
Post-Run: 10,246,103,040 bytes free

172

التقرير الثاني:

كود: 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:31:08 ص, on 10/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Acunetix\Web Vulnerability Scanner 4\WVSScheduler.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\No-IP\DUC20.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mostshar iblees\سطح المكتب\Zyzoom_HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221960082203
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://kotq8.digivoice.net/talk.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1223431208796
O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) - http://kotq8.digivoice.net/ReadUid.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
O23 - Service: Acunetix WVS Scheduler (AcuWVSScheduler) - Acunetix Ltd. - C:\Program Files\Acunetix\Web Vulnerability Scanner 4\WVSScheduler.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 7285 bytes
 
تأييد 0
أنتظر ردك ..:smile:
 
تأييد 0
احذف هذه القيم

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - (no file)

O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


طريقة الحذف
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



mg%20%284%29.png


=================================​

استخدم هذه الاداة للتنظيف
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


wh_15149054.png


وحدث برنامج الافيرا وافحص فيه جهازك بالكامل
 
توقيع : فارس الملاك
تأييد 0
عملت اللي قلت لي بس برضو الفايروس موجود..:no:

شو الحل :?:
...

أتأسف في التأخر عن الرد لظروف,,
 
تأييد 0
Bo Moataz قال:
عملت اللي قلت لي بس برضو الفايروس موجود..:no:

شو الحل :?:
...

أتأسف في التأخر عن الرد لظروف,,
أنقر للتوسيع...

لاااهنت اخوي وش دراك ان الفيروس موجود

وكيف اكتشفته !!!

وياليت صور للتوضيح ..

بانتظارك
 
توقيع : LINEZERO
تأييد 0
هذي صورة توضيحيه بالكاسبر أثناء فحص مجلد system32
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


...

:smile:

أنتظر ردك
 
تأييد 0
طيب انت عندك هارد خارجي وفلاش ؟؟

كم بارتيشن عندك بالجهاز ؟؟
 
توقيع : LINEZERO
تأييد 0
ماأستخدم هايدر خارجي للجهاز المصاب
الفلاش ماأستخدمه
..

عندي 4 بارتيشن <<بشو تفيدك هذي ..!!:smile:

..

أنتظر الحل..:smile:
 
تأييد 0
حمل هذا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


عطل خاصية استعادة النظام

اعد التشغيل ادخل الوضع الآمن

فك ضغط الملف

شغل من
fix_polip-a

انتظر حتى ينتهي

شغل الأنتي فيروس افحص ونظف به ايضآ
 
تأييد 0
يا رجل أنا أنصحك باستخدام آخر نسخة من bit defender و avira وذلك بعملcomplete scanأو فحص شامل
وأيضا ربما تقوم بتجربة عدة أنواع من الأنتي فايروس فكما تعلم كل واحد وقدرته
 
توقيع : samirzehani
تأييد 0
:hh:يا رجل أنا أنصحك باستخدام آخر نسخة من bit defender و avira وذلك بعملcomplete scanأو فحص شامل
وأيضا ربما تقوم بتجربة عدة أنواع من الأنتي فايروس فكما تعلم كل واحد وقدرته
 
توقيع : samirzehani
تأييد 0
mowafak قال:
حمل هذا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


عطل خاصية استعادة النظام

اعد التشغيل ادخل الوضع الآمن

فك ضغط الملف

شغل من
fix_polip-a

انتظر حتى ينتهي

شغل الأنتي فيروس افحص ونظف به ايضآ
أنقر للتوسيع...

شو عمل هالأداة يعني شو تسوي رايح..!!
أبي أعرف قبل ماأجرب..:smile:

samirzehani قال:
يا رجل أنا أنصحك باستخدام آخر نسخة من bit defender و avira وذلك بعملcomplete scanأو فحص شامل
وأيضا ربما تقوم بتجربة عدة أنواع من الأنتي فايروس فكما تعلم كل واحد وقدرته
أنقر للتوسيع...

قريت موضوعي كامل ياخووي شكل قريت بس العنوان :smile:
 
تأييد 0
اخي اعمل التالي وفقك الله

من ابدأ ختر run واكتب الامر التالي

msconfig

ثم اوكي

ستظهر شاشة التطبيق

system configuration utility

اعمل كما يلي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



ثم وافق على اعادة التغشيل


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


بعدها حمل اداة الكاسبر التالية

بعدين أدخل من السيف مود
واتبع التالي
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل
تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير
zyzoom-3d6517b067.png
zyzoom-7717063ed7.png
zyzoom-cda271da05.png
zyzoom-26888dbf15.png
zyzoom-3f4576c288.png
وأحفظ التقرير وارفقه

 
التعديل الأخير بواسطة المشرف:
توقيع : السّاجد لله
تأييد 0
Bo Moataz قال:
شو عمل هالأداة يعني شو تسوي رايح..!!
أبي أعرف قبل ماأجرب..:smile:
أنقر للتوسيع...

راح تودي جهازك للمريخ:d:

مش واضح من اسمها انها لحذف الفيروس الذي لديك

أنت حر الخيارات عديدة والخيار لك
 
تأييد 0
mowafak
ماأبي الجهاز يروح المريخ :d:

يعطيك العافيه أخوي ماقصرت صراحه..

...

أخوي hesham77 سلمت يمناك على هيك شرح
تم تطبيق كل كلمه قلتها و طلع في فايروس ثاني بعد بس الحمدلله نظفت الجهاز كامل بطريقتك..

يعطيك العافية :smile:

التقرير تلقاه عندك بالرسايل أخوى ..

...

يعطيكم العافية على كل من رد في الموضوع و حاول يسعدني بيض الله وجوهكم:smile:
 
تأييد 0
طلعت ماتستقبل رسايل خاصه :smile:

هذا هو التقرير :

PHP: 
Scan
----
Scanned:    149056
Detected:    269
Untreated:    0
Start time:    17/10/1429 12:32:35 ص
Duration:    01:23:37
Finish time:    17/10/1429 01:56:12 ص


Detected
--------
Status    
------    ------
disinfected: virus P2P-Worm.Win32.Polip.a    File: c:\windows\system32\notepad.exe
deleted: virus P2P-Worm.Win32.Polip.a    File: c:\windows\regedit.exe
deleted: virus P2P-Worm.Win32.Polip.a    File: c:\windows\system32\accwiz.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: c:\program files\windows media player\wmplayer.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: c:\program files\outlook express\wab.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: c:\windows\system32\clipbrd.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: c:\windows\winhlp32.exe
disinfected: virus Virus.Win32.Sality.l    File: c:\program files\windows nt\hypertrm.exe
disinfected: virus Virus.Win32.Sality.l    File: c:\program files\javasoft\jre\1.3.1_04\bin\javaw.exe
disinfected: virus Virus.Win32.Sality.l    File: c:\program files\java\jre1.6.0_07\bin\javaws.exe
disinfected: virus Virus.Win32.Sality.l    File: c:\python25\python.exe
disinfected: virus Virus.Win32.Sality.l    File: c:\python25\pythonw.exe
deleted: virus P2P-Worm.Win32.Polip.a    File: c:\windows\notepad.exe
deleted: virus P2P-Worm.Win32.Polip.a    File: c:\windows\system32\msiexec.exe
disinfected: virus Virus.Win32.Sality.l    File: c:\program files\windows media player\wmpnetwk.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: c:\windows\inf\unregmp2.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: c:\windows\system32\ie4uinit.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: c:\windows\system32\logon.scr
disinfected: virus Virus.Win32.Sality.l    File: c:\program files\adobe\acrobat 7.0\reader\acrord32.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: c:\program files\netmeeting\conf.exe
deleted: virus P2P-Worm.Win32.Polip.a    File: c:\program files\windows nt\dialer.exe
disinfected: virus Virus.Win32.Sality.l    File: c:\program files\macromedia\flash mx\flash.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: c:\program files\internet explorer\connection wizard\icwconn1.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: c:\program files\internet explorer\connection wizard\icwconn2.exe
disinfected: virus Virus.Win32.Sality.l    File: c:\program files\k-lite codec pack\media player classic\mplayerc.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: c:\program files\outlook express\msimn.exe
disinfected: virus Virus.Win32.Sality.l    File: c:\program files\messenger\msmsgs.exe
disinfected: virus Virus.Win32.Sality.l    File: c:\program files\notepad++\notepad++.exe
deleted: virus P2P-Worm.Win32.Polip.a    File: c:\windows\system32\mspaint.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: c:\program files\windows nt\pinball\pinball.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: c:\program files\visualtasktips\visualtasktips.exe
disinfected: virus Virus.Win32.Sality.l    File: c:\program files\winrar\winrar.exe
disinfected: virus Virus.Win32.Sality.l    File: c:\progra~1\flashget\flashget.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: c:\windows\downloaded program files\fp_ax_cab_installer.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\Documents and Settings\Administrator\سطح المكتب\setup_7.0.0.242_16.10.2008_22-06.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Acoustica Mixcraft\mixcraft.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Acoustica Mixcraft\UNWISE.EXE
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Acunetix\Web Vulnerability Scanner 4\Manager.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Acunetix\Web Vulnerability Scanner 4\trouble.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Acunetix\Web Vulnerability Scanner 4\UnInstall.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Acunetix\Web Vulnerability Scanner 4\ve.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Acunetix\Web Vulnerability Scanner 4\wvs.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Acunetix\Web Vulnerability Scanner 4\wvs_console.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Adobe\Acrobat 7.0\Reader\Updater\acroaum.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig\ENU\setup.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\AvRack\rtlrack.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_07.b06\zipper.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Common Files\Real\TWC\theweatherchannel_stubreal.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Common Files\Real\Update_OB\realonemessagecenter.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Doblon\Karaoke CD+G Creator\BINInterleave.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Doblon\Karaoke CD+G Creator\CUECreator.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Doblon\Karaoke CD+G Creator\KaraokeCDGCreator.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Doblon\Karaoke CD+G Creator\PowerCDGPlayer.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\FlashGet\UninstallLib.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\FlashGet\UNWISE.EXE
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Innovatools\Add Remove Plus!\arplus.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\IntelliTamper\intellitamper.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\IntelliTamper\uninstall.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Internet Download Manager\TBE.patch.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Internet Explorer\ExtExport.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\Program Files\Internet Explorer\Connection Wizard\icwtutor.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Java\jre1.6.0_07\bin\java-rmi.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Java\jre1.6.0_07\bin\java.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Java\jre1.6.0_07\bin\javacpl.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Java\jre1.6.0_07\bin\keytool.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Java\jre1.6.0_07\bin\kinit.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Java\jre1.6.0_07\bin\klist.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Java\jre1.6.0_07\bin\ktab.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Java\jre1.6.0_07\bin\orbd.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Java\jre1.6.0_07\bin\pack200.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Java\jre1.6.0_07\bin\policytool.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Java\jre1.6.0_07\bin\rmid.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Java\jre1.6.0_07\bin\rmiregistry.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Java\jre1.6.0_07\bin\servertool.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Java\jre1.6.0_07\bin\ssvagent.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Java\jre1.6.0_07\bin\tnameserv.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Java\jre1.6.0_07\bin\unpack200.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\java.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\keytool.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\policytool.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\rmid.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\rmiregistry.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\tnameserv.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\K-Lite Codec Pack\Filters\ac3config.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\K-Lite Codec Pack\Filters\Haali\gdsmux.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\K-Lite Codec Pack\Tools\dsconfig.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\K-Lite Codec Pack\Tools\graphedit.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\K-Lite Codec Pack\Tools\mediainfo.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\K-Lite Codec Pack\Tools\StatsReader.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\K-Lite Codec Pack\Tools\VobSubStrip.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\K-Lite Codec Pack\Tools\gspot\gspot.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Macromedia\Flash MX\Flash_original.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Macromedia\Flash MX\Players\SAFlashPlayer.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Macromedia\Flash MX\Players\Debug\SAFlashPlayer.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Macromedia\Flash MX\Players\Release\SAFlashPlayer.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Mp3tag\Mp3tag.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Notepad++\updater\GUP.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Opera\opera.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Photo Brush\PhotoBrush.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Portable\الجزء الثاني\a-squared free\a2cmd.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Portable\الجزء الثاني\a-squared free\a2free.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Portable\الجزء الثاني\a-squared free\a2service.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Portable\الجزء الثاني\a-squared free\a2upd.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Power_Karaoke\Power_KaraokeToolbarHelper.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Power_Karaoke\UNWISE.EXE
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Real\RealPlayer\fixrjb.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Real\RealPlayer\realjbox.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Real\RealPlayer\RealPlayer PREMIUM Patcher v4.3.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Real\RealPlayer\rphelperapp.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Realtek AC97\alcrmv.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Realtek AC97\ChCfg.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Realtek AC97\RTLCPL.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Realtek AC97\SoundMan.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Sun\OpenOffice.org Installer 1.0\ooostub.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\VirtualDJ\ripdvd.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\VirtualDJ\ripvinyl.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\VirtualDJ\UNWISE.EXE
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\VisualTaskTips\uninst.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Windows Media Connect 2\wmccds.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Windows Media Connect 2\WMCCFG.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\Program Files\Windows Media Player\migrate.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Windows Media Player\wmdbexport.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Windows Media Player\wmlaunch.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Windows Media Player\wmpenc.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Windows Media Player\wmpnscfg.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Windows Media Player\wmpshare.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\Windows Media Player\wmsetsdk.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\Program Files\Windows NT\dialer.backup
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\WinRAR\Rar.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\WinRAR\RarExtLoader.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\WinRAR\Uninstall.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\WinRAR\UnRAR.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Program Files\WinRAR\WinRAR Patch.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Python25\w9xpopen.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Python25\Lib\distutils\command\wininst-6.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\Python25\Lib\distutils\command\wininst-7.1.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\silver\autorun.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\silver\AutoPlay\Docs\arabic_fix_real_player11_by_keanureeves676.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\silver\AutoPlay\Docs\changeowner.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\silver\AutoPlay\Docs\cmd.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\silver\AutoPlay\Docs\defrag.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\silver\AutoPlay\Docs\el_killer.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\silver\AutoPlay\Docs\f1-brontok-s.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\silver\AutoPlay\Docs\general_removal.exe
deleted: Trojan program Trojan.BAT.Agent.fh    File: C:\silver\AutoPlay\Docs\hot_ar .com/z010.com/z010.cmd
disinfected: virus Virus.Win32.Sality.l    File: C:\silver\AutoPlay\Docs\IEFix.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\silver\AutoPlay\Docs\notepad.exe
deleted: riskware not-a-virus:RiskTool.Win32.Reboot.f    File: C:\silver\AutoPlay\Docs\smitfraudfix_2_new.rar/smitfraudfix_2\SmitfraudFix_2.exe/SmitfraudFix\Reboot.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\silver\AutoPlay\Docs\stinger.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\silver\AutoPlay\Docs\TaskbarRepairToolPlus!.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\silver\AutoPlay\Docs\vb.xa_removal.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\silver\AutoPlay\Docs\wscsvcfix.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\silver\AutoPlay\Docs\xp_admin_enable.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\silver\AutoPlay\Docs\XP_CD-DVD-Fix.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\silver\AutoPlay\Docs\xp_fixlogon_2.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\silver\AutoPlay\Docs\Zyzoom_HijackThis.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\WINDOWS\Alcrmv.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\WINDOWS\alcupd.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\WINDOWS\ApplyTheme.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\WINDOWS\fdsv.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\WINDOWS\grep.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\WINDOWS\IsUninst.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\WINDOWS\iun6002.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\regedit.backup
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\reico.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\VFIND.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\WLXPGSS.SCR
disinfected: virus Virus.Win32.Sality.l    File: C:\WINDOWS\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\cscript.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\wscript.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\WINDOWS\$NtUninstallKB939683$\unregmp2.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\WINDOWS\$NtUninstallKB951072-v2$\tzchange.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\WINDOWS\$NtUninstallKB951978$\cscript.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\WINDOWS\$NtUninstallKB951978$\wscript.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\WINDOWS\$NtUninstallQ828026$\spuninst\spuninst.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\WINDOWS\$NtUninstallWMFDist11$\logagent.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\WINDOWS\$NtUninstallwmp11$\setup_wm.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\WINDOWS\$NtUninstallwmp11$\unregmp2.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\$NtUninstallwmp11$\unregmp2.exe.000
disinfected: virus Virus.Win32.Sality.l    File: C:\WINDOWS\$NtUninstallwmp11$\wmplayer.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\$NtUninstallwmp11$\wmplayer.exe.000
disinfected: virus Virus.Win32.Sality.l    File: C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
disinfected: virus Virus.Win32.Sality.l    File: C:\WINDOWS\erdnt\subs\ERDNT.EXE
deleted: riskware not-a-virus:RiskTool.Win32.WFPDisabler.a    File: C:\WINDOWS\Icon_Patcher\tools\wfpdisable.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\WINDOWS\ie8\ie4uinit.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\WINDOWS\ie8\iexplore.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\ie8\iexplore.exe.000
disinfected: virus Virus.Win32.Sality.l    File: C:\WINDOWS\ie8\mshta.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\WINDOWS\Installer\{350C97B7-3D7C-4EE8-BAA9-00BCB3D54227}\places.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\WINDOWS\Installer\{6B976ADF-8AE8-434E-B282-A06C7F624D2F}\python_icon.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\WINDOWS\Installer\{90170401-6000-11D3-8CFE-0150048383C9}\cagicon.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\WINDOWS\Installer\{90170401-6000-11D3-8CFE-0150048383C9}\fpicon.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\WINDOWS\Installer\{90170401-6000-11D3-8CFE-0150048383C9}\misc.exe
disinfected: virus Virus.Win32.Sality.l    File: C:\WINDOWS\Installer\{90170401-6000-11D3-8CFE-0150048383C9}\oisicon.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\Resources\Themes\Vista_Anthracite\VistaStart\VistaStart1.3.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\accwiz.backup
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\ahui.backup
deleted: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\ahui.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\blastcln.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\bootcfg.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\calc.backup
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\charmap.backup
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\cipher.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\cmd.backup
deleted: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\cmd.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\cmstp.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\freecell.backup
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\fsquirt.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\ftp.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\gpupdate.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\ipv6.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\logonui.backup
deleted: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\logonui.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\magnify.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\mobsync.backup
deleted: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\mobsync.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\mshearts.backup
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\msiexec.backup
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\mspaint.backup
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\rcimlby.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\sndrec32.backup
deleted: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\sndrec32.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\sndvol32.backup
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\sndvol32.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\sol.backup
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\ss3dfo.scr
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\ssflwbox.scr
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\ssmypics.scr
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\sspipes.scr
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\sstext3d.scr
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\taskkill.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\taskmgr.backup
deleted: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\taskmgr.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\tourstart.backup
deleted: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\tourstart.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\utilman.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\wiaacmgr.backup
deleted: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\wiaacmgr.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\winmine.backup
deleted: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\winmine.exe
deleted: virus Virus.Win32.Sality.k    File: C:\WINDOWS\system32\wmimgr32.dll
deleted: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\dllcache\accwiz.exe
deleted: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\dllcache\ahui.exe
deleted: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\dllcache\cmd.exe
deleted: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\dllcache\dialer.exe
deleted: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\dllcache\logonui.exe
deleted: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\dllcache\mobsync.exe
deleted: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\dllcache\msiexec.exe
deleted: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\dllcache\mspaint.exe
deleted: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\dllcache\notepad.exe
deleted: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\dllcache\regedit.exe
deleted: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\dllcache\rstrui.exe
deleted: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\dllcache\sndrec32.exe
deleted: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\dllcache\taskmgr.exe
deleted: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\dllcache\wiaacmgr.exe
deleted: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\dllcache\winmine.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\Restore\rstrui.backup
deleted: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\Restore\rstrui.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\wbem\wmiadap.exe
disinfected: virus P2P-Worm.Win32.Polip.a    File: C:\WINDOWS\system32\wbem\wmiprvse.exe


Events
------
Time    Name    Status    Reason
----    ----    ------    ------


Statistics
----------
    Scanned    Detected    Untreated    Deleted    Moved to Quarantine    Archives    Packed files    Password protected    Corrupted
------    -------    --------    ---------    -------    -------------------    --------    ------------    ------------------    ---------


Settings
--------
Parameter    Value
---------    -----
Security Level    Recommended
Action    Disinfect, delete if disinfection fails
Run mode    Manually
File types    Scan all files
Scan only new and changed files    No
Scan archives    All
Scan embedded OLE s    All
Skip if  is larger than    No
Skip if scan takes longer than    No
Parse email formats    No
Scan password-protected archives    No
Enable iChecker technology    No
Enable iSwift technology    No
Show detected threats on "Detected" tab    Yes
Rootkits search    Yes
Deep rootkits search    No
Use heuristic analyzer    Yes


Quarantine
----------
Status        Size    Added
------    ------    ----    -----


Backup
------
Status        Size
------    ------    ----
 
تأييد 0
تم تنظيـف الكثيـر من ملفات جهازك التي تلوثت بهذا الفايروس الخبيث

الآن كيف الأوضاع عندك ؟؟؟
 
توقيع : Al jNtEeL
تأييد 0
تمام الوضع ولله الحمد .. ازعاج الكاسبر من هالفيروس وقف و الوضع أمن عندي الحمدلله :smile:

...

لكن عندي استفسار بسيط الله لايهينكم

بعد ماسويت هالتنظيف
إنه في بعض البرامج اللي أفتحها مثلا :
كالميديا بلير تجيني رساله و تقلي إن :

لايعد C:/Program Files/Windows Media Playyer/wmplayer.exe تطبيق صالح من تطبيقات Win32

شو معناتها .. لازم أثبت البرنامج من جديد ولا إيه ..؟!!

..

يعطيكم العافيه
:smile:
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى