مشكلتي مع الافيرا.!

[رهفـ]

السلام عليكم ورحمة الله وبركاته​

اسعد الله صباحكم​

بكل ماهو طيب​

مشكلتي مع برنامج الحمايه الافيرا​

المشكلة انه يحذف المفكره والرسام Media Player​

وكل شوي تطلع لى نافده تخبرني بالفيروسات ​

وتقرير الجهاز نظيف ولا فيه اي اصابه :er:​

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:53:01 ص, on 06/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [pingshim] C:\DOCUME~1\smss\APPLIC~1\DVDDEB~1\Anti mix link.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
--
End of file - 6604 bytes​

ابي اعرف والمشكلة
مودتي​

 

[رهفـ]

up

 

[ناصر2013]

طيب احذفي الافيرا وريحي بالك

 

[MAAX]

عطل استعادة النظام حسب الشرح التالي

ثم

حمل الاداة التالية

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغلها فتظهر لك واجهة الاداة
احتر خيار التنظيف فتظهر شاشة الدوس للفحص
اتركها حتى تنتهي ويظهر التقرير
انسخه والصقه بمشاركتك القادمة​

 

[رهفـ]

جاري التطبيق والمعذره فى التاخير​

 

[رهفـ]

هذا التقرير الاخر
فى انتظارك


Engine Version : 5300.2777
Engine Load Time : 23531 milliseconds
AV DAT Version : 5492.0000 488805 detections Built 15 محرم, 1430
Extra DAT : 0 detections

Process : C:\WINDOWS\system32\lsass.exe : contains "Virus" called "W32/Polip!mem" (Cleaned )
Process : C:\Program Files\Internet Explorer\iexplore.exe : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
Process : C:\WINDOWS\system32\wbem\wmiprvse.exe : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
Memory : Repair Failed
Please wait ... building list of critical files to scan
File : C:\Program Files\Creative\Creative Live! Cam\Live! Cam Center\LiveCam.exe : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
File : C:\Program Files\Creative\Creative Live! Cam\Live! Cam FX Creator\LCFXEdit.exe : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
File : C:\Program Files\Creative\Photo Calendar\CTPhCal.exe : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
File : C:\Program Files\Creative\Photo Manager\CTPM.exe : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
File : C:\Program Files\Creative\Support\System Information\CTSI.EXE : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
File : C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
File : C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN2.EXE : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
File : C:\Program Files\Internet Explorer\iexplore.exe : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
File : C:\Program Files\Windows Media Player\wmplayer.exe : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
File : C:\Program Files\Windows NT\Pinball\pinball.exe : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
File : C:\PROGRA~1\WINDOW~2\wmplayer.exe : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
File : C:\WINDOWS\inf\unregmp2.exe : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
File : C:\WINDOWS\system32\accwiz.exe : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
File : C:\WINDOWS\system32\cmd.exe : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
File : C:\WINDOWS\system32\mspaint.exe : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
File : C:\WINDOWS\System32\NOTEPAD.EXE : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
File : C:\WINDOWS\system32\smlogsvc.exe : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
File : C:\WINDOWS\System32\sndvol32.exe : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
File : C:\WINDOWS\system32\wbem\wmiprvse.exe : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
File : C:\WINDOWS\System32\wiaacmgr.exe : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
Critical : Repair Failed
Scanning the computer's cookie directories
Cookies : Clean
c:\hiberfil.sys : Scan Failed
c:\pagefile.sys : Scan Failed
c:\Documents and Settings\LocalService\NTUSER.DAT : Scan Failed
c:\Documents and Settings\LocalService\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\NetworkService\NTUSER.DAT : Scan Failed
c:\Documents and Settings\NetworkService\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\smss\NTUSER.DAT : Scan Failed
c:\Documents and Settings\smss\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\smss\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\smss\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\smss\Local Settings\Temp\Perflib_Perfdata_560.dat : Scan Failed
File : c:\Program Files\Circle Developement\Uninstall.exe : contains "Trojan" called "Swizzor.gen" (Deleted )
c:\Program Files\Circle Developement\Uninstall.exe : Deleted
File : c:\Program Files\Creative\Creative Live! Cam\Live! Cam Center\LiveCam.exe : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
c:\Program Files\Creative\Creative Live! Cam\Live! Cam Center\LiveCam.exe : Repair Failed
File : c:\Program Files\Creative\Creative Live! Cam\Live! Cam FX Creator\LCFXEdit.exe : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
c:\Program Files\Creative\Creative Live! Cam\Live! Cam FX Creator\LCFXEdit.exe : Repair Failed
File : c:\Program Files\Creative\Photo Calendar\CTPhCal.exe : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
c:\Program Files\Creative\Photo Calendar\CTPhCal.exe : Repair Failed
File : c:\Program Files\Creative\Photo Manager\CTPM.exe : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
c:\Program Files\Creative\Photo Manager\CTPM.exe : Repair Failed
File : c:\Program Files\Creative\Support\System Information\CTSi.exe : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
c:\Program Files\Creative\Support\System Information\CTSi.exe : Repair Failed
File : c:\Program Files\Internet Download Manager\Patch 5.xx (2008-12-06).exe : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
c:\Program Files\Internet Download Manager\Patch 5.xx (2008-12-06).exe : Repair Failed
File : c:\Program Files\Internet Explorer\IEXPLORE.EXE : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
c:\Program Files\Internet Explorer\IEXPLORE.EXE : Repair Failed
File : c:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
c:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe : Repair Failed
File : c:\Program Files\Internet Explorer\Connection Wizard\icwconn2.exe : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
c:\Program Files\Internet Explorer\Connection Wizard\icwconn2.exe : Repair Failed
File : c:\Program Files\Windows Media Player\wmplayer.exe : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
c:\Program Files\Windows Media Player\wmplayer.exe : Repair Failed
File : c:\Program Files\Windows NT\Pinball\PINBALL.EXE : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
c:\Program Files\Windows NT\Pinball\PINBALL.EXE : Repair Failed
File : c:\System Volume Information\_restore{24229214-8FB3-45B9-A880-42ED1E00C54D}\RP23\A0001087.sys : contains "Trojan" called "W32/Almanahe.sys.gen" (Deleted )
c:\System Volume Information\_restore{24229214-8FB3-45B9-A880-42ED1E00C54D}\RP23\A0001087.sys : Deleted
File : c:\System Volume Information\_restore{24229214-8FB3-45B9-A880-42ED1E00C54D}\RP23\A0001177.sys : contains "Trojan" called "W32/Almanahe.sys.gen" (Deleted )
c:\System Volume Information\_restore{24229214-8FB3-45B9-A880-42ED1E00C54D}\RP23\A0001177.sys : Deleted
File : c:\System Volume Information\_restore{24229214-8FB3-45B9-A880-42ED1E00C54D}\RP23\A0001180.exe : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
c:\System Volume Information\_restore{24229214-8FB3-45B9-A880-42ED1E00C54D}\RP23\A0001180.exe : Repair Failed
File : c:\System Volume Information\_restore{24229214-8FB3-45B9-A880-42ED1E00C54D}\RP25\A0001229.sys : contains "Trojan" called "W32/Almanahe.sys.gen" (Deleted )
c:\System Volume Information\_restore{24229214-8FB3-45B9-A880-42ED1E00C54D}\RP25\A0001229.sys : Deleted
File : c:\System Volume Information\_restore{24229214-8FB3-45B9-A880-42ED1E00C54D}\RP25\A0001267.sys : contains "Trojan" called "W32/Almanahe.sys.gen" (Deleted )
c:\System Volume Information\_restore{24229214-8FB3-45B9-A880-42ED1E00C54D}\RP25\A0001267.sys : Deleted
File : c:\System Volume Information\_restore{24229214-8FB3-45B9-A880-42ED1E00C54D}\RP25\A0001308.sys : contains "Trojan" called "W32/Almanahe.sys.gen" (Deleted )
c:\System Volume Information\_restore{24229214-8FB3-45B9-A880-42ED1E00C54D}\RP25\A0001308.sys : Deleted
File : c:\System Volume Information\_restore{24229214-8FB3-45B9-A880-42ED1E00C54D}\RP25\A0001329.sys : contains "Trojan" called "W32/Almanahe.sys.gen" (Deleted )
c:\System Volume Information\_restore{24229214-8FB3-45B9-A880-42ED1E00C54D}\RP25\A0001329.sys : Deleted
File : c:\System Volume Information\_restore{24229214-8FB3-45B9-A880-42ED1E00C54D}\RP25\A0001361.sys : contains "Trojan" called "W32/Almanahe.sys.gen" (Deleted )
c:\System Volume Information\_restore{24229214-8FB3-45B9-A880-42ED1E00C54D}\RP25\A0001361.sys : Deleted
File : c:\System Volume Information\_restore{24229214-8FB3-45B9-A880-42ED1E00C54D}\RP26\A0001400.sys : contains "Trojan" called "W32/Almanahe.sys.gen" (Deleted )
c:\System Volume Information\_restore{24229214-8FB3-45B9-A880-42ED1E00C54D}\RP26\A0001400.sys : Deleted
File : c:\System Volume Information\_restore{24229214-8FB3-45B9-A880-42ED1E00C54D}\RP26\A0001436.sys : contains "Trojan" called "W32/Almanahe.sys.gen" (Deleted )
c:\System Volume Information\_restore{24229214-8FB3-45B9-A880-42ED1E00C54D}\RP26\A0001436.sys : Deleted
File : c:\System Volume Information\_restore{24229214-8FB3-45B9-A880-42ED1E00C54D}\RP26\A0001468.exe : contains "Trojan" called "Swizzor.gen" (Deleted )
c:\System Volume Information\_restore{24229214-8FB3-45B9-A880-42ED1E00C54D}\RP26\A0001468.exe : Deleted
File : c:\WINDOWS\linkinfo.dll : contains "Virus" called "W32/Almanahe.dll" (No Action Taken (Clean failed) )
c:\WINDOWS\linkinfo.dll : Repair Failed
File : c:\WINDOWS\ime\imkr6_1\imkrinst.exe : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
c:\WINDOWS\ime\imkr6_1\imkrinst.exe : Repair Failed
File : c:\WINDOWS\inf\unregmp2.exe : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
c:\WINDOWS\inf\unregmp2.exe : Repair Failed
File : c:\WINDOWS\system32\accwiz.exe : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
c:\WINDOWS\system32\accwiz.exe : Repair Failed
File : c:\WINDOWS\system32\cmd.exe : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
c:\WINDOWS\system32\cmd.exe : Repair Failed
File : c:\WINDOWS\system32\extrac32.exe : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
c:\WINDOWS\system32\extrac32.exe : Repair Failed
File : c:\WINDOWS\system32\logon.scr : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
c:\WINDOWS\system32\logon.scr : Repair Failed
File : c:\WINDOWS\system32\logonui.exe : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
c:\WINDOWS\system32\logonui.exe : Repair Failed
File : c:\WINDOWS\system32\mshearts.exe : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
c:\WINDOWS\system32\mshearts.exe : Repair Failed
File : c:\WINDOWS\system32\mspaint.exe : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
c:\WINDOWS\system32\mspaint.exe : Repair Failed
File : c:\WINDOWS\system32\net.exe : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
c:\WINDOWS\system32\net.exe : Repair Failed
File : c:\WINDOWS\system32\notepad.exe : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
c:\WINDOWS\system32\notepad.exe : Repair Failed
File : c:\WINDOWS\system32\smlogsvc.exe : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
c:\WINDOWS\system32\smlogsvc.exe : Repair Failed
File : c:\WINDOWS\system32\sndvol32.exe : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
c:\WINDOWS\system32\sndvol32.exe : Repair Failed
File : c:\WINDOWS\system32\tourstart.exe : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
c:\WINDOWS\system32\tourstart.exe : Repair Failed
File : c:\WINDOWS\system32\wiaacmgr.exe : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
c:\WINDOWS\system32\wiaacmgr.exe : Repair Failed
File : c:\WINDOWS\system32\wuauclt.exe : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
c:\WINDOWS\system32\wuauclt.exe : Repair Failed
File : c:\WINDOWS\system32\wuauclt1.exe : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
c:\WINDOWS\system32\wuauclt1.exe : Repair Failed
c:\WINDOWS\system32\CatRoot2\edb.log : Scan Failed
c:\WINDOWS\system32\CatRoot2\tmp.edb : Scan Failed
c:\WINDOWS\system32\config\default : Scan Failed
c:\WINDOWS\system32\config\default.LOG : Scan Failed
c:\WINDOWS\system32\config\SAM : Scan Failed
c:\WINDOWS\system32\config\SAM.LOG : Scan Failed
c:\WINDOWS\system32\config\SECURITY : Scan Failed
c:\WINDOWS\system32\config\SECURITY.LOG : Scan Failed
c:\WINDOWS\system32\config\software : Scan Failed
c:\WINDOWS\system32\config\software.LOG : Scan Failed
c:\WINDOWS\system32\config\system : Scan Failed
c:\WINDOWS\system32\config\system.LOG : Scan Failed
File : c:\WINDOWS\system32\drivers\cdralw.sys : contains "Trojan" called "W32/Almanahe.sys.gen" (Deleted )
c:\WINDOWS\system32\drivers\cdralw.sys : Deleted
File : c:\WINDOWS\system32\Restore\rstrui.exe : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
c:\WINDOWS\system32\Restore\rstrui.exe : Repair Failed
File : c:\WINDOWS\system32\wbem\wmiadap.exe : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
c:\WINDOWS\system32\wbem\wmiadap.exe : Repair Failed
File : c:\WINDOWS\system32\wbem\wmiprvse.exe : contains "Virus" called "W32/Polip" (No Action Taken (Clean failed) )
c:\WINDOWS\system32\wbem\wmiprvse.exe : Repair Failed
Scanning the registry
Registry : Clean

Summary :-
FilesFound : 31629
FilesScanned : 19860
FilesNotScanned : 11769

ObjectsFound : 60112
ObjectsInfected : 68
ObjectsCleaned : 1
ObjectsDeleted : 12

FilesInfected : 45
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 12

Started at : 10:56:33 ص 12 ربيع الثاني, 1430
Ended at : 11:19:34 ص 12 ربيع الثاني, 1430
Duration : 23 minutes 0 seconds
3061 MB scanned in 1380 seconds = 2 MB/s
Engine Version : 5300.2777
Engine Load Time : 23891 milliseconds
AV DAT Version : 5492.0000 488805 detections Built 15 محرم, 1430
Extra DAT : 0 detections


Summary :-
FilesFound : 149
FilesScanned : 37
FilesNotScanned : 112

ObjectsFound : 151
ObjectsInfected : 0
ObjectsCleaned : 0
ObjectsDeleted : 0

FilesInfected : 0
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 0

Started at : 11:19:59 ص 12 ربيع الثاني, 1430
Ended at : 11:20:02 ص 12 ربيع الثاني, 1430
Duration : 2 seconds
9 MB scanned in 2 seconds = 4 MB/s

 

[MAAX]

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة

 

[رهفـ]

المعذره :$
هذا التقرير



ComboFix 09-04-04.01 - smss 04/07/2009 21:25:09.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.1015.509 [GMT 3:00]
Running from: c:\documents and settings\smss\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\linkinfo.dll
.
((((((((((((((((((((((((( Files Created from 2009-03-07 to 2009-04-07 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-07 18:25 --------- d-----w c:\documents and settings\smss\Application Data\DMCache
2009-04-07 18:17 --------- d-----w c:\documents and settings\smss\Application Data\Skype
2009-04-07 13:03 --------- d-----w c:\documents and settings\smss\Application Data\skypePM
2009-04-07 08:03 --------- d-----w c:\program files\Circle Developement
2009-04-06 08:45 --------- d-----w c:\program files\Common Files\Adobe
2009-04-06 08:44 --------- d--h--w c:\program files\InstallShield Installation Information
2009-04-06 08:28 --------- d-----w c:\program files\Trend Micro
2009-04-06 06:13 --------- d-----w c:\program files\Internet Download Manager
2009-04-05 04:39 --------- d-----w c:\program files\Microsoft.NET
2009-04-05 04:32 --------- d-----w c:\program files\Avira
2009-04-05 04:32 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-04-05 04:30 --------- d-----w c:\program files\Common Files\xing shared
2009-04-05 04:30 --------- d-----w c:\program files\Common Files\Real
2009-04-05 04:29 499,712 ----a-w c:\windows\system32\msvcp71.dll
2009-04-05 04:29 348,160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-05 04:19 --------- d-----w c:\documents and settings\All Users\Application Data\Creative
2009-04-05 04:18 --------- d-----w c:\documents and settings\smss\Application Data\Creative
2009-04-05 04:15 --------- d-----w c:\program files\Creative
2009-04-05 04:14 --------- d-----w c:\program files\Common Files\InstallShield
2009-04-05 04:12 --------- d-----w c:\program files\muvee Technologies
2009-04-05 04:12 --------- d-----w c:\program files\Common Files\muvee Technologies
2009-04-05 04:10 --------- d-----w c:\documents and settings\All Users\Application Data\muvee Technologies
2009-04-05 04:09 --------- d-----w c:\program files\SightSpeed
2009-04-05 04:01 --------- d-----w c:\program files\NetWaiting
2009-04-05 04:01 --------- d-----w c:\program files\CONEXANT
2009-04-04 19:02 218,624 ----a-w c:\windows\system32\uxtheme.dll
2009-04-04 18:56 --------- d-----w c:\program files\Hewlett-Packard
2009-04-04 18:41 --------- d-----w c:\documents and settings\smss\Application Data\Media Player Classic
2009-04-04 18:40 --------- d-----w c:\program files\K-Lite Codec Pack
2009-04-04 18:38 155,995 ----a-w c:\windows\java\Packages\MXVJ5BLN.ZIP
2009-04-04 18:36 --------- d-----w c:\documents and settings\smss\Application Data\IDM
2009-04-04 18:23 --------- d-----w c:\documents and settings\smss\Application Data\TeamViewer
2009-04-04 18:16 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-04-04 18:16 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2009-04-04 18:15 --------- d-----w c:\documents and settings\smss\Application Data\InstallShield
2009-04-04 18:07 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-04-04 17:46 --------- d-----w c:\documents and settings\smss\Application Data\Dvddebugfour
2009-04-04 17:45 --------- d-----w c:\program files\Dvddebugfour
2009-04-04 17:45 --------- d-----w c:\documents and settings\All Users\Application Data\bags readme locks tick
2009-04-04 17:43 --------- d-----w c:\program files\Windows Live
2009-04-04 17:43 --------- d-----w c:\program files\MSN Messenger
2009-04-04 17:43 --------- d-----w c:\program files\Messenger Plus! Live
2009-04-04 17:39 --------- d-----w c:\program files\Yahoo!
2009-04-04 17:39 --------- d-----w c:\program files\CCleaner
2009-04-04 17:39 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-04-04 17:38 --------- d-----w c:\program files\Skype
2009-04-04 17:38 --------- d-----w c:\program files\Common Files\Skype
2009-04-04 17:38 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-04-04 17:37 --------- d-----w c:\program files\Real
2009-04-04 16:13 --------- d-----w c:\program files\Intel
2009-04-04 15:45 --------- d-----w c:\program files\microsoft frontpage
2009-01-22 14:49 206,256 ----a-w c:\windows\system32\idmmbc.dll
.
------- Sigcheck -------
08/04/2004 08:56 AM 171520 11c1f4f12a7182dcffd8cac47a040d72 c:\windows\system32\wuauclt.exe
08/04/2004 08:56 AM 111104 4126d27cece4471e00e425411f7306b5 c:\windows\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [08/04/2004 08:56 AM 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [04/04/2009 08:41 PM 2745776]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [01/19/2007 12:55 PM 5674352]
"Creative Live! Cam Manager"="c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [06/07/2007 02:01 PM 155648]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [08/04/2004 01:06 AM 1667584]
"pingshim"="c:\docume~1\smss\APPLIC~1\DVDDEB~1\Anti mix link.exe" [04/04/2009 08:45 PM 593920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [01/02/2007 03:46 PM 40960]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [08/04/2004 06:32 AM 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [08/04/2004 06:31 AM 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [08/04/2004 06:32 AM 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [08/04/2004 06:32 AM 455168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [09/18/2007 10:29 PM 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [09/18/2007 10:29 PM 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [09/18/2007 10:29 PM 137752]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [06/03/2008 04:40 PM 177456]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [04/05/2009 07:29 AM 198160]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [06/12/2008 01:28 PM 266497]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [08/04/2004 08:56 AM 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-04-06 113664]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 11/18/2008 04:31 PM 21633320 c:\program files\Skype\Phone\Skype.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-04-04 193840]
R3 VF0400Afx;VF0400 Audio FX;c:\windows\system32\drivers\V0400Afx.sys [2009-04-05 142656]
R3 VF0400Vfx;VF0400 Video FX;c:\windows\system32\drivers\V0400Vfx.sys [2009-04-05 7424]
R3 VF0400Vid;Live! Cam Notebook Pro (VF0400);c:\windows\system32\drivers\V0400Vid.sys [2009-04-05 166720]
S2 cdralw;NVIDIA Compatible Windows Miniport Driver;c:\windows\system32\DRIVERS\nvmini.sys --> c:\windows\system32\DRIVERS\nvmini.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2009-04-07 c:\windows\Tasks\AE0ACD5D91A57E25.job
- c:\docume~1\smss\applic~1\dvddeb~1\junk inter bat.exe [04/04/2009 08:46 PM]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
DPF: Microsoft XML Parser for Java -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-04-07 21:26:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe??????????????@? ????V????????@???????@
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(852)
c:\windows\system32\igfxdev.dll
.
Completion time: 04/07/2009 21:27:33
ComboFix-quarantined-files.txt 2009-04-07 18:27:30
Pre-Run: 34,965,655,552 bytes free
Post-Run: 35,242,704,896 bytes free
154

 

[رهفـ]

صرت اعاني من بعض المشاكل
لااستطيع فتح Internet Explorer الا باستخدم :f:
اتمني تشوف لى حل

 

[Corporation]

هاتي هايجآك جديد ,,​

 

[MAAX]

حمل اداة الكاسبر من الرابط التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل

تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير

ثم قم بضغط التقرير ورفعه هنا>>>>

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

​