اريد مساعدة في الكاسبر 2009

[الشيزاوي1]

السلام عليكم
ظهرت عندي مشكلة في الكاسبر انترنت 2009
وهي عندما اقوم بتحديثه تظهر عندي رسالة وتقوم بالغاء التحديث وعلى العلم انه الكاسبر الي عندي اصلي 100 % لاني شارنه من المحل
وهذه الرسالة في الرابط

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 

[Demo-dashDemo-dash is verified member.]

المعذره بنقل الموضوع الى القسم الأنسب ,, بالتوفيق
​

 

[HooOoom]

لتسهيل

 

[Demo-dashDemo-dash is verified member.]

يعطيك العافيه هوم

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

اعمل تقرير للهايجاك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم​

​

 

[الشيزاوي1]

ComboFix 08-12-18.01 - Ahmed 12/19/2008 1:36:09.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.735.428 [GMT -12:00]
Running from: f:\documents and settings\Ahmed\My Documents\Downloads\Programs\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
f:\documents and settings\Ahmed\Application Data\inst.exe
f:\documents and settings\Ahmed\Application Data\Rapid Antivirus
f:\program files\Rapid Antivirus
f:\program files\Rapid Antivirus\Uninstall.exe
f:\program files\TechniSat DVB\bin\Desktop_.ini
f:\program files\TechniSat DVB\DB\Desktop_.ini
f:\program files\TechniSat DVB\DB\Terrestrial_DVB\Desktop_.ini
f:\program files\TechniSat DVB\Desktop_.ini
f:\windows\IE4 Error Log.txt
f:\windows\ktd32.atm
f:\windows\system32\dse235rgd0.dll
f:\windows\system32\kxvo.exe
f:\windows\system32\systeminfo3.dll
f:\windows\system32\wedasgads0.dll
.
((((((((((((((((((((((((( Files Created from 2008-11-19 to 2008-12-19 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-19 13:40 --------- d-----w f:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-12-19 13:40 --------- d-----w f:\documents and settings\Ahmed\Application Data\DMCache
2008-12-19 13:39 335,904 --sha-w f:\windows\system32\drivers\fidbox2.dat
2008-12-19 13:39 3,276 --sha-w f:\windows\system32\drivers\fidbox2.idx
2008-12-19 13:39 21,208 --sha-w f:\windows\system32\drivers\fidbox.idx
2008-12-19 13:39 2,308,128 --sha-w f:\windows\system32\drivers\fidbox.dat
2008-12-19 13:38 --------- d-----w f:\program files\TechniSat DVB
2008-12-18 09:00 --------- d-----w f:\documents and settings\Ahmed\Application Data\Simply Super Software
2008-12-17 10:15 --------- d-----w f:\program files\Super_DVD_Creator_9.8
2008-12-17 08:44 --------- d-----w f:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-12-17 08:44 --------- d-----w f:\documents and settings\Ahmed\Application Data\Yahoo!
2008-12-17 06:07 --------- d-----w f:\program files\Recuva
2008-12-17 02:35 96,976 ----a-w f:\windows\system32\drivers\klin.dat
2008-12-17 01:50 87,855 ----a-w f:\windows\system32\drivers\klick.dat
2008-12-17 01:49 --------- d-----w f:\program files\Kaspersky Lab
2008-12-14 02:48 --------- d-----w f:\program files\Audio Sound Recorder
2008-12-14 02:20 --------- d-----w f:\program files\Glary Utilities
2008-12-14 02:18 --------- d-----w f:\program files\Satellite TV for PC
2008-12-13 14:59 --------- d-----w f:\documents and settings\Ahmed\Application Data\TVU Networks
2008-12-13 14:54 --------- d-----w f:\documents and settings\Ahmed\Application Data\Livestation
2008-12-13 14:17 --------- d-----w f:\program files\OpenAL
2008-12-12 05:43 54,784 ----a-w f:\windows\system32\drivers\CDAC11BA.EXE
2008-12-12 05:43 12,464 ----a-w f:\windows\system32\drivers\CdaC15BA.SYS
2008-12-12 05:43 --------- d-----w f:\program files\Common Files\Macrovision Shared
2008-12-12 05:43 --------- d-----w f:\documents and settings\All Users\Application Data\Macrovision
2008-12-12 05:36 --------- d-----w f:\program files\BoontyGames
2008-12-12 01:13 --------- d-----w f:\documents and settings\Ahmed\Application Data\Thinstall
2008-12-11 16:04 --------- d-----w f:\program files\Arafasoft
2008-12-11 14:08 --------- d-----w f:\documents and settings\Ahmed\Application Data\IDM
2008-12-07 05:45 --------- d-----w f:\program files\Video Convert Master
2008-12-07 03:44 81,920 ----a-w f:\documents and settings\Ahmed\Application Data\ezpinst.exe
2008-12-07 03:44 47,360 ----a-w f:\windows\system32\drivers\pcouffin.sys
2008-12-07 03:44 47,360 ----a-w f:\documents and settings\Ahmed\Application Data\pcouffin.sys
2008-12-07 03:44 --------- d-----w f:\documents and settings\Ahmed\Application Data\Vso
2008-12-07 03:02 --------- d-----w f:\program files\Common Files\Download Manager
2008-12-06 03:16 --------- d-----w f:\program files\Movie Joiner
2008-12-06 03:13 --------- d-----w f:\program files\EO Video
2008-12-06 03:10 724,992 ----a-w f:\windows\iun6002.exe
2008-12-06 00:59 --------- d-----w f:\program files\FormatFactory
2008-12-05 12:36 --------- d-----w f:\program files\Witcobber
2008-12-05 12:21 --------- d-----w f:\program files\ImTOO
2008-12-03 10:22 --------- d-----w f:\documents and settings\Ahmed\Application Data\s_5849_MjV8fHx8MjV8fHwxMjQwOTU0NDQxfA_
2008-12-03 10:13 --------- d-----w f:\program files\WMVideoPlugin
2008-12-03 09:54 --------- d-----w f:\program files\Zealot Software
2008-12-03 09:28 --------- d-----w f:\program files\Total Video Converter
2008-12-02 09:22 --------- d-----w f:\program files\sohar
2008-12-02 09:07 158 ----a-w f:\program files\PhotoToFilm.log
2008-12-02 09:03 --------- d-----w f:\program files\Smart Install Maker
2008-12-02 08:40 --------- d-----w f:\program files\Ashampoo
2008-12-01 12:35 691,545 ----a-w f:\program files\unins000.exe
2008-12-01 12:35 3,813 ----a-w f:\program files\unins000.dat
2008-12-01 12:35 --------- d-----w f:\program files\KC Softwares
2008-11-30 08:45 --------- d-----w f:\program files\gAttach
2008-11-30 05:14 --------- d-----w f:\program files\Ela-Salaty
2008-11-29 12:34 --------- d-----w f:\documents and settings\Ahmed\Application Data\Beauty
2008-11-29 12:23 --------- d-----w f:\documents and settings\Ahmed\Application Data\Nitro PDF
2008-11-29 05:50 --------- d-----w f:\documents and settings\Ahmed\Application Data\DNA
2008-11-28 00:14 73,216 ----a-w f:\windows\ST6UNST.EXE
2008-11-28 00:14 172,032 ------w f:\windows\Setup1.exe
2008-11-22 02:33 --------- d-----w f:\documents and settings\All Users\Application Data\PC Suite
2008-11-19 05:44 --------- d-----w f:\program files\DAEMON Tools Toolbar
2008-11-19 03:01 717,296 ----a-w f:\windows\system32\drivers\sptd.sys
2008-11-19 03:01 --------- d-----w f:\documents and settings\Ahmed\Application Data\DAEMON Tools
2008-11-18 11:42 --------- d-----w f:\program files\iRedSoft
2008-11-18 11:02 --------- d-----w f:\program files\Photo Editor Plus
2008-11-18 08:05 --------- d-----w f:\program files\Common Files\Adobe
2008-11-18 06:27 --------- d--h--w f:\program files\InstallShield Installation Information
2008-11-18 03:30 --------- d-----w f:\program files\Paint.NET
2008-11-18 03:29 --------- d-----w f:\program files\Serif
2008-11-18 03:10 --------- d-----w f:\program files\Abrosoft
2008-11-18 03:08 --------- d-----w f:\program files\Corel
2008-11-18 02:56 2,828 --sha-w f:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2008-11-18 02:48 8 --sh--r f:\documents and settings\All Users\Application Data\96C79D53B1.sys
2008-11-18 02:21 --------- d-----w f:\documents and settings\Ahmed\Application Data\InstallShield
2008-11-17 09:57 --------- d-----w f:\documents and settings\Ahmed\Application Data\Nero
2008-11-15 08:03 --------- d-----w f:\documents and settings\Ahmed\Application Data\U3
2008-11-15 03:00 --------- dc----w f:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2008-11-14 11:56 --------- d-----w f:\program files\Download Direct
2008-11-13 09:10 --------- d-----w f:\program files\Alwil Software
2008-11-13 03:07 --------- d-----w f:\documents and settings\Ahmed\Application Data\URSoft
2008-11-13 02:10 --------- d-----w f:\program files\RM Converter
2008-11-13 02:09 --------- d-----w f:\program files\Easy Avi Divx Xvid to DVD Burner
2008-11-11 05:59 --------- d-----w f:\program files\Enigma Software Group
2008-11-11 03:32 --------- d-----w f:\documents and settings\Ahmed\Application Data\Uniblue
2008-11-10 12:46 --------- d-----w f:\program files\Common Files\Wise Installation Wizard
2008-11-10 11:46 --------- d-----w f:\program files\Online TV Player 4
2008-11-08 00:59 --------- d-----w f:\program files\AutorunRemover
2008-11-08 00:49 --------- d-----w f:\documents and settings\Ahmed\Application Data\zweitgeist
2008-11-08 00:49 --------- d-----w f:\documents and settings\Ahmed\Application Data\BitTorrent
2008-11-07 13:18 --------- d-----w f:\program files\Yahoo!
2008-11-07 01:35 --------- d-----w f:\documents and settings\Ahmed\Application Data\VUPlayer
2008-11-04 02:34 --------- d-----w f:\program files\Readiris Pro 11 Mr.Underground Edition
2008-11-04 02:33 --------- d-----w f:\program files\Common Files\InstallShield
2008-10-29 11:23 16,877 ----a-w f:\windows\system32\drivers\ASPI32.SYS
2008-10-29 03:36 --------- d-----w f:\program files\anoooos
2008-10-28 11:41 --------- d-----w f:\documents and settings\All Users\Application Data\Efofex
2008-10-28 09:39 --------- d-----w f:\documents and settings\Ahmed\Application Data\PC Suite
2008-10-28 02:28 --------- d-----w f:\program files\USB Disk Security
2008-10-26 09:47 --------- d-----w f:\program files\Allok RM RMVB to AVI MPEG DVD Converter
2008-10-24 14:03 --------- d-----w f:\documents and settings\Ahmed\Application Data\Ashampoo
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "f:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [10/03/2008 09:23 PM 57344]
[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="f:\program files\anoooos\Internet Download Manager\IDMan.exe" [12/04/2008 12:00 AM 2741680]
"ctfmon.exe"="f:\windows\system32\ctfmon.exe" [08/03/2004 11:56 AM 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB Antivirus"="f:\program files\USB Disk Security\USBGuard.exe" [07/13/2008 11:26 PM 753664]
"AVP"="f:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [07/29/2008 08:20 PM 206088]
"TkBellExe"="f:\program files\Common Files\Real\Update_OB\realsched.exe" [03/28/2007 01:29 PM 185896]
f:\documents and settings\Ahmed\Start Menu\Programs\Startup\
Ela-Salaty.lnk - f:\program files\Ela-Salaty\Salaty.exe [2007-03-04 5353984]
f:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - f:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-10-09 610365]
Server4PC.lnk - f:\program files\TechniSat DVB\bin\Server4PC.exe [2008-06-25 450560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iPMS.exe]
"Debugger"=dummy.dat
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iPMS20.exe]
"Debugger"=dummy.dat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=f:\windows\system32\ctfmon.exe
"MSMSGS"="f:\program files\Messenger\msmsgs.exe" /background
"msiexec.exe"=msiconf.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="f:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"TrojanScanner"=f:\program files\Trojan Remover\Trjscan.exe /boot
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="f:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\Program Files\\DVBViewerTE\\ts_winlirc.exe"=
"f:\\Program Files\\TechniSat DVB\\bin\\Server4PC.exe"=
"f:\\Program Files\\CPDI\\Internet Connection Monitor\\InternetConnection.exe"=
"f:\\Program Files\\Messenger\\msmsgs.exe"=
"g:\\جديد\\sky\\skynet0897b6sbf0_20a_full\\SkyNet\\skynet0897b6sbf0_20a.exe"=
"f:\\Program Files\\DNA\\btdna.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;f:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\f:\program files\CyberLink\PowerDVD\000.fcl [2007-03-26 21:30:48 13560]
R2 AASW2_Service;Ashampoo AntiSpyWare 2 Service;f:\program files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe [2008-09-27 749400]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;f:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;f:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;f:\windows\system32\DRIVERS\SkyNET.SYS [2007-03-26 462212]
S3 ATE_PROCMON;ATE_PROCMON; []
S3 AVPsys;AVPsys;\??\f:\windows\system32\drivers\cdaudio.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0fb709ba-8b7b-11dd-b728-209e87474032}]
\Shell\AutoRun\command - I:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bcca0c7-19c7-11dd-b61f-00d0d71514c6}]
\Shell\AutoRun\command - H:\hni.cmd
\Shell\explore\Command - H:\hni.cmd
\Shell\open\Command - H:\hni.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86d68c48-a6e9-11dd-b78e-209e87474030}]
\Shell\AutoRun\command - I:\hni.cmd
\Shell\explore\Command - I:\hni.cmd
\Shell\open\Command - I:\hni.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c1ff9f4-15c8-11dd-b613-00d0d71514c6}]
\Shell\AutoRun\command - I:\hni.cmd
\Shell\explore\Command - I:\hni.cmd
\Shell\open\Command - I:\hni.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c020cebe-b2dd-11dd-b7bd-209e85474030}]
\Shell\AutoRun\command - J:\hni.cmd
\Shell\explore\Command - J:\hni.cmd
\Shell\open\Command - J:\hni.cmd
.
s of the 'Scheduled Tasks' folder
2008-12-19 f:\windows\Tasks\GlaryInitialize.job
- f:\program files\Glary Utilities\initialize.exe [12/01/2008 09:38 AM]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{0C55A48A-97DC-4003-8729-7D0B159B40D3} - (no file)
Notify-NavLogon - (no file)

.
------- Supplementary Scan -------
.
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = <local>
IE: "إضافة إلى حاجب الدعايات" - f:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - f:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: تحميل الكل بواسطة Internet Download Manager - f:\program files\anoooos\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - f:\program files\anoooos\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - f:\program files\anoooos\Internet Download Manager\IEGetVL.htm
TCP: {03D295FD-0ABA-4AD6-B15F-AA4EEB948B75} = 212.72.1.186 212.72.23.4
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-12-19 01:40:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\f:\program files\CyberLink\PowerDVD\000.fcl"
.
------------------------ Other Running Processes ------------------------
.
f:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
f:\windows\system32\drivers\CDAC11BA.EXE
f:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
f:\program files\Super_DVD_Creator_9.8\NMSAccessU.exe
f:\program files\CyberLink\Shared Files\RichVideo.exe
f:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
f:\program files\anoooos\Internet Download Manager\IEMonitor.exe
f:\program files\Nawras Internet-E220\Nawras Internet-E220\Mobile Connect.exe
f:\program files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Completion time: 12/19/2008 1:44:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-19 13:44:01
Pre-Run: 9,298,989,056 bytes free
Post-Run: 14,482,608,128 bytes free
260 --- E O F --- 2008-12-17 12:02:52

 

[MAAX]

اعمل تقرير للهايجاك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم

 

[الشيزاوي1]

تفضل هذا تقرير الهايكنج

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:45:48, on 19/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
F:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
F:\WINDOWS\system32\drivers\CDAC11BA.EXE
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe
F:\Program Files\CyberLink\Shared Files\RichVideo.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\anoooos\Internet Download Manager\IDMan.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
F:\Program Files\TechniSat DVB\bin\Server4PC.exe
F:\Program Files\Ela-Salaty\Salaty.exe
F:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
F:\Program Files\anoooos\Internet Download Manager\IEMonitor.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Nawras Internet-E220\Nawras Internet-E220\Mobile Connect.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\WINDOWS\explorer.exe
F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
F:\Documents and Settings\Ahmed\My Documents\Downloads\Programs\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - F:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - F:\Program Files\anoooos\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - F:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - F:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - F:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [USB Antivirus] F:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [IDMan] F:\Program Files\anoooos\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Ela-Salaty.lnk = F:\Program Files\Ela-Salaty\Salaty.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Server4PC.lnk = F:\Program Files\TechniSat DVB\bin\Server4PC.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: "إضافة إلى حاجب الدعايات" - F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - F:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - F:\Program Files\anoooos\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - F:\Program Files\anoooos\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - F:\Program Files\anoooos\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Ashampoo AntiSpyWare 2 Service (AASW2_Service) - Unknown owner - F:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - F:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - F:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Unknown owner - F:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - F:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - F:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - F:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 6824 bytes

 

[MAAX]

حدد القيم التالية واحذفها

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - F:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - F:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

طريقة الحذف

​

​

بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود​

ثم نزل هذه الاداة واتبع الشرح التالي​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التوافق : ويندوز اكسبيفقط ​

شرح الاستخدام ,,,,,,
دبل كلك على الاداة واصبر حتى تنتهي جميع النوافذ وتقف عند هذه النافذة​

​

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))​

 

[الشيزاوي1]

شكررررررررررررا صديقي بجربه الان