نافذه غريبه عند فتح المواقع,.,}

[Rahaf]

السلام عليكم ورحمة الله وبركاته
اخواني اعضاء منتدى زيزوووم
لدي مشكله اثناء فتح اي موقع وهي ظهور هذه النافذه
مما يصعب عليّ فتح اقسام المنتدى وبالتالي مشكله في التصفح:er:
وهذه هي النافذه التي ذكرتها لكم

ارجو منكم الحل

دمتم بكل الح ــب

 

[Corporation]

حيآكِ الله ,,

ما هو أصدآر المتصفح لديكي ,,

طبقي التالي ,,


حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
​

 

[سامى عبد الفتاح]

افضل حل نزل برنامج الفايرفوكس افضل برنامج للتصفح وطبعا كما يعرف الكثيرون متصفح الويندوز دائما اخطاء كثييرة

 

[الديبلوماسي]

أختي رهف :

وش هو النظام اللي مثبت على جهازك ؟؟

والاكسبلورر كانه الاصدار الرابع ؟؟

 

[Rahaf]

يعطيكم العافيه اخواني على المساعده
النظام ويندوز اكس بي .. والاكسبلورر لسادس

وهذا التقرير

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:47:29 م, on 18/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\@\سطح المكتب\Zyzoom_HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: TBSB01923 - {7FF4E31C-74EB-433D-A8AA-A12A99521674} - C:\Program Files\IEToolbar\Sahate Toolbar\sahate.dll
O3 - Toolbar: Sahate Toolbar - {1A295E8E-E51B-42CE-81B2-B73614F0FCD2} - C:\Program Files\IEToolbar\Sahate Toolbar\sahate.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Pegtop Uninstall] cmd /c del C:\WINDOWS\Temp\PegtopUninstall.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [save second] C:\DOCUME~1\@\APPLIC~1\GRIMAU~1\Upload Coal Bore.exe
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Sahate Toolbar - {1A295E8E-E51B-42CE-81B2-B73614F0FCD2} - C:\Program Files\IEToolbar\Sahate Toolbar\sahate.dll
O9 - Extra 'Tools' menuitem: Sahate Toolbar - {1A295E8E-E51B-42CE-81B2-B73614F0FCD2} - C:\Program Files\IEToolbar\Sahate Toolbar\sahate.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINDOWS\system32\DRIVERS\xaudio.exe
--
End of file - 5141 bytes


​

 

[Rahaf]

Up

 

[MAAX]

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة

 

[Rahaf]

اخوي ماكس حملت الاداه
وهذا التقرير اللي طلعلي
ComboFix 09-04-19.01 - @ 04/18/2009 22:46.1 - NTFSx86
Running from: c:\documents and settings\@\سطح المكتب\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\@\LOCALS~1\ocd.cum
c:\program files\IEToolbar
c:\program files\IEToolbar\Sahate Toolbar\ARROW1.CUR
c:\program files\IEToolbar\Sahate Toolbar\basis.xml
c:\program files\IEToolbar\Sahate Toolbar\clearhist.exe
c:\program files\IEToolbar\Sahate Toolbar\DRAGFOLD.CUR
c:\program files\IEToolbar\Sahate Toolbar\favicon.ico
c:\program files\IEToolbar\Sahate Toolbar\help.html
c:\program files\IEToolbar\Sahate Toolbar\icons.bmp
c:\program files\IEToolbar\Sahate Toolbar\icons.bmp_16.bmp
c:\program files\IEToolbar\Sahate Toolbar\icons.bmp_24.bmp
c:\program files\IEToolbar\Sahate Toolbar\icons.bmp_32.bmp
c:\program files\IEToolbar\Sahate Toolbar\ijl15.dll
c:\program files\IEToolbar\Sahate Toolbar\info.txt
c:\program files\IEToolbar\Sahate Toolbar\logo.bmp
c:\program files\IEToolbar\Sahate Toolbar\logo.png
c:\program files\IEToolbar\Sahate Toolbar\mini_logo1.bmp
c:\program files\IEToolbar\Sahate Toolbar\options.html
c:\program files\IEToolbar\Sahate Toolbar\sahaPen21.exe
c:\program files\IEToolbar\Sahate Toolbar\sahate.crc
c:\program files\IEToolbar\Sahate Toolbar\sahate.dll
c:\program files\IEToolbar\Sahate Toolbar\tbhelper.dll
c:\program files\IEToolbar\Sahate Toolbar\tbs_include_script_013267.js
c:\program files\IEToolbar\Sahate Toolbar\uninstall.exe
c:\program files\IEToolbar\Sahate Toolbar\update.exe
c:\program files\IEToolbar\Sahate Toolbar\version.txt
c:\program files\IEToolbar\Sahate Toolbar\websave_plugin.dll
c:\program files\IEToolbar\Sahate Toolbar\your_logo.png
c:\windows\IE4 Error Log.txt
c:\windows\system32\x64

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FCI
-------\Service_FCI


((((((((((((((((((((((((( Files Created from 2009-03-18 to 2009-04-18 )))))))))))))))))))))))))))))))
.

2009-04-18 18:23 . 2009-04-18 18:23 0 ----a-w c:\windows\nsreg.dat
2009-04-18 18:23 . 2009-04-18 18:23 -------- d-----w c:\documents and settings\@\Application Data\Mozilla
2009-04-18 18:23 . 2009-04-18 18:23 -------- d-----w c:\documents and settings\@\Local Settings\Application Data\Mozilla
2009-04-16 08:35 . 2009-04-16 08:35 54156 ---ha-w c:\windows\QTFont.qfn
2009-04-16 08:35 . 2009-04-16 08:35 1409 ----a-w c:\windows\QTFont.for
2009-04-13 15:02 . 2009-04-13 15:02 252 ----a-w C:\g88938h.exe
2009-04-12 17:00 . 2009-04-12 17:00 268 ---ha-w C:\sqmdata06.sqm
2009-04-12 17:00 . 2009-04-12 17:00 244 ---ha-w C:\sqmnoopt06.sqm
2009-04-12 16:35 . 2009-04-12 16:35 268 ---ha-w C:\sqmdata05.sqm
2009-04-12 16:35 . 2009-04-12 16:35 244 ---ha-w C:\sqmnoopt05.sqm
2009-04-10 08:06 . 2009-04-10 08:06 -------- d-----w c:\documents and settings\@\Application Data\Pegtop
2009-04-03 22:35 . 2005-11-25 19:46 421888 ----a-w c:\windows\system32\RealMediaSplitter.ax
2009-04-03 22:35 . 2004-04-30 18:46 28672 ----a-w c:\windows\system32\t3odm.dll
2009-04-03 22:35 . 2003-05-20 22:10 210432 ----a-w c:\windows\system32\mpgdec.ax
2009-04-03 22:35 . 2003-05-12 17:25 503808 ----a-w c:\windows\system32\mpeg2dmx.ax
2009-04-03 22:35 . 2001-08-18 17:00 262144 ----a-w c:\windows\system32\mpg4ds32.axu
2009-04-03 18:24 . 2009-04-03 18:24 252 ----a-w C:\q10935w.exe
2009-04-02 16:11 . 2004-03-29 12:23 90112 ----a-w c:\windows\unvise32.exe
2009-04-02 15:07 . 2009-04-02 15:07 2101 ----a-w C:\nkvgw.exe
2009-04-02 15:07 . 2009-04-02 15:07 2104 ----a-w C:\nsmbo.exe
2009-04-02 15:07 . 2009-04-02 15:07 2103 ----a-w C:\rkgr.exe
2009-04-02 15:07 . 2009-04-02 15:07 2103 ----a-w C:\cueuaeby.exe
2009-04-02 15:07 . 2009-04-02 15:07 2104 ----a-w C:\yqgyegi.exe
2009-04-02 15:07 . 2009-04-02 15:07 2104 ----a-w C:\cxrcqnhj.exe
2009-03-28 12:24 . 2009-04-09 14:02 2240 ----a-w c:\windows\system32\esnecil.ind
2009-03-28 12:24 . 2009-03-28 12:52 2240 ----a-w c:\windows\system32\esnecil.nlp
2009-03-28 12:22 . 2009-03-28 12:22 43 ----a-w c:\windows\Crypkey.ini
2009-03-28 12:22 . 2002-10-25 02:17 65536 ----a-w c:\windows\system32\Crypserv.exe
2009-03-28 12:22 . 1999-06-18 21:49 165888 ----a-w c:\windows\Ckconfig.exe
2009-03-28 12:22 . 1996-05-03 17:21 27648 ----a-r c:\windows\Setup_ck.exe
2009-03-28 12:22 . 1996-05-03 15:36 18432 ----a-w c:\windows\Setup_ck.dll
2009-03-28 12:22 . 1995-07-04 18:33 11776 ----a-w c:\windows\Ckrfresh.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-18 18:18 . 2001-09-19 12:00 41274 ----a-w c:\windows\system32\perfc001.dat
2009-04-18 18:18 . 2001-09-19 12:00 254594 ----a-w c:\windows\system32\perfh001.dat
2009-04-18 11:21 . 2009-01-17 01:11 -------- d-----w c:\program files\Google
2009-04-12 16:38 . 2009-04-12 16:38 -------- d-----w c:\program files\Avira
2009-04-12 16:38 . 2009-01-27 18:24 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-04-10 22:33 . 2009-01-16 16:49 144312 ----a-w c:\documents and settings\@\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-10 08:05 . 2009-04-10 08:05 -------- d-----w c:\program files\Pegtop
2009-04-09 14:02 . 2009-03-28 12:21 -------- d-----w c:\program files\Kelk 2000
2009-04-03 22:53 . 2009-04-03 22:53 -------- d-----w c:\program files\Common Files\xing shared
2009-04-03 22:53 . 2009-01-17 01:11 -------- d-----w c:\program files\Common Files\Real
2009-04-03 22:52 . 2009-02-20 16:59 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-04-03 22:52 . 2009-02-20 16:59 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-03 22:49 . 2009-01-18 15:12 -------- d-----w c:\program files\Real Alternative
2009-04-02 16:39 . 2009-04-02 16:39 -------- d-----w c:\program files\SWiSHmax
2009-04-02 15:07 . 2004-08-03 21:56 14336 ----a-w c:\windows\system32\svchost.exe
2009-03-15 21:20 . 2009-03-15 21:20 252 ----a-w C:\f52727q.exe
2009-02-23 13:58 . 2009-01-16 19:50 -------- d-----w c:\program files\Circle Developement
2009-02-20 16:59 . 2009-01-17 01:11 -------- d-----w c:\program files\Real
2009-02-19 17:07 . 2009-02-17 06:12 -------- d-----w c:\program files\AVI-GIF
2009-02-18 17:32 . 2009-02-18 17:32 41262 ----a-w C:\دم.bmp
2009-02-16 00:51 . 2009-02-16 00:51 2232 ----a-w c:\windows\java\Packages\Data\FBRTNP7L.DAT
2009-02-16 00:51 . 2009-02-16 00:51 155995 ----a-w c:\windows\java\Packages\BHZ5BJBF.ZIP
2009-02-16 00:51 . 2009-02-16 00:51 2678 ----a-w c:\windows\java\Packages\Data\OSKX7B5F.DAT
2009-02-16 00:51 . 2009-02-16 00:51 2678 ----a-w c:\windows\java\Packages\Data\I2RBHVL7.DAT
2009-02-16 00:51 . 2009-02-16 00:51 2678 ----a-w c:\windows\java\Packages\Data\CC5B3ZF3.DAT
2009-02-16 00:51 . 2009-02-16 00:51 2678 ----a-w c:\windows\java\Packages\Data\4NR3DNZV.DAT
2009-02-16 00:51 . 2009-02-16 00:51 2678 ----a-w c:\windows\java\Packages\Data\13BXFRRJ.DAT
2009-02-15 12:19 . 2009-02-15 12:19 268 ---ha-w C:\sqmdata04.sqm
2009-02-15 12:19 . 2009-02-15 12:19 244 ---ha-w C:\sqmnoopt04.sqm
2009-02-07 20:59 . 2009-02-07 20:59 252 ----a-w C:\f56414e.exe
2009-02-05 20:13 . 2009-02-05 20:13 252 ----a-w C:\f21060e.exe
2009-01-31 19:34 . 2009-01-31 19:34 268 ---ha-w C:\sqmdata03.sqm
2009-01-31 19:34 . 2009-01-31 19:34 244 ---ha-w C:\sqmnoopt03.sqm
2009-01-31 12:43 . 2009-01-31 12:43 268 ---ha-w C:\sqmdata02.sqm
2009-01-31 12:43 . 2009-01-31 12:43 244 ---ha-w C:\sqmnoopt02.sqm
2009-01-31 09:47 . 2009-01-31 09:47 268 ---ha-w C:\sqmdata01.sqm
2009-01-31 09:47 . 2009-01-31 09:47 244 ---ha-w C:\sqmnoopt01.sqm
2009-01-20 14:50 . 2009-01-20 14:50 216 ----a-w C:\INSTALL.LOG
2009-01-20 12:14 . 2009-01-20 12:08 172032 ------w c:\windows\Setup1.exe
2009-01-20 12:14 . 2009-01-20 12:08 73216 ----a-w c:\windows\ST6UNST.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-02-17 114688]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-27 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-27 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-27 137752]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-03 198160]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-02-26 16125440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-1-20 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ab85e5d-e6ec-11dd-86cf-001dd915df1b}]
\Shell\AutoRun\command - F:\bo1dhu.bat
\Shell\explore\Command - F:\bo1dhu.bat
\Shell\open\Command - F:\bo1dhu.bat
.
- - - - ORPHANS REMOVED - - - -

BHO-{7FF4E31C-74EB-433D-A8AA-A12A99521674} - c:\program files\IEToolbar\Sahate Toolbar\sahate.dll
Toolbar-{1A295E8E-E51B-42CE-81B2-B73614F0FCD2} - c:\program files\IEToolbar\Sahate Toolbar\sahate.dll
WebBrowser-{1A295E8E-E51B-42CE-81B2-B73614F0FCD2} - c:\program files\IEToolbar\Sahate Toolbar\sahate.dll
HKCU-Run-save second - c:\docume~1\@\APPLIC~1\GRIMAU~1\Upload Coal Bore.exe
HKCU-Run-cdoosoft - c:\windows\system32\olhrwef.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://myweb.saudi.net.sa/backup/
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{1A295E8E-E51B-42CE-81B2-B73614F0FCD2} - {1A295E8E-E51B-42CE-81B2-B73614F0FCD2} - c:\program files\IEToolbar\Sahate Toolbar\sahate.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\@\Application Data\Mozilla\Firefox\Profiles\1jcflsug.default\
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-04-18 22:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FCI]
"ImagePath"="c:\windows\system32\svchost.exe:ext.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FCI]
"ImagePath"="c:\windows\system32\svchost.exe:ext.exe"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\system32\Crypserv.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2009-04-18 22:56 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-18 19:55

Pre-Run: 30,445,072,384 bytes free
Post-Run: 30,976,065,536 bytes free

205

 

[Corporation]

ارفعي هايجاك جديد ,,