.. مشكله في تصفح اكسبلورر..

جنة · 20 يونيو 2009

السلام عليكم ورحمة الله وبركاته
اعاني من مشكله في تصفح انترنت اكسبلورر بحيث انه ما يتصفح معاي
ونوع الويندوز عندي فيستا بيسك مع العلم كان يتصفح معاي اول ما اخذت الجهاز
واليوم بس ما يتصفح معاي وفتحت على الفايروفوكس بس ما يفتح معاي الماسنجر
وهذا الا يطلع معاي اذا جيت بفتح المسن عندي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وبعد ما اسوي اصلاح يطلع لي هذا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وتطلع لي لمن اضغط موافق هذة الصورة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

فأتمنى منكم اخواني افادتي بهذا الشي

واكون لكم من الشاكرين
سلااااام

®الإعصار® · 20 يونيو 2009

اعتقد المشكله بالانترنت او الشركه لديك ولكن قبل ذلك هل ثبت مؤخرا برنامج حمايه
قم بإقفاله ووافنا بالنتائج طبعا ان كانت الاجابه نعم

جنة · 20 يونيو 2009

شبكة الانترنت الكل مشترك فيها وكلهم يتصفح عندهم عادي
والبرنامج الفايروسات صاري زمن من ثبته حاول كذا شهرين اول ثلاثه
سلااااام

®الإعصار® · 20 يونيو 2009

كرما ارفاق تقرير هيجاك
واستخدمي التالي

اداة لاصلاح الاكسبلورر

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

جنة · 20 يونيو 2009

اخوي كيف ارفق تقرير الهيجك
واني مكا عندي الاداة وحاولت اثبت الاده الا عطيتني وياها
يقول فشل في التثبيت
سلاااااام

®الإعصار® · 20 يونيو 2009

ما عليه لو تراجعي صفحات وشروط المنتدى تجدي الهيجاك
عموما

حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم

جنة · 20 يونيو 2009

طيب اخوي هذا هو التقرير

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:03:22 م, on 20/06/09
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\TechSmith\Snagit 9\TSCHelp.exe
C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
C:\Program Files\TechSmith\Snagit 9\snagiteditor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Jugsthe] "C:\ProgramData\hold remote remote.oogsy"
O4 - HKCU\..\Run: [vc log bows face] "C:\ProgramData\bore view date.x9h9zas"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
O4 - HKCU\..\Run: [{9D71D88C-C598-4935-C5D1-43AA4DB90836}] C:\Users\C-gate systems\AppData\Roaming\Bifrost\server.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Snagit 9.lnk = C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe

--
End of file - 8043 bytes

ما عليش خيي بتعبك معاي واجد
سلاااام

®الإعصار® · 20 يونيو 2009

اغلق الحمايه لديك
ثم

حمل الاداة التالية واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي

انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
مع ارفاق تقرير هيجاك جديد

جنة · 20 يونيو 2009

هلا خوي هذا هو الفحص بهذة بالاداه الا عطيتني وياه

ComboFix 09-06-19.01 - C-gate systems 06/20/2009 20:33.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1256.966.1025.18.2039.833 [GMT 3:00]
Running from: c:\users\C-gate systems\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\C-gate systems\AppData\Roaming\addons.dat
D:\Autorun.inf
D:\Desktop.ini

.
((((((((((((((((((((((((( Files Created from 2009-05-20 to 2009-06-20 )))))))))))))))))))))))))))))))
.

2009-06-20 15:02 . 2009-06-20 15:02 -------- d-----w- c:\program files\Trend Micro
2009-06-12 21:55 . 2009-06-12 22:07 -------- d-----w- c:\users\C-gate systems\AppData\Local\Microsoft Games
2009-06-11 14:08 . 2009-06-11 14:08 -------- d-----w- c:\users\C-gate systems\AppData\Roaming\Bifrost
2009-06-11 14:08 . 2009-05-23 12:20 44925 ----a-w- c:\users\C-gate systems\AppData\Roaming\Bifrost\server.exe
2009-06-10 06:36 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-10 06:36 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-06-10 06:36 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-08 15:03 . 2009-06-08 17:43 -------- d-----w- c:\program files\Windows Live Safety Center
2009-06-08 14:46 . 2009-06-08 14:46 552 ----a-w- c:\users\C-gate systems\AppData\Local\d3d8caps.dat
2009-06-08 08:27 . 2009-06-08 08:28 -------- d-----w- c:\users\C-gate systems\AppData\Local\Adobe
2009-05-27 18:06 . 2009-05-27 18:08 -------- d-----w- c:\users\C-gate systems\AppData\Roaming\Darwin
2009-05-27 18:05 . 2009-05-27 18:05 -------- d-----w- c:\program files\Darwin the Monkey
2009-05-26 12:34 . 2009-05-26 12:34 -------- d-----w- c:\users\C-gate systems\AppData\Roaming\Uniblue
2009-05-26 12:34 . 2008-12-22 08:23 2567629 -c--a-w- c:\programdata\{92E7A367-8E12-4830-AA70-29C32E331A81}\Uniblue RegistryBooster.exe
2009-05-26 12:34 . 2009-05-26 12:34 -------- d-----w- c:\program files\Uniblue
2009-05-26 12:34 . 2008-08-26 16:48 99624 -c--a-w- c:\programdata\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\7390E4F0\6383BC9B\StartRegistryBooster.exe
2009-05-26 12:34 . 2008-08-26 16:48 757760 -c--a-w- c:\programdata\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\2B86F085\6383BC9B\UBVarRB.dll
2009-05-26 12:34 . 2008-08-26 16:48 6676480 -c--a-w- c:\programdata\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\4E45A1A4\6383BC9B\RegistryBooster.dll
2009-05-26 12:34 . 2008-08-26 16:48 497496 -c--a-w- c:\programdata\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\AF01B0B\6383BC9B\XceedZip.dll
2009-05-26 12:34 . 2008-08-26 16:48 413696 -c--a-w- c:\programdata\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\52CD59C9\6383BC9B\update.dll
2009-05-26 12:34 . 2008-08-26 16:48 2019624 -c--a-w- c:\programdata\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\7CE1607E\6383BC9B\RegistryBooster.exe
2009-05-26 12:34 . 2008-08-26 16:48 111912 -c--a-w- c:\programdata\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\65B92A91\6383BC9B\KillRBProcess.exe
2009-05-26 12:34 . 2009-05-26 12:34 -------- dc-h--w- c:\programdata\{92E7A367-8E12-4830-AA70-29C32E331A81}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-20 17:37 . 2009-04-02 14:03 -------- d-----w- c:\users\C-gate systems\AppData\Roaming\DMCache
2009-06-20 07:26 . 2009-03-31 16:32 1356 ----a-w- c:\users\C-gate systems\AppData\Local\d3d9caps.dat
2009-06-20 07:24 . 2009-04-01 02:26 12 ----a-w- c:\windows\bthservsdp.dat
2009-06-10 16:21 . 2009-03-31 18:08 -------- d-----w- c:\users\C-gate systems\AppData\Roaming\uTorrent
2009-05-19 20:30 . 2009-04-02 14:03 -------- d-----w- c:\users\C-gate systems\AppData\Roaming\IDM
2009-05-15 08:54 . 2009-03-31 17:50 -------- d-----w- c:\program files\DivX
2009-05-15 08:54 . 2009-03-31 17:50 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-05-15 08:31 . 2009-05-15 08:31 -------- d-----w- c:\users\C-gate systems\AppData\Roaming\DivX
2009-05-14 09:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-04 22:27 . 2009-03-31 18:05 -------- d-----w- c:\programdata\avg8
2009-04-28 18:22 . 2009-04-28 18:17 -------- d-----w- c:\program files\XoftSpy
2009-04-25 12:44 . 2009-03-31 17:36 -------- d-----w- c:\program files\The KMPlayer
2009-04-24 16:05 . 2009-06-10 06:35 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-06-10 06:35 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 13:44 . 2009-06-10 06:35 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-24 13:10 . 2009-04-24 13:10 -------- d-----w- c:\users\C-gate systems\AppData\Roaming\Thinstall
2009-04-03 19:07 . 2009-04-03 19:07 198064 ----a-w- c:\users\C-gate systems\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
2009-04-03 19:05 . 2009-04-03 19:05 6408 ----a-w- c:\program files\un_Internet Download Manager_16575.txt
2009-04-03 08:21 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-04-02 15:25 . 2009-03-31 16:32 618504 ----a-w- c:\users\C-gate systems\AppData\Local\GDIPFONTCACHEV1.DAT
2009-03-31 18:22 . 2009-03-31 18:22 41018 ----a-w- c:\windows\inf\PERFLIB\0401\perfd.dat
2009-03-31 18:22 . 2009-03-31 18:22 285290 ----a-w- c:\windows\inf\PERFLIB\0401\perfi.dat
2009-03-31 18:22 . 2009-03-31 18:22 285290 ----a-w- c:\windows\inf\PERFLIB\0401\perfh.dat
2009-03-31 18:22 . 2009-03-31 18:22 41018 ----a-w- c:\windows\inf\PERFLIB\0401\perfc.dat
2009-03-31 17:46 . 2009-03-31 17:46 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-03-31 17:33 . 2009-03-31 17:33 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-03-31 17:33 . 2009-03-31 17:33 172032 ------w- c:\windows\Setup1.exe
2008-09-28 19:00 . 2009-04-03 19:05 439440 ----a-w- c:\program files\un_Internet Download Manager_16575.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jugsthe"="c:\programdata\hold remote remote.oogsy" [X]
"vc log bows face"="c:\programdata\bore view date.x9h9zas" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-08-16 5728112]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2008-01-17 816368]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-04-03 2794928]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Uniblue RegistryBooster 2009"="c:\program files\uniblue\registrybooster\StartRegistryBooster.exe" [2008-08-26 99624]
"{9D71D88C-C598-4935-C5D1-43AA4DB90836}"="c:\users\C-gate systems\AppData\Roaming\Bifrost\server.exe" [2009-05-23 44925]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-10-17 1097728]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-11 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-11 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-11 133912]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-02 163840]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-31 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

c:\users\C-gate systems\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-2 113664]
Snagit 9.lnk - c:\program files\TechSmith\Snagit 9\Snagit32.exe [2008-11-6 7217480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CD7DA760-FA9F-4B81-8020-99503162EFA0}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{E775E28A-B969-415A-8D67-65057B7E1089}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{6144EE2E-F84D-4749-A8D0-53C965336F98}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{4D2B8D5B-494C-4EE4-8783-B9C455BA292F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{25487540-5311-44AA-B0D0-715405AD6465}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{AA02926D-27DE-4CBB-B890-EF50EE05B0D8}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7E83179E-63CC-4DB3-A38B-1339C4558DB2}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{69640816-50E0-47C3-BF81-310FD1ABC33B}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [02/04/09 07:21 م 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [02/04/09 07:21 م 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [02/04/09 07:21 م 51792]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [05/01/07 03:00 ص 18944]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [21/01/08 05:32 ص 179712]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder

2009-04-28 c:\windows\Tasks\XoftSpy.job
- c:\program files\XoftSpy\XoftSpy.exe [2007-04-26 11:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://wwwgoogle.com/
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = local;<local>
uInternet Settings,ProxyServer = 127.0.0.1:9666
IE: ?&???? ??? Microsoft Excel
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
FF - ProfilePath - c:\users\C-gate systems\AppData\Roaming\Mozilla\Firefox\Profiles\u5oyytea.default\
FF - component: c:\users\C-gate systems\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-06-20 20:37
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-586248421-1140146957-1222424959-1000_Classes\CLSID\{62312878-f7ce-4438-98b3-22cc6eff3ec1}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000009d
"Therad"=dword:0000000a
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d,
df,1c,2f,3b,8a,0a,32,11,89,01,b5,5e,90,9f,aa,95,3d,f0,4f,9e,c0,39,22,20,8f,\

[HKEY_USERS\S-1-5-21-586248421-1140146957-1222424959-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):dd,ed,c6,0a,3b,1a,da,57,11,ec,8c,ab,6e,9c,86,d5,47,8f,6e,b4,cd,
7b,cd,70,45,c2,6e,e1,e3,db,0a,e5,0d,3f,2e,1a,28,c5,e6,96,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2009-06-20 20:38
ComboFix-quarantined-files.txt 2009-06-20 17:38

Pre-Run: 102,769,717,248 bytes free
Post-Run: 102,738,771,968 bytes free

180 --- E O F --- 2009-06-19 08:03

::::::::::::::::::

وهذا تقرير الهيجاك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:03:22 م, on 20/06/09
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\TechSmith\Snagit 9\TSCHelp.exe
C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
C:\Program Files\TechSmith\Snagit 9\snagiteditor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Jugsthe] "C:\ProgramData\hold remote remote.oogsy"
O4 - HKCU\..\Run: [vc log bows face] "C:\ProgramData\bore view date.x9h9zas"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
O4 - HKCU\..\Run: [{9D71D88C-C598-4935-C5D1-43AA4DB90836}] C:\Users\C-gate systems\AppData\Roaming\Bifrost\server.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Snagit 9.lnk = C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe

--
End of file - 8043 bytes

ومشكور اخوي تعبتك معاي
سلااااام

جنة · 20 يونيو 2009

مشكور اخوي تعبتك معاي
لو ما وقفتك معاي مارجع انتر اكسبلورر يتصفح معاي
عساني اخدمك في الافراح ان شاء الله
في ميزان اعمالك يارب ربي يوفقك دنيا واخر
سلااااام

.. مشكله في تصفح اكسبلورر..

جنة

زيزوومي جديد

®الإعصار®

زيزوومى محترف

توقيع : ®الإعصار®

جنة

زيزوومي جديد

®الإعصار®

زيزوومى محترف

توقيع : ®الإعصار®

جنة

زيزوومي جديد

®الإعصار®

زيزوومى محترف

توقيع : ®الإعصار®

جنة

زيزوومي جديد

®الإعصار®

زيزوومى محترف

توقيع : ®الإعصار®

جنة

زيزوومي جديد

جنة

زيزوومي جديد

NTLite Business 2025.8.10552 X64