[تم حل المشكلة]جهازي يعلق ممكن المساعدة

[قمة جنوني]

السلام عليكم ....
بخش بالمشكله دوغري :


انا جهآزي يعلق شويآت

فــ حملت برنآمج مآدري ايش هو ..:d:

اسمه كذا ComboFix

عمل سكآن للجهآز وطلع تقرير هذا هو

ComboFix 09-05-26.05 - Almiya 05/26/2009 22:13.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.503.198 [GMT 3:00]
Running from: c:\documents and settings\Almiya\My Documents\الملفات المتلقاة\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\setup.exe
c:\windows\IE4 Error Log.txt
c:\windows\system32\setting.ini
c:\windows\system32\tmp.reg
D:\nq0cq.cmd
.
((((((((((((((((((((((((( Files Created from 2009-04-26 to 2009-05-26 )))))))))))))))))))))))))))))))
.
2009-05-26 00:33 . 2004-08-03 21:55 53760 ----a-w c:\windows\system32\vfwwdm32.dll
2009-05-26 00:33 . 2004-08-03 21:55 53760 ----a-w c:\windows\system32\dllcache\vfwwdm32.dll
2009-05-26 00:33 . 2004-08-03 20:10 78464 ----a-w c:\windows\system32\drivers\usbvideo.sys
2009-05-26 00:33 . 2004-08-03 20:10 78464 ----a-w c:\windows\system32\dllcache\usbvideo.sys
2009-05-26 00:33 . 2004-08-03 20:08 31616 ----a-w c:\windows\system32\drivers\usbccgp.sys
2009-05-26 00:33 . 2004-08-03 20:08 31616 ----a-w c:\windows\system32\dllcache\usbccgp.sys
2009-05-25 02:28 . 2009-05-25 02:28 -------- d-----w c:\program files\Pwndsoft
2009-05-25 02:24 . 2009-05-25 02:24 -------- d-----w c:\program files\Circle Deelopement
2009-05-25 02:02 . 2009-05-26 19:22 716800 ----a-w c:\documents and settings\All Users\Application Data\Memo Drive Vc Log\axis bike.exe
2009-05-25 02:02 . 2009-05-25 02:02 716800 ----a-w c:\documents and settings\Almiya\Application Data\More Base Save\brojtrcg.exe
2009-05-25 02:01 . 2009-05-25 02:01 -------- d-----w c:\program files\More Base Save
2009-05-25 01:59 . 2009-05-25 01:59 716800 ----a-w c:\documents and settings\Almiya\Application Data\More Base Save\snetwpsd.exe
2009-05-25 01:58 . 2009-05-25 01:57 58952 ----a-w c:\windows\system32\MsgPlusLoader.dll
2009-05-25 01:57 . 2009-05-25 01:57 -------- d-----w c:\program files\MessengerPlus! 3
2009-05-25 01:39 . 2009-05-25 01:39 -------- d-----w c:\documents and settings\Almiya\Local Settings\Application Data\PCHealth
2009-05-25 01:26 . 2009-05-25 01:26 -------- d-sh--w c:\program files\Common Files\WindowsLiveInstaller
2009-05-22 17:39 . 2009-05-22 17:39 761856 ----a-w c:\documents and settings\Almiya\Application Data\More Base Save\cibepcsv.exe
2009-05-22 17:38 . 2009-05-25 02:00 495616 ----a-w c:\documents and settings\Almiya\Application Data\More Base Save\SoftwareDog.exe
2009-05-16 14:13 . 2009-05-16 14:13 -------- d-sh--w C:\FOUND.025
2009-05-16 09:08 . 2009-05-16 09:08 -------- d-sh--w C:\FOUND.024
2009-05-14 10:08 . 2009-05-14 10:08 -------- d-----w c:\program files\ESET
2009-05-10 11:34 . 2009-05-10 11:34 -------- d-----w c:\documents and settings\Almiya\Application Data\INAC
2009-05-10 11:34 . 2009-05-10 11:34 -------- d-----w c:\documents and settings\All Users\Application Data\INAC
2009-05-10 11:29 . 2009-05-10 11:29 -------- d-----w C:\AllokMP3toAMRFolder
2009-05-09 16:45 . 2009-05-09 16:45 604416 ----a-w c:\windows\system32\TUProgSt.exe
2009-05-09 16:45 . 2009-05-09 16:45 -------- d-----w c:\documents and settings\Almiya\Application Data\TuneUp Software
2009-05-09 16:45 . 2009-05-09 16:45 -------- d-----w c:\program files\TuneUp Utilities 2009
2009-05-09 16:45 . 2009-05-09 16:45 -------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-05-09 16:44 . 2009-05-09 16:44 -------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-05-09 13:19 . 2009-05-09 13:19 -------- d-----w c:\program files\freeOT
2009-05-09 13:19 . 2003-01-26 10:41 40960 ----a-w c:\windows\system32\SSubTmr6.dll
2009-05-09 12:02 . 2009-05-09 12:02 -------- d-----w c:\documents and settings\Almiya\Local Settings\Application Data\WMTools Downloaded Files
2009-05-08 18:47 . 2009-05-08 18:47 -------- d-----w C:\BalotNet
2009-05-08 18:47 . 2007-02-15 00:32 81920 ----a-w c:\windows\system32\GkSui20.EXE
2009-05-08 18:47 . 1998-12-02 07:11 143360 ----a-w c:\windows\system32\fsuz.dll
2009-05-08 18:31 . 2009-05-08 18:31 749568 ----a-w c:\documents and settings\Almiya\Application Data\More Base Save\wryigamw.exe
2009-05-05 21:32 . 2009-05-05 21:32 -------- d-sh--w C:\FOUND.023
2009-05-04 03:12 . 2009-05-04 03:12 -------- d-sh--w C:\FOUND.022
2009-05-01 19:48 . 2009-05-01 19:48 -------- d-sh--w C:\FOUND.021
2009-04-29 04:21 . 2009-04-29 04:21 -------- d-sh--w C:\FOUND.020
2009-04-28 14:23 . 2002-02-18 07:23 15120 ----a-w c:\windows\system32\jdbgmgr.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-26 19:23 . 2009-03-01 15:09 67645 ----a-w c:\windows\system32\drivers\pshook11.sys
2009-05-26 19:18 . 2008-12-29 00:16 12 ----a-w c:\windows\bthservsdp.dat
2009-05-26 19:04 . 2009-01-16 15:40 3286 ----a-w c:\windows\system32\PerfStringBackup.TMP
2009-05-25 02:03 . 2008-12-26 05:19 315392 ----a-w c:\documents and settings\Almiya\Application Data\More Base Save\Audio Fast Grim 32.exe
2009-05-25 02:03 . 2009-02-26 05:09 328192 ----a-w c:\documents and settings\Almiya\Application Data\More Base Save\locks sect surf.exe
2009-05-25 00:31 . 2009-03-16 01:10 5680 ----a-w c:\windows\system32\drivers\psntkd20.sys
2009-05-11 06:54 . 2008-11-03 15:16 244344 ----a-w c:\documents and settings\Almiya\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-28 14:23 . 2009-04-28 14:23 2678 ----a-w c:\windows\java\Packages\Data\UE8G4DJL.DAT
2009-04-28 14:23 . 2009-04-28 14:23 2678 ----a-w c:\windows\java\Packages\Data\PJNHRPV5.DAT
2009-04-28 14:23 . 2009-04-28 14:23 2678 ----a-w c:\windows\java\Packages\Data\MPVF9V9R.DAT
2009-04-28 14:23 . 2009-04-28 14:23 2678 ----a-w c:\windows\java\Packages\Data\O4413FN1.DAT
2009-04-28 14:23 . 2009-04-28 14:23 2678 ----a-w c:\windows\java\Packages\Data\G1JB7FVV.DAT
2009-04-12 04:37 . 2009-04-12 04:37 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\SACore
2009-04-09 11:41 . 2009-04-09 11:41 -------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2009-04-09 02:19 . 2009-04-09 02:19 -------- d-----w c:\documents and settings\Almiya\Application Data\Apple Computer
2009-04-07 14:10 . 2009-04-07 14:10 -------- d-----w c:\documents and settings\Almiya\Application Data\Yahoo!
2009-04-07 14:06 . 2009-04-07 14:06 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-04-04 12:59 . 2009-04-04 12:59 69632 ----a-w c:\windows\system32\shter.exe
2009-04-04 12:35 . 2009-04-04 12:35 794624 ----a-w c:\documents and settings\Almiya\Application Data\More Base Save\yhnpsdsh.exe
2009-04-04 12:02 . 2009-04-04 12:02 761856 ----a-w c:\documents and settings\Almiya\Application Data\More Base Save\prcijdqi.exe
2009-04-04 09:09 . 2009-04-04 09:09 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-02 10:29 . 2009-04-02 10:29 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-04-02 10:29 . 2009-04-02 10:29 -------- d-----w c:\program files\Apple Software Update
2009-04-02 10:29 . 2009-04-02 10:29 -------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-04-02 10:07 . 2009-04-02 10:07 -------- d-----w c:\program files\QuickTime
2009-04-01 14:59 . 2009-02-28 22:55 7168 ----a-w C:\syntax.exe
2009-03-19 02:46 . 2008-11-03 16:41 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-03-19 02:46 . 2008-11-03 16:40 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-03-19 01:32 . 2009-03-19 01:32 390664 ----a-w c:\documents and settings\Almiya\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-03-16 02:38 . 2009-03-16 02:38 831488 ----a-w c:\documents and settings\Almiya\Application Data\More Base Save\xbittrfc.exe
2009-03-16 01:31 . 2009-03-16 01:31 808960 ----a-w c:\documents and settings\Almiya\Application Data\More Base Save\rjuaumid.exe
2009-03-15 12:52 . 2009-03-15 12:52 757760 ----a-w c:\documents and settings\Almiya\Application Data\More Base Save\jxhvkyxf.exe
2009-03-15 00:36 . 2009-03-15 00:36 839680 ----a-w c:\documents and settings\Almiya\Application Data\More Base Save\ojbupell.exe
2009-03-14 11:02 . 2009-03-14 11:02 819200 ----a-w c:\documents and settings\Almiya\Application Data\More Base Save\fnvoolci.exe
2009-03-14 06:50 . 2009-03-14 06:50 823296 ----a-w c:\documents and settings\Almiya\Application Data\More Base Save\ekyxwzdv.exe
2009-03-14 00:37 . 2009-03-14 00:37 790528 ----a-w c:\documents and settings\Almiya\Application Data\More Base Save\krxhlmdy.exe
2009-03-13 12:42 . 2009-03-13 12:42 811008 ----a-w c:\documents and settings\Almiya\Application Data\More Base Save\xlmsjyhb.exe
2009-03-12 20:10 . 2009-03-12 20:10 987136 ----a-w c:\documents and settings\Almiya\Application Data\More Base Save\rsmyrvlu.exe
2009-03-12 18:01 . 2009-02-03 02:34 782336 ----a-w c:\documents and settings\All Users\Application Data\Memo Drive Vc Log\file kind.exe
2009-03-12 18:00 . 2009-01-30 03:41 835584 ----a-w c:\documents and settings\All Users\Application Data\Memo Drive Vc Log\BIND TOOL.exe
2009-03-12 17:58 . 2009-01-01 14:39 204800 ----a-w c:\documents and settings\Almiya\Application Data\GRETECH\GomPlayer\GrLauncherTempSetup.exe
2009-03-12 17:58 . 2009-01-01 14:39 126464 ----a-w c:\documents and settings\Almiya\Application Data\GRETECH\GomPlayer\GrLauncher.exe
2009-03-12 17:01 . 2009-02-23 21:40 823296 ----a-w c:\documents and settings\Almiya\Application Data\More Base Save\kjxwzdnd.exe
2009-03-12 17:00 . 2009-02-18 11:31 827392 ----a-w c:\documents and settings\Almiya\Application Data\More Base Save\owsvoule.exe
2009-03-12 16:58 . 2009-02-16 20:48 798720 ----a-w c:\documents and settings\Almiya\Application Data\More Base Save\yjmhznej.exe
2009-03-12 16:57 . 2009-02-04 03:08 794624 ----a-w c:\documents and settings\Almiya\Application Data\More Base Save\zguwjhpt.exe
2009-03-12 16:56 . 2009-02-03 02:34 782336 ----a-w c:\documents and settings\Almiya\Application Data\More Base Save\jajhrpxz.exe
2009-03-12 16:55 . 2009-02-02 20:39 724992 ----a-w c:\documents and settings\Almiya\Application Data\More Base Save\manazirb.exe
2009-03-12 08:25 . 2009-03-12 08:25 840192 ----a-w c:\documents and settings\Almiya\Application Data\More Base Save\bmspmghw.exe
2009-03-11 07:31 . 2009-03-11 07:31 745472 ----a-w c:\documents and settings\Almiya\Application Data\More Base Save\qepautpd.exe
2009-03-11 05:33 . 2009-03-11 05:33 737280 ----a-w c:\documents and settings\Almiya\Application Data\More Base Save\aofkdxzb.exe
2009-03-06 14:44 . 2004-08-03 18:55 282624 ----a-w c:\windows\system32\pdh.dll
2009-03-04 05:35 . 2009-03-04 05:35 806912 ----a-w c:\documents and settings\Almiya\Application Data\More Base Save\wxgtdjpk.exe
2009-03-03 00:49 . 2009-03-03 00:49 770048 ----a-w c:\documents and settings\Almiya\Application Data\More Base Save\luffnwog.exe
2009-03-02 22:01 . 2009-03-02 22:01 729088 ----a-w c:\documents and settings\Almiya\Application Data\More Base Save\vzkrxvfw.exe
2009-03-02 14:12 . 2009-03-02 14:12 786432 ----a-w c:\documents and settings\Almiya\Application Data\More Base Save\eunsejtm.exe
2009-03-01 23:26 . 2009-03-01 23:26 770048 ----a-w c:\documents and settings\Almiya\Application Data\More Base Save\qhxhoqen.exe
2009-03-01 12:29 . 2009-03-01 12:29 180736 ----a-w C:\Optix_ScreenCapS.dll
2009-02-28 09:10 . 2009-01-30 03:41 835584 ----a-w c:\documents and settings\Almiya\Application Data\More Base Save\yhduvjuc.exe
2009-02-28 09:05 . 2009-01-15 00:18 25600 ----a-w c:\documents and settings\Almiya\Application Data\IDM\DwnlData\Almiya\SmitfraudFix_118\SmitfraudFix\WS2Fix.exe
2009-02-28 09:04 . 2009-01-15 00:18 167936 ----a-w c:\documents and settings\Almiya\Application Data\IDM\DwnlData\Almiya\SmitfraudFix_118\SmitfraudFix\unzip.exe
2009-02-28 09:04 . 2009-01-15 00:18 77312 ----a-w c:\documents and settings\Almiya\Application Data\IDM\DwnlData\Almiya\SmitfraudFix_118\SmitfraudFix\UIFix.exe
2009-02-28 09:04 . 2009-01-15 00:18 20480 ----a-w c:\documents and settings\Almiya\Application Data\IDM\DwnlData\Almiya\SmitfraudFix_118\SmitfraudFix\SmiUpdate.exe
2009-02-28 09:04 . 2009-01-15 00:18 24576 ----a-w c:\documents and settings\Almiya\Application Data\IDM\DwnlData\Almiya\SmitfraudFix_118\SmitfraudFix\Reboot.exe
2009-02-28 09:03 . 2009-01-15 00:18 53248 ----a-w c:\documents and settings\Almiya\Application Data\IDM\DwnlData\Almiya\SmitfraudFix_118\SmitfraudFix\Process.exe
2009-02-28 09:03 . 2009-01-09 14:33 83872 ----a-w c:\documents and settings\Almiya\Application Data\IDM\DwnlData\Almiya\install_flash_player_87\install_flash_player.exe
2009-02-27 10:13 . 2006-06-06 07:09 94208 ----a-w c:\windows\system32\igfxtray.exe
2009-02-27 10:12 . 2001-09-19 09:00 25600 ----a-w c:\windows\system32\format.com
2009-02-27 03:45 . 2009-02-27 03:45 757760 ----a-w c:\documents and settings\Almiya\Application Data\More Base Save\cvppryrs.exe
2009-02-27 03:43 . 2009-02-27 03:43 757760 ----a-w c:\documents and settings\Almiya\Application Data\More Base Save\ygxlskmm.exe
2009-02-26 05:07 . 2009-02-26 05:07 815104 ----a-w c:\documents and settings\Almiya\Application Data\More Base Save\iurpgcmj.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"hope dead"="c:\docume~1\Almiya\APPLIC~1\MOREBA~1\SoftwareDog.exe" [2009-05-25 495616]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-06 118784]
"SWN2"="c:\program files\Spyware Nuker\swnxt.exe" [2006-06-09 4060160]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-19 198160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-04-02 413696]
"shter.exe"="c:\windows\system32\shter.exe" [2009-04-04 69632]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-05-14 30192]
"vc log bows face"="c:\documents and settings\All Users\Application Data\Memo Drive Vc Log\axis bike.exe" [2009-05-26 716800]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-03 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
SnagIt 8.lnk - c:\program files\TechSmith\SnagIt 8\SnagIt32.exe [2007-5-1 6395464]
jpg1.exe [2009-3-31 7168]
Optix_ScreenCapS.dll [2009-4-29 180736]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WLLoginProxy.exe"=
"c:\\Program Files\\TechSmith\\SnagIt 9\\SnagIt32.exe"=
"c:\\Program Files\\TechSmith\\SnagIt 9\\snagiteditor.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Calibration\\Adobe Gamma Loader.exe"=
"c:\\Program Files\\TechSmith\\SnagIt 9\\SnagPriv.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"=
"c:\\Program Files\\F-Secure Internet Security\\Common\\FSM32.EXE"=
"c:\\Program Files\\TechSmith\\SnagIt 9\\TSCHelp.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\Source Engine\\OSE.EXE"=
"c:\\WINDOWS\\system32\\WISPTIS.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"c:\\DOCUME~1\\Almiya\\APPLIC~1\\MOREBA~1\\SoftwareDog.exe"=
"c:\\Program Files\\Sunbelt Software\\VIPRE\\Patch.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [28/12/2008 08:42 ص 79904]
R2 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure Internet Security\Anti-Virus\win2k\fsfilter.sys [28/12/2008 08:14 ص 39776]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure Internet Security\Anti-Virus\win2k\fsgk.sys [28/12/2008 08:14 ص 62176]
R2 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure Internet Security\Anti-Virus\win2k\fsrec.sys [28/12/2008 08:14 ص 25184]
S3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\ensigo.sys --> c:\windows\system32\drivers\ensigo.sys [?]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure Internet Security\ORSP Client\fsorsp.exe [28/12/2008 08:17 ص 55904]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [14/05/2009 11:39 ص 30192]
S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
--- Other Services/Drivers In Memory ---
*Deregistered* - AxPsHook11
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E2157EBD-65B5-D0E4-B87B-3FB89B1E1A73}]
c:\windows\system32\shter.exe
.
Contents of the 'Scheduled Tasks' folder
2009-05-26 c:\windows\Tasks\A3A4190391AF8BB3.job
- c:\docume~1\almiya\applic~1\moreba~1\locks sect surf.exe [2009-02-26 02:03]
2009-05-26 c:\windows\Tasks\User_Feed_Synchronization-{B9DFA035-FEB3-4C81-93B4-8EC1E480120E}.job
- c:\windows\system32\msfeedssync.exe [2009-01-14 23:01]
2009-05-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 09:34]
2009-05-26 c:\windows\Tasks\User_Feed_Synchronization-{A231C429-0EF2-4145-B7AA-33BA870149F1}.job
- c:\windows\system32\msfeedssync.exe [2009-01-14 23:01]
.
- - - - ORPHANS REMOVED - - - -
HKU-Default-Run-Yahoo Messengger - c:\windows\system32\RVHOST.exe
SafeBoot-procexp90.Sys

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\IEPro\iepro.dll
LSP: c:\program files\F-Secure Internet Security\FSPS\program\FSLSP.DLL
DPF: Microsoft XML Parser for Java -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

DPF: {7253A666-804A-1107-A4DC-00E04C504781} - hxxp://66.228.123.202/bmc.cab
DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} - hxxp://98.126.47.131/ReadUid.CAB
DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} - hxxp://76.76.24.112/saudi1999/talks3n.cab
.
.
------- File Associations -------
.
txtfile=c:\windows\notepad.exe %1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-05-26 22:22
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
shter.exe = c:\windows\system32\shter.exe?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):3a,69,d1,eb,d6,fc,10,5a,dc,ee,8f,72,9a,56,9c,36,fb,af,88,06,87,
60,4c,b8,ca,66,0a,0d,12,61,17,ca,06,cd,95,8c,7e,5d,e3,b3,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c5e3bd4d-cb52-435f-ae25-b092e2c4e7c2}]
@Denied: (Full) (Everyone)
"Model"=dword:0000001f
"Therad"=dword:0000001c
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(708)
c:\program files\F-Secure Internet Security\FSPS\program\FSLSP.DLL
- - - - - - - > 'explorer.exe'(4752)
c:\windows\system32\shdoclc.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\rundll32.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\documents and settings\All Users\c:\program files\Internet Explorer\IEXPLORE.EXE
c:\windows\system32\wscntfy.exe
c:\program files\TechSmith\SnagIt 8\TSCHelp.exe
c:\program files\TechSmith\SnagIt 8\SnagPriv.exe
.
**************************************************************************
.
Completion time: 2009-05-26 22:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-26 19:29
Pre-Run: 3,382,067,200 bytes free
Post-Run: 3,567,501,312 bytes free
281 --- E O F --- 2009-05-13 01:00


ودي اعرف وشو هذا :?:


ومشكورين مقدمآ :b:

 

[قمة جنوني]

كملت كل شي

وهذا التقرير :u:

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 

[MMA_LORD_735]

مرحباً ...

عن أذن الأخوة ...

ماهي حالة الجهاز الحين ؟ و عطيني لاهنت تقرير هايجك جديد ...

 

[قمة جنوني]

اهلا

بطل يعلق الحمد الله و صآر احسن :d:


هذا تقرير :i:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:49:07, on 27/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spyware Nuker\swnxt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Almiya\My Documents\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SWN2] C:\Program Files\Spyware Nuker\swnxt.exe /h
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {3C8E8DD8-D86A-4E6D-AF37-AB3CA7FDF8CD} (IMS_Conference Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 6623 bytes

 

[قمة جنوني]

جهآزي تمآم التمآم الحمد الله k:

يعطيكم ربي العآفيه :b:

 

[AbOdy]

جهآزي تمآم التمآم الحمد الله k:

يعطيكم ربي العآفيه :b:

الحمدلله

بالتوفيق يارب