dsl ما يشتغل عندي

ا

افيرا بن كاسبر

زيزوومي جديد
إنضم
11 سبتمبر 2008
المشاركات
9
مستوى التفاعل
0
النقاط
0
غير متصل
السلام عليكم ورحمة الله وبركاتة

عندي مشكلة الا وهي

الانترنت ما يشتغل عندي
( كان 100% وبعدها اصبح مايشتغل )

الاشتراك جديد ويشتغل على الابتوب - حذفت الكاسبر 2010 - اشتريت سلك جديد من المودم الى الكمبيوتر - المتصفح فايرفوكس اخر اصدار

ومع ذلك ماشتغل

ارفع الوضع الى الخبراء قد تكون مرت عليه هذة الحالة

وجزاكم الله خيراً



 

ترتيب حسب التاريخ ترتيب حسب الأصوات
ما نوع المودم الذي تستخدمه

وما آخر عمل قمت به قبل حدوث المشكلة ؟​
 
توقيع : LoOoZ
تأييد 0
نوع المودم سبيت تتش

اما العمل فلا افتكر ( في الغالب الدخول والخروج من المنتديات )
 
تأييد 0
أستفسر الشركة عن الانترنت

لان يمكن يكون خطأ من عندهم
 
تأييد 0
المشكلة ان الجميع يشتغل عندهم الا انا

ملحوظة

قبل لا ينفصل عندي استخدمت الاداة combofix وبعدها ما اشتغل
 
تأييد 0
حمل هذا البرنامج
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير ==> انسخه والصقه بردك القادم
 
التعديل الأخير بواسطة المشرف:
توقيع : فارس الملاك
تأييد 0
تقرير الاداة المطلوبة سابقاً

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:44:36 م, on 24/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\JMC\سطح المكتب\البرامج\تنظيف\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 4909 bytes


تقرير بـ combofix

ComboFix 09-06-17.04 - JMC 07/24/2009 16:48.3 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.1023.829 [GMT -12:00]
Running from: c:\documents and settings\JMC\سطح المكتب\البرامج\تنظيف\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2009-06-25 to 2009-07-25 )))))))))))))))))))))))))))))))
.

2009-07-23 08:57 . 2009-07-23 09:00 -------- d-----w- c:\documents and settings\JMC\Application Data\Passware
2009-07-18 05:08 . 2009-07-18 05:08 -------- d-----w- c:\documents and settings\JMC\Application Data\Malwarebytes
2009-07-18 05:08 . 2009-07-18 05:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-17 13:18 . 2009-07-17 13:18 -------- d-----w- c:\documents and settings\JMC\Local Settings\Application Data\Identities
2009-07-17 04:24 . 2009-07-17 04:24 -------- d-----w- C:\Hotspot Shield
2009-07-17 04:24 . 2009-07-17 04:24 -------- d-----w- c:\program files\Hotspot Shield
2009-07-17 04:20 . 2009-07-17 08:17 0 ----a-w- C:\osy3.sys
2009-07-15 00:01 . 2009-07-15 00:01 25472 ----a-w- c:\windows\system32\drivers\tap0901.sys
2009-07-14 10:52 . 2009-07-14 10:52 -------- d-----w- c:\documents and settings\JMC\Local Settings\Application Data\ACD Systems
2009-07-14 10:52 . 2009-07-14 10:52 -------- d-----w- c:\documents and settings\JMC\Application Data\ACD Systems
2009-07-10 01:25 . 2009-07-02 17:21 3561744 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\setup\mbam-setup.exe
2009-07-09 01:25 . 2009-07-09 02:46 -------- d-----w- c:\program files\Word Password Recovery Master
2009-07-09 01:23 . 2009-07-09 01:23 -------- d-----w- c:\program files\ElcomSoft
2009-07-06 22:28 . 2009-07-07 07:39 -------- d-----w- c:\program files\SatelliteTVforPC
2009-07-06 22:27 . 2009-07-07 07:39 -------- d-----w- c:\windows\uninstall
2009-07-02 02:34 . 2009-07-02 02:34 33840 ----a-w- c:\windows\system32\drivers\HssDrv.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-25 04:29 . 2009-06-12 05:13 -------- d-----w- c:\documents and settings\JMC\Application Data\DMCache
2009-07-24 06:41 . 2009-06-12 06:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-21 08:55 . 2009-06-17 01:45 -------- d-----w- c:\documents and settings\JMC\Application Data\cleaner
2009-07-20 06:51 . 2009-06-12 05:12 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-07-17 12:30 . 2009-06-12 04:41 314424 ----a-w- c:\documents and settings\JMC\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-17 04:02 . 2009-06-20 02:39 -------- d-----w- c:\program files\General Removal
2009-07-15 09:36 . 2009-06-11 23:44 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-11 01:56 . 2009-06-12 08:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-06-25 12:24 . 2009-06-25 12:23 -------- d-----w- c:\documents and settings\JMC\Application Data\zyzcleaner
2009-06-24 07:44 . 2009-06-24 07:44 0 ----a-w- c:\windows\system32\cd.dat
2009-06-20 03:00 . 2009-06-12 05:13 -------- d-----w- c:\documents and settings\JMC\Application Data\IDM
2009-06-19 07:26 . 2009-06-17 01:44 -------- d-----w- c:\program files\Common Files\delet
2009-06-17 21:51 . 2009-06-25 01:02 781435 ----a-w- c:\documents and settings\JMC\Application Data\Mozilla\Firefox\Profiles\zf05o20c.default\extensions\firedownload@mozilla.org\Download.dll
2009-06-17 01:45 . 2009-06-17 01:45 -------- d-----w- c:\documents and settings\JMC\Application Data\CyberScrub
2009-06-17 00:32 . 2009-06-13 01:24 -------- d-----w- c:\documents and settings\JMC\Application Data\Media Player Classic
2009-06-14 02:08 . 2009-06-14 02:08 -------- d-----w- c:\program files\CCleaner
2009-06-14 01:59 . 2009-06-14 01:57 -------- d-----w- c:\program files\GRETECH
2009-06-13 10:02 . 2009-06-13 10:02 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-13 10:02 . 2009-06-13 10:02 -------- d-----w- c:\program files\Java
2009-06-13 10:02 . 2009-06-13 10:02 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-06-13 10:02 . 2009-06-13 10:02 152576 ----a-w- c:\documents and settings\JMC\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-12 23:06 . 2009-06-12 23:06 0 ----a-w- c:\windows\nsreg.dat
2009-06-12 22:59 . 2009-06-12 22:59 -------- d-----w- c:\program files\AAQ
2009-06-12 10:51 . 2009-06-12 05:13 -------- d-----w- c:\program files\Internet Download Manager
2009-06-12 08:10 . 2009-06-12 05:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-06-12 06:42 . 2009-06-12 06:41 -------- d-----w- c:\program files\Your Uninstaller 2008
2009-06-12 06:41 . 2009-06-12 06:41 -------- d-----w- c:\documents and settings\JMC\Application Data\URSoft
2009-06-12 05:41 . 2009-06-12 05:22 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-12 05:20 . 2009-06-12 05:19 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-12 05:19 . 2009-06-12 00:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-12 05:19 . 2009-06-12 00:01 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-12 05:17 . 2009-06-12 05:17 -------- d-----w- c:\program files\Nero
2009-06-12 05:17 . 2009-06-12 05:16 -------- d-----w- c:\program files\Media Convert Master
2009-06-12 05:16 . 2009-06-12 05:16 -------- d-----w- c:\documents and settings\JMC\Application Data\Vso
2009-06-12 05:16 . 2009-06-12 05:16 81920 ----a-w- c:\documents and settings\JMC\Application Data\ezpinst.exe
2009-06-12 05:16 . 2009-06-12 05:16 81920 ----a-w- c:\documents and settings\JMC\Application Data\ezpinst.exe
2009-06-12 05:16 . 2009-06-12 05:16 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-06-12 05:16 . 2009-06-12 05:16 47360 ----a-w- c:\documents and settings\JMC\Application Data\pcouffin.sys
2009-06-12 05:16 . 2009-06-12 05:16 47360 ----a-w- c:\documents and settings\JMC\Application Data\pcouffin.sys
2009-06-12 05:15 . 2009-06-12 05:15 -------- d-----w- c:\program files\Windows Media Connect 2
2009-06-12 05:13 . 2009-06-12 05:13 165296 ----a-w- c:\documents and settings\JMC\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
2009-06-12 05:11 . 2009-06-12 05:11 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-12 05:11 . 2009-06-12 05:11 -------- d-----w- c:\program files\Common Files\Real
2009-06-12 05:11 . 2009-06-12 05:11 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-06-12 05:11 . 2009-06-12 05:11 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-06-12 05:11 . 2009-06-12 05:11 -------- d-----w- c:\program files\Real
2009-06-12 05:07 . 2009-06-12 05:07 -------- d-----w- c:\program files\MSN Messenger
2009-06-12 05:06 . 2009-06-12 05:06 2232 ----a-w- c:\windows\java\Packages\Data\9NLNBNRL.DAT
2009-06-12 05:06 . 2009-06-12 05:06 155995 ----a-w- c:\windows\java\Packages\1JBDR7RF.ZIP
2009-06-12 05:05 . 2009-06-12 05:05 2678 ----a-w- c:\windows\java\Packages\Data\A35JTVF3.DAT
2009-06-12 05:05 . 2009-06-12 05:05 2678 ----a-w- c:\windows\java\Packages\Data\7B79779R.DAT
2009-06-12 05:05 . 2009-06-12 05:05 2678 ----a-w- c:\windows\java\Packages\Data\Z1FB13NJ.DAT
2009-06-12 05:05 . 2009-06-12 05:05 2678 ----a-w- c:\windows\java\Packages\Data\TR7NF975.DAT
2009-06-12 05:05 . 2009-06-12 05:05 2678 ----a-w- c:\windows\java\Packages\Data\2FH3FLF9.DAT
2009-06-12 05:05 . 2009-06-12 05:05 172032 ------w- c:\windows\Setup1.exe
2009-06-12 05:05 . 2009-06-12 05:05 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-06-12 05:02 . 2009-06-12 05:02 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-06-12 05:02 . 2009-06-12 05:02 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems
2009-06-12 05:02 . 2009-06-12 05:02 -------- d-----w- c:\program files\ACD Systems
2009-06-12 00:08 . 2009-06-12 00:08 -------- d-----w- c:\program files\Microsoft.NET
2009-06-12 00:08 . 2009-06-12 00:08 -------- d-----w- c:\program files\Microsoft Works
2009-06-12 00:04 . 2009-06-12 00:04 0 ----a-w- c:\windows\ativpsrm.bin
2009-06-12 00:02 . 2009-06-12 00:01 -------- d-----w- c:\program files\VIA
2009-06-12 00:01 . 2009-06-12 00:01 15600 ----a-w- c:\windows\gdrv.sys
2009-06-11 23:51 . 2004-08-04 09:00 39982 ----a-w- c:\windows\system32\perfc001.dat
2009-06-11 23:51 . 2004-08-04 09:00 251478 ----a-w- c:\windows\system32\perfh001.dat
2009-06-11 23:45 . 2009-06-11 23:45 -------- d-----w- c:\program files\microsoft frontpage
2009-06-11 23:42 . 2009-06-11 23:42 22144 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-31 09:00 . 2009-06-25 12:24 625485 ----a-w- c:\documents and settings\JMC\Application Data\zyzcleaner\run.exe
2009-05-08 00:49 . 2009-06-25 01:02 22528 ----a-w- c:\documents and settings\JMC\Application Data\Mozilla\Firefox\Profiles\zf05o20c.default\extensions\firedownload@mozilla.org\components\firedownload.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-07-17 04:24 218160 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-06-12 2606512]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-20 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-13 148888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-12 185872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-6-11 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe "

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [11/06/2009 11:58 ص 13696]
S2 HssSrv;Hotspot Shield Routing Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [15/06/2009 09:21 ص 331312]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [14/07/2009 12:02 م 57640]
S3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [14/07/2009 12:01 م 25472]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.hotspotshield.com/g/?c=h
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetVL.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath -

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-07-24 16:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(236)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-07-25 16:50
ComboFix-quarantined-files.txt 2009-07-25 04:50
ComboFix2.txt 2009-07-24 13:09
ComboFix3.txt 2009-07-21 09:04
ComboFix4.txt 2009-07-17 04:09
ComboFix5.txt 2009-07-25 04:48

Pre-Run: 24,398,098,432 bytes free
Post-Run: 24,391,491,584 bytes free

210

بعد عمل التقرير بـ combofix اغلفقت الجهاز ( استغرق الجهاز 7دقائق لكي يطفي )
 
تأييد 0
تقرير بـ Hijack
جديد

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:27:37 م, on 24/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\JMC\سطح المكتب\البرامج\تنظيف\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 3727 bytes
 
تأييد 0
للرفع رفع الله اقداركم
 
تأييد 0
من صفحة الاكسبلورار 00 ادوات 00 خيارات انترنت 00 الاتصالات 00 اعدادات lan

تأكد انه لايوجد اي علامة صح على الخيارات الموجوده وان وجد ازلها ثم تطبيق فموافق​
 
توقيع : صمت السكوت
تأييد 0
وهذا تقرير باداة الميكافي ( مع العلم ان الاداة سابقاً كانت تأخذ من الوقت قرابت 7 ساعات
بينما الآن لم تأخذ ساعة واحدة )

Engine Version : 5300.2777
Engine Load Time : 19359 milliseconds
AV DAT Version : 5492.0000 488805 detections Built 15 محرم, 1430
Extra DAT : 0 detections

Memory : Clean
Please wait ... building list of critical files to scan

Critical : Clean
Scanning the computer's cookie directories
Cookies : Clean
c:\pagefile.sys : Scan Failed
c:\Documents and Settings\JMC\NTUSER.DAT : Scan Failed
c:\Documents and Settings\JMC\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\JMC\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\JMC\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\JMC\Local Settings\temp\Perflib_Perfdata_398.dat : Scan Failed
c:\Documents and Settings\LocalService\NTUSER.DAT : Scan Failed
c:\Documents and Settings\LocalService\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\NetworkService\NTUSER.DAT : Scan Failed
c:\Documents and Settings\NetworkService\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\WINDOWS\system32\config\default : Scan Failed
c:\WINDOWS\system32\config\default.LOG : Scan Failed
c:\WINDOWS\system32\config\SAM : Scan Failed
c:\WINDOWS\system32\config\SAM.LOG : Scan Failed
c:\WINDOWS\system32\config\SECURITY : Scan Failed
c:\WINDOWS\system32\config\SECURITY.LOG : Scan Failed
c:\WINDOWS\system32\config\software : Scan Failed
c:\WINDOWS\system32\config\software.LOG : Scan Failed
c:\WINDOWS\system32\config\system : Scan Failed
c:\WINDOWS\system32\config\system.LOG : Scan Failed
c:\WINDOWS\temp\Perflib_Perfdata_5c0.dat : Scan Failed
Scanning the registry
Registry : Clean

Summary :-
FilesFound : 34357
FilesScanned : 20054
FilesNotScanned : 14303

ObjectsFound : 71495
ObjectsInfected : 0
ObjectsCleaned : 0
ObjectsDeleted : 0

FilesInfected : 0
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 0

Started at : 11:08:04 م 02 شعبان, 1430
Ended at : 11:20:37 م 02 شعبان, 1430
Duration : 12 minutes 32 seconds
3171 MB scanned in 752 seconds = 4 MB/s
Engine Version : 5300.2777
Engine Load Time : 20031 milliseconds
AV DAT Version : 5492.0000 488805 detections Built 15 محرم, 1430
Extra DAT : 0 detections


Summary :-
FilesFound : 23
FilesScanned : 12
FilesNotScanned : 11

ObjectsFound : 23
ObjectsInfected : 0
ObjectsCleaned : 0
ObjectsDeleted : 0

FilesInfected : 0
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 0

Started at : 11:20:58 م 02 شعبان, 1430
Ended at : 11:20:58 م 02 شعبان, 1430
Duration : 0 seconds
Engine Version : 5300.2777
Engine Load Time : 19094 milliseconds
AV DAT Version : 5492.0000 488805 detections Built 15 محرم, 1430
Extra DAT : 0 detections


Summary :-
FilesFound : 23
FilesScanned : 12
FilesNotScanned : 11

ObjectsFound : 23
ObjectsInfected : 0
ObjectsCleaned : 0
ObjectsDeleted : 0

FilesInfected : 0
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 0

Started at : 11:21:17 م 02 شعبان, 1430
Ended at : 11:21:18 م 02 شعبان, 1430
Duration : 0 seconds
Engine Version : 5300.2777
Engine Load Time : 19110 milliseconds
AV DAT Version : 5492.0000 488805 detections Built 15 محرم, 1430
Extra DAT : 0 detections


Summary :-
FilesFound : 1089
FilesScanned : 126
FilesNotScanned : 963

ObjectsFound : 1173
ObjectsInfected : 0
ObjectsCleaned : 0
ObjectsDeleted : 0

FilesInfected : 0
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 0

Started at : 11:21:37 م 02 شعبان, 1430
Ended at : 11:21:47 م 02 شعبان, 1430
Duration : 10 seconds
66 MB scanned in 10 seconds = 6 MB/s
Engine Version : 5300.2777
Engine Load Time : 19203 milliseconds
AV DAT Version : 5492.0000 488805 detections Built 15 محرم, 1430
Extra DAT : 0 detections


Summary :-
FilesFound : 4
FilesScanned : 0
FilesNotScanned : 4

ObjectsFound : 4
ObjectsInfected : 0
ObjectsCleaned : 0
ObjectsDeleted : 0

FilesInfected : 0
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 0

Started at : 11:22:07 م 02 شعبان, 1430
Ended at : 11:22:07 م 02 شعبان, 1430
Duration : 0 seconds
 
تأييد 0
اخي صمت السكوت

طبقت جميع ما تفضلت به

الا ان الحال كما هو علية
 
تأييد 0
جزاكم الله خيراً

حلت المشكلة
 
تأييد 0
الحمدالله على انتهاء المشكله واذا تكرمت اخي ان تذكر طريقة حلك للمشكله ليستفيد باقي الاعضاء ان مرت لديهم نفس المشكله​
 
توقيع : صمت السكوت
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى