|
مشكلة في البحث في firefox
السلام عليكم و رحمة الله و بركاته كل عام و أنتم بألف خير المشكلة هي أنني عندما أعمل بحثا في شريط العناوين navigation tool bar يتم تحويل البحث الى محرك اسمه websearch qu أو search-results.com وهما غير موجودين في قائمة محركات البحث و النتائج دائما هزيلة ظهررت هذه المشكلة بعد استعمال Bandoo emoticones من طرف اخوتي و لكن تم حذفها و المشكلة لا زالت قائمة تقرير هايجاك Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:19:34, on 17-Nov-10 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe C:\Documents and Settings\Windows Seven Effects\VisualTooltip\VisualToolTip.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\ahmad\Nouveau dossier\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/.../ProtectLinksVb R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/.../ProtectLinksVb R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/.../ProtectLinksVb R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/.../ProtectLinksVb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrow serrecordplugin.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe O4 - Global Startup: VisualToolTip.lnk = C:\Documents and Settings\Windows Seven Effects\VisualTooltip\VisualToolTip.exe O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/m3/p...l/MSNPUpld.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{3D7DA129-90DF-4ABB-B15A-587C8F2CF596}: NameServer = 208.67.222.222 208.67.220.220 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe O23 - Service: Us91YI - Unknown owner - C:\Program Files\CPUID\PC Wizard 2010\Data\pcwizntl.exe -- End of file - 5349 bytes و تقرير ******** ******** 10-11-16.06 - Ahmad 17-Nov-10 16:28:22.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1256.213.1033.18.959.487 [GMT 1:00] Running from: c:\documents and settings\Ahmad\Desktop\111222333\********.exe AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\themes\dreadlord.msstyles c:\documents and settings\themes\VistaLive Blue.msstyles c:\documents and settings\themes\X.msstyles c:\documents and settings\themes\XP Live.msstyles c:\windows\system32\Drivers\cmyhm.sys c:\windows\XSxS Infected copy of c:\windows\system32\midimap.dll was found and disinfected Restored copy from - c:\windows\NiwradSoft Shell Pack\Backup\midimap.dll . ((((((((((((((((((((((((( Files Created from 2010-10-17 to 2010-11-17 ))))))))))))))))))))))))))))))) . 2010-11-04 20:46 . 2010-11-04 20:46 -------- d-----w- c:\documents and settings\Ahmad\WINDOWS 2010-10-29 17:08 . 2010-10-29 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus! 2010-10-26 20:41 . 2010-10-26 20:55 -------- d-----w- c:\program files\TI83plus 2010-10-23 10:56 . 2010-10-23 11:01 -------- d-----w- c:\program files\Free Video Cutter 2010-10-20 13:14 . 2010-10-20 14:03 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2010-10-20 13:03 . 2008-06-17 15:13 74520 ----a-w- c:\program files\Common Files\Windows Live\.cache\2eee61921cb7057\DSETUP.dll 2010-10-20 13:03 . 2008-06-17 15:13 484632 ----a-w- c:\program files\Common Files\Windows Live\.cache\2eee61921cb7057\DXSETUP.exe 2010-10-20 13:03 . 2008-06-17 15:13 1670936 ----a-w- c:\program files\Common Files\Windows Live\.cache\2eee61921cb7057\dsetup32.dll 2010-10-20 13:01 . 2008-07-11 03:50 1013800 ----a-w- c:\program files\Common Files\Windows Live\.cache\f16873261cb7056\WindowsXP-KB954708-x86-ENU.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2010-10-09 20:26 . 2010-10-09 20:26 695578 ----a-w- c:\windows\unins000.exe 2010-09-29 18:31 . 2010-07-28 17:57 210272 ----a-w- c:\windows\system32\idmmbc.dll 2010-09-16 14:36 . 2010-09-16 14:36 685816 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-09-10 11:09 . 2010-09-10 11:06 60416 ----a-w- c:\windows\ALCFDRTM.VER 2010-09-10 11:06 . 2010-09-10 11:06 60416 ----a-w- c:\windows\ALCFDRTM.EXE 2010-09-10 10:41 . 2010-09-10 10:41 22168 ----a-w- c:\windows\system32\drivers\xfilt.sys 2010-09-10 10:41 . 2010-09-10 10:41 331184 ------w- c:\windows\system32\difxapi.dll 2010-09-10 10:41 . 2009-09-13 19:03 13976 ----a-w- c:\windows\system32\drivers\videX32.sys 2010-09-06 11:33 . 2010-09-06 11:33 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2010-09-06 11:33 . 2010-09-06 11:33 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS . ------- Sigcheck ------- [-] 2009-09-10 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys [-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\ad744bdee dce85bf37a096f34577ff3a\sp3qfe\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\ad744bdee dce85bf37a096f34577ff3a\sp3gdr\tcpip.sys [7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe [-] 2008-04-14 . A55B8899D2EA2E800061BCFD456E34DC . 547328 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe [-] 2008-04-14 . A55B8899D2EA2E800061BCFD456E34DC . 547328 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe [7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll [-] 2008-04-14 . 247DFD6CBC939742D3EC7B53C120946F . 643072 . . [5.82] . . c:\windows\system32\comctl32.dll [-] 2008-04-14 . 247DFD6CBC939742D3EC7B53C120946F . 643072 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll [7] 2008-04-14 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll [7] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll [-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\SoftwareDistribution\Download\9d21500a4 aa475547c4a2420fee1c623\SP3GDR\ntoskrnl.exe [-] 2010-02-16 . 97E2BF68857818A4D142B872404DC41B . 2186880 . . [5.1.2600.3670] . . c:\windows\SoftwareDistribution\Download\9d21500a4 aa475547c4a2420fee1c623\SP2QFE\ntoskrnl.exe [-] 2010-02-16 . EBB75B113E74E90074382347B74D652B . 2181376 . . [5.1.2600.3670] . . c:\windows\SoftwareDistribution\Download\9d21500a4 aa475547c4a2420fee1c623\SP2GDR\ntoskrnl.exe [-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\SoftwareDistribution\Download\9d21500a4 aa475547c4a2420fee1c623\SP3QFE\ntoskrnl.exe [7] 2008-04-14 . 40F8880122A030A7E9E1FEDEA833B33D . 2145280 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe [-] 2008-04-14 . 33C3C3D7A7C6E56D9EBC3E8EEA0D490C . 2308096 . . [5.1.2600.5512] . . c:\windows\system32\ntoskrnl.exe [7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\user32.dll [-] 2008-04-14 . 894B313C52589628BB996E175B581E3A . 578048 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll [-] 2008-04-14 . 894B313C52589628BB996E175B581E3A . 578048 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll [-] 2008-04-14 . 29F4E9BF5823CC59BB7CEB83804DD184 . 1540608 . . [6.00.2900.5512] . . c:\windows\explorer.exe [-] 2008-04-14 . 561A50497324F378E30F55D09B4E1258 . 975872 . . [6.00.2900.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe [-] 2008-04-14 . 29F4E9BF5823CC59BB7CEB83804DD184 . 1540608 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe [7] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ole32.dll [-] 2008-04-14 . BD604DB0B7FF60CCC578DF54C5563E80 . 1312256 . . [5.1.2600.5512] . . c:\windows\system32\ole32.dll [-] 2008-04-14 . BD604DB0B7FF60CCC578DF54C5563E80 . 1312256 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ole32.dll [-] 2009-09-13 . DA752EC6C3A0ED4588016CA8E5697531 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll [7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe [-] 2008-04-14 . C1D50243355A290CB3AA684FD8B38170 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe [-] 2008-04-14 . C1D50243355A290CB3AA684FD8B38170 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe [-] 2010-02-17 . 1811AFC2FADB60B88947E3D08E250860 . 2063744 . . [5.1.2600.3670] . . c:\windows\SoftwareDistribution\Download\9d21500a4 aa475547c4a2420fee1c623\SP2QFE\ntkrnlpa.exe [-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\SoftwareDistribution\Download\9d21500a4 aa475547c4a2420fee1c623\SP3GDR\ntkrnlpa.exe [-] 2010-02-16 . 1EE6B94ACA7BE115A1813BBCA65099A8 . 2058368 . . [5.1.2600.3670] . . c:\windows\SoftwareDistribution\Download\9d21500a4 aa475547c4a2420fee1c623\SP2GDR\ntkrnlpa.exe [-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\SoftwareDistribution\Download\9d21500a4 aa475547c4a2420fee1c623\SP3QFE\ntkrnlpa.exe [7] 2009-09-10 . 7F653A89F6E89E3AE0D49830EECE35D4 . 2023936 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe [-] 2009-09-10 . E79A41C2F9EAC01B23A18C8911112934 . 2186752 . . [5.1.2600.5512] . . c:\windows\system32\ntkrnlpa.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 40448] c:\documents and settings\Ahmad\Start Menu\Programs\Startup\ RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-18 630784] TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536] c:\documents and settings\All Users\Start Menu\Programs\Startup\ VisualToolTip.lnk - c:\documents and settings\Windows Seven Effects\VisualTooltip\VisualToolTip.exe [2010-7-26 956928] [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0auto_reactivate \\?\Volume{9dd0c60b-982b-11df-bec8-806d6172696f}\bootwiz\asrm.bin [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "afcdpsrv"=2 (0x2) "AcrSch2Svc"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List] "1042:TCP"= 1042:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16-Sep-10 15:36 685816] R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1108000.005\ symds.sys [24-Sep-10 09:17 328752] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1108000 .005\symefa.sys [24-Sep-10 09:17 173104] R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [25-Jul-10 20:29 911680] R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\ 20101104.001\BHDrvx86.sys [04-Nov-10 01:07 691248] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1108000.0 05\cchpx86.sys [24-Sep-10 09:17 501888] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1108000.005 \ironx86.sys [24-Sep-10 09:17 116784] R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe [24-Sep-10 09:16 126392] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [06-Sep-10 13:51 102448] R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\2 0101115.001\IDSXpx86.sys [19-Oct-10 21:36 341880] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [18-Mar-10 13:16 130384] S3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [25-Jul-10 20:29 160288] S3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [26-Jul-10 18:48 20952] S3 Us91YI;Us91YI;c:\program files\CPUID\PC Wizard 2010\Data\pcwizntl.exe -s --> c:\program files\CPUID\PC Wizard 2010\Data\pcwizntl.exe -s [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [18-Mar-10 13:16 753504] S4 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [25-Jul-10 20:29 2480048] S4 MBAMService;MBAMService;c:\program files\************' Anti-Malware\mbamservice.exe [26-Jul-10 18:48 304464] . Contents of the 'Scheduled Tasks' folder 2010-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1004336348-1606980848-500Core.job - c:\documents and settings\Ahmad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-27 10:50] 2010-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1004336348-1606980848-500UA.job - c:\documents and settings\Ahmad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-27 10:50] 2010-11-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1757981266-1004336348-1606980848-500.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02] 2010-11-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1757981266-1004336348-1606980848-500.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02] 2010-11-17 c:\windows\Tasks\User_Feed_Synchronization-{A7C6F94A-B384-497C-BA1D-026C2F336672}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 03:31] . . ------- Supplementary Scan ------- . uStart Page = about:blank mStart Page = hxxp://www.yahoo.com uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 LSP: c:\windows\system32\idmmbc.dll TCP: {3D7DA129-90DF-4ABB-B15A-587C8F2CF596} = 208.67.222.222 208.67.220.220 FF - ProfilePath - c:\documents and settings\Ahmad\Application Data\Mozilla\Firefox\Profiles\3u9w86f4.default\ FF - prefs.js: browser.search.selectedEngine - Google.com (in English) FF - prefs.js: browser.startup.homepage - about:blank FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&q= FF - component: c:\documents and settings\Ahmad\Application Data\IDM\idmmzcc3\components\idmmzcc.dll FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\c oFFPlgn.dll FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\ IPSFFPl.dll FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\E xt\components\nprpffbrowserrecordext.dll FF - plugin: c:\documents and settings\Ahmad\Application Data\Move Networks\plugins\npqmp071700000016.dll FF - plugin: c:\documents and settings\Ahmad\Application Data\Mozilla\plugins\np-mswmp.dll FF - plugin: c:\documents and settings\Ahmad\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dl l FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPl ugins\nprphtml5videoshim.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net/.../ProtectLinksVb Rootkit scan 2010-11-17 16:37 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N IS] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.8.0.5\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1757981266-1004336348-1606980848-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=h ex:0 1,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3b,f3,fe ,c4,f6,99,05,47,b9,1c,f9,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=h ex:0 1,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3b,f3,fe ,c4,f6,99,05,47,b9,1c,f9,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E916 4-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):70,5f,10,25,a5,59,7c,a9,41,bf, 53,d e,29,11,25,8a,1e,f3,c2,73,7f, c2,2e,1a,02,1f,78,59,f8,2e,c6,82,60,9d,74,92,66,94 ,0b,30,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Mac rome d\\Flash\\FlashUtil10i_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash Ut il10i_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{fb40b28 5-b15f-4bb5-83bc-e0be59c12629}] @Denied: (Full) (Everyone) "Model"=dword:0000010c "Therad"=dword:00000008 "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,3 5,6b ,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68 ,ee,21,46,8f,3c,f2,5c,68,\ [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(880) c:\windows\system32\SETUPAPI.dll c:\windows\system32\sfc_os.dll c:\windows\system32\cscui.dll - - - - - - - > 'lsass.exe'(936) c:\windows\system32\setupapi.dll c:\windows\system32\idmmbc.dll c:\windows\system32\psbase.dll - - - - - - - > 'explorer.exe'(2088) c:\documents and settings\Windows Seven Effects\VisualTooltip\VisualTooltip.dll c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll c:\windows\system32\msctfime.ime c:\windows\system32\COMRes.dll c:\windows\System32\cscui.dll c:\windows\system32\ieframe.dll c:\windows\system32\SETUPAPI.dll c:\windows\system32\NETSHELL.dll c:\windows\system32\credui.dll c:\windows\system32\OneX.DLL c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\wscntfy.exe . ************************************************** ************************ . Completion time: 2010-11-17 16:41:08 - machine was rebooted ********-quarantined-files.txt 2010-11-17 15:41 Pre-Run: 93,757,218,816 bytes free Post-Run: 93,735,866,368 bytes free - - End Of File - - 46C3977C9249BBF29EBBE6AFE080C5CE هل هذا فايرس؟ أفيدوني رجاء أكثر... |
| الساعة الآن 10:46 PM |
Powered by vBulletin® Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
منتديات بلاك بيري
mjawshy.net
المجاوشي للتقنية المتقدمة