مشكلة في البحث في firefox

#1 11-17-2010

السلام عليكم و رحمة الله و بركاته
كل عام و أنتم بألف خير
المشكلة هي أنني عندما أعمل بحثا في شريط العناوين navigation tool bar
يتم تحويل البحث الى محرك اسمه websearch qu
أو search-results.com وهما غير موجودين في قائمة محركات البحث
و النتائج دائما هزيلة
ظهررت هذه المشكلة بعد استعمال Bandoo emoticones من طرف اخوتي و لكن تم حذفها و المشكلة لا زالت قائمة
تقرير هايجاك
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:19:34, on 17-Nov-10
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Documents and Settings\Windows Seven Effects\VisualTooltip\VisualToolTip.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\ahmad\Nouveau dossier\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/.../ProtectLinksVb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/.../ProtectLinksVb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/.../ProtectLinksVb
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/.../ProtectLinksVb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrow serrecordplugin.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Global Startup: VisualToolTip.lnk = C:\Documents and Settings\Windows Seven Effects\VisualTooltip\VisualToolTip.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/m3/p...l/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D7DA129-90DF-4ABB-B15A-587C8F2CF596}: NameServer = 208.67.222.222 208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
O23 - Service: Us91YI - Unknown owner - C:\Program Files\CPUID\PC Wizard 2010\Data\pcwizntl.exe

--
End of file - 5349 bytes

و تقرير ********

******** 10-11-16.06 - Ahmad 17-Nov-10 16:28:22.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1256.213.1033.18.959.487 [GMT 1:00]
Running from: c:\documents and settings\Ahmad\Desktop\111222333\********.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\themes\dreadlord.msstyles
c:\documents and settings\themes\VistaLive Blue.msstyles
c:\documents and settings\themes\X.msstyles
c:\documents and settings\themes\XP Live.msstyles
c:\windows\system32\Drivers\cmyhm.sys
c:\windows\XSxS

Infected copy of c:\windows\system32\midimap.dll was found and disinfected
Restored copy from - c:\windows\NiwradSoft Shell Pack\Backup\midimap.dll

.
((((((((((((((((((((((((( Files Created from 2010-10-17 to 2010-11-17 )))))))))))))))))))))))))))))))
.

2010-11-04 20:46 . 2010-11-04 20:46 -------- d-----w- c:\documents and settings\Ahmad\WINDOWS
2010-10-29 17:08 . 2010-10-29 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2010-10-26 20:41 . 2010-10-26 20:55 -------- d-----w- c:\program files\TI83plus
2010-10-23 10:56 . 2010-10-23 11:01 -------- d-----w- c:\program files\Free Video Cutter
2010-10-20 13:14 . 2010-10-20 14:03 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-10-20 13:03 . 2008-06-17 15:13 74520 ----a-w- c:\program files\Common Files\Windows Live\.cache\2eee61921cb7057\DSETUP.dll
2010-10-20 13:03 . 2008-06-17 15:13 484632 ----a-w- c:\program files\Common Files\Windows Live\.cache\2eee61921cb7057\DXSETUP.exe
2010-10-20 13:03 . 2008-06-17 15:13 1670936 ----a-w- c:\program files\Common Files\Windows Live\.cache\2eee61921cb7057\dsetup32.dll
2010-10-20 13:01 . 2008-07-11 03:50 1013800 ----a-w- c:\program files\Common Files\Windows Live\.cache\f16873261cb7056\WindowsXP-KB954708-x86-ENU.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-10-09 20:26 . 2010-10-09 20:26 695578 ----a-w- c:\windows\unins000.exe
2010-09-29 18:31 . 2010-07-28 17:57 210272 ----a-w- c:\windows\system32\idmmbc.dll
2010-09-16 14:36 . 2010-09-16 14:36 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-09-10 11:09 . 2010-09-10 11:06 60416 ----a-w- c:\windows\ALCFDRTM.VER
2010-09-10 11:06 . 2010-09-10 11:06 60416 ----a-w- c:\windows\ALCFDRTM.EXE
2010-09-10 10:41 . 2010-09-10 10:41 22168 ----a-w- c:\windows\system32\drivers\xfilt.sys
2010-09-10 10:41 . 2010-09-10 10:41 331184 ------w- c:\windows\system32\difxapi.dll
2010-09-10 10:41 . 2009-09-13 19:03 13976 ----a-w- c:\windows\system32\drivers\videX32.sys
2010-09-06 11:33 . 2010-09-06 11:33 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-09-06 11:33 . 2010-09-06 11:33 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
.

------- Sigcheck -------

[-] 2009-09-10 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\ad744bdee dce85bf37a096f34577ff3a\sp3qfe\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\ad744bdee dce85bf37a096f34577ff3a\sp3gdr\tcpip.sys

[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe
[-] 2008-04-14 . A55B8899D2EA2E800061BCFD456E34DC . 547328 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . A55B8899D2EA2E800061BCFD456E34DC . 547328 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe

[7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll
[-] 2008-04-14 . 247DFD6CBC939742D3EC7B53C120946F . 643072 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2008-04-14 . 247DFD6CBC939742D3EC7B53C120946F . 643072 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[7] 2008-04-14 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\SoftwareDistribution\Download\9d21500a4 aa475547c4a2420fee1c623\SP3GDR\ntoskrnl.exe
[-] 2010-02-16 . 97E2BF68857818A4D142B872404DC41B . 2186880 . . [5.1.2600.3670] . . c:\windows\SoftwareDistribution\Download\9d21500a4 aa475547c4a2420fee1c623\SP2QFE\ntoskrnl.exe
[-] 2010-02-16 . EBB75B113E74E90074382347B74D652B . 2181376 . . [5.1.2600.3670] . . c:\windows\SoftwareDistribution\Download\9d21500a4 aa475547c4a2420fee1c623\SP2GDR\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\SoftwareDistribution\Download\9d21500a4 aa475547c4a2420fee1c623\SP3QFE\ntoskrnl.exe
[7] 2008-04-14 . 40F8880122A030A7E9E1FEDEA833B33D . 2145280 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
[-] 2008-04-14 . 33C3C3D7A7C6E56D9EBC3E8EEA0D490C . 2308096 . . [5.1.2600.5512] . . c:\windows\system32\ntoskrnl.exe

[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2008-04-14 . 894B313C52589628BB996E175B581E3A . 578048 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-04-14 . 894B313C52589628BB996E175B581E3A . 578048 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll

[-] 2008-04-14 . 29F4E9BF5823CC59BB7CEB83804DD184 . 1540608 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 561A50497324F378E30F55D09B4E1258 . 975872 . . [6.00.2900.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2008-04-14 . 29F4E9BF5823CC59BB7CEB83804DD184 . 1540608 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe

[7] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ole32.dll
[-] 2008-04-14 . BD604DB0B7FF60CCC578DF54C5563E80 . 1312256 . . [5.1.2600.5512] . . c:\windows\system32\ole32.dll
[-] 2008-04-14 . BD604DB0B7FF60CCC578DF54C5563E80 . 1312256 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ole32.dll

[-] 2009-09-13 . DA752EC6C3A0ED4588016CA8E5697531 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2008-04-14 . C1D50243355A290CB3AA684FD8B38170 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2008-04-14 . C1D50243355A290CB3AA684FD8B38170 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe

[-] 2010-02-17 . 1811AFC2FADB60B88947E3D08E250860 . 2063744 . . [5.1.2600.3670] . . c:\windows\SoftwareDistribution\Download\9d21500a4 aa475547c4a2420fee1c623\SP2QFE\ntkrnlpa.exe
[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\SoftwareDistribution\Download\9d21500a4 aa475547c4a2420fee1c623\SP3GDR\ntkrnlpa.exe
[-] 2010-02-16 . 1EE6B94ACA7BE115A1813BBCA65099A8 . 2058368 . . [5.1.2600.3670] . . c:\windows\SoftwareDistribution\Download\9d21500a4 aa475547c4a2420fee1c623\SP2GDR\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\SoftwareDistribution\Download\9d21500a4 aa475547c4a2420fee1c623\SP3QFE\ntkrnlpa.exe
[7] 2009-09-10 . 7F653A89F6E89E3AE0D49830EECE35D4 . 2023936 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
[-] 2009-09-10 . E79A41C2F9EAC01B23A18C8911112934 . 2186752 . . [5.1.2600.5512] . . c:\windows\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 40448]

c:\documents and settings\Ahmad\Start Menu\Programs\Startup\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-18 630784]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
VisualToolTip.lnk - c:\documents and settings\Windows Seven Effects\VisualTooltip\VisualToolTip.exe [2010-7-26 956928]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0auto_reactivate \\?\Volume{9dd0c60b-982b-11df-bec8-806d6172696f}\bootwiz\asrm.bin

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"afcdpsrv"=2 (0x2)
"AcrSch2Svc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"1042:TCP"= 1042:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16-Sep-10 15:36 685816]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1108000.005\ symds.sys [24-Sep-10 09:17 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1108000 .005\symefa.sys [24-Sep-10 09:17 173104]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [25-Jul-10 20:29 911680]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\ 20101104.001\BHDrvx86.sys [04-Nov-10 01:07 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1108000.0 05\cchpx86.sys [24-Sep-10 09:17 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1108000.005 \ironx86.sys [24-Sep-10 09:17 116784]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe [24-Sep-10 09:16 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [06-Sep-10 13:51 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\2 0101115.001\IDSXpx86.sys [19-Oct-10 21:36 341880]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [18-Mar-10 13:16 130384]
S3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [25-Jul-10 20:29 160288]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [26-Jul-10 18:48 20952]
S3 Us91YI;Us91YI;c:\program files\CPUID\PC Wizard 2010\Data\pcwizntl.exe -s --> c:\program files\CPUID\PC Wizard 2010\Data\pcwizntl.exe -s [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [18-Mar-10 13:16 753504]
S4 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [25-Jul-10 20:29 2480048]
S4 MBAMService;MBAMService;c:\program files\************' Anti-Malware\mbamservice.exe [26-Jul-10 18:48 304464]
.
Contents of the 'Scheduled Tasks' folder

2010-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1004336348-1606980848-500Core.job
- c:\documents and settings\Ahmad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-27 10:50]

2010-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1004336348-1606980848-500UA.job
- c:\documents and settings\Ahmad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-27 10:50]

2010-11-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1757981266-1004336348-1606980848-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

2010-11-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1757981266-1004336348-1606980848-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

2010-11-17 c:\windows\Tasks\User_Feed_Synchronization-{A7C6F94A-B384-497C-BA1D-026C2F336672}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\idmmbc.dll
TCP: {3D7DA129-90DF-4ABB-B15A-587C8F2CF596} = 208.67.222.222 208.67.220.220
FF - ProfilePath - c:\documents and settings\Ahmad\Application Data\Mozilla\Firefox\Profiles\3u9w86f4.default\
FF - prefs.js: browser.search.selectedEngine - Google.com (in English)
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&q=
FF - component: c:\documents and settings\Ahmad\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\c oFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\ IPSFFPl.dll
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\E xt\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Ahmad\Application Data\Move Networks\plugins\npqmp071700000016.dll
FF - plugin: c:\documents and settings\Ahmad\Application Data\Mozilla\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\Ahmad\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dl l
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPl ugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net/.../ProtectLinksVb
Rootkit scan 2010-11-17 16:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N IS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.8.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1757981266-1004336348-1606980848-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=h ex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3b,f3,fe ,c4,f6,99,05,47,b9,1c,f9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=h ex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3b,f3,fe ,c4,f6,99,05,47,b9,1c,f9,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E916 4-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):70,5f,10,25,a5,59,7c,a9,41,bf, 53,d e,29,11,25,8a,1e,f3,c2,73,7f,
c2,2e,1a,02,1f,78,59,f8,2e,c6,82,60,9d,74,92,66,94 ,0b,30,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Mac rome d\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash Ut il10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{fb40b28 5-b15f-4bb5-83bc-e0be59c12629}]
@Denied: (Full) (Everyone)
"Model"=dword:0000010c
"Therad"=dword:00000008
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,3 5,6b ,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68 ,ee,21,46,8f,3c,f2,5c,68,\

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(880)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(936)
c:\windows\system32\setupapi.dll
c:\windows\system32\idmmbc.dll
c:\windows\system32\psbase.dll

- - - - - - - > 'explorer.exe'(2088)
c:\documents and settings\Windows Seven Effects\VisualTooltip\VisualTooltip.dll
c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wscntfy.exe
.
************************************************** ************************
.
Completion time: 2010-11-17 16:41:08 - machine was rebooted
********-quarantined-files.txt 2010-11-17 15:41

Pre-Run: 93,757,218,816 bytes free
Post-Run: 93,735,866,368 bytes free

- - End Of File - - 46C3977C9249BBF29EBBE6AFE080C5CE

هل هذا فايرس؟ أفيدوني رجاء

أكثر...

المواضيع المتشابهه
الموضوع	كاتب الموضوع	المنتدى	مشاركات	آخر مشاركة
مشكلة في البحث في الجهاز	RSS	Arabic Rss	0	10-29-2010 01:12 PM
المتصفح المفضل لدى الجميع [Mozilla Firefox v3.6.7] مع الشرح+[Firefox 4 Beta1]عربي و..	RSS	Arabic Rss	0	07-22-2010 09:58 PM
عندي مشكلة بـ Firefox مع الهوتميل	RSS	Arabic Rss	0	07-07-2010 01:10 PM
مشكلة في المتصفح Mozilla Firefox 3.6.4	RSS	Arabic Rss	0	06-27-2010 11:01 AM
مشكلة عند فتح متصفح mozilla firefox	RSS	Arabic Rss	0	06-19-2010 01:04 PM

مشكلة في البحث في firefox

Arabic Rss