[تم حل المشكلة]أرجوكم حل للخطأ 0xc00007b

الحالة
مغلق و غير مفتوح للمزيد من الردود.
Hmammou

Hmammou

زيزوومى محترف
إنضم
16 مارس 2010
المشاركات
2,195
مستوى التفاعل
77
النقاط
740
الإقامة
Tunisia
غير متصل
بسم الله الرحمان الرحيم

أخواني الأعزاء هذه المدة حصل لي خطأ فقلت ما ألاقي حل إلا في زيزووم

وهذه صورة للخطأ

0xc00007b.bmp

عذرا لأن نظامي بالفرنسية

وهذا تقرير الفحص سريع للـ Bitdefender


كود: 
QuickScan Beta 32-bit v0.9.9.35
كود: 
[CENTER]-------------------------------[/CENTER]
 
[CENTER]Scan date:  Fri Sep 03 19:12:40 2010[/CENTER]
 
[CENTER]Machine ID: B08D8298[/CENTER]
 
 
 
 
 
[CENTER]Found 39 infected files![/CENTER]
 
[CENTER]------------------------

C:\WINDOWS\system32\wuauclt.exe --> Win32.Parite.B
[CENTER]--> Process wuauclt.exe (1476)
--> Process wuauclt.exe (680)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uha7.tmp --> Trojan.Generic.2616149
--> Process explorer.exe (196)
--> Process wuauclt.exe (680)
C:\WINDOWS\system32\msfeedssync.exe --> Win32.Parite.B
--> c:\windows\tasks\user_feed_synchronization-{06c0b234-1af6-4fbb-8b75-5d7b361e633a}.job
--> c:\windows\tasks\user_feed_synchronization-{47813102-7cf0-45e9-a4b9-7a7b09e2ee75}.job
C:\WINDOWS\system32\sessmgr.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\RDSessMgr\"ImagePath"
C:\WINDOWS\system32\msiexec.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\MSIServer\"ImagePath"
C:\WINDOWS\system32\netdde.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\NetDDEdsdm\"ImagePath"
C:\WINDOWS\system32\cisvc.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\CiSvc\"ImagePath"
C:\WINDOWS\System32\ups.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\UPS\"ImagePath"
C:\Program Files\Real\RealUpgrade\realupgrade.exe --> Win32.Parite.B
--> c:\windows\tasks\realupgradelogontasks-1-5-21-776561741-1336601894-1644491937-500.job
--> c:\windows\tasks\realupgradescheduledtasks-1-5-21-776561741-1336601894-1644491937-500.job
C:\WINDOWS\system32\msdtc.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\MSDTC\"ImagePath"
C:\WINDOWS\Temp\jra2.tmp --> Trojan.Generic.2616149
--> Process vmware-authd.exe (2044)
C:\WINDOWS\system32\clipsrv.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\ClipSrv\"ImagePath"
C:\WINDOWS\Temp\wbqCA.tmp --> Trojan.Generic.2616149
--> Process wuauclt.exe (1476)
C:\WINDOWS\System32\dmadmin.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\dmadmin\"ImagePath"
C:\WINDOWS\system32\locator.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\RpcLocator\"ImagePath"
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\clr_optimization_v2.0.50727_32\"ImagePath"
C:\WINDOWS\system32\tlntsvr.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\TlntSvr\"ImagePath"
C:\WINDOWS\system32\imapi.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\ImapiService\"ImagePath"
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\clr_optimization_v4.0.30319_32\"ImagePath"
C:\WINDOWS\system32\cmd.exe --> Win32.Parite.B
--> HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\"AlternateShell"
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe --> Win32.Parite.B
--> HKLM\Software\Microsoft\Internet Explorer\Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583}\"Exec"
C:\WINDOWS\Temp\uxa4.tmp --> Trojan.Generic.2616149
--> Process vmware-authd.exe (2044)
C:\Program Files\faceplus\pre_faceplus.exe --> Win32.Parite.B
--> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"Face-Plus"
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\aspnet_state\"ImagePath"
C:\WINDOWS\system32\dllhost.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\COMSysApp\"ImagePath"
--> HKLM\System\ControlSet001\services\SwPrv\"ImagePath"
C:\WINDOWS\system32\rsvp.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\RSVP\"ImagePath"
C:\WINDOWS\System32\alg.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\ALG\"ImagePath"
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\gusvc\"ImagePath"
C:\WINDOWS\System32\vssvc.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\VSS\"ImagePath"
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\WPFFontCache_v0400\"ImagePath"
C:\WINDOWS\system32\smlogsvc.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\SysmonLog\"ImagePath"
C:\WINDOWS\system32\spupdsvc.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\spupdsvc\"ImagePath"
C:\WINDOWS\System32\SCardSvr.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\SCardSvr\"ImagePath"
C:\WINDOWS\system32\mnmsrvc.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\mnmsrvc\"ImagePath"
C:\WINDOWS\system32\spoolsv.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\Spooler\"ImagePath"
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\ServiceLayer\"ImagePath"
c:\windows\system32\userinit.exe --> Win32.Parite.B
--> HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Userinit"
C:\WINDOWS\system32\KB905474\wgasetup.exe --> Win32.Parite.B
--> c:\windows\tasks\wgasetup.job
C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\ufad-ws60\"ImagePath"[/CENTER]
[/CENTER]

 
 
 
 
 
 
[CENTER]Processes[/CENTER]
 
[CENTER]---------

<unsigned>  Face-Plus Application                    1452    C:\Program Files\faceplus\faceplus.exe
[CENTER]<unsigned>  Microsoft® Windows® Operating System      680    C:\WINDOWS\system32\wuauclt.exe
<unsigned>  Microsoft® Windows® Operating System     1476    C:\WINDOWS\system32\wuauclt.exe
<unsigned>  Realtek Sound Manager                    1092    C:\WINDOWS\soundman.exe
<unsigned>  Système d'exploitation Microsoft® Windo   196    C:\WINDOWS\explorer.exe
<unsigned>  Système d'exploitation Microsoft® Windo  1660    C:\WINDOWS\system32\winlogon.exe
<verified>  Google Update                            1692    C:\Program Files\Google\Update\GoogleUpdate.exe
<verified>  Java(TM) Platform SE 6 U21               1588    C:\Program Files\Java\jre6\bin\jqs.exe
<verified>  Microsoft® Windows® Operating System     1516    C:\WINDOWS\system32\csrss.exe
<verified>  Microsoft® Windows® Operating System     1956    C:\WINDOWS\system32\lsass.exe
<verified>  Microsoft® Windows® Operating System      452    C:\WINDOWS\system32\svchost.exe
<verified>  Microsoft® Windows® Operating System      556    C:\WINDOWS\system32\svchost.exe
<verified>  Microsoft® Windows® Operating System     1388    C:\WINDOWS\system32\svchost.exe
<verified>  Microsoft® Windows® Operating System     1508    C:\WINDOWS\system32\svchost.exe
<verified>  Microsoft® Windows® Operating System     2012    C:\WINDOWS\system32\svchost.exe
<verified>  RealPlayer (32-bit)                      1032    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
<verified>  Système d'exploitation Microsoft® Windo  1904    C:\WINDOWS\system32\services.exe
<verified>  Système d'exploitation Microsoft® Windo   928    C:\WINDOWS\system32\smss.exe
<verified>  Système d'exploitation Microsoft® Windo   788    C:\WINDOWS\system32\wbem\wmiapsrv.exe
<verified>  VMware Workstation                        216    C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
<verified>  VMware Workstation                       2044    C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
<verified>  VMware Workstation                       1736    C:\WINDOWS\system32\vmnat.exe
<verified>  VMware Workstation                       1636    C:\WINDOWS\system32\vmnetdhcp.exe
<verified>  Windows® Internet Explorer                712    C:\Program Files\Internet Explorer\iexplore.exe
<verified>  Windows® Internet Explorer                800    C:\Program Files\Internet Explorer\iexplore.exe[/CENTER]
[/CENTER]

 
 
 
 
 
 
[CENTER]Network activity[/CENTER]
 
[CENTER]----------------

Process iexplore.exe (800) connected on port 80 (HTTP) --> 209.85.227.139
[CENTER]Process iexplore.exe (800) connected on port 80 (HTTP) --> 88.221.61.115
Process iexplore.exe (800) connected on port 80 (HTTP) --> 77.67.29.32
Process iexplore.exe (800) connected on port 80 (HTTP) --> 77.67.29.32
Process iexplore.exe (800) connected on port 80 (HTTP) --> 69.63.176.186
Process iexplore.exe (800) connected on port 80 (HTTP) --> 92.123.148.20
Process iexplore.exe (800) connected on port 80 (HTTP) --> 173.192.230.28
Process iexplore.exe (800) connected on port 80 (HTTP) --> 173.192.230.28
Process iexplore.exe (800) connected on port 80 (HTTP) --> 173.192.230.28
Process iexplore.exe (800) connected on port 80 (HTTP) --> 173.192.230.28
Process iexplore.exe (800) connected on port 80 (HTTP) --> 173.192.230.28
Process iexplore.exe (800) connected on port 80 (HTTP) --> 173.192.230.28
Process iexplore.exe (800) connected on port 80 (HTTP) --> 173.192.230.28
Process iexplore.exe (800) connected on port 80 (HTTP) --> 173.192.230.28
Process iexplore.exe (800) connected on port 80 (HTTP) --> 173.192.230.28
Process iexplore.exe (800) connected on port 80 (HTTP) --> 173.192.230.28
Process iexplore.exe (800) connected on port 80 (HTTP) --> 173.192.230.28
Process iexplore.exe (800) connected on port 80 (HTTP) --> 69.63.190.18
Process svchost.exe (556) listens on ports: 135 (RPC)
Process vmware-authd.exe (2044) listens on ports: 912[/CENTER]
[/CENTER]

 
 
 
 
 
 
[CENTER]Autoruns and critical files[/CENTER]
 
[CENTER]---------------------------

<unsigned>  Application faceplus                     C:\Program Files\faceplus\pre_faceplus.exe
[CENTER]<unsigned>  MemoryDefrag.exe                         C:\Program Files\Windows Doctor\MemoryDefrag.exe
<unsigned>  Microsoft Genuine Advantage              C:\WINDOWS\system32\KB905474\wgasetup.exe
<unsigned>  Realtek Sound Manager                    C:\WINDOWS\soundman.exe
<unsigned>  RealUpgrade                              C:\Program Files\Real\RealUpgrade\realupgrade.exe
<unsigned>  Système d'exploitation Microsoft® Windo  C:\WINDOWS\system32\browseui.dll
<unsigned>  Système d'exploitation Microsoft® Windo  C:\WINDOWS\system32\cscdll.dll
<unsigned>  Système d'exploitation Microsoft® Windo  C:\WINDOWS\system32\logonui.exe
<unsigned>  Système d'exploitation Microsoft® Windo  C:\WINDOWS\system32\stobject.dll
<unsigned>  Système d'exploitation Microsoft® Windo  c:\windows\system32\userinit.exe
<unsigned>  Windows® Internet Explorer               C:\WINDOWS\system32\msfeedssync.exe
<verified>  Google Update                            C:\Program Files\Google\Update\GoogleUpdate.exe
<verified>  Microsoft® Windows® Operating System     C:\WINDOWS\system32\cryptnet.dll
<verified>  Microsoft® Windows® Operating System     C:\WINDOWS\system32\WPDShServiceObj.dll
<verified>  RealPlayer (32-bit)                      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
<verified>  Système d'exploitation Microsoft® Windo  C:\WINDOWS\system32\crypt32.dll
<verified>  Système d'exploitation Microsoft® Windo  C:\WINDOWS\system32\sclgntfy.dll
<verified>  Système d'exploitation Microsoft® Windo  C:\WINDOWS\system32\shell32.dll
<verified>  Système d'exploitation Microsoft® Windo  C:\WINDOWS\system32\upnpui.dll
<verified>  Système d'exploitation Microsoft® Windo  C:\WINDOWS\system32\wlnotify.dll
<verified>  WindowBlinds 5.x for x86 machines        C:\WINDOWS\system32\wbsys.dll
<verified>  Windows® Internet Explorer               C:\WINDOWS\system32\webcheck.dll[/CENTER]
[/CENTER]

 
 
 
 
 
 
[CENTER]Browser plugins[/CENTER]
 
[CENTER]---------------

<unsigned>  Download.dll                             C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\tatlsl8z.default\extensions\firedownload@mozilla.org\Download.dll
[CENTER]<unsigned>  facemoods.com                            c:\program files\facemoods.com\facemoods\1.3.60.23\facemoodstlbr.dll
<unsigned>  Google Earth Plugin                      C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
<unsigned>  Java(TM) Platform SE 6 U21               C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
<unsigned>  Microsoft® Windows® Operating System     C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
<unsigned>  Namoroka                                 C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\tatlsl8z.default\extensions\firedownload@mozilla.org\components\firedownload.dll
<unsigned>  Namoroka                                 C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\tatlsl8z.default\extensions\firetorrent@radicalsoft.com\components\firetorrent.dll
<unsigned>  QuickTime Plug-in 7.6.7                  C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned>  QuickTime Plug-in 7.6.7                  C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned>  QuickTime Plug-in 7.6.7                  C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned>  QuickTime Plug-in 7.6.7                  C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned>  QuickTime Plug-in 7.6.7                  C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned>  QuickTime Plug-in 7.6.7                  C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned>  QuickTime Plug-in 7.6.7                  C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned>  QuickTime Plug-in 7.6.7                  C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned>  QuickTime Plug-in 7.6.7                  C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned>  QuickTime Plug-in 7.6.7                  C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned>  QuickTime Plug-in 7.6.7                  C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned>  QuickTime Plug-in 7.6.7                  C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned>  QuickTime Plug-in 7.6.7                  C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned>  QuickTime Plug-in 7.6.7                  C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<unsigned>  RealJukebox NS Plugin                    C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
<unsigned>  RealJukebox NS Plugin                    C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
<unsigned>  RealPlayer Version Plugin                C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
<unsigned>  RealPlayer Version Plugin                C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
<unsigned>  RealPlayer(tm) HTML5VideoShim Plug-In (  C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
<unsigned>  tb.dll                                   c:\program files\yoono sidebar\tb.dll
<unsigned>  ybho.dll                                 c:\program files\yoono sidebar\ybho.dll
<verified>  Adobe Acrobat                            C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
<verified>  BitDefender QuickScan                    C:\WINDOWS\Downloaded Program Files\qsax.dll
<verified>  getPlusPlus for Adobe 16287              C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\tatlsl8z.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
<verified>  getPlusPlus for Adobe 16287              C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
<verified>  Google Update                            C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
<verified>  Java Deployment Toolkit 6.0.210.7        C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
<verified>  Java(TM) Platform SE 6 U21               C:\Program Files\Java\jre6\bin\jp2ssv.dll
<verified>  Java(TM) Platform SE 6 U21               C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
<verified>  Microsoft® Windows Live Login Helper     C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
<verified>  Microsoft® Windows Media Player Firefox  C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
<verified>  Microsoft® Windows® Operating System     C:\WINDOWS\system32\rsvpsp.dll
<verified>  Microsoft® Windows® Operating System     C:\WINDOWS\system32\winrnr.dll
<verified>  Mozilla Default Plug-in                  C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified>  nppdf32.FRA                              C:\Program Files\Mozilla Firefox\plugins\nppdf32.FRA
<verified>  NPSWF32.dll                              C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
<verified>  Picasa                                   C:\Program Files\Google\Picasa3\npPicasa3.dll
<verified>  RealPlayer Download and Record Plugin    C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
<verified>  RealPlayer(tm) G2 LiveConnect-Enabled P  C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
<verified>  RealPlayer(tm) G2 LiveConnect-Enabled P  C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
<verified>  Shockwave for Director                   C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
<verified>  Silverlight Plug-In                      C:\Program Files\Microsoft Silverlight\4.0.50826.0\npctrl.dll
<verified>  Système d'exploitation Microsoft® Windo  C:\WINDOWS\system32\mswsock.dll
<verified>  VMware Workstation                       C:\Program Files\VMware\VMware Workstation\vsocklib.dll
<verified>  Windows Genuine Advantage                C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
<verified>  Windows Live® Photo Gallery              C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
<verified>  Windows Presentation Foundation          c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verified>  Windows® Internet Explorer               C:\WINDOWS\system32\ieframe.dll[/CENTER]
[/CENTER]

 
 
 
 
 
 
[CENTER]Missing files[/CENTER]
 
[CENTER]-------------

File not found: C:\Program Files\Avira\AntiVir Desktop\avgio.sys
[CENTER]--> HKLM\System\ControlSet001\services\avgio\"ImagePath"
File not found: C:\Program Files\Avira\AntiVir Desktop\avguard.exe
--> HKLM\System\ControlSet001\services\AntiVirService\"ImagePath"
File not found: C:\Program Files\Avira\AntiVir Desktop\sched.exe
--> HKLM\System\ControlSet001\services\AntiVirSchedulerService\"ImagePath"
File not found: C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
--> HKLM\System\ControlSet001\services\MsMpSvc\"ImagePath"
File not found: C:\WINDOWS\System32\hidserv.dll
--> HKLM\System\ControlSet001\services\HidServ\Parameters\"ServiceDll"
File not found: C:\WINDOWS\system32\nvsvc32.exe
--> HKLM\System\ControlSet001\services\NVSvc\"ImagePath"
File not found: C:\WINDOWS\system32\zntport.sys
--> HKLM\System\ControlSet001\services\zntport\"ImagePath"
File not found: system32\DRIVERS\VBoxNetFlt.sys
--> HKLM\System\ControlSet001\services\VBoxNetFlt\"ImagePath"
File not found: system32\drivers\pmfilt.sys
--> HKLM\System\ControlSet001\services\pmfilt\"ImagePath"
File not found: system32\drivers\pmhelp.sys
--> HKLM\System\ControlSet001\services\pmhelp\"ImagePath"[/CENTER]
[/CENTER]

 
 
 
 
 
 
[CENTER]Scan[/CENTER]
 
[CENTER]----

<unsigned>  MD5: caaff050997b84a1e7347adb34ca63b9  C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\tatlsl8z.default\extensions\firedownload@mozilla.org\components\firedownload.dll
[CENTER]<unsigned>  MD5: a5d8bb31502ad806907650c5d53d583b  C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\tatlsl8z.default\extensions\firedownload@mozilla.org\Download.dll
<unsigned>  MD5: 2fa45b1544eea6f34c56e07b2d21c484  C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\tatlsl8z.default\extensions\firetorrent@radicalsoft.com\components\firetorrent.dll
<unsigned>  MD5: 13f611ad51310d4a6ef0d87d7d4e8ea5  C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
<unsigned>  MD5: 33e87713c7fe08c5f861e2819ed33a0e  C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
<unsigned>  MD5: 685f1cbd4af30a1d0c25f252d399a666  C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uha7.tmp
<unsigned>  MD5: 1184b7de8056d0028337afcf9bdbcaf1  c:\program files\facemoods.com\facemoods\1.3.60.23\facemoodstlbr.dll
<unsigned>  MD5: 9643d8313de882fc659a873b28b22d51  C:\Program Files\faceplus\faceplus.exe
<unsigned>  MD5: f3982c20cef573fa8e9689c63f167db6  C:\Program Files\faceplus\pre_faceplus.exe
<unsigned>  MD5: 2caaef5ab410a5d69d57e3be0870e589  C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\pdfshell.FRA
<unsigned>  MD5: cb9852db1b4e56a9740fdc6e8de94e63  C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
<unsigned>  MD5: ff801260d36068c07a5308bcf5819baf  C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
<unsigned>  MD5: 4a93524b0dfeea362de46b441c7667dc  C:\Program Files\Haali\MatroskaSplitter\mkunicode.dll
<unsigned>  MD5: 9bf1a8af22aadc7727f4e395c5c09b1b  C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll
<unsigned>  MD5: bb926d30d9f25c11f05ddd9ac9482ddd  C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned>  MD5: bb926d30d9f25c11f05ddd9ac9482ddd  C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned>  MD5: bb926d30d9f25c11f05ddd9ac9482ddd  C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned>  MD5: bb926d30d9f25c11f05ddd9ac9482ddd  C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned>  MD5: bb926d30d9f25c11f05ddd9ac9482ddd  C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned>  MD5: bb926d30d9f25c11f05ddd9ac9482ddd  C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned>  MD5: bb926d30d9f25c11f05ddd9ac9482ddd  C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned>  MD5: 2d5394ff0e31ffefb5049f0911e91d89  C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
<unsigned>  MD5: bb926d30d9f25c11f05ddd9ac9482ddd  C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned>  MD5: bb926d30d9f25c11f05ddd9ac9482ddd  C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned>  MD5: bb926d30d9f25c11f05ddd9ac9482ddd  C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned>  MD5: bb926d30d9f25c11f05ddd9ac9482ddd  C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned>  MD5: bb926d30d9f25c11f05ddd9ac9482ddd  C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned>  MD5: bb926d30d9f25c11f05ddd9ac9482ddd  C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned>  MD5: bb926d30d9f25c11f05ddd9ac9482ddd  C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<unsigned>  MD5: ae6e41e603ec3bec8afa2c7fec7f6a62  C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
<unsigned>  MD5: bf7fddf686d4d8f5ca9409222309632f  C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
<unsigned>  MD5: af8038213a2470645a1995fc4376ad0e  C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
<unsigned>  MD5: 65aaaae3683285cb07e94017f49e11cc  C:\Program Files\QuickTime\QTSystem\CoreVideo.qtx
<unsigned>  MD5: 6ef18117cfc0f0e8ea301cc6c1abd511  C:\Program Files\QuickTime\QTSystem\QTCF.dll
<unsigned>  MD5: adb44517a839ee94132da3d548a16ad2  C:\Program Files\QuickTime\QTSystem\QuickTime.qts
<unsigned>  MD5: c5818fc1b9a04d2e1ecaf9241412257f  C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\QuickTime.dll
<unsigned>  MD5: 769ba2c0516c2cb44fdfc7329ea3c762  C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.qtx
<unsigned>  MD5: b5a0c3c92ec381f93f7ee2ea9705d0e6  C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.qtx
<unsigned>  MD5: ccda4f5727c3604c9d58506ad52d8b57  C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.qtx
<unsigned>  MD5: 56dd59d810d58dbe439d6b58909b09e7  C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.qtx
<unsigned>  MD5: 55127512330f03f76edbe9cda25f83e3  C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.qtx
<unsigned>  MD5: 8c9a49dc6f15b66c532037e66ff7c625  C:\Program Files\QuickTime\QTSystem\QuickTimeEffects.qtx
<unsigned>  MD5: 45a0d2a39dbe8d853b1a81c0215864b0  C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.qtx
<unsigned>  MD5: b128c415af501a475586d9c9017dff18  C:\Program Files\QuickTime\QTSystem\QuickTimeH264.qtx
<unsigned>  MD5: b4f6b2b3abfa003689d3eeaff107adb7  C:\Program Files\QuickTime\QTSystem\QuickTimeImage.qtx
<unsigned>  MD5: 65a7906b958481d62f44291cdc675ac0  C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.qtx
<unsigned>  MD5: 7f7e9ac081de86a2b89c5e1182552487  C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG.qtx
<unsigned>  MD5: 89b63d322b51d547d10e6203c057ea26  C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.qtx
<unsigned>  MD5: 0fbce675bbe6a3ed430b815d59304d14  C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.qtx
<unsigned>  MD5: d95ec0ebc0bfd69ad3f4033ff09fc8c2  C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.qtx
<unsigned>  MD5: 50e52d2f6da19c3629ab5382697a3921  C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.qtx
<unsigned>  MD5: a64d04d44b671afe73f26de2047e6489  C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.qtx
<unsigned>  MD5: e91688c175f69cd4bbd67cad5a83c0ec  C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.qtx
<unsigned>  MD5: 2cef75d60c98bd02e7b5624da6f150e2  C:\Program Files\QuickTime\QTSystem\QuickTimeVR.qtx
<unsigned>  MD5: 8a6b109de0918ead7c3181ed016164a0  C:\Program Files\Real\RealPlayer\hxaudiodevicehook.dll
<unsigned>  MD5: 0092348e1204f47c90e6c167ed46a504  C:\Program Files\Real\RealPlayer\lang\rpbrp_fr.dll
<unsigned>  MD5: ae6e41e603ec3bec8afa2c7fec7f6a62  C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
<unsigned>  MD5: bf7fddf686d4d8f5ca9409222309632f  C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
<unsigned>  MD5: 58d8500f83639c46a5d3272c74178628  C:\Program Files\Real\RealUpgrade\realupgrade.exe
<unsigned>  MD5: b73395ac594243fe083eab8f18728be6  C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
<unsigned>  MD5: 87a041ec63b4ac64edb5fe4abe148fa8  C:\Program Files\Windows Doctor\MemoryDefrag.exe
<unsigned>  MD5: ce611449c858ad3644807b3dbb75a474  C:\Program Files\Windows Media Player\WMPNetwk.exe
<unsigned>  MD5: 313438f7d1389c5478ff85feda13d95c  c:\program files\yoono sidebar\tb.dll
<unsigned>  MD5: 4dcfb2fb637344df409bff9134935800  c:\program files\yoono sidebar\ybho.dll
<unsigned>  MD5: 3efe912dd25d2586e6a0341db0a66f69  C:\WINDOWS\explorer.exe
<unsigned>  MD5: 1bf5adcdc841b69ab00187abd53253a1  C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
<unsigned>  MD5: 844d0ba303d37e73b860d684f35e0ca1  C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
<unsigned>  MD5: f7e2b42a1a4d28d8932d437d0c6091af  C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
<unsigned>  MD5: 38c1c9e5fc2e06179b136f8bc75e4ffe  C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
<unsigned>  MD5: 8747b0175f9dc1d4e23b59376ccd999f  C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
<unsigned>  MD5: 18cac7e8dafb1e02df2af60c252ec5f5  C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
<unsigned>  MD5: 326fa02660b40a63a71b0205362aa0a4  C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
<unsigned>  MD5: fa8f537e02c8ddcff0eebef8ef9df5bf  C:\WINDOWS\soundman.exe
<unsigned>  MD5: 36da51ee199b4180656b272e00582169  C:\WINDOWS\System32\alg.exe
<unsigned>  MD5: 17de9951b59201d52b98ba04fea9873c  C:\WINDOWS\system32\batmeter.dll
<unsigned>  MD5: a96b52ea121afc13f4f3be184b9a7cc9  C:\WINDOWS\system32\browseui.dll
<unsigned>  MD5: 34a4f18969e61df5c069881cbb5a2877  C:\WINDOWS\system32\cisvc.exe
<unsigned>  MD5: 14053e23f08d0f700fa55876ffae703e  C:\WINDOWS\system32\clipsrv.exe
<unsigned>  MD5: f4e34c54298da77015ffb92a17bf094c  C:\WINDOWS\system32\cmd.exe
<unsigned>  MD5: d449df66b6335b443508a58b1e8db996  C:\WINDOWS\system32\comctl32.dll
<unsigned>  MD5: 065dd2c839e1f0e58aa2dfea15664feb  C:\WINDOWS\system32\comdlg32.dll
<unsigned>  MD5: 699d22b70d6cd1b9759a14d10256a715  C:\WINDOWS\system32\comres.dll
<unsigned>  MD5: b69eaef94b25e53728d81c6d1f423b27  C:\WINDOWS\system32\credui.dll
<unsigned>  MD5: 40135c166ab6f5bd748465257effd300  C:\WINDOWS\system32\cryptui.dll
<unsigned>  MD5: 2104dfd839be5ce971ac3be0c0087c82  C:\WINDOWS\system32\cscdll.dll
<unsigned>  MD5: cf0729e54791621ab9a2e1af371c750a  C:\WINDOWS\system32\cscui.dll
<unsigned>  MD5: 7e2830254fc158ac40a59dfdeb3a8bd5  C:\WINDOWS\system32\dllhost.exe
<unsigned>  MD5: 6555147d91ee6652a5f932fd047d0998  C:\WINDOWS\System32\dmadmin.exe
<unsigned>  MD5: b13408a5d89dcc39992ca0ddce3c86ba  C:\WINDOWS\system32\drivers\DMBOOT.sys
<unsigned>  MD5: 4b8e401eebf76cd726834a16794a7b58  C:\WINDOWS\system32\drivers\TCPIP.sys
<unsigned>  MD5: afb10ad9aa91d2f70c9f0e6bda0d119b  C:\WINDOWS\System32\Drivers\vmusb.sys
<unsigned>  MD5: acb3e43df97925df1964699c13c8da2b  C:\WINDOWS\system32\imapi.exe
<unsigned>  MD5: a55db42bc32099bb6008d66fd339753a  C:\WINDOWS\system32\KB905474\wgasetup.exe
<unsigned>  MD5: 2967cc2473e9dbc07cba43a20e3ed047  C:\WINDOWS\system32\locator.exe
<unsigned>  MD5: 88fad0d7dc19f39a40d3604c7839aa5c  C:\WINDOWS\system32\logonui.exe
<unsigned>  MD5: ab7a783f77fbead0e4882a278ab785aa  C:\WINDOWS\system32\mnmsrvc.exe
<unsigned>  MD5: 32537d99a4c936cbb9f2e9e67809f9e4  C:\WINDOWS\system32\modemui.dll
<unsigned>  MD5: bb6daf2d8db7d4e8f4255b93d38c67e8  C:\WINDOWS\system32\msdtc.exe
<unsigned>  MD5: 907fca99cb1cd67bdbd58628434f558d  C:\WINDOWS\system32\msfeedssync.exe
<unsigned>  MD5: a603d8f0a7cdf0a459af2c51fafa9358  C:\WINDOWS\system32\msgina.dll
<unsigned>  MD5: f45d32bea6ba4406034b504795c646c5  C:\WINDOWS\system32\msieftp.dll
<unsigned>  MD5: 1d4a2b4baa0d9802c0b16a6a4c99a001  C:\WINDOWS\system32\msiexec.exe
<unsigned>  MD5: 1874bbad9ae4c993b74b7abaa8b9d535  C:\WINDOWS\system32\msvcp71.dll
<unsigned>  MD5: e5eecec5b24009c09069e5fa25bd4e7c  C:\WINDOWS\system32\netdde.exe
<unsigned>  MD5: 45f3f687e9f6d0f03fcd1a40105b454b  C:\WINDOWS\system32\netshell.dll
<unsigned>  MD5: b437b76fade0e9401b6ccc739355fcdd  C:\WINDOWS\system32\ntshrui.dll
<unsigned>  MD5: b063b4b5a8ad27b1fd0aa41795d75167  C:\WINDOWS\system32\odbcint.dll
<unsigned>  MD5: 9549e1c756c86a77292069176c2ba1b6  C:\WINDOWS\system32\rasdlg.dll
<unsigned>  MD5: 992f82babbac10f149147d32c9322e80  C:\WINDOWS\system32\rsvp.exe
<unsigned>  MD5: 4595c451d8534e2f532189e051a20743  C:\WINDOWS\System32\SCardSvr.exe
<unsigned>  MD5: 27f668822a74bc7b93794b20b8079be7  C:\WINDOWS\system32\sessmgr.exe
<unsigned>  MD5: 9f46795bfb317a6f12297da807194d8c  C:\WINDOWS\system32\setupapi.dll
<unsigned>  MD5: 766cc1864f4ac12932f356cb656dcd89  C:\WINDOWS\system32\sfc_os.dll
<unsigned>  MD5: 2c466bd74b623caf9d0df591954796c9  C:\WINDOWS\system32\shdoclc.dll
<unsigned>  MD5: 8182451a19f742a25f3722be3b21522a  C:\WINDOWS\system32\shdocvw.dll
<unsigned>  MD5: 2fbbc95e5ff442f2a87fc326348f19fd  C:\WINDOWS\system32\smlogsvc.exe
<unsigned>  MD5: 9cd7ba3f089dafeff6a3eb11ed127ac1  C:\WINDOWS\system32\spoolsv.exe
<unsigned>  MD5: 527d1b730127f5d8ee9e45acd525b7d2  C:\WINDOWS\system32\spupdsvc.exe
<unsigned>  MD5: ef00e20a39cf6d3e934c6ec21b72e2bf  C:\WINDOWS\system32\stobject.dll
<unsigned>  MD5: 771ae5e97a7726cea2b3d26cc7c18217  C:\WINDOWS\system32\sxs.dll
<unsigned>  MD5: 47588de6fcd8b40a1070a61e8487eab5  C:\WINDOWS\system32\themeui.dll
<unsigned>  MD5: f83be5cdc104724ac6b3c9235b940cd0  C:\WINDOWS\system32\tlntsvr.exe
<unsigned>  MD5: b3f58cfc014741bd6427aa6b00896f25  C:\WINDOWS\system32\unimdm.tsp
<unsigned>  MD5: acfcf610cea607cb4b80b47847b27d53  C:\WINDOWS\System32\ups.exe
<unsigned>  MD5: de4a4ac7328fc80156034e7eb283676d  C:\WINDOWS\system32\user32.dll
<unsigned>  MD5: 7dcfbf259c4c310a2fb40b63944cf1d8  c:\windows\system32\userinit.exe
<unsigned>  MD5: ddc3a522442309e1e069c17fb10d003d  C:\WINDOWS\system32\uxtheme.dll
<unsigned>  MD5: ba1a4a2b0be95eb117a7c461aff9cdad  C:\WINDOWS\System32\vssvc.exe
<unsigned>  MD5: de669722494cf41f6e39a62b3b08525c  C:\WINDOWS\system32\winlogon.exe
<unsigned>  MD5: 640712ddfd3de3ad1fda456bd08374a3  C:\WINDOWS\system32\winsrv.dll
<unsigned>  MD5: ed2811f3650bf3b08c2ca3c9caa539e9  C:\WINDOWS\system32\wuauclt.exe
<unsigned>  MD5: 685f1cbd4af30a1d0c25f252d399a666  C:\WINDOWS\Temp\jra2.tmp
<unsigned>  MD5: 685f1cbd4af30a1d0c25f252d399a666  C:\WINDOWS\Temp\uxa4.tmp
<unsigned>  MD5: 685f1cbd4af30a1d0c25f252d399a666  C:\WINDOWS\Temp\wbqCA.tmp
The following file(s) must be uploaded for server-side scanning:
C:\Program Files\Real\RealUpgrade\realupgrade.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\KB905474\wgasetup.exe
C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
Upload started - 11 file(s)
imapi.exe (328156)
realupgrade.exe (353750)
vmware-ufad.exe (370144)
GoogleUpdaterService.exe (372192)
dmadmin.exe (402902)
vssvc.exe (473054)
cmd.exe (580576)
wgasetup.exe (631770)
ServiceLayer.exe (793566)
xpnetdiag.exe (885720)
WPFFontCache_v0400.exe (931286)
Upload speed - 45 KB/s
Upload finished - 11 uploaded, 0 failed
Scan finished - communication took 132 sec
Total traffic - 5.86 MB sent, 1.36 KB recvd
Scanned 737 files and modules - 184 seconds
==============================================================================[/CENTER]
[/CENTER]


وهذا تقرير HijackThis​




كود: 
Logfile of Trend Micro HijackThis v2.0.2



كود: 
[CENTER]Scan saved at 19:34:31, on 03/09/2010[/CENTER]
 
 
 
[CENTER]Platform: Windows XP SP3 (WinNT 5.01.2600)[/CENTER]
 
 
[CENTER]MSIE: Internet Explorer v8.00 (8.00.6001.18702)[/CENTER]
 

[CENTER]Boot mode: Normal
 
[CENTER]Running processes:

C:\WINDOWS\System32\smss.exe
[CENTER]C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\faceplus\faceplus.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [URL]http://www.bing.com/?pc=AVBR[/URL]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [URL]http://start.facemoods.com/?a=snd&s={searchTerms}&f=4[/URL]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Yoono BHO - {CC24584F-A50F-4138-B1B7-F0255274DB9A} - C:\PROGRA~1\YOONOS~1\ybho.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.3.60.23\facemoodsTlbr.dll
O3 - Toolbar: Yoono toolbar - {D86FA331-DF95-46C8-8978-4C00D084C9A1} - C:\PROGRA~1\YOONOS~1\tb.dll
O4 - HKLM\..\Run: [Face-Plus] C:\Program Files\faceplus\pre_faceplus.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SERVICE RESEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O8 - Extra context menu item: &Search - [URL]http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?s=100000341&p=GRfox000&si=&a=RJasti1G6pVs4UOORoOuyQ&n=2010071909[/URL]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Télécharger avec Mipony - [URL]file://C:\Program[/URL] Files\MiPony\Browser\IEContext.htm
O9 - Extra button: Yoono - {3E286614-05AE-4736-B01D-D71BD9A42B16} - C:\PROGRA~1\YOONOS~1\tb.dll
O9 - Extra 'Tools' menuitem: Display Yoono - {3E286614-05AE-4736-B01D-D71BD9A42B16} - C:\PROGRA~1\YOONOS~1\tb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O15 - Trusted IP range: [URL]http://192.168.1.1[/URL]
O15 - ESC Trusted IP range: [URL]http://192.168.1.1[/URL]
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (BitDefender QuickScan Control) - [URL]http://quickscan.bitdefender.com/qsax/qsax.cab[/URL]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\sched.exe (file missing)
O23 - Service: Avira AntiVir Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (file missing)
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
--
End of file - 6710 bytes[/CENTER]
[/CENTER]


[/CENTER]



وهذا تقرير الـ Runscanner​










أتمنى منكم حل في أسر وقت لأنني أفكر في الفورمات​
 

توقيع : Hmammou
ترتيب حسب التاريخ ترتيب حسب الأصوات
أخواني أن أني أعطيتكم كل المعلومات بما فيها تقرير الهايجاك و الرن سكانر مرتين
 
توقيع : Hmammou
تأييد 0
أخي أتاني هذا الخطأ Sorry, uploading a file with the extension "run" is not allowed.
 
توقيع : Hmammou
تأييد 0
أخي هذا التقرير إذا إحتجته
************' Anti-Malware 1.46
www.************.org
Database version: 4545
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
04/09/2010 22:39:14
mbam-log-2010-09-04 (22-39-14).txt
Scan type: Full scan (C:\|)
Objects scanned: 25453
Time elapsed: 18 minute(s), 50 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\Temp\qua3.tmp (Worm.Parite) -> Delete on reboot.
C:\Documents and Settings\Administrateur\Local Settings\Temp\qxa6.tmp (Worm.Parite) -> Delete on reboot.
C:\WINDOWS\Temp\ffe66.tmp (Worm.Parite) -> Delete on reboot.
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\Temp\qua3.tmp (Worm.Parite) -> Delete on reboot.
C:\Documents and Settings\Administrateur\Local Settings\Temp\qxa6.tmp (Worm.Parite) -> Delete on reboot.
C:\WINDOWS\Temp\ffe66.tmp (Worm.Parite) -> Delete on reboot.
 
توقيع : Hmammou
تأييد 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:54:49, on 04/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\faceplus\faceplus.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/?pc=AVBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=snd&s={searchTerms}&f=4
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Yoono BHO - {CC24584F-A50F-4138-B1B7-F0255274DB9A} - C:\PROGRA~1\YOONOS~1\ybho.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.3.60.23\facemoodsTlbr.dll
O4 - HKLM\..\Run: [Face-Plus] C:\Program Files\faceplus\pre_faceplus.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [IE7-10] rundll32 advpack.dll,LaunchINFSectionEx NR_IE7en.inf,AfterUserStart,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SERVICE RESEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Télécharger avec Mipony - file://C:\Program Files\MiPony\Browser\IEContext.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O15 - Trusted IP range: http://192.168.1.1
O15 - ESC Trusted IP range: http://192.168.1.1
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (BitDefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\sched.exe (file missing)
O23 - Service: Avira AntiVir Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (file missing)
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
--
End of file - 6252 bytes
 
توقيع : Hmammou
تأييد 0
توقيع : Hmammou
تأييد 0
الحالة
مغلق و غير مفتوح للمزيد من الردود.
عودة
أعلى