[تم حل المشكلة]أرجوكم حل للخطأ 0xc00007b

الحالة
مغلق و غير مفتوح للمزيد من الردود.
Hmammou

Hmammou

زيزوومى محترف
إنضم
16 مارس 2010
المشاركات
2,195
مستوى التفاعل
77
النقاط
740
الإقامة
Tunisia
غير متصل
بسم الله الرحمان الرحيم

أخواني الأعزاء هذه المدة حصل لي خطأ فقلت ما ألاقي حل إلا في زيزووم

وهذه صورة للخطأ

0xc00007b.bmp

عذرا لأن نظامي بالفرنسية

وهذا تقرير الفحص سريع للـ Bitdefender


كود: 
QuickScan Beta 32-bit v0.9.9.35
كود: 
[CENTER]-------------------------------[/CENTER]
 
[CENTER]Scan date:  Fri Sep 03 19:12:40 2010[/CENTER]
 
[CENTER]Machine ID: B08D8298[/CENTER]
 
 
 
 
 
[CENTER]Found 39 infected files![/CENTER]
 
[CENTER]------------------------

C:\WINDOWS\system32\wuauclt.exe --> Win32.Parite.B
[CENTER]--> Process wuauclt.exe (1476)
--> Process wuauclt.exe (680)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uha7.tmp --> Trojan.Generic.2616149
--> Process explorer.exe (196)
--> Process wuauclt.exe (680)
C:\WINDOWS\system32\msfeedssync.exe --> Win32.Parite.B
--> c:\windows\tasks\user_feed_synchronization-{06c0b234-1af6-4fbb-8b75-5d7b361e633a}.job
--> c:\windows\tasks\user_feed_synchronization-{47813102-7cf0-45e9-a4b9-7a7b09e2ee75}.job
C:\WINDOWS\system32\sessmgr.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\RDSessMgr\"ImagePath"
C:\WINDOWS\system32\msiexec.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\MSIServer\"ImagePath"
C:\WINDOWS\system32\netdde.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\NetDDEdsdm\"ImagePath"
C:\WINDOWS\system32\cisvc.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\CiSvc\"ImagePath"
C:\WINDOWS\System32\ups.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\UPS\"ImagePath"
C:\Program Files\Real\RealUpgrade\realupgrade.exe --> Win32.Parite.B
--> c:\windows\tasks\realupgradelogontasks-1-5-21-776561741-1336601894-1644491937-500.job
--> c:\windows\tasks\realupgradescheduledtasks-1-5-21-776561741-1336601894-1644491937-500.job
C:\WINDOWS\system32\msdtc.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\MSDTC\"ImagePath"
C:\WINDOWS\Temp\jra2.tmp --> Trojan.Generic.2616149
--> Process vmware-authd.exe (2044)
C:\WINDOWS\system32\clipsrv.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\ClipSrv\"ImagePath"
C:\WINDOWS\Temp\wbqCA.tmp --> Trojan.Generic.2616149
--> Process wuauclt.exe (1476)
C:\WINDOWS\System32\dmadmin.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\dmadmin\"ImagePath"
C:\WINDOWS\system32\locator.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\RpcLocator\"ImagePath"
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\clr_optimization_v2.0.50727_32\"ImagePath"
C:\WINDOWS\system32\tlntsvr.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\TlntSvr\"ImagePath"
C:\WINDOWS\system32\imapi.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\ImapiService\"ImagePath"
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\clr_optimization_v4.0.30319_32\"ImagePath"
C:\WINDOWS\system32\cmd.exe --> Win32.Parite.B
--> HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\"AlternateShell"
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe --> Win32.Parite.B
--> HKLM\Software\Microsoft\Internet Explorer\Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583}\"Exec"
C:\WINDOWS\Temp\uxa4.tmp --> Trojan.Generic.2616149
--> Process vmware-authd.exe (2044)
C:\Program Files\faceplus\pre_faceplus.exe --> Win32.Parite.B
--> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"Face-Plus"
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\aspnet_state\"ImagePath"
C:\WINDOWS\system32\dllhost.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\COMSysApp\"ImagePath"
--> HKLM\System\ControlSet001\services\SwPrv\"ImagePath"
C:\WINDOWS\system32\rsvp.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\RSVP\"ImagePath"
C:\WINDOWS\System32\alg.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\ALG\"ImagePath"
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\gusvc\"ImagePath"
C:\WINDOWS\System32\vssvc.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\VSS\"ImagePath"
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\WPFFontCache_v0400\"ImagePath"
C:\WINDOWS\system32\smlogsvc.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\SysmonLog\"ImagePath"
C:\WINDOWS\system32\spupdsvc.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\spupdsvc\"ImagePath"
C:\WINDOWS\System32\SCardSvr.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\SCardSvr\"ImagePath"
C:\WINDOWS\system32\mnmsrvc.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\mnmsrvc\"ImagePath"
C:\WINDOWS\system32\spoolsv.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\Spooler\"ImagePath"
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\ServiceLayer\"ImagePath"
c:\windows\system32\userinit.exe --> Win32.Parite.B
--> HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Userinit"
C:\WINDOWS\system32\KB905474\wgasetup.exe --> Win32.Parite.B
--> c:\windows\tasks\wgasetup.job
C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe --> Win32.Parite.B
--> HKLM\System\ControlSet001\services\ufad-ws60\"ImagePath"[/CENTER]
[/CENTER]

 
 
 
 
 
 
[CENTER]Processes[/CENTER]
 
[CENTER]---------

<unsigned>  Face-Plus Application                    1452    C:\Program Files\faceplus\faceplus.exe
[CENTER]<unsigned>  Microsoft® Windows® Operating System      680    C:\WINDOWS\system32\wuauclt.exe
<unsigned>  Microsoft® Windows® Operating System     1476    C:\WINDOWS\system32\wuauclt.exe
<unsigned>  Realtek Sound Manager                    1092    C:\WINDOWS\soundman.exe
<unsigned>  Système d'exploitation Microsoft® Windo   196    C:\WINDOWS\explorer.exe
<unsigned>  Système d'exploitation Microsoft® Windo  1660    C:\WINDOWS\system32\winlogon.exe
<verified>  Google Update                            1692    C:\Program Files\Google\Update\GoogleUpdate.exe
<verified>  Java(TM) Platform SE 6 U21               1588    C:\Program Files\Java\jre6\bin\jqs.exe
<verified>  Microsoft® Windows® Operating System     1516    C:\WINDOWS\system32\csrss.exe
<verified>  Microsoft® Windows® Operating System     1956    C:\WINDOWS\system32\lsass.exe
<verified>  Microsoft® Windows® Operating System      452    C:\WINDOWS\system32\svchost.exe
<verified>  Microsoft® Windows® Operating System      556    C:\WINDOWS\system32\svchost.exe
<verified>  Microsoft® Windows® Operating System     1388    C:\WINDOWS\system32\svchost.exe
<verified>  Microsoft® Windows® Operating System     1508    C:\WINDOWS\system32\svchost.exe
<verified>  Microsoft® Windows® Operating System     2012    C:\WINDOWS\system32\svchost.exe
<verified>  RealPlayer (32-bit)                      1032    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
<verified>  Système d'exploitation Microsoft® Windo  1904    C:\WINDOWS\system32\services.exe
<verified>  Système d'exploitation Microsoft® Windo   928    C:\WINDOWS\system32\smss.exe
<verified>  Système d'exploitation Microsoft® Windo   788    C:\WINDOWS\system32\wbem\wmiapsrv.exe
<verified>  VMware Workstation                        216    C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
<verified>  VMware Workstation                       2044    C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
<verified>  VMware Workstation                       1736    C:\WINDOWS\system32\vmnat.exe
<verified>  VMware Workstation                       1636    C:\WINDOWS\system32\vmnetdhcp.exe
<verified>  Windows® Internet Explorer                712    C:\Program Files\Internet Explorer\iexplore.exe
<verified>  Windows® Internet Explorer                800    C:\Program Files\Internet Explorer\iexplore.exe[/CENTER]
[/CENTER]

 
 
 
 
 
 
[CENTER]Network activity[/CENTER]
 
[CENTER]----------------

Process iexplore.exe (800) connected on port 80 (HTTP) --> 209.85.227.139
[CENTER]Process iexplore.exe (800) connected on port 80 (HTTP) --> 88.221.61.115
Process iexplore.exe (800) connected on port 80 (HTTP) --> 77.67.29.32
Process iexplore.exe (800) connected on port 80 (HTTP) --> 77.67.29.32
Process iexplore.exe (800) connected on port 80 (HTTP) --> 69.63.176.186
Process iexplore.exe (800) connected on port 80 (HTTP) --> 92.123.148.20
Process iexplore.exe (800) connected on port 80 (HTTP) --> 173.192.230.28
Process iexplore.exe (800) connected on port 80 (HTTP) --> 173.192.230.28
Process iexplore.exe (800) connected on port 80 (HTTP) --> 173.192.230.28
Process iexplore.exe (800) connected on port 80 (HTTP) --> 173.192.230.28
Process iexplore.exe (800) connected on port 80 (HTTP) --> 173.192.230.28
Process iexplore.exe (800) connected on port 80 (HTTP) --> 173.192.230.28
Process iexplore.exe (800) connected on port 80 (HTTP) --> 173.192.230.28
Process iexplore.exe (800) connected on port 80 (HTTP) --> 173.192.230.28
Process iexplore.exe (800) connected on port 80 (HTTP) --> 173.192.230.28
Process iexplore.exe (800) connected on port 80 (HTTP) --> 173.192.230.28
Process iexplore.exe (800) connected on port 80 (HTTP) --> 173.192.230.28
Process iexplore.exe (800) connected on port 80 (HTTP) --> 69.63.190.18
Process svchost.exe (556) listens on ports: 135 (RPC)
Process vmware-authd.exe (2044) listens on ports: 912[/CENTER]
[/CENTER]

 
 
 
 
 
 
[CENTER]Autoruns and critical files[/CENTER]
 
[CENTER]---------------------------

<unsigned>  Application faceplus                     C:\Program Files\faceplus\pre_faceplus.exe
[CENTER]<unsigned>  MemoryDefrag.exe                         C:\Program Files\Windows Doctor\MemoryDefrag.exe
<unsigned>  Microsoft Genuine Advantage              C:\WINDOWS\system32\KB905474\wgasetup.exe
<unsigned>  Realtek Sound Manager                    C:\WINDOWS\soundman.exe
<unsigned>  RealUpgrade                              C:\Program Files\Real\RealUpgrade\realupgrade.exe
<unsigned>  Système d'exploitation Microsoft® Windo  C:\WINDOWS\system32\browseui.dll
<unsigned>  Système d'exploitation Microsoft® Windo  C:\WINDOWS\system32\cscdll.dll
<unsigned>  Système d'exploitation Microsoft® Windo  C:\WINDOWS\system32\logonui.exe
<unsigned>  Système d'exploitation Microsoft® Windo  C:\WINDOWS\system32\stobject.dll
<unsigned>  Système d'exploitation Microsoft® Windo  c:\windows\system32\userinit.exe
<unsigned>  Windows® Internet Explorer               C:\WINDOWS\system32\msfeedssync.exe
<verified>  Google Update                            C:\Program Files\Google\Update\GoogleUpdate.exe
<verified>  Microsoft® Windows® Operating System     C:\WINDOWS\system32\cryptnet.dll
<verified>  Microsoft® Windows® Operating System     C:\WINDOWS\system32\WPDShServiceObj.dll
<verified>  RealPlayer (32-bit)                      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
<verified>  Système d'exploitation Microsoft® Windo  C:\WINDOWS\system32\crypt32.dll
<verified>  Système d'exploitation Microsoft® Windo  C:\WINDOWS\system32\sclgntfy.dll
<verified>  Système d'exploitation Microsoft® Windo  C:\WINDOWS\system32\shell32.dll
<verified>  Système d'exploitation Microsoft® Windo  C:\WINDOWS\system32\upnpui.dll
<verified>  Système d'exploitation Microsoft® Windo  C:\WINDOWS\system32\wlnotify.dll
<verified>  WindowBlinds 5.x for x86 machines        C:\WINDOWS\system32\wbsys.dll
<verified>  Windows® Internet Explorer               C:\WINDOWS\system32\webcheck.dll[/CENTER]
[/CENTER]

 
 
 
 
 
 
[CENTER]Browser plugins[/CENTER]
 
[CENTER]---------------

<unsigned>  Download.dll                             C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\tatlsl8z.default\extensions\firedownload@mozilla.org\Download.dll
[CENTER]<unsigned>  facemoods.com                            c:\program files\facemoods.com\facemoods\1.3.60.23\facemoodstlbr.dll
<unsigned>  Google Earth Plugin                      C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
<unsigned>  Java(TM) Platform SE 6 U21               C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
<unsigned>  Microsoft® Windows® Operating System     C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
<unsigned>  Namoroka                                 C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\tatlsl8z.default\extensions\firedownload@mozilla.org\components\firedownload.dll
<unsigned>  Namoroka                                 C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\tatlsl8z.default\extensions\firetorrent@radicalsoft.com\components\firetorrent.dll
<unsigned>  QuickTime Plug-in 7.6.7                  C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned>  QuickTime Plug-in 7.6.7                  C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned>  QuickTime Plug-in 7.6.7                  C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned>  QuickTime Plug-in 7.6.7                  C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned>  QuickTime Plug-in 7.6.7                  C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned>  QuickTime Plug-in 7.6.7                  C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned>  QuickTime Plug-in 7.6.7                  C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned>  QuickTime Plug-in 7.6.7                  C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned>  QuickTime Plug-in 7.6.7                  C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned>  QuickTime Plug-in 7.6.7                  C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned>  QuickTime Plug-in 7.6.7                  C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned>  QuickTime Plug-in 7.6.7                  C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned>  QuickTime Plug-in 7.6.7                  C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned>  QuickTime Plug-in 7.6.7                  C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<unsigned>  RealJukebox NS Plugin                    C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
<unsigned>  RealJukebox NS Plugin                    C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
<unsigned>  RealPlayer Version Plugin                C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
<unsigned>  RealPlayer Version Plugin                C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
<unsigned>  RealPlayer(tm) HTML5VideoShim Plug-In (  C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
<unsigned>  tb.dll                                   c:\program files\yoono sidebar\tb.dll
<unsigned>  ybho.dll                                 c:\program files\yoono sidebar\ybho.dll
<verified>  Adobe Acrobat                            C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
<verified>  BitDefender QuickScan                    C:\WINDOWS\Downloaded Program Files\qsax.dll
<verified>  getPlusPlus for Adobe 16287              C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\tatlsl8z.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
<verified>  getPlusPlus for Adobe 16287              C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
<verified>  Google Update                            C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
<verified>  Java Deployment Toolkit 6.0.210.7        C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
<verified>  Java(TM) Platform SE 6 U21               C:\Program Files\Java\jre6\bin\jp2ssv.dll
<verified>  Java(TM) Platform SE 6 U21               C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
<verified>  Microsoft® Windows Live Login Helper     C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
<verified>  Microsoft® Windows Media Player Firefox  C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
<verified>  Microsoft® Windows® Operating System     C:\WINDOWS\system32\rsvpsp.dll
<verified>  Microsoft® Windows® Operating System     C:\WINDOWS\system32\winrnr.dll
<verified>  Mozilla Default Plug-in                  C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified>  nppdf32.FRA                              C:\Program Files\Mozilla Firefox\plugins\nppdf32.FRA
<verified>  NPSWF32.dll                              C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
<verified>  Picasa                                   C:\Program Files\Google\Picasa3\npPicasa3.dll
<verified>  RealPlayer Download and Record Plugin    C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
<verified>  RealPlayer(tm) G2 LiveConnect-Enabled P  C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
<verified>  RealPlayer(tm) G2 LiveConnect-Enabled P  C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
<verified>  Shockwave for Director                   C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
<verified>  Silverlight Plug-In                      C:\Program Files\Microsoft Silverlight\4.0.50826.0\npctrl.dll
<verified>  Système d'exploitation Microsoft® Windo  C:\WINDOWS\system32\mswsock.dll
<verified>  VMware Workstation                       C:\Program Files\VMware\VMware Workstation\vsocklib.dll
<verified>  Windows Genuine Advantage                C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
<verified>  Windows Live® Photo Gallery              C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
<verified>  Windows Presentation Foundation          c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verified>  Windows® Internet Explorer               C:\WINDOWS\system32\ieframe.dll[/CENTER]
[/CENTER]

 
 
 
 
 
 
[CENTER]Missing files[/CENTER]
 
[CENTER]-------------

File not found: C:\Program Files\Avira\AntiVir Desktop\avgio.sys
[CENTER]--> HKLM\System\ControlSet001\services\avgio\"ImagePath"
File not found: C:\Program Files\Avira\AntiVir Desktop\avguard.exe
--> HKLM\System\ControlSet001\services\AntiVirService\"ImagePath"
File not found: C:\Program Files\Avira\AntiVir Desktop\sched.exe
--> HKLM\System\ControlSet001\services\AntiVirSchedulerService\"ImagePath"
File not found: C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
--> HKLM\System\ControlSet001\services\MsMpSvc\"ImagePath"
File not found: C:\WINDOWS\System32\hidserv.dll
--> HKLM\System\ControlSet001\services\HidServ\Parameters\"ServiceDll"
File not found: C:\WINDOWS\system32\nvsvc32.exe
--> HKLM\System\ControlSet001\services\NVSvc\"ImagePath"
File not found: C:\WINDOWS\system32\zntport.sys
--> HKLM\System\ControlSet001\services\zntport\"ImagePath"
File not found: system32\DRIVERS\VBoxNetFlt.sys
--> HKLM\System\ControlSet001\services\VBoxNetFlt\"ImagePath"
File not found: system32\drivers\pmfilt.sys
--> HKLM\System\ControlSet001\services\pmfilt\"ImagePath"
File not found: system32\drivers\pmhelp.sys
--> HKLM\System\ControlSet001\services\pmhelp\"ImagePath"[/CENTER]
[/CENTER]

 
 
 
 
 
 
[CENTER]Scan[/CENTER]
 
[CENTER]----

<unsigned>  MD5: caaff050997b84a1e7347adb34ca63b9  C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\tatlsl8z.default\extensions\firedownload@mozilla.org\components\firedownload.dll
[CENTER]<unsigned>  MD5: a5d8bb31502ad806907650c5d53d583b  C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\tatlsl8z.default\extensions\firedownload@mozilla.org\Download.dll
<unsigned>  MD5: 2fa45b1544eea6f34c56e07b2d21c484  C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\tatlsl8z.default\extensions\firetorrent@radicalsoft.com\components\firetorrent.dll
<unsigned>  MD5: 13f611ad51310d4a6ef0d87d7d4e8ea5  C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
<unsigned>  MD5: 33e87713c7fe08c5f861e2819ed33a0e  C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
<unsigned>  MD5: 685f1cbd4af30a1d0c25f252d399a666  C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uha7.tmp
<unsigned>  MD5: 1184b7de8056d0028337afcf9bdbcaf1  c:\program files\facemoods.com\facemoods\1.3.60.23\facemoodstlbr.dll
<unsigned>  MD5: 9643d8313de882fc659a873b28b22d51  C:\Program Files\faceplus\faceplus.exe
<unsigned>  MD5: f3982c20cef573fa8e9689c63f167db6  C:\Program Files\faceplus\pre_faceplus.exe
<unsigned>  MD5: 2caaef5ab410a5d69d57e3be0870e589  C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\pdfshell.FRA
<unsigned>  MD5: cb9852db1b4e56a9740fdc6e8de94e63  C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
<unsigned>  MD5: ff801260d36068c07a5308bcf5819baf  C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
<unsigned>  MD5: 4a93524b0dfeea362de46b441c7667dc  C:\Program Files\Haali\MatroskaSplitter\mkunicode.dll
<unsigned>  MD5: 9bf1a8af22aadc7727f4e395c5c09b1b  C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll
<unsigned>  MD5: bb926d30d9f25c11f05ddd9ac9482ddd  C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned>  MD5: bb926d30d9f25c11f05ddd9ac9482ddd  C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned>  MD5: bb926d30d9f25c11f05ddd9ac9482ddd  C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned>  MD5: bb926d30d9f25c11f05ddd9ac9482ddd  C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned>  MD5: bb926d30d9f25c11f05ddd9ac9482ddd  C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned>  MD5: bb926d30d9f25c11f05ddd9ac9482ddd  C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned>  MD5: bb926d30d9f25c11f05ddd9ac9482ddd  C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned>  MD5: 2d5394ff0e31ffefb5049f0911e91d89  C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
<unsigned>  MD5: bb926d30d9f25c11f05ddd9ac9482ddd  C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned>  MD5: bb926d30d9f25c11f05ddd9ac9482ddd  C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned>  MD5: bb926d30d9f25c11f05ddd9ac9482ddd  C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned>  MD5: bb926d30d9f25c11f05ddd9ac9482ddd  C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned>  MD5: bb926d30d9f25c11f05ddd9ac9482ddd  C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned>  MD5: bb926d30d9f25c11f05ddd9ac9482ddd  C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned>  MD5: bb926d30d9f25c11f05ddd9ac9482ddd  C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<unsigned>  MD5: ae6e41e603ec3bec8afa2c7fec7f6a62  C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
<unsigned>  MD5: bf7fddf686d4d8f5ca9409222309632f  C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
<unsigned>  MD5: af8038213a2470645a1995fc4376ad0e  C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
<unsigned>  MD5: 65aaaae3683285cb07e94017f49e11cc  C:\Program Files\QuickTime\QTSystem\CoreVideo.qtx
<unsigned>  MD5: 6ef18117cfc0f0e8ea301cc6c1abd511  C:\Program Files\QuickTime\QTSystem\QTCF.dll
<unsigned>  MD5: adb44517a839ee94132da3d548a16ad2  C:\Program Files\QuickTime\QTSystem\QuickTime.qts
<unsigned>  MD5: c5818fc1b9a04d2e1ecaf9241412257f  C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\QuickTime.dll
<unsigned>  MD5: 769ba2c0516c2cb44fdfc7329ea3c762  C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.qtx
<unsigned>  MD5: b5a0c3c92ec381f93f7ee2ea9705d0e6  C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.qtx
<unsigned>  MD5: ccda4f5727c3604c9d58506ad52d8b57  C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.qtx
<unsigned>  MD5: 56dd59d810d58dbe439d6b58909b09e7  C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.qtx
<unsigned>  MD5: 55127512330f03f76edbe9cda25f83e3  C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.qtx
<unsigned>  MD5: 8c9a49dc6f15b66c532037e66ff7c625  C:\Program Files\QuickTime\QTSystem\QuickTimeEffects.qtx
<unsigned>  MD5: 45a0d2a39dbe8d853b1a81c0215864b0  C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.qtx
<unsigned>  MD5: b128c415af501a475586d9c9017dff18  C:\Program Files\QuickTime\QTSystem\QuickTimeH264.qtx
<unsigned>  MD5: b4f6b2b3abfa003689d3eeaff107adb7  C:\Program Files\QuickTime\QTSystem\QuickTimeImage.qtx
<unsigned>  MD5: 65a7906b958481d62f44291cdc675ac0  C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.qtx
<unsigned>  MD5: 7f7e9ac081de86a2b89c5e1182552487  C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG.qtx
<unsigned>  MD5: 89b63d322b51d547d10e6203c057ea26  C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.qtx
<unsigned>  MD5: 0fbce675bbe6a3ed430b815d59304d14  C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.qtx
<unsigned>  MD5: d95ec0ebc0bfd69ad3f4033ff09fc8c2  C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.qtx
<unsigned>  MD5: 50e52d2f6da19c3629ab5382697a3921  C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.qtx
<unsigned>  MD5: a64d04d44b671afe73f26de2047e6489  C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.qtx
<unsigned>  MD5: e91688c175f69cd4bbd67cad5a83c0ec  C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.qtx
<unsigned>  MD5: 2cef75d60c98bd02e7b5624da6f150e2  C:\Program Files\QuickTime\QTSystem\QuickTimeVR.qtx
<unsigned>  MD5: 8a6b109de0918ead7c3181ed016164a0  C:\Program Files\Real\RealPlayer\hxaudiodevicehook.dll
<unsigned>  MD5: 0092348e1204f47c90e6c167ed46a504  C:\Program Files\Real\RealPlayer\lang\rpbrp_fr.dll
<unsigned>  MD5: ae6e41e603ec3bec8afa2c7fec7f6a62  C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
<unsigned>  MD5: bf7fddf686d4d8f5ca9409222309632f  C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
<unsigned>  MD5: 58d8500f83639c46a5d3272c74178628  C:\Program Files\Real\RealUpgrade\realupgrade.exe
<unsigned>  MD5: b73395ac594243fe083eab8f18728be6  C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
<unsigned>  MD5: 87a041ec63b4ac64edb5fe4abe148fa8  C:\Program Files\Windows Doctor\MemoryDefrag.exe
<unsigned>  MD5: ce611449c858ad3644807b3dbb75a474  C:\Program Files\Windows Media Player\WMPNetwk.exe
<unsigned>  MD5: 313438f7d1389c5478ff85feda13d95c  c:\program files\yoono sidebar\tb.dll
<unsigned>  MD5: 4dcfb2fb637344df409bff9134935800  c:\program files\yoono sidebar\ybho.dll
<unsigned>  MD5: 3efe912dd25d2586e6a0341db0a66f69  C:\WINDOWS\explorer.exe
<unsigned>  MD5: 1bf5adcdc841b69ab00187abd53253a1  C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
<unsigned>  MD5: 844d0ba303d37e73b860d684f35e0ca1  C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
<unsigned>  MD5: f7e2b42a1a4d28d8932d437d0c6091af  C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
<unsigned>  MD5: 38c1c9e5fc2e06179b136f8bc75e4ffe  C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
<unsigned>  MD5: 8747b0175f9dc1d4e23b59376ccd999f  C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
<unsigned>  MD5: 18cac7e8dafb1e02df2af60c252ec5f5  C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
<unsigned>  MD5: 326fa02660b40a63a71b0205362aa0a4  C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
<unsigned>  MD5: fa8f537e02c8ddcff0eebef8ef9df5bf  C:\WINDOWS\soundman.exe
<unsigned>  MD5: 36da51ee199b4180656b272e00582169  C:\WINDOWS\System32\alg.exe
<unsigned>  MD5: 17de9951b59201d52b98ba04fea9873c  C:\WINDOWS\system32\batmeter.dll
<unsigned>  MD5: a96b52ea121afc13f4f3be184b9a7cc9  C:\WINDOWS\system32\browseui.dll
<unsigned>  MD5: 34a4f18969e61df5c069881cbb5a2877  C:\WINDOWS\system32\cisvc.exe
<unsigned>  MD5: 14053e23f08d0f700fa55876ffae703e  C:\WINDOWS\system32\clipsrv.exe
<unsigned>  MD5: f4e34c54298da77015ffb92a17bf094c  C:\WINDOWS\system32\cmd.exe
<unsigned>  MD5: d449df66b6335b443508a58b1e8db996  C:\WINDOWS\system32\comctl32.dll
<unsigned>  MD5: 065dd2c839e1f0e58aa2dfea15664feb  C:\WINDOWS\system32\comdlg32.dll
<unsigned>  MD5: 699d22b70d6cd1b9759a14d10256a715  C:\WINDOWS\system32\comres.dll
<unsigned>  MD5: b69eaef94b25e53728d81c6d1f423b27  C:\WINDOWS\system32\credui.dll
<unsigned>  MD5: 40135c166ab6f5bd748465257effd300  C:\WINDOWS\system32\cryptui.dll
<unsigned>  MD5: 2104dfd839be5ce971ac3be0c0087c82  C:\WINDOWS\system32\cscdll.dll
<unsigned>  MD5: cf0729e54791621ab9a2e1af371c750a  C:\WINDOWS\system32\cscui.dll
<unsigned>  MD5: 7e2830254fc158ac40a59dfdeb3a8bd5  C:\WINDOWS\system32\dllhost.exe
<unsigned>  MD5: 6555147d91ee6652a5f932fd047d0998  C:\WINDOWS\System32\dmadmin.exe
<unsigned>  MD5: b13408a5d89dcc39992ca0ddce3c86ba  C:\WINDOWS\system32\drivers\DMBOOT.sys
<unsigned>  MD5: 4b8e401eebf76cd726834a16794a7b58  C:\WINDOWS\system32\drivers\TCPIP.sys
<unsigned>  MD5: afb10ad9aa91d2f70c9f0e6bda0d119b  C:\WINDOWS\System32\Drivers\vmusb.sys
<unsigned>  MD5: acb3e43df97925df1964699c13c8da2b  C:\WINDOWS\system32\imapi.exe
<unsigned>  MD5: a55db42bc32099bb6008d66fd339753a  C:\WINDOWS\system32\KB905474\wgasetup.exe
<unsigned>  MD5: 2967cc2473e9dbc07cba43a20e3ed047  C:\WINDOWS\system32\locator.exe
<unsigned>  MD5: 88fad0d7dc19f39a40d3604c7839aa5c  C:\WINDOWS\system32\logonui.exe
<unsigned>  MD5: ab7a783f77fbead0e4882a278ab785aa  C:\WINDOWS\system32\mnmsrvc.exe
<unsigned>  MD5: 32537d99a4c936cbb9f2e9e67809f9e4  C:\WINDOWS\system32\modemui.dll
<unsigned>  MD5: bb6daf2d8db7d4e8f4255b93d38c67e8  C:\WINDOWS\system32\msdtc.exe
<unsigned>  MD5: 907fca99cb1cd67bdbd58628434f558d  C:\WINDOWS\system32\msfeedssync.exe
<unsigned>  MD5: a603d8f0a7cdf0a459af2c51fafa9358  C:\WINDOWS\system32\msgina.dll
<unsigned>  MD5: f45d32bea6ba4406034b504795c646c5  C:\WINDOWS\system32\msieftp.dll
<unsigned>  MD5: 1d4a2b4baa0d9802c0b16a6a4c99a001  C:\WINDOWS\system32\msiexec.exe
<unsigned>  MD5: 1874bbad9ae4c993b74b7abaa8b9d535  C:\WINDOWS\system32\msvcp71.dll
<unsigned>  MD5: e5eecec5b24009c09069e5fa25bd4e7c  C:\WINDOWS\system32\netdde.exe
<unsigned>  MD5: 45f3f687e9f6d0f03fcd1a40105b454b  C:\WINDOWS\system32\netshell.dll
<unsigned>  MD5: b437b76fade0e9401b6ccc739355fcdd  C:\WINDOWS\system32\ntshrui.dll
<unsigned>  MD5: b063b4b5a8ad27b1fd0aa41795d75167  C:\WINDOWS\system32\odbcint.dll
<unsigned>  MD5: 9549e1c756c86a77292069176c2ba1b6  C:\WINDOWS\system32\rasdlg.dll
<unsigned>  MD5: 992f82babbac10f149147d32c9322e80  C:\WINDOWS\system32\rsvp.exe
<unsigned>  MD5: 4595c451d8534e2f532189e051a20743  C:\WINDOWS\System32\SCardSvr.exe
<unsigned>  MD5: 27f668822a74bc7b93794b20b8079be7  C:\WINDOWS\system32\sessmgr.exe
<unsigned>  MD5: 9f46795bfb317a6f12297da807194d8c  C:\WINDOWS\system32\setupapi.dll
<unsigned>  MD5: 766cc1864f4ac12932f356cb656dcd89  C:\WINDOWS\system32\sfc_os.dll
<unsigned>  MD5: 2c466bd74b623caf9d0df591954796c9  C:\WINDOWS\system32\shdoclc.dll
<unsigned>  MD5: 8182451a19f742a25f3722be3b21522a  C:\WINDOWS\system32\shdocvw.dll
<unsigned>  MD5: 2fbbc95e5ff442f2a87fc326348f19fd  C:\WINDOWS\system32\smlogsvc.exe
<unsigned>  MD5: 9cd7ba3f089dafeff6a3eb11ed127ac1  C:\WINDOWS\system32\spoolsv.exe
<unsigned>  MD5: 527d1b730127f5d8ee9e45acd525b7d2  C:\WINDOWS\system32\spupdsvc.exe
<unsigned>  MD5: ef00e20a39cf6d3e934c6ec21b72e2bf  C:\WINDOWS\system32\stobject.dll
<unsigned>  MD5: 771ae5e97a7726cea2b3d26cc7c18217  C:\WINDOWS\system32\sxs.dll
<unsigned>  MD5: 47588de6fcd8b40a1070a61e8487eab5  C:\WINDOWS\system32\themeui.dll
<unsigned>  MD5: f83be5cdc104724ac6b3c9235b940cd0  C:\WINDOWS\system32\tlntsvr.exe
<unsigned>  MD5: b3f58cfc014741bd6427aa6b00896f25  C:\WINDOWS\system32\unimdm.tsp
<unsigned>  MD5: acfcf610cea607cb4b80b47847b27d53  C:\WINDOWS\System32\ups.exe
<unsigned>  MD5: de4a4ac7328fc80156034e7eb283676d  C:\WINDOWS\system32\user32.dll
<unsigned>  MD5: 7dcfbf259c4c310a2fb40b63944cf1d8  c:\windows\system32\userinit.exe
<unsigned>  MD5: ddc3a522442309e1e069c17fb10d003d  C:\WINDOWS\system32\uxtheme.dll
<unsigned>  MD5: ba1a4a2b0be95eb117a7c461aff9cdad  C:\WINDOWS\System32\vssvc.exe
<unsigned>  MD5: de669722494cf41f6e39a62b3b08525c  C:\WINDOWS\system32\winlogon.exe
<unsigned>  MD5: 640712ddfd3de3ad1fda456bd08374a3  C:\WINDOWS\system32\winsrv.dll
<unsigned>  MD5: ed2811f3650bf3b08c2ca3c9caa539e9  C:\WINDOWS\system32\wuauclt.exe
<unsigned>  MD5: 685f1cbd4af30a1d0c25f252d399a666  C:\WINDOWS\Temp\jra2.tmp
<unsigned>  MD5: 685f1cbd4af30a1d0c25f252d399a666  C:\WINDOWS\Temp\uxa4.tmp
<unsigned>  MD5: 685f1cbd4af30a1d0c25f252d399a666  C:\WINDOWS\Temp\wbqCA.tmp
The following file(s) must be uploaded for server-side scanning:
C:\Program Files\Real\RealUpgrade\realupgrade.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\KB905474\wgasetup.exe
C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
Upload started - 11 file(s)
imapi.exe (328156)
realupgrade.exe (353750)
vmware-ufad.exe (370144)
GoogleUpdaterService.exe (372192)
dmadmin.exe (402902)
vssvc.exe (473054)
cmd.exe (580576)
wgasetup.exe (631770)
ServiceLayer.exe (793566)
xpnetdiag.exe (885720)
WPFFontCache_v0400.exe (931286)
Upload speed - 45 KB/s
Upload finished - 11 uploaded, 0 failed
Scan finished - communication took 132 sec
Total traffic - 5.86 MB sent, 1.36 KB recvd
Scanned 737 files and modules - 184 seconds
==============================================================================[/CENTER]
[/CENTER]


وهذا تقرير HijackThis​




كود: 
Logfile of Trend Micro HijackThis v2.0.2



كود: 
[CENTER]Scan saved at 19:34:31, on 03/09/2010[/CENTER]
 
 
 
[CENTER]Platform: Windows XP SP3 (WinNT 5.01.2600)[/CENTER]
 
 
[CENTER]MSIE: Internet Explorer v8.00 (8.00.6001.18702)[/CENTER]
 

[CENTER]Boot mode: Normal
 
[CENTER]Running processes:

C:\WINDOWS\System32\smss.exe
[CENTER]C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\faceplus\faceplus.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [URL]http://www.bing.com/?pc=AVBR[/URL]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [URL]http://start.facemoods.com/?a=snd&s={searchTerms}&f=4[/URL]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Yoono BHO - {CC24584F-A50F-4138-B1B7-F0255274DB9A} - C:\PROGRA~1\YOONOS~1\ybho.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.3.60.23\facemoodsTlbr.dll
O3 - Toolbar: Yoono toolbar - {D86FA331-DF95-46C8-8978-4C00D084C9A1} - C:\PROGRA~1\YOONOS~1\tb.dll
O4 - HKLM\..\Run: [Face-Plus] C:\Program Files\faceplus\pre_faceplus.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SERVICE RESEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O8 - Extra context menu item: &Search - [URL]http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?s=100000341&p=GRfox000&si=&a=RJasti1G6pVs4UOORoOuyQ&n=2010071909[/URL]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Télécharger avec Mipony - [URL]file://C:\Program[/URL] Files\MiPony\Browser\IEContext.htm
O9 - Extra button: Yoono - {3E286614-05AE-4736-B01D-D71BD9A42B16} - C:\PROGRA~1\YOONOS~1\tb.dll
O9 - Extra 'Tools' menuitem: Display Yoono - {3E286614-05AE-4736-B01D-D71BD9A42B16} - C:\PROGRA~1\YOONOS~1\tb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O15 - Trusted IP range: [URL]http://192.168.1.1[/URL]
O15 - ESC Trusted IP range: [URL]http://192.168.1.1[/URL]
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (BitDefender QuickScan Control) - [URL]http://quickscan.bitdefender.com/qsax/qsax.cab[/URL]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\sched.exe (file missing)
O23 - Service: Avira AntiVir Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (file missing)
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
--
End of file - 6710 bytes[/CENTER]
[/CENTER]


[/CENTER]



وهذا تقرير الـ Runscanner​










أتمنى منكم حل في أسر وقت لأنني أفكر في الفورمات​
 

توقيع : Hmammou
ترتيب حسب التاريخ ترتيب حسب الأصوات
حرام عليكم 11 مشاهدة ولا حتى رد :er:
 
توقيع : Hmammou
تأييد 0
تفضل أخي
كود: 
µTorrent
3D Driving-School
AC3Filter 1.63b
ACDSee 10 Gestionnaire de photos
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3 - Français
Adobe Shockwave Player 11.5
Apple Application Support
Apple Software Update
Assistant de connexion Windows Live
Attribute Changer 6.0a
AutoPlay Media Studio 8 Trial
CCleaner
ClipName
CMenu
Combined Community Codec Pack 2008-01-24
Console 2
DAMN NFO Viewer Setup
DirectVobSub (remove only)
Driver Checker v2.7.4
DScaler 5 Mpeg Decoders
Face-Plus
ffdshow [rev 3124] [2009-11-03]
FFMPEG Core Files (remove only)
File Case Shell Extension
FileZilla Client 3.3.4.1
FlashFXP v3
Gabest MPEG Splitter (remove only)
Galerie de photos Windows Live
Google Earth
Google Update Helper
Haali Media Splitter
HashTab 2.1
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Installation Windows Live
Installation Windows Live
InstallWatch Pro 2.5
Java(TM) 6 Update 20
Java(TM) 6 Update 21
Java(TM) 6 Update 6
Junk Mail filter update
Lecteur Windows Media 11
MakeISO
Media Player Classic fr
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile FRA Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended FRA Language Pack
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Antimalware
Microsoft Antimalware Service FR-FR Language Pack
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Help Viewer 1.0
Microsoft Help Viewer 1.0
Microsoft Help Viewer 1.0 Language Pack - FRA
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 FRA
Microsoft SQL Server System CLR Types
Microsoft Virtual PC 2007
Microsoft Visual Basic 2010 Express - FRA
Microsoft Visual Basic 2010 Express - Français
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
MiPony 1.0.4
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB972260)
Mmm
ModifyPE
Module linguistique de la visionneuse d'aide Microsoft 1.0 - FRA
Module linguistique Microsoft .NET Framework 4 Client Profile FRA
Module linguistique Microsoft .NET Framework 4 Extended FRA
MONOGRAM AMR Splitter/Decoder (remove only)
Mozilla Firefox (3.6.9)
MSVC80_x86_v2
MSVCRT
MSXML 6.0 Parser (KB927977)
Nero 8 Lite 8.3.2.1b
nLite 1.4.9.1
Nokia Connectivity Cable Driver
Notepad++
NVIDIA Drivers
Objets de gestion Microsoft SQL Server 2008 R2
OpenOffice.org 3.2
OpenSource AVI Splitter (remove only)
OpenSource DTS/AC3/DD+ Source Filter (remove only)
OpenSource Flash Video Splitter (remove only)
Opera 10.61
Outil de téléchargement Windows Live
Outils Microsoft Visual Studio 2010 ADO.NET Entity Framework
Pack Vista Inspirat 2 1.0
Password Unmask 2.0
PC Connectivity Solution
PCI SoftV92 Modem
PE Explorer 1.99 R6
Picasa 3
PrivacyAgent
Pro Evolution Soccer 2010
Product Key Explorer 2.2.8
PuTTY
QT Lite 2.6.0
QuickTime
Real Alternative 1.8.0 Lite
RealMedia (remove only)
RealPlayer
Realtek AC'97 Audio
REALTEK GbE & FE Ethernet PCI NIC Driver
RealUpgrade 1.0
RefreshEM
Reg File Merger
RegShot
Replacer
Resource Hacker
RocketDock 1.3.5
Run Program Shell Extension
Segoe UI
SHOUTcast Source (remove only)
Skype™ 4.2
SmartFTP Client
SmartFTP Client 4.0 Setup Files (remove only)
tools-freebsd
tools-linux
tools-netware
tools-solaris
tools-windows
tools-winPre2k
Tweak UI
Unlocker 1.8.7
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Utilitaires "Envoyer vers"
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 FRA
VisualRoute Lite Edition
VMware Workstation
VMware Workstation
WhyReboot
WinAce Archiver
WindowBlinds
Windows Doctor 2.5
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live FolderShare
Windows Live Mail
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Unattended CD Creator 1.0.2 Beta 10
Windows Vista Wallpapers
WinRAR archiver
XML Paper Specification Shared Components Language Pack 1.0
XPero's eXPander
Xtremsplit
Yoono for Internet Explorer
 
توقيع : Hmammou
تأييد 0
أخي عذرا للتأخير وتفضل هذا تقرير المالوووير بااايت
كود: 
************' Anti-Malware 1.46
[URL="http://www.************.org"]www.************.org[/URL]
Database version: 4381
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
04/09/2010 04:26:19
mbam-log-2010-09-04 (04-26-19).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 15814
Time elapsed: 8 minute(s), 14 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 66
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\Temp\bqa2.tmp (Worm.Parite) -> Delete on reboot.
C:\WINDOWS\Temp\cxa5.tmp (Worm.Parite) -> Delete on reboot.
C:\Documents and Settings\Administrateur\Local Settings\Temp\uha7.tmp (Worm.Parite) -> Delete on reboot.
Registry Keys Infected:
HKEY_CLASSES_ROOT\makewindows.mynshandler (Spyware.AdaEbook) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{0d82acd6-a652-4496-a298-2bde705f4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7025e484-d4b0-441a-9f0b-69063bd679ce} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8258b35c-05b8-4c0e-9525-9bccc70f8f2d} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{a89256ad-ec17-4a83-bef5-4b8bc4f39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e8cfc029-8420-4eae-adef-915bdc77e1dc} (Spyware.AdaEbook) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{9d71d88c-c598-4935-c5d1-43aa4db90836} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9d71d88c-c598-4935-c5d1-43aa4db90836} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\Temp\bqa2.tmp (Worm.Parite) -> Delete on reboot.
C:\WINDOWS\Temp\cxa5.tmp (Worm.Parite) -> Delete on reboot.
C:\Documents and Settings\Administrateur\Local Settings\Temp\uha7.tmp (Worm.Parite) -> Delete on reboot.
C:\Documents and Settings\Administrateur\Mes documents\Téléchargements\setupm.exe (Malware.Generic) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Mes documents\Téléchargements\1.exe (Malware.Generic) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Mes documents\Downloads\setupm (1).exe (Malware.Generic) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Mes documents\Downloads\setupm.exe (Malware.Generic) -> Quarantined and deleted successfully.
 
توقيع : Hmammou
تأييد 0
توقيع : مـوآدع
تأييد 0
تسلم أخي موآدع جاري التجربة
 
توقيع : Hmammou
تأييد 0
أخي موآدع والله ما نفعت أتانني هذه الرسالة في التنصيب

1029e7ccee9470a72844fee58f04e87d6g.jpg


وهذه نسخ الـ NET Framwork إلي عندي
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA
Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA
Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile FRA Language Pack Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended FRA Language Pack Microsoft .NET Framework 4 Multi-Targeting Pack
 
توقيع : Hmammou
تأييد 0
اخوي طيب

كرت الشاشه اللي عندك نفيادا ولا Amd
 
توقيع : مـوآدع
تأييد 0
nVidia أخي موآدع
nVidia GeForece 6200 Turbo Cache
256 MB
 
توقيع : Hmammou
تأييد 0
الظاهر ما في حل إلا الفرمة :er:
 
توقيع : Hmammou
تأييد 0
ولك يا أخواني طلبتو مني مليون تقرير والآن نسيتوني
 
توقيع : Hmammou
تأييد 0
الظاهر الحل هو الفورمات
 
توقيع : Hmammou
تأييد 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:35:59, on 04/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\faceplus\faceplus.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/?pc=AVBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=snd&s={searchTerms}&f=4
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Yoono BHO - {CC24584F-A50F-4138-B1B7-F0255274DB9A} - C:\PROGRA~1\YOONOS~1\ybho.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.3.60.23\facemoodsTlbr.dll
O4 - HKLM\..\Run: [Face-Plus] C:\Program Files\faceplus\pre_faceplus.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [IE7-10] rundll32 advpack.dll,LaunchINFSectionEx NR_IE7en.inf,AfterUserStart,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SERVICE RESEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Télécharger avec Mipony - file://C:\Program Files\MiPony\Browser\IEContext.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O15 - Trusted IP range: http://192.168.1.1
O15 - ESC Trusted IP range: http://192.168.1.1
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (BitDefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\sched.exe (file missing)
O23 - Service: Avira AntiVir Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (file missing)
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
--
End of file - 6329 bytes
 
توقيع : Hmammou
تأييد 0
الحالة
مغلق و غير مفتوح للمزيد من الردود.
عودة
أعلى