اخواني عند فتحي أي نافذة للحوار مع أي كان المسنجر يرسل رابط " مخل "

  • بادئ الموضوع بادئ الموضوع olianzo
  • تاريخ البدء تاريخ البدء
  • المشاهدات 1,032
olianzo

olianzo

زيزوومى مميز
إنضم
5 أبريل 2008
المشاركات
379
مستوى التفاعل
352
النقاط
520
الإقامة
صفاقس
متصل
السلام عليكم
اخوتي أنجدوني فإني في موقف لا أحسد عليه.
عند فتحي أي نافذة للحوار مع أي كان
المسنجر يبعث رابط "مخل" لم أفتحه في حياتي قط.
و يا لا الاحراج.
الحل أرجوكم.
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
view.php
 
تأييد 0
اخوي مافهمت بالاساس..اعتقد روابط تجي من تلقاء نفسها من شركه المسن..وزودنا بصوره
 
توقيع : Knight Lord
تأييد 0
تأييد 0
olianzo قال:
أخي لم أعرف كيفية رفع الصور
الرابط المباشر :
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

الرابط للمنتديات:
zyzoom-c0cfb83e15.png


view.php


img%5D

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
أنقر للتوسيع...


عزيزي عاد هاذي تجيني بين فتره وفتره:ok:يعني الوضع مطمن

وعزيزي بالغالب تكون من سكربت انت مركبه

بالتوفيق
 
توقيع : Knight Lord
تأييد 0
و الحل أخي العزيز
مع العلم أن هناك روابط أخرى تفتح اليا
و أن أريد حذفها.
 
تأييد 0
احذف الماسنجر بلس حذفا كاملا مع الإسكريبتات وكل حاجه
وثبته من جديد وشوف
 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
انا شفت الرابط الي يطلع لك بالماسنجر والشباب يقولون انه شي طبيعي :hh:

بس شوفوا اول مافتحت الرابط وش طلع لي

zyzoom-450242acda.jpg



لو تلاحظون انا حملت الملف مرتين المره الاولى شوفوا كم كان حجمه والمره الثانيه كم ، المره الاولى بعد ما

مسكه الكاسبر تغير حجمه .

هذه صوره ثانيه للكاسبر

zyzoom-b10fcbdff5.jpg


حسبه على انه ملف تروجان داونلودر ..

نزل برنامج كاسبر 2008 او 2007 وسوي له تحديث جديد وسوي full scan
 
توقيع : shifty
تأييد 0
اهلا بك بمنتديات زيزوووم للامن والحماية
تم نقل موضوعك للقسم الانسب حتى يأخذ حقه من الاطلاع
بارك الله فيك
 
توقيع : ahmed fathy 13
تأييد 0

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

ثم

اعمل تقرير للهايجاك
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم​


 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
التأكد من أمر السكريبتات

السلام عليكم ورحمة الله وبركاته :d:
.
صباح الخير للجميع :wink:
.
أخي العزيز : olianzo :hh:
.
بالنسبة لمشكلتك حالياً لا نستطيع الحكم عليها من دون مشاهدة تقريرك كما تفضل أخي العزيز Demo-dash جزاه الله خير بوضع أدوات الفحص مع شرحها :ok:
.
ولاكن هناك خطوة أتمنى أن تتأكد منها ألا وهي سكريبت البلس :d:
.
قد تقول لا أتوقع أن تكون المشكلة منه فأقول لك يا عزيزي ليس صحيحاً لماذا ؟؟
.
لأن البلس به خاصية الأوامر أي بإمكان الشخص المتصل معه إرسال لك أمر سكريبت وعندما تقوم بإضافته للبرنامج يستطيع التحكم بماسنجرك لنقول بنسبة 50 % فعلى سبيل المثال :-
.
يستطيع أن يغلق عليك الماسنجر وأيضاً تغيير التوبيك الخاص بك وأيضاً تغيير صورتك الشخصية وبإمكانه حظر الأعضاء المتصل بهم ويستطيع أيضاً فعل أشياء غير متوقعه :d:
.
ولذلك يجب الحذر من أمر السكريبتات يا غالي :ok:
.
ولنطمئن أكثر يجب أن نذهب لأمر السكريبتات والتأكد من عدم وجود أي سكريبت :wink:
.
(.. شرح الذهاب إلى قائمة السكريبت ..)
.
* من واجهة الماسنجر نضغط على شعار البلس كما بالصورة ..
.
get-8-2008-omi99qq4.png

.
=-=-=
.
* الآن سوف تظهر لنا هذه القائمة فنختار كما هو موضح بالصورة ..
.
get-8-2008-9lhxx1iu.png

.
=-=-=
.
* الآن ستظهر لنا إعدادات البلس فنختار من اليمين على أمر السكريبتات ومن ثم نتأكد من عدم وجود أي سكريبت مسموح به وإذا وجدنا سكريبت لم نتعرف عليه نؤشر عليه بعلامة صح ومن ثم نضغط على إزالة ونوافق على تطبيق الإعدادات :ok:
.
get-8-2008-6qlanb1u.png

.
=-=-=
.
أتمنى أن تطبق المطلوب وتخبرنا ماذا حصل معك ..
.
ولي عودة للموضوع بإذن الله تعالى ,, :u:
 
توقيع : ihere
تأييد 0
بسم الله الرحمان الرحيم
قبل كل شيء لا بد من شكر كل الإخوة الكرام على مداخلاتهم
في زمن أصبح فيه العطاء صفة نادرة....

إخوتي، لقد كنت أستعمل النسخة 8 من المسانجر وقمت بتحميل النسخة 9 beta من البرنامج
و الحمد لله اختفى المشكل.

مع العلم أني أستعمل .454 .kaspersky internet secuirity 8.0.0
ca anti spywre
و قمت بالفحص الكامل للجهاز.

هنا التقرير الذي طلبه الأخ Demo-dash
ComboFix 08-08-19.03 - Abdelkafi 2008-08-20 22:19:07.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.120 [GMT 2:00]
Endroit: C:\Documents and Settings\Abdelkafi\Mes documents\Downloads\Programs\ComboFix.exe
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\auto2.pif
C:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-20 to 2008-08-20 ))))))))))))))))))))))))))))))))))))
.

2008-08-19 12:09 . 2008-08-20 22:37 175,070 --a------ C:\WINDOWS\ffx14.exe
2008-08-19 02:17 . 2008-08-20 14:34 <REP> d-------- C:\Documents and Settings\Abdelkafi\Tracing
2008-08-17 12:33 . 2008-08-20 22:37 61,757 --a------ C:\WINDOWS\VideoAccessCodecInstall.exe
2008-08-15 22:33 . 2008-08-15 22:33 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-08-15 17:59 . 2008-08-15 17:59 <REP> d-------- C:\Program Files\AxBx
2008-08-14 20:08 . 2008-08-14 20:08 <REP> d-------- C:\Program Files\Fichiers communs\Scanner
2008-08-14 20:08 . 2008-08-14 20:08 <REP> d-------- C:\Program Files\CA
2008-08-14 20:08 . 2008-08-14 20:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-08-14 20:08 . 2008-04-10 10:39 250,544 --a------ C:\WINDOWS\system32\KeyHelp.ocx
2008-08-14 15:13 . 2004-08-19 23:09 466,944 --a--c--- C:\WINDOWS\system32\dllcache\smtpsvc.dll
2008-08-14 15:12 . 2002-09-07 03:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-08-14 15:11 . 2002-09-07 03:00 10,129,408 --a--c--- C:\WINDOWS\system32\dllcache\hwxkor.dll
2008-08-14 15:10 . 2002-09-07 03:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-08-14 15:09 . 2004-08-19 23:09 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-08-14 15:08 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-08-14 15:06 . 2008-08-14 15:06 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-08-14 15:06 . 2008-08-14 15:06 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-08-14 15:06 . 2008-08-14 15:06 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-08-14 15:06 . 2008-08-14 15:06 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-08-14 15:06 . 2008-08-14 15:06 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-08-14 15:06 . 2008-08-14 15:06 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-08-14 15:05 . 2002-09-07 03:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-08-14 14:57 . 2002-09-07 03:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-08-14 14:57 . 2002-09-07 03:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2008-08-14 14:57 . 2002-09-07 03:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-08-14 14:57 . 2002-09-07 03:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2008-08-13 20:32 . 2008-08-13 20:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-08-13 19:43 . 2008-08-13 19:43 <REP> d-------- C:\Documents and Settings\Abdelkafi\Application Data\PC Tools
2008-08-13 19:43 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-08-13 19:43 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-08-13 19:43 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-08-13 19:43 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-08-13 19:42 . 2008-08-17 16:19 <REP> d-------- C:\Program Files\Spyware Doctor
2008-08-13 01:19 . 2008-08-20 22:37 141,735 --a------ C:\WINDOWS\ffx.exe
2008-08-13 01:08 . 2008-08-13 01:08 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-08-13 01:08 . 2008-08-20 11:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-13 01:08 . 2008-08-20 22:37 2,971,168 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-13 01:08 . 2008-08-20 22:35 385,056 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-13 01:08 . 2008-08-13 01:29 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-08-13 01:08 . 2008-08-13 01:08 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-08-13 01:08 . 2008-08-20 22:37 26,388 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-13 01:08 . 2008-08-20 22:34 3,444 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-12 18:39 . 2008-08-19 14:17 95 --a------ C:\WINDOWS\Vrai
2008-08-12 18:39 . 2008-08-20 20:10 86 --a------ C:\WINDOWS\0
2008-08-12 18:39 . 2008-08-20 20:10 83 --a------ C:\WINDOWS\Times New Roman
2008-08-12 18:36 . 2008-08-12 18:36 <REP> d-------- C:\Program Files\Oak Systems
2008-08-12 17:50 . 2008-08-20 22:10 <REP> d-------- C:\Documents and Settings\Abdelkafi\Application Data\skypePM
2008-08-12 17:50 . 2008-08-12 17:50 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-08-12 17:47 . 2008-08-20 22:10 <REP> d-------- C:\Documents and Settings\Abdelkafi\Application Data\Skype
2008-08-12 17:46 . 2008-08-12 17:46 <REP> d-------- C:\Program Files\Skype
2008-08-12 17:46 . 2008-08-12 17:46 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-08-12 17:45 . 2008-08-12 17:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-08-12 17:36 . 2008-08-12 17:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-08-12 16:44 . 2008-08-19 02:16 <REP> d-------- C:\Program Files\Windows Live
2008-08-12 16:44 . 2008-08-19 17:55 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-08-12 16:44 . 2008-08-12 16:44 <REP> d-------- C:\Program Files\Circle Developement
2008-08-12 16:43 . 2008-08-16 12:23 <REP> d-------- C:\Documents and Settings\Abdelkafi\Contacts
2008-08-12 16:43 . 2008-08-12 16:43 268 --ah----- C:\sqmdata00.sqm
2008-08-12 16:43 . 2008-08-12 16:43 244 --ah----- C:\sqmnoopt00.sqm
2008-08-12 16:35 . 2008-08-12 16:35 <REP> d-------- C:\Program Files\Windows Live Toolbar
2008-08-12 16:34 . 2008-08-12 16:34 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-08-12 16:34 . 2008-08-12 17:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-08-12 02:34 . 2008-08-15 01:06 <REP> d-------- C:\Program Files\AutoShutdown
2008-08-10 23:36 . 2008-08-10 23:36 <REP> d--hs---- C:\WINDOWS\system32\pas
2008-08-10 23:36 . 2008-08-11 15:17 <REP> d-------- C:\Program Files\PC Auto Shutdown
2008-08-10 21:27 . 2008-08-10 21:27 <REP> d-------- C:\Program Files\Opera
2008-08-10 18:19 . 2008-08-10 18:20 143,315 --a------ C:\Documents and Settings\Abdelkafi\H¾{1?ìoffx.exe
2008-08-10 16:29 . 2008-08-10 16:29 <REP> d--h----- C:\WINDOWS\PIF
2008-08-10 16:29 . 2008-08-20 22:35 28,160 --a------ C:\WINDOWS\system32\msvcrt.ax
2008-08-10 16:19 . 2008-08-10 16:19 <REP> d-------- C:\Documents and Settings\Abdelkafi\Application Data\HP
2008-08-10 16:15 . 2008-08-10 16:15 <REP> d-------- C:\Program Files\Fichiers communs\HP
2008-08-10 16:09 . 2005-03-15 01:33 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-08-10 16:09 . 2005-03-15 01:35 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-08-10 16:09 . 2005-03-09 01:25 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-08-10 16:09 . 2005-11-22 21:58 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-08-10 16:09 . 2005-03-15 03:09 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-08-10 16:09 . 2005-03-09 01:25 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-08-10 16:08 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-08-10 16:07 . 2008-08-10 16:17 <REP> d-------- C:\Program Files\HP
2008-08-10 16:03 . 2006-04-05 11:17 77,824 -ra------ C:\WINDOWS\system32\HPZIDS01.dll
2008-08-10 16:03 . 2006-03-22 21:10 48,128 --a------ C:\WINDOWS\system32\hpzll463.dll
2008-08-10 15:52 . 2008-08-10 16:26 135,582 --a------ C:\WINDOWS\HPHins11.dat
2008-08-10 15:52 . 2006-04-25 15:59 13,767 --a------ C:\WINDOWS\hphmdl11.dat
2008-08-10 15:51 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-08-09 21:17 . 2008-08-09 21:17 0 --ah----- C:\WINDOWS\SwSys2.bmp
2008-08-09 21:17 . 2008-08-09 21:17 0 --ah----- C:\WINDOWS\SwSys1.bmp
2008-08-09 21:15 . 2008-08-09 21:15 <REP> d-------- C:\Program Files\Blisslogik
2008-08-09 21:14 . 2008-08-14 20:08 <REP> d-------- C:\WINDOWS\Downloaded Installations
2008-08-08 18:25 . 2008-08-08 18:25 <REP> d-------- C:\Program Files\Ratajik Software
2008-08-05 17:45 . 2008-08-05 17:45 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-08-04 23:42 . 2008-08-04 23:42 <REP> d---s---- C:\Documents and Settings\Abdelkafi\UserData
2008-08-04 17:49 . 2008-08-04 17:49 <REP> d-------- C:\Program Files\Alcohol Soft
2008-08-04 17:46 . 2008-08-04 17:46 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-08-03 18:58 . 2008-08-12 19:54 <REP> d-------- C:\Program Files\Internet Download Manager
2008-08-03 18:58 . 2008-08-03 21:42 <REP> d-------- C:\Documents and Settings\Abdelkafi\Application Data\IDM
2008-08-03 14:00 . 2008-08-03 14:00 <REP> d-------- C:\Documents and Settings\Abdelkafi\Application Data\MSNInstaller
2008-08-03 02:20 . 2008-08-03 02:20 <REP> d-------- C:\shutdown
2008-08-03 02:20 . 2008-08-03 02:21 <REP> d-------- C:\Program Files\Auto Shutdown
2008-08-02 16:48 . 2008-08-02 16:48 <REP> d-------- C:\USB_DRV
2008-08-02 15:05 . 2008-08-09 12:13 <REP> d-------- C:\Program Files\honestech VHS to DVD 3.0
2008-08-01 17:50 . 2008-08-01 17:50 <REP> d-------- C:\Program Files\aod
2008-08-01 17:48 . 2008-08-15 22:31 <REP> d-------- C:\Program Files\Real
2008-08-01 17:48 . 2008-08-15 22:32 <REP> d-------- C:\Program Files\Fichiers communs\Real
2008-08-01 17:10 . 2008-08-10 16:52 2,079 --a------ C:\is.html
2008-08-01 16:57 . 2008-08-01 16:57 <REP> d-------- C:\Documents and Settings\Abdelkafi\Application Data\FastStone
2008-08-01 16:56 . 2008-08-01 16:56 <REP> d-------- C:\Program Files\FastStone Capture
2008-08-01 11:27 . 2008-08-01 11:36 <REP> d-------- C:\Program Files\Your Uninstaller 2008
2008-08-01 11:27 . 2008-08-20 22:36 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-01 11:27 . 2008-08-01 11:27 <REP> d-------- C:\Documents and Settings\Abdelkafi\Application Data\URSoft
2008-08-01 11:25 . 2008-08-01 11:25 <REP> d-------- C:\Program Files\Odebit Multim‚dia
2008-08-01 03:08 . 2008-08-01 11:35 <REP> d-------- C:\Program Files\VideoLAN
2008-08-01 03:02 . 2008-08-01 11:39 <REP> d-------- C:\Program Files\Total Video Converter
2008-08-01 02:52 . 2008-08-01 02:52 <REP> d-------- C:\Documents and Settings\Abdelkafi\Application Data\Media Player Classic
2008-08-01 02:46 . 2007-09-04 18:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-08-01 02:45 . 2008-08-01 02:45 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-07-31 16:43 . 2008-07-31 16:43 <REP> d-------- C:\Program Files\Jeux de cartes
2008-07-31 04:42 . 2008-08-20 21:30 <REP> d-------- C:\Documents and Settings\Abdelkafi\Application Data\BitTorrent
2008-07-31 04:41 . 2008-07-31 04:41 <REP> d-------- C:\Program Files\DNA
2008-07-31 04:41 . 2008-07-31 04:41 <REP> d-------- C:\Program Files\BitTorrent
2008-07-31 04:41 . 2008-08-13 01:02 <REP> d-------- C:\Documents and Settings\Abdelkafi\Application Data\DNA
2008-07-31 04:30 . 2008-08-20 22:35 <REP> d-------- C:\Documents and Settings\Abdelkafi\Application Data\DMCache
2008-07-31 03:57 . 2008-07-31 03:57 <REP> d-------- C:\Program Files\MSECache
2008-07-31 03:55 . 2008-07-31 03:55 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-31 03:07 . 2008-07-31 03:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-07-31 02:49 . 2008-07-31 02:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-15 20:31 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-08-15 20:31 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-08-10 16:20 143,315 ----a-w C:\Documents and Settings\Abdelkafi\H¥{1ýoffx.exe
2008-08-07 08:06 --------- d-----w C:\Program Files\The KMPlayer
2008-08-01 09:31 --------- d-----w C:\Program Files\Winamp
2008-08-01 09:25 --------- d-----w C:\Program Files\Odebit Multimédia
2008-08-01 01:14 --------- d-----w C:\Documents and Settings\Abdelkafi\Application Data\Winamp
2008-07-31 16:13 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-07-31 16:13 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-07-31 16:11 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-07-30 23:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-30 23:47 --------- d-----w C:\Program Files\SuperCopier2
2008-07-30 23:46 --------- d-----w C:\Program Files\MSBuild
2008-07-30 23:46 --------- d-----w C:\Program Files\Microsoft Works
2008-07-30 23:45 --------- d-----w C:\Program Files\Microsoft.NET
2008-07-30 23:43 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-07-30 23:40 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-07-30 21:30 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-30 21:29 --------- d-----w C:\Program Files\Services en ligne
2008-07-09 14:34 206,256 ----a-w C:\WINDOWS\system32\idmmbc.dll
2008-06-12 18:36 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\divx.dll
2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2005-03-14 01:37 1057280]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-08-03 18:59 2606512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-20 21:58 7581696]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2008-07-18 20:11 181488]
"CaPPcl"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe" [2008-04-10 10:39 476424]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-08-15 22:31 185896]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-04-10 15:14 1107848]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 20:20 206088]
"nwiz"="nwiz.exe" [2006-07-20 21:58 1519616 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 17:58 16264192 C:\WINDOWS\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [2006-05-16 19:04 2879488 C:\WINDOWS\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 23:09 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe, MyWork"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\A2FREE.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\A2SERVICE.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ACAAS.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ACAEGMGR.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ACAIS.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ACALS.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ACASP.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AHNSD.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AHNSDSV.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ALUSCHEDULERSVC.EXE.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ANTI-VIRUS&TROJAN.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\APVXDWIN.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\APVXDWIN.EXE.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ASHSIMPL.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVENGINE.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVENGINE.EXE.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVGAMSVR.EXE.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVGAS.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVGCC.EXE.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVGEMC.EXE.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVGINET.EXE.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVGNT.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVGUARD.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVGUPSVC.EXE.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVGWB.DAT.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVP.EXE.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVSCAN.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdagent.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdss.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Bkav2006.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CASECURITYCENTER.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CCAPP.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CCenter.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CCPROVSP.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CCSVCHST.EXE.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CLEANER.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\COUNTERSPY.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DRWEBSCD.EXE.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DRWEBUPW.EXE.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EGHOST.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EGUI.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EGUI.EXE.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EKRN.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EKRN.EXE.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EMLPROUI.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EMLPROXY.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FAMEH32.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\far.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FCH32.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FireTray.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPAVSERVER.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPROTTRAY.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPWIN.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FSAUA.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FSAV32.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FSDFWD.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FSGK32.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FSGK32ST.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FSGUIDLL.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FSM32.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FSMA32.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FSMB32.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FSQH.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FSSM32.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FSUS.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GUARD.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\icesword.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IEProt.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Iparmor.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Kav.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kav32.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KavPFW.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVPLUS.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavstart.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavsvc.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KpopMon.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KRegEx.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVCenter.kxp.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVFW.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVMonXP.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVOL.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvolself.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Kvsrvxp.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVSrvXp_1.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvwsc.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KWATCHUI.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\livesrv.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MAILMON.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCAGENT.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCMSCSVC.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCNASVC.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCPROXY.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCSHIELD.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCSYSMON.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCUIMGR.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCVSESCN.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MPFSRV.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MSKAGENT.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MSPROXY.AHN.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Nvsvc32.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ONLINENT.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ONLNSVC.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PAVFNSVR.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PAVFNSVR.EXE.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PAVPRSRV.EXE.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PAVSRV51.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PAVSRV51.EXE.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PCTAV.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PCTAVSVC.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PFW.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PSCTRLS.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PSCTRLS.EXE.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PSHOST.EXE.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PSIMSVC.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PSIMSVC.EXE.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PSKMSSVC.EXE.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QHFW.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QOELOADER.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QUHLPSVC.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAVMON.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavMonD.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavService.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavTask.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAVTIMER.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RfwMain.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RRfwMain.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rtvscan.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SASERVICE.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SBCSSVC.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SBCSTRAY.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SCANMSG.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SCANNER.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SCANWSCS.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SCHED.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SFCTLCOM.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SHSTAT.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SPIDERUI.EXE.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SRVLOAD.EXE.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TBMon.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TCA.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TCM.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TFSERVICE.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TFTRAY.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TISSPWIZ.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TMBMSRV.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TPSRV.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TROJAN GUARDER.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojDie.kxp.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UfNavi.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UFSEAGNT.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UpdaterUI.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UPSCHD.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VPTray.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsserv.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WEBPROXY.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WMIADAP.EXE.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\worm2007.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WUAUCLT.EXE.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xcommsvr.exe]
"Debugger"=system.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ý¾×çW†Œô‚s.exe]
"Debugger"=system.exe

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^igfxtray.exe]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\igfxtray.exe
backup=C:\WINDOWS\pss\igfxtray.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoShutdown]
--a------ 2006-07-23 13:43 701440 C:\PROGRA~1\AUTOSH~2\AutoShutdown.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-07-31 04:41 341824 C:\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-19 23:09 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 2008-08-03 18:59 2606512 C:\Program Files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-07-20 21:58 7581696 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Auto Shutdown]
--a------ 2006-11-20 11:24 1382912 C:\Program Files\PC Auto Shutdown\AutoShutdown.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-08-15 22:31 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-10-10 07:28 36352 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-ra------ 2005-05-03 19:43 69632 C:\WINDOWS\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-07-20 21:58 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raccourci vers la page des propriétés de High Definition Audio]
--a------ 2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-ra------ 2006-09-12 17:58 16264192 C:\WINDOWS\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-ra------ 2006-05-16 19:04 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\french\\setup.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R2 PCAutoShutdown_Service;PCAutoShutdown_Service;C:\Program Files\PC Auto Shutdown\ShutdownService.exe [2006-11-06 16:31]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 18:06]
R3 PPCtlPriv;PPCtlPriv;C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2008-04-10 10:39]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 06:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29a897de-6aaf-11dd-ad8e-0018f3939026}]
\Shell\Auto\command - M:\auto2.pif
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto2.pif

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62f26faf-6860-11dd-ad82-0018f3939026}]
\Shell\Auto\command - M:\auto2.pif
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto2.pif

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8304cc18-6914-11dd-ad86-0018f3939026}]
\Shell\AutoRun\command - M:\1rfw8hjr.com
\Shell\explore\Command - M:\1rfw8hjr.com
\Shell\open\Command - M:\1rfw8hjr.com
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-08-15 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Abdelkafi at 20 09.job
- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2008-04-10 10:39]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-MsnMsgr - C:\Program Files\MSN Messenger\MsnMsgr.Exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Abdelkafi\Application Data\Mozilla\Firefox\Profiles\jbisdcqd.default\
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-08-20 22:37:40
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\ABDELK~1\LOCALS~1\Temp\mc21.tmp"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\FastStone Capture\FSCapture.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-20 22:43:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-20 20:42:36

Pre-Run: 8,218,337,280 octets libres
Post-Run: 9,166,909,440 octets libres

618 --- E O F --- 2008-08-20 09:54:54
 
تأييد 0
أرجوا إعادة فحص التقرير بالهايجاك

السلام عليكم ورحمة الله وبركاته :d:
.
أخي العزيز : olianzo :u:
.
أتوقع يا غالي بأنك لم تقم بعمل تقرير للهايجاك :d:
.
فعموماً هذا شرح بسيط لكيفية عمل تقرير ونسخه إضافة لرابط الأداة :-
.
لتحميل أداة الهايجاك :
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

.
(.. شرح طريقة الفحص ..)
.
* عند تحميل الأداة ننقر دبل كلك لفتحها :d:
.
=-=-=
.
* الآن سوف تظهر لنا هذه الواجهه فنطبق كما بالصورة ..
.
get-8-2008-0pcjfq65.png

.
=-=-=
.
* الآن ننتظر عدة ثوان إلى أن يظهر لنا ملف التكست .. أنظر بارك الله فيك ..
.
get-8-2008-fwvptj8j.png

.
ملاحظة : طريقة النسخ هي من لوحة التحكم (الكيبورد) نضغط على Alt+a لنحدد جميع ما بالصفحة ومن ثم نضغط على Alt+c لنسخ التقرير ومن ثم نذهب للمنتدى ونضعه :d: :d:
.
=-=-=
.
أو بإمكانك رفع ملف التكست كامل على موقع من مواقع التحميل كالزد شير مثلاً ومن ثم إرفاقه بردك القادم :smile:
.
بإنتظارك ,, :u:
 
توقيع : ihere
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى