بارك الله فيكم جميعا أيها الدكاترة
بالنسبة للطلب الأول فقد أعددت التقررين
هذا تقرير combofix
from: C:\Documents and Settings\Administrateur\Mes documents\Downloads\Programs\2.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\win19.pif
C:\win4.pif
C:\win6.pif
C:\win7.pif
C:\WINDOWS\system32\Cfx32.lic
C:\WINDOWS\system32\cfx32.ocx
C:\WINDOWS\system32\x64
.
((((((((((((((((((((((((( Files Created from 2008-09-14 to 2008-10-14 )))))))))))))))))))))))))))))))
.
2008-10-14 18:44 . 2008-10-14 18:44 <REP> d-------- C:\WINDOWS\system32\oobe
2008-10-13 23:25 . 2007-03-06 16:01 176 --a------ C:\WINDOWS\system32\drivers\RTHDAEQ3.dat
2008-10-13 23:25 . 2007-02-07 17:16 176 --a------ C:\WINDOWS\system32\drivers\RTHDAEQ2.dat
2008-10-13 23:25 . 2007-07-30 20:01 16 --a------ C:\WINDOWS\system32\drivers\RtkHDAud.dat
2008-10-13 23:24 . 2005-05-03 18:43 69,632 --a------ C:\WINDOWS\Alcmtr.exe
2008-10-13 20:21 . 2008-10-13 20:21 <REP> d--h----- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonBJ
2008-10-13 20:21 . 2006-09-12 22:00 197,632 --a------ C:\WINDOWS\system32\CNMLM83.DLL
2008-10-13 20:20 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-10-13 19:42 . 2008-10-13 19:42 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2008-10-13 19:39 . 2008-10-13 19:39 <REP> d-------- C:\Program Files\Yahoo!
2008-10-12 16:19 . 2008-10-12 16:19 <REP> d--h----- C:\BJPrinter
2008-10-12 16:19 . 2004-04-23 18:00 116,736 --a------ C:\WINDOWS\system32\CNMLM6e.DLL
2008-10-12 16:19 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-10-12 16:19 . 2004-04-23 18:00 7,680 --a------ C:\WINDOWS\system32\CNMVS6e.DLL
2008-10-11 22:26 . 2008-10-11 22:38 3,856 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-11 19:15 . 2008-10-11 19:15 268 --ah----- C:\sqmdata19.sqm
2008-10-11 19:15 . 2008-10-11 19:15 244 --ah----- C:\sqmnoopt19.sqm
2008-10-11 18:25 . 2008-10-11 18:25 268 --ah----- C:\sqmdata18.sqm
2008-10-11 18:25 . 2008-10-11 18:25 244 --ah----- C:\sqmnoopt18.sqm
2008-10-10 20:20 . 2008-10-10 20:20 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Nero
2008-10-10 19:54 . 2008-10-10 19:54 280 --ah----- C:\sqmdata17.sqm
2008-10-10 19:54 . 2008-10-10 19:54 244 --ah----- C:\sqmnoopt17.sqm
2008-10-10 19:52 . 2008-10-10 19:52 <REP> d-------- C:\Program Files\MP3 Player Utilities 4.15
2008-10-10 19:27 . 2008-10-10 19:27 268 --ah----- C:\sqmdata16.sqm
2008-10-10 19:27 . 2008-10-10 19:27 244 --ah----- C:\sqmnoopt16.sqm
2008-10-09 22:24 . 2008-10-09 22:24 268 --ah----- C:\sqmdata15.sqm
2008-10-09 22:24 . 2008-10-09 22:24 244 --ah----- C:\sqmnoopt15.sqm
2008-10-09 17:46 . 2008-10-09 17:46 268 --ah----- C:\sqmdata14.sqm
2008-10-09 17:46 . 2008-10-09 17:46 244 --ah----- C:\sqmnoopt14.sqm
2008-10-09 05:47 . 2008-10-14 09:10 268 --ah----- C:\sqmdata13.sqm
2008-10-09 05:47 . 2008-10-14 09:10 244 --ah----- C:\sqmnoopt13.sqm
2008-10-08 19:15 . 2008-10-14 01:38 268 --ah----- C:\sqmdata12.sqm
2008-10-08 19:15 . 2008-10-14 01:38 244 --ah----- C:\sqmnoopt12.sqm
2008-10-08 19:00 . 2008-10-13 23:26 268 --ah----- C:\sqmdata11.sqm
2008-10-08 19:00 . 2008-10-13 23:26 244 --ah----- C:\sqmnoopt11.sqm
2008-10-06 20:35 . 2006-08-01 15:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-10-06 20:34 . 2008-10-13 23:24 <REP> d-------- C:\Program Files\Realtek
2008-10-06 20:34 . 2007-07-26 17:09 520,192 --a------ C:\WINDOWS\RtlExUpd.dll
2008-10-06 20:30 . 2008-10-06 20:30 0 --a------ C:\WINDOWS\CeEKey.INI
2008-10-06 20:25 . 2007-08-10 15:21 16,384,000 --a------ C:\WINDOWS\RTHDCPL.exe
2008-10-06 20:25 . 2007-03-23 19:19 9,715,200 --a------ C:\WINDOWS\RTLCPL.exe
2008-10-06 20:25 . 2007-08-10 13:52 4,603,904 --a------ C:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-10-06 20:25 . 2006-05-04 16:26 2,808,832 --a------ C:\WINDOWS\alcwzrd.exe
2008-10-06 20:25 . 2007-06-28 16:44 2,165,760 --a------ C:\WINDOWS\MicCal.exe
2008-10-06 20:25 . 2007-08-03 13:22 1,826,816 --a------ C:\WINDOWS\SkyTel.exe
2008-10-06 20:25 . 2007-07-26 18:06 1,191,936 --a------ C:\WINDOWS\RtlUpd.exe
2008-10-06 20:25 . 2005-09-21 10:25 299,008 --a------ C:\WINDOWS\system32\ALSndMgr.cpl
2008-10-06 20:25 . 2006-08-18 06:58 282,624 --a------ C:\WINDOWS\system32\RTSndMgr.cpl
2008-10-06 20:25 . 2006-07-21 16:14 86,016 --a------ C:\WINDOWS\SoundMan.exe
2008-10-06 19:51 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-10-06 15:54 . 2008-10-06 15:54 <REP> d-------- C:\Program Files\Trapcode
2008-10-06 15:54 . 2008-10-06 15:54 36,868 --a------ C:\Program Files\uninst-shine.exe
2008-10-06 15:47 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-10-06 15:47 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-10-05 17:48 . 2008-10-05 17:48 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\DivX
2008-10-04 13:55 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2008-10-01 21:46 . 2008-10-01 21:46 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet
2008-10-01 21:29 . 2008-10-01 21:29 <REP> d-------- C:\Program Files\Bonjour
2008-10-01 21:22 . 2008-10-01 21:22 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-10-01 11:43 . 2008-10-01 11:43 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Ulead Systems
2008-10-01 11:38 . 2008-10-01 11:39 <REP> d-------- C:\Program Files\Fichiers communs\Ulead Systems
2008-10-01 11:37 . 2008-10-01 11:37 <REP> d-------- C:\Program Files\Corel
2008-10-01 11:37 . 2008-10-01 11:38 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ulead Systems
2008-10-01 11:36 . 2008-10-01 11:36 <REP> d-------- C:\WINDOWS\Downloaded Installations
2008-10-01 02:44 . 2004-03-17 16:05 134,144 --------- C:\WINDOWS\system32\dllcache\Mssap.dll
2008-10-01 02:44 . 2004-08-12 17:45 61,952 --------- C:\WINDOWS\system32\Hdaudpropshortcut.exe
2008-10-01 02:44 . 2004-08-12 17:45 24,064 --------- C:\WINDOWS\system32\Hdaudprop.dll
2008-10-01 02:44 . 2004-08-12 17:45 5,120 --------- C:\WINDOWS\system32\Hdaudpropres.dll
2008-10-01 00:23 . 2008-10-13 23:21 268 --ah----- C:\sqmdata10.sqm
2008-10-01 00:23 . 2008-10-13 23:21 244 --ah----- C:\sqmnoopt10.sqm
2008-09-30 23:57 . 2007-08-01 09:24 2,364 --a------ C:\WINDOWS\system32\Add Licence To Your Windows.reg
2008-09-30 20:54 . 2008-10-13 14:58 268 --ah----- C:\sqmdata09.sqm
2008-09-30 20:54 . 2008-10-13 14:58 244 --ah----- C:\sqmnoopt09.sqm
2008-09-30 19:29 . 2008-09-30 19:29 <REP> d-------- C:\Zyzoom_RFA_Platinum
2008-09-30 19:29 . 2008-09-30 19:29 <REP> d-------- C:\Documents and Settings\All Users.WIN2
2008-09-30 18:19 . 2008-09-30 18:19 <REP> d-------- C:\Program Files\Trend Micro
2008-09-30 17:57 . 2008-10-13 10:42 268 --ah----- C:\sqmdata08.sqm
2008-09-30 17:57 . 2008-10-13 10:42 244 --ah----- C:\sqmnoopt08.sqm
2008-09-30 14:46 . 2008-10-13 09:09 268 --ah----- C:\sqmdata07.sqm
2008-09-30 14:46 . 2008-10-13 09:09 244 --ah----- C:\sqmnoopt07.sqm
2008-09-30 13:52 . 2008-10-13 06:35 268 --ah----- C:\sqmdata06.sqm
2008-09-30 13:52 . 2008-10-13 06:35 244 --ah----- C:\sqmnoopt06.sqm
2008-09-30 02:58 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-09-30 02:25 . 2008-09-30 02:25 <REP> d-------- C:\Program Files\ESET
2008-09-30 02:25 . 2008-09-30 02:25 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET
2008-09-30 01:57 . 2008-10-14 18:45 <REP> d--h----- C:\Documents and Settings\Administrateur\Contacts
2008-09-30 01:48 . 2008-09-30 01:48 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe Systems
2008-09-30 01:47 . 2008-09-30 01:47 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2008-09-30 01:46 . 2008-10-06 15:49 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-09-29 14:49 . 2007-11-16 14:51 <REP> d-------- C:\Program Files\VIPhd
2008-09-29 14:32 . 2008-09-29 14:32 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
2008-09-29 14:28 . 2008-10-12 23:57 268 --ah----- C:\sqmdata05.sqm
2008-09-29 14:28 . 2008-10-12 23:57 244 --ah----- C:\sqmnoopt05.sqm
2008-09-29 14:27 . 2008-09-29 14:27 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\CyberScrub
2008-09-29 14:27 . 2008-09-29 14:27 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\cleaner
2008-09-29 10:05 . 2008-10-12 21:42 268 --ah----- C:\sqmdata04.sqm
2008-09-29 10:05 . 2008-10-12 21:42 244 --ah----- C:\sqmnoopt04.sqm
2008-09-29 00:59 . 2008-09-29 00:59 <REP> d--h----- C:\WINDOWS\PIF
2008-09-28 22:10 . 2008-10-14 18:41 13,030 --a------ C:\PDOXUSRS.NET
2008-09-28 19:56 . 2008-10-14 16:02 <REP> d-------- C:\WINDOWS\system32\CatRoot2
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-14 16:38 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\DMCache
2008-10-14 16:26 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Skype
2008-10-13 08:25 --------- d-----w C:\Program Files\Kelk 2000
2008-09-30 17:21 --------- d-----w C:\Program Files\Total Video Converter
2008-09-30 01:07 --------- d-----w C:\Program Files\Paint.NET
2008-09-29 23:40 --------- d-----w C:\Program Files\Internet Download Manager
2008-09-19 09:49 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-18 11:27 34,312 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-08-18 11:19 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-08-18 11:18 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2008-07-22 10:16 9,216 ----a-r C:\WINDOWS\system32\agrsmsvc.exe
2008-07-22 10:16 50,752 ----a-r C:\WINDOWS\agrsmdel.exe
2008-07-22 10:16 13,312 ----a-r C:\WINDOWS\system32\agrscoin.dll
2006-12-12 09:13 32,768 ----a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\EBLib.dll
2006-07-28 14:25 19,456 ----a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\LPCFilter.sys
.
------- Sigcheck -------
2007-12-18 04:04 507904 fb66744d525ea5df9a719f1db9b2dff4 C:\WINDOWS\system32\winlogon.exe
2007-12-18 04:04 182656 bc84c4f67d0e880b0c46dc0ce2b8cbaa C:\WINDOWS\system32\drivers\ndis.sys
2007-02-28 18:08 2437632 61381c1b4c0374569fbbf20ff9be199c C:\WINDOWS\system32\ntkrnlpa.exe
2007-12-18 04:04 2479872 37cf5612cd0b972a6a9e5a1ec4219e47 C:\WINDOWS\system32\ReinstallBackups\
0015\DriverFiles\i386\ntkrnlpa.exe
2007-02-28 18:08 2557952 58228e929147d49965b884070e29381b C:\WINDOWS\system32\ntoskrnl.exe
2007-12-18 04:04 2347392 c23532a465a0b2ea4fc35b494bff5524 C:\WINDOWS\system32\ReinstallBackups\
0015\DriverFiles\i386\ntoskrnl.exe
2007-12-18 04:04 1789952 addc47dfd517f2143d71e9310e414b50 C:\WINDOWS\explorer.exe
2007-12-18 04:04 25088 43836cffabac8d6779e8ee55e308df2c C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2005-03-14 1057280]
"Stickies"="C:\Program Files\Bret Taylor\Stickies\\Stickies.exe" [2007-03-14 335872]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-02-21 2594224]
"DesktopIconToy"="C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe" [2008-03-01 430080]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-12-18 25088]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VisualTaskTips"="C:\Windows\System32\VisualTaskTips.exe" [2007-12-18 36864]
"Vistadrv"="C:\Program Files\VIPhd\vsdrv.exe" [2006-07-30 121089]
"Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2007-08-02 95504]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-07-17 122880]
"Styler"="C:\Program Files\styler\Styler.exe" [2006-05-03 307200]
"rfagent"="C:\Zyzoom_RFA_Platinum\rfagent.exe" [2007-06-12 617088]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2007-08-28 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2007-08-28 455168]
"pdfFactory Pro Dispatcher v2"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2003-11-10 385024]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2007-08-28 59392]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2007-08-28 208952]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-07-22 142104]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-07-22 162584]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2007-07-06 651264]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2007-01-10 1235456]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 C:\WINDOWS\RTHDCPL.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2007-12-18 678912]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"TSClientMSIUninstaller"="C:\WINDOWS\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-12-18 12451]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2007-12-18 44544]
"nltide_3"="advpack.dll" [2007-12-18 C:\WINDOWS\system32\advpack.dll]
C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
Bluetooth Monitor.lnk - C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe [2004-09-27 69632]
RocketDock.exe [2007-09-02 495616]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoClose"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
R0 Si3124;Si3124;C:\WINDOWS\system32\drivers\Si3124.sys [2007-12-18 76208]
R0 Si3132r5;Si3132r5;C:\WINDOWS\system32\drivers\Si3132r5.sys [2007-12-18 208688]
R0 Si3531;Si3531;C:\WINDOWS\system32\drivers\Si3531.sys [2007-12-18 210224]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-08-18 34312]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 26368]
*Newly Created Service* - HELPSVC
.
s of the 'Scheduled Tasks' folder
2008-10-14 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHANS REMOVED - - - -
Toolbar-SaveLinksOrder - (no file)
Toolbar-Locked - (no file)
Toolbar-ITBarLayout - (no file)
Toolbar-ITBarLayout - (no file)
Toolbar-ITBar7Layout - (no file)
Toolbar-ITBar7Position - (no file)
HKLM-Run-Win32BaseServiceMOD - (no file)
HKLM-Run-SystemInit - (no file)
HKLM-Run-startIE - (no file)
HKLM-Run-raVe - (no file)
HKLM-Run-Karen - (no file)
HKLM-RunServices-raVe - (no file)
HKLM-RunServices-Driver32 - (no file)
HKU-Default-RunOnce-nltide3 - rundll32 advpack.dll
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\bqceyn69.default\
.
.
------- File Associations -------
.
vbefile\shell\edit\command=C:\WINDOWS\Notepad.exe %1
vbsfile\shell\edit\command=%SystemRoot%\System32\Notepad.exe %1
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-10-14 18:45:20
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc24.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\RocketDock\RocketDock.dll
-> C:\Windows\System32\VttHooks.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Bret Taylor\Stickies\Stickies.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Crypserv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Borland\InterBase\bin\ibserver.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\igfxsrvc.exe
.
**************************************************************************
.
Completio
وهذا تقرير اداة الهايجكان
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:57:34, on 17/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\styler\Styler.exe
C:\Zyzoom_RFA_Platinum\rfagent.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Bret Taylor\Stickies\Stickies.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Borland\InterBase\bin\ibserver.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Fichiers communs\Justdo\Jd2002.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\Program Files\VIPhd\vsdrv.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
O4 - HKLM\..\Run: [rfagent] "C:\Zyzoom_RFA_Platinum\rfagent.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Stickies] C:\Program Files\Bret Taylor\Stickies\\Stickies.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [DesktopIconToy] C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE RESEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RESEAU')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Monitor.lnk = ?
O4 - Global Startup: RocketDock.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE828C56-D6CC-40AD-8042-EF347B52E439}: NameServer = 208.67.222.222 193.55.10.102
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 10342 bytes
أما بالنسبة للطلب الثاني فشكرالك أخي مع العلم أني تشغيل عادي
أما بالنسبة للرد الثالث فأود من الأخ أن يعطيني العبارة باللغة الفرنسية لأن نسختي فرنسية فقد توصلة الى اللوحة بسهولة أما الخيار فيوجد اختلاف كبير ويعتمد على المصطلحات
بارك الله فيكم جميعا وجزاكم الله عنا كل الخير
