هل يوجد شيء في هذا التقرير

[mehrez02]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:02:54, on 09/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\bujwnn.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.062\Portable Driver Genius Professional 8.0.316\Portable Driver Genius Professional 8.0.316\Driver Genius Professional Edition 8 Portable.exe
C:\Documents and Settings\Administrateur\Mes documents\Downloads\Programs\HJTInstall.exe
C:\Documents and Settings\Administrateur\Mes documents\Downloads\Programs\HJTInstall.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: TBSB04001 - {64207EDA-AEDB-4C28-B1F9-D48763A056A7} - C:\Program Files\IEToolbar\Bramjnet Toolbar\bramjnet.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Bramjnet Toolbar - {BF3888F1-D74E-4209-B923-A2C3CEE67ABE} - C:\Program Files\IEToolbar\Bramjnet Toolbar\bramjnet.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] bujwnn.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [Microsoft Update Machine] bujwnn.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Microsoft Update Machine] bujwnn.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Bramjnet Toolbar - {BF3888F1-D74E-4209-B923-A2C3CEE67ABE} - C:\Program Files\IEToolbar\Bramjnet Toolbar\bramjnet.dll
O9 - Extra 'Tools' menuitem: Bramjnet Toolbar - {BF3888F1-D74E-4209-B923-A2C3CEE67ABE} - C:\Program Files\IEToolbar\Bramjnet Toolbar\bramjnet.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)

--
End of file - 7465 bytes

 

[Demo-dashDemo-dash is verified member.]

يوجد الكثير ,, احذف

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot


O4 - HKUS\S-1-5-19\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'SERVICE LOCAL')


O4 - HKUS\S-1-5-20\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'SERVICE RÉSEAU')


O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')


O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')



O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)


O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll



O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll



O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file


O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)



O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)


O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)

طريقة الحذف

وقم باستخدام هذه الاداه

اداة SmitfraudFix

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

​

ثم

ثم نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التوافق : ويندوز اكسبيفقط

شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

​

​

وعليك بالعافيه
​

 

[gaberbkr]

قم بتعطيل القيم التالية
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: TBSB04001 - {64207EDA-AEDB-4C28-B1F9-D48763A056A7} - C:\Program Files\IEToolbar\Bramjnet Toolbar\bramjnet.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Bramjnet Toolbar - {BF3888F1-D74E-4209-B923-A2C3CEE67ABE} - C:\Program Files\IEToolbar\Bramjnet Toolbar\bramjnet.dllO4 - HKLM\..\Run: [Microsoft Update Machine] bujwnn.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] bujwnn.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] bujwnn.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 

[mehrez02]

هذا التقرير الاول
SmitFraudFix v2.381

Rapport fait à 15:55:51,15, 09/12/2008
Executé à partir de C:\Documents and Settings\Administrateur\Mes documents\Downloads\Programs\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost


»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom 440x 10/100 Integrated Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{FB0437FE-B27C-41EA-BC63-F7CFFEC1ED0A}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FB0437FE-B27C-41EA-BC63-F7CFFEC1ED0A}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

 

[mehrez02]

هذا التقرير الثاني
ComboFix 08-12-07.04 - Administrateur 2008-12-09 16:05:50.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.74 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Mes documents\Downloads\Programs\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\IEToolbar
c:\program files\IEToolbar\Bramjnet Toolbar\bramjnet.dll
c:\program files\IEToolbar\Bramjnet Toolbar\favicon.ico
c:\program files\IEToolbar\Bramjnet Toolbar\stations.dll
c:\program files\IEToolbar\Bramjnet Toolbar\tbhelper.dll
c:\program files\IEToolbar\Bramjnet Toolbar\uninstall.exe
c:\program files\IEToolbar\Bramjnet Toolbar\update.exe
c:\program files\IEToolbar\Bramjnet Toolbar\webfilter_plugin.dll
c:\windows\system32\404Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-09 au 2008-12-09 ))))))))))))))))))))))))))))))))))))
.

2008-12-09 14:27 . 2008-12-09 14:54 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Thinstall
2008-12-08 15:40 . 2008-12-08 21:41 <REP> d-------- C:\RECYCLER(2)
2008-12-08 15:36 . 2008-12-08 15:36 <REP> d-------- c:\documents and settings\Administrateur\Application Data\CyberScrub
2008-12-08 15:36 . 2008-12-08 21:41 <REP> d-------- c:\documents and settings\Administrateur\Application Data\cleaner
2008-12-08 13:29 . 2008-12-08 21:42 <REP> d-------- c:\program files\Windows Defender
2008-12-08 12:49 . 2008-12-08 12:49 <REP> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2008-12-08 12:22 . 2008-12-08 21:42 <REP> d-------- c:\program files\ma-config.com
2008-12-08 12:22 . 2008-12-08 21:42 <REP> d-------- c:\documents and settings\All Users\Application Data\ma-config.com
2008-12-08 11:41 . 2008-12-08 11:41 <REP> d-------- c:\program files\Trend Micro
2008-12-07 21:43 . 2008-12-07 21:43 <REP> d-------- c:\program files\Alcohol Soft
2008-12-07 16:41 . 2008-12-07 16:57 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2008-12-07 16:00 . 2008-12-07 16:00 <REP> d-------- c:\program files\Fichiers communs\xing shared
2008-12-07 15:46 . 2008-12-07 15:46 <REP> d-------- c:\program files\??????? ???????? ?? Microsoft
2008-12-06 15:29 . 2008-12-06 19:04 39 --a------ c:\windows\Irremote.ini
2008-12-06 15:06 . 2008-12-06 19:05 <REP> d-------- c:\program files\Nero
2008-12-06 15:05 . 2008-12-06 19:28 <REP> d-------- c:\program files\Fichiers communs\Nero
2008-12-06 15:05 . 2008-12-06 19:26 <REP> d-------- c:\documents and settings\All Users\Application Data\Nero
2008-12-06 14:42 . 2008-12-06 14:42 1,536 --a------ c:\windows\system32\bcevent.dll
2008-12-06 14:31 . 2008-12-06 16:33 <REP> d-------- c:\documents and settings\Administrateur\Application Data\skypePM
2008-12-06 14:31 . 2008-12-06 14:31 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-12-06 14:22 . 2008-12-06 19:28 <REP> d-------- c:\documents and settings\All Users\Application Data\Skype
2008-12-05 21:55 . 2008-12-05 21:55 <REP> d-------- c:\documents and settings\Administrateur\Application Data\vlc
2008-12-05 20:46 . 2008-12-05 20:46 <REP> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-12-05 20:12 . 2008-12-05 20:12 <REP> d-------- c:\program files\VideoLAN
2008-12-05 14:33 . 2008-12-05 14:33 <REP> d-------- c:\documents and settings\All Users\Application Data\Winferno
2008-12-05 14:29 . 2006-07-24 08:56 212,240 --a------ c:\windows\system32\Richtx32.ocx
2008-12-02 19:25 . 2008-12-06 19:30 <REP> d-------- c:\program files\ALLPlayer
2008-11-30 18:06 . 2008-11-30 18:07 <REP> d-------- c:\program files\CCleaner
2008-11-30 13:26 . 2008-11-30 13:26 <REP> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-11-28 17:56 . 2008-12-06 16:00 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Nero
2008-11-28 15:14 . 2008-11-28 15:14 <REP> d-------- c:\program files\Real Alternative
2008-11-28 15:12 . 2008-11-28 15:12 <REP> d-------- c:\documents and settings\Administrateur\Application Data\BWMonitor
2008-11-26 19:46 . 2008-11-26 19:46 <REP> d-------- c:\documents and settings\All Users\Application Data\GRETECH
2008-11-26 19:46 . 2008-11-26 19:46 <REP> d-------- c:\documents and settings\Administrateur\Application Data\GRETECH
2008-11-26 19:45 . 2008-11-26 19:45 <REP> d-------- c:\program files\GRETECH
2008-11-26 19:45 . 2008-12-09 15:47 <REP> d-------- c:\program files\Google
2008-11-26 19:44 . 2008-11-26 19:45 <REP> d-------- c:\program files\DivX
2008-11-25 21:40 . 2008-01-10 13:15 755,027 --a------ c:\windows\system32\xvidcore.dll
2008-11-25 21:40 . 2008-01-10 13:16 159,839 --a------ c:\windows\system32\xvidvfw.dll
2008-11-25 21:37 . 2003-06-23 02:44 1,415,680 --a------ c:\windows\system32\wmv9vcm.dll
2008-11-25 21:37 . 2003-08-29 00:55 423,424 --a------ c:\windows\system32\WMAVDS32.ax
2008-11-25 21:37 . 2001-05-16 16:54 309,616 --a------ c:\windows\system32\wmv8dmod.dll
2008-11-25 21:37 . 2001-03-26 03:41 245,760 --a------ c:\windows\system32\mp4sds32.ax
2008-11-25 19:41 . 2000-05-22 00:00 244,416 --a------ c:\windows\system32\calctrl.OCX
2008-11-25 19:12 . 2008-11-25 19:12 <REP> d-------- c:\windows\ARK
2008-11-25 19:12 . 2005-11-15 09:40 102,400 --a------ c:\windows\removeark.exe
2008-11-25 19:12 . 2005-07-12 14:12 86,016 --a------ c:\windows\removearkold.exe1
2008-11-25 19:12 . 2006-07-17 02:53 30,368 -ra------ c:\windows\system32\drivers\usb2vcom.sys
2008-11-25 18:51 . 2008-11-26 19:09 <REP> d-------- c:\program files\MOBILedit!
2008-11-24 20:57 . 2008-11-24 20:57 <REP> d-------- c:\windows\system32\LogFiles
2008-11-24 20:11 . 2008-11-24 20:57 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Babylon
2008-11-24 20:03 . 2008-11-24 20:59 <REP> d-------- c:\documents and settings\user\Modèles
2008-11-24 20:03 . 2008-11-24 20:59 <REP> d-------- c:\documents and settings\user\Favoris
2008-11-24 20:03 . 2008-11-24 20:59 <REP> d---s---- c:\documents and settings\user
2008-11-24 19:53 . 2008-11-24 19:53 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Apple Computer
2008-11-24 19:45 . 2008-11-24 19:45 <REP> d-------- c:\program files\Fichiers communs\Apple
2008-11-24 19:44 . 2008-11-24 20:59 <REP> d-------- c:\program files\QuickTime
2008-11-24 19:44 . 2008-11-24 20:59 <REP> d-------- c:\program files\Apple Software Update
2008-11-20 17:55 . 2008-11-20 17:55 <REP> d-------- c:\documents and settings\Administrateur\Application Data\IndexEducation
2008-11-17 18:23 . 2008-11-24 20:58 <REP> d-------- c:\program files\Windows Media Connect 2
2008-11-17 18:21 . 2008-11-24 20:58 <REP> d-------- c:\windows\system32\drivers\UMDF
2008-11-14 17:52 . 2008-11-14 17:52 <REP> d-------- c:\documents and settings\Administrateur\Application Data\TuneUp Software
2008-11-14 17:51 . 2008-11-14 17:51 <REP> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
2008-11-14 17:43 . 2008-11-14 17:43 3,932,214 --a------ c:\windows\BricoPack Wallpaper.bmp
2008-11-14 17:40 . 2008-11-14 17:40 <REP> d-------- c:\windows\Packs
2008-11-14 11:53 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\DllCache\mrxsmb.sys
2008-11-14 11:52 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\DllCache\msxml3.dll
2008-11-13 19:38 . 2008-11-13 19:38 <REP> d--hs---- c:\windows\ftpcache
2008-11-13 19:37 . 2008-11-13 19:37 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Globe7
2008-11-12 19:22 . 2008-11-12 19:22 <REP> d-------- c:\program files\Fichiers communs\NSV
2008-11-12 19:14 . 2008-11-12 19:14 <REP> d-------- c:\program files\Fichiers communs\Nullsoft
2008-11-09 12:58 . 2008-11-09 12:58 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Ashampoo
2008-11-09 12:44 . 2008-11-15 14:33 <REP> d-------- c:\documents and settings\Administrateur\Application Data\BSplayer PRO
2008-11-09 12:42 . 2008-11-17 19:00 69 --a------ c:\windows\NeroDigital.ini
2008-11-09 12:40 . 2008-11-09 12:40 <REP> d-------- c:\documents and settings\All Users\Application Data\Ahead
2008-11-09 12:40 . 2008-11-09 12:43 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Ahead
2008-11-09 12:33 . 2008-11-16 13:22 <REP> d-------- c:\program files\Fichiers communs\ACD Systems

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-09 15:07 --------- d-----w c:\documents and settings\Administrateur\Application Data\DMCache
2008-12-09 13:29 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-09 13:29 --------- d-----w c:\documents and settings\Administrateur\Application Data\LimeWire
2008-12-07 15:00 --------- d-----w c:\program files\Fichiers communs\Real
2008-12-05 20:48 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-26 17:23 --------- d-----w c:\program files\Internet Download Manager
2008-11-25 20:41 --------- d-----w c:\program files\K-Lite Codec Pack
2008-11-24 19:57 --------- d-----w c:\documents and settings\Administrateur\Application Data\DivX
2008-11-24 19:31 --------- d-----w c:\program files\Java
2008-11-23 19:15 --------- d-----w c:\documents and settings\Administrateur\Application Data\IDM
2008-11-15 13:33 --------- d-----w c:\documents and settings\Administrateur\Application Data\SlipStream
2008-11-15 08:01 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-06 18:16 --------- d-----w c:\documents and settings\Administrateur\Application Data\FairStars Audio Converter
2008-11-02 19:26 --------- d-----w c:\program files\Microsoft ActiveSync
2008-11-01 21:44 --------- d-----w c:\documents and settings\Administrateur\Application Data\MSNInstaller
2008-11-01 15:08 --------- d-----w c:\program files\MSXML 4.0
2008-11-01 13:41 --------- d-----w c:\documents and settings\Administrateur\Application Data\SoftMaker
2008-10-31 20:26 --------- d-----w c:\program files\Fichiers communs\Scanner
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-10-28 22:35 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-10-28 22:35 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\DivX.dll
2008-10-28 18:00 --------- d-----w c:\documents and settings\All Users\Application Data\BurstCopy Labs
2008-10-26 14:44 --------- d-----w c:\program files\Microsoft Office Outlook Connector
2008-10-26 14:43 --------- d-----w c:\program files\MSECache
2008-10-26 13:57 --------- d-----w c:\program files\MSBuild
2008-10-26 13:57 --------- d-----w c:\program files\Microsoft Works
2008-10-25 23:03 --------- d-----w c:\documents and settings\All Users\Application Data\MSScanAppDataDir
2008-10-25 13:27 --------- d-----w c:\program files\Fichiers communs\Adobe AIR
2008-10-24 19:07 --------- d-----w c:\program files\Real
2008-10-24 13:01 --------- d-----w c:\program files\Fichiers communs\Java
2008-10-24 12:42 --------- d-----w c:\documents and settings\Administrateur\Application Data\Media Player Classic
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 17:56 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-10-23 17:45 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-23 16:59 --------- d-----w c:\documents and settings\Administrateur\Application Data\Talkback
2008-10-22 20:48 --------- d-----w c:\program files\Analog Devices
2008-10-22 20:42 --------- d-----w c:\program files\microsoft frontpage
2008-10-22 20:14 --------- d-----w c:\program files\Modem Helper
2008-10-22 20:14 --------- d-----w c:\program files\Broadcom
2008-10-22 20:10 --------- d-----w c:\program files\ATI Technologies
2008-10-22 20:02 --------- d-----w c:\program files\Fichiers communs\InstallShield
2008-10-22 19:59 --------- d-----w c:\program files\CONEXANT
2008-10-22 19:57 --------- d-----w c:\program files\Dell
2008-10-22 19:50 --------- d-----w c:\program files\Alwil Software
2008-10-22 19:29 --------- d-----w c:\program files\Services en ligne
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-25 08:03 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-09-25 08:03 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-09-25 08:03 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
2008-09-25 08:03 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-09-25 08:03 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu10.dll
2008-09-25 08:03 196,608 ----a-w c:\windows\system32\dtu100.dll
2008-09-25 08:03 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-19 21:57 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-19 21:54 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-09-16 00:14 129,784 ------w c:\windows\system32\pxafs.dll
2008-09-16 00:14 120,056 ------w c:\windows\system32\pxcpyi64.exe
2008-09-16 00:14 118,520 ------w c:\windows\system32\pxinsi64.exe
2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
2008-09-12 10:44 206,256 ----a-w c:\windows\system32\idmmbc.dll
2008-09-10 01:15 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-04-14 02:34 358,504 --sh--r c:\windows\system32\bujwnn.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper s\{64207EDA-AEDB-4C28-B1F9-D48763A056A7}]
c:\program files\IEToolbar\Bramjnet Toolbar\bramjnet.dll [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{BF3888F1-D74E-4209-B923-A2C3CEE67ABE}"= "c:\program files\IEToolbar\Bramjnet Toolbar\bramjnet.dll" [BU]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF3888F1-D74E-4209-B923-A2C3CEE67ABE}"= "c:\program files\IEToolbar\Bramjnet Toolbar\bramjnet.dll" [BU]

[HKEY_CLASSES_ROOT\clsid\{bf3888f1-d74e-4209-b923-a2c3cee67abe}]
[HKEY_CLASSES_ROOT\TBSB04001.TBSB04001.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB04001.TBSB04001]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2007-10-01 840704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati5wtxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati5xgxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati6jgxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\bujwnn.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 atiide;atiide;c:\windows\system32\DRIVERS\atiide.sys [2008-10-22 3456]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-30 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-30 20560]
S0 ati5wtxx;ati5wtxx;c:\windows\system32\Drivers\ati5wtxx.sys []
S0 ati5xgxx;ati5xgxx;c:\windows\system32\Drivers\ati5xgxx.sys []
S0 ati6jgxx;ati6jgxx;c:\windows\system32\Drivers\ati6jgxx.sys []
S3 usb2vcom;USB to Serial Bridge Controller;c:\windows\system32\Drivers\usb2vcom.sys [2008-11-25 30368]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ed47c7c-a783-11dd-ac03-00188b8feb0e}]
\Shell\AutoRun\command - v.com
\Shell\explore\Command - v.com
\Shell\open\Command - v.com

*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'

2008-11-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe []

2008-11-28 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []

2008-12-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe []

2008-12-09 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe []
.
.
------- Examen supplémentaire -------
.
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {BF3888F1-D74E-4209-B923-A2C3CEE67ABE} - {BF3888F1-D74E-4209-B923-A2C3CEE67ABE} - c:\program files\IEToolbar\Bramjnet Toolbar\bramjnet.dll
FireFox -: Profile - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\1p8hdsqb.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www./vb3/index.php
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-12-09 16:07:00
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-12-09 16:07:34
ComboFix-quarantined-files.txt 2008-12-09 15:07:31
ComboFix2.txt 2008-12-08 14:22:37

Avant-CF: 110 055 346 176 octets libres
Après-CF: 110,053,314,560 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

292 --- E O F --- 2008-12-05 19:54:18

 

[mehrez02]

هذا تقرير الهايجتاك الموالي
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:18:47, on 09/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: TBSB04001 - {64207EDA-AEDB-4C28-B1F9-D48763A056A7} - C:\Program Files\IEToolbar\Bramjnet Toolbar\bramjnet.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Bramjnet Toolbar - {BF3888F1-D74E-4209-B923-A2C3CEE67ABE} - C:\Program Files\IEToolbar\Bramjnet Toolbar\bramjnet.dll (file missing)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\Administrateur\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\Administrateur\Application Data\CyberScrub\Privacy Suite"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Bramjnet Toolbar - {BF3888F1-D74E-4209-B923-A2C3CEE67ABE} - C:\Program Files\IEToolbar\Bramjnet Toolbar\bramjnet.dll (file missing)
O9 - Extra 'Tools' menuitem: Bramjnet Toolbar - {BF3888F1-D74E-4209-B923-A2C3CEE67ABE} - C:\Program Files\IEToolbar\Bramjnet Toolbar\bramjnet.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

--
End of file - 5865 bytes

 

[mehrez02]

ارجوكم اين الرد

 

[Corporation]

أحذف التالي

O2 - BHO: TBSB04001 - {64207EDA-AEDB-4C28-B1F9-D48763A056A7} - C:\Program Files\IEToolbar\Bramjnet Toolbar\bramjnet.dll (file missing)

O3 - Toolbar: Bramjnet Toolbar - {BF3888F1-D74E-4209-B923-A2C3CEE67ABE} - C:\Program Files\IEToolbar\Bramjnet Toolbar\bramjnet.dll (file missing)

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)

O9 - Extra button: Bramjnet Toolbar - {BF3888F1-D74E-4209-B923-A2C3CEE67ABE} - C:\Program Files\IEToolbar\Bramjnet Toolbar\bramjnet.dll (file missing)

O9 - Extra 'Tools' menuitem: Bramjnet Toolbar - {BF3888F1-D74E-4209-B923-A2C3CEE67ABE} - C:\Program Files\IEToolbar\Bramjnet Toolbar\bramjnet.dll (file missing)


طريقة الحذف

وبذلك تكون تمت عملية الحذف



​

نزل هالاداة لتنظيف الجهاز

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وبذلك يكون الجهاز سليم والتقرير نظيف


نصيحة أتبعها حتى لا يصاب جهازك

أدعم جهازك بمكافح قوي

وقلل من برامج بدء التشغيل

لان الفيروسات تقلع مع بداية أقلاع النظآم

وجهاز الحيم مية مية​