Aller au contenu

akaliyah

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    2

  • Inscription

  • Dernière visite

akaliyah's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. akaliyah
    Alors voila le rapport d'ewido : --------------------------------------------------------- ewido anti-malware - Rapport de scan --------------------------------------------------------- + Créé le: 11:46:46, 12/06/2006 + Somme de contrôle: 6EB17D69 + Résultats du scan: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\whSurvey -> Adware.WebHancer : Nettoyer et sauvegarder C:\Documents and Settings\-Sub-\Cookies\-sub-@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder C:\Documents and Settings\-Sub-\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder C:\Documents and Settings\-Sub-\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder C:\Documents and Settings\-Sub-\Cookies\-sub-@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder C:\Documents and Settings\-Sub-\Cookies\[email protected][2].txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder C:\Documents and Settings\-Sub-\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder C:\Documents and Settings\-Sub-\Cookies\-sub-@overture[2].txt -> TrackingCookie.Overture : Nettoyer et sauvegarder C:\Documents and Settings\-Sub-\Cookies\-sub-@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder C:\Documents and Settings\-Sub-\Cookies\-sub-@statcounter[1].txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder C:\Documents and Settings\-Sub-\Cookies\-sub-@tacoda[1].txt -> TrackingCookie.Tacoda : Nettoyer et sauvegarder C:\Documents and Settings\-Sub-\Cookies\-sub-@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder C:\Documents and Settings\-Sub-\Cookies\-sub-@weborama[2].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder C:\Documents and Settings\-Sub-\Cookies\[email protected][2].txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Local Settings\Temp\Del53.tmp -> Adware.180Solutions : Nettoyer et sauvegarder C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder C:\Documents and Settings\LocalService\Cookies\system@casinotropez[2].txt -> TrackingCookie.Casinotropez : Nettoyer et sauvegarder C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt -> TrackingCookie.Casinotropez : Nettoyer et sauvegarder C:\WINDOWS\azesearch.bmp -> Adware.Azesearch : Nettoyer et sauvegarder C:\WINDOWS\LastGood\system32\azesearch4.ocx -> Adware.AzSearch : Nettoyer et sauvegarder C:\WINDOWS\security.html -> Not-A-Virus.Hoax.Win32.Renos.ci : Nettoyer et sauvegarder C:\WINDOWS\system\down32.cmd -> Downloader.Banload.atu : Nettoyer et sauvegarder C:\WINDOWS\system\xsmith.scr -> Backdoor.Delf.api : Nettoyer et sauvegarder C:\WINDOWS\system32\azesearch4.ocx -> Adware.AzSearch : Nettoyer et sauvegarder C:\WINDOWS\system32\guard.tmp -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\mfrating.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\mswinf32.dll -> Not-A-Virus.Hoax.Win32.VB.j : Nettoyer et sauvegarder C:\WINDOWS\system32\mswinf32.exe -> Not-A-Virus.Hoax.Win32.VB.j : Nettoyer et sauvegarder C:\WINDOWS\system32\testerstest.exe -> Not-A-Virus.Monitor.Win32.Perflogger.ad : Nettoyer et sauvegarder C:\WINDOWS\U3Vi\asappsrv.dll -> Adware.CommAd : Nettoyer et sauvegarder C:\WINDOWS\U3Vi\command.exe -> Adware.CommAd : Nettoyer et sauvegarder C:\WINDOWS\webhdll.dll_tobedeleted -> Adware.WebHancer : Nettoyer et sauvegarder ::Fin du rapport Voila le rapport de Clean : Script clean par Malekal_morte - http://www.malekal.com *** SUPPRESSION DES FICHIERS *** Suppressions de trojans/vers sur... C:\WINDOWS\keyboard*.dat FOUND C:\WINDOWS\NDNuninstall?_??.exe FOUND C:\WINDOWS\newfrn.exe FOUND C:\WINDOWS\newname.dat FOUND C:\WINDOWS\system32\divxsm.exe FOUND C:\WINDOWS\system32\eraseme_?????.exe FOUND C:\WINDOWS\system32\i FOUND C:\WINDOWS\system32\tcpservice2.exe FOUND C:\WINDOWS\system32\winocx.exe FOUND C:\WINDOWS\system32\config\systemprofile\Bureau\ FOUND C:\WINDOWS\system\msnmsgr.cmd FOUND C:\WINDOWS\system\taskmam.exe FOUND *** Suppressions des adware connus... "C:\Program Files\whInstall\" FOUND Voila l'analyse : Logfile of HijackThis v1.99.1 Scan saved at 17:30:02, on 12/06/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\UAService7.exe C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\-Sub-\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{54A351C6-FD77-4C28-90E4-928DAD9C87DD}: NameServer = 213.36.80.1,213.36.80.2 O17 - HKLM\System\CCS\Services\Tcpip\..\{93A12C1E-B9C0-4CF8-A40D-583E41832959}: NameServer = 213.36.80.1,213.36.80.2 O17 - HKLM\System\CS1\Services\Tcpip\..\{54A351C6-FD77-4C28-90E4-928DAD9C87DD}: NameServer = 213.36.80.1,213.36.80.2 O17 - HKLM\System\CS2\Services\Tcpip\..\{54A351C6-FD77-4C28-90E4-928DAD9C87DD}: NameServer = 213.36.80.1,213.36.80.2 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MSI_WLAN_Service - Unknown owner - C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe Par contre l'analyse avec Kaspersky est super longue :s déja plus de 3heures que ca tourne
  2. akaliyah
    Bonjour tout le monde. J'ai attraper un virus en cliquant sur un lien et à chaque fois que je parle a quelqu'un sur msn, cette phrase s'affiche : Olha q video doido. é um video das mil e uma faces do Michael Jackson. Après analyse, voici le rapport que j'obtiens : Logfile of HijackThis v1.99.1 Scan saved at 07:42:26, on 12/06/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system\taskmam.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\Electronic Arts\EA Downloader\Core.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe C:\WINDOWS\system\msnmsgr.cmd C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\UAService7.exe C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe C:\Documents and Settings\-Sub-\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ F2 - REG:system.ini: Shell=explorer.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {8702d9e1-890b-4bf2-a233-fa44e582b2de} - (no file) O2 - BHO: (no name) - {9819c369-5f62-4d37-9a42-44043a742c1e} - (no file) O2 - BHO: (no name) - {9EAC0102-5E61-2312-BC2D-000000000000} - (no file) O2 - BHO: (no name) - {9EAC0102-5E61-2312-BC2D-4D54434D5443} - (no file) O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-716d74632608} - (no file) O2 - BHO: (no name) - {d53b810f-6219-11d4-95b6-0040950375e7} - (no file) O2 - BHO: (no name) - {dd6f50c0-9f8f-a41c-291e-7b3fb818ef18} - (no file) O2 - BHO: (no name) - {f21bd77e-0cce-c6cd-4f85-aa3b7895988e} - (no file) O2 - BHO: (no name) - {ff731508-cd28-e0b0-3e85-0cf55fde9fba} - (no file) O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [shell] C:\WINDOWS\system\taskmam.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKCU\..\Run: [shell] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.exe" O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int12.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{54A351C6-FD77-4C28-90E4-928DAD9C87DD}: NameServer = 213.36.80.1,213.36.80.2 O17 - HKLM\System\CCS\Services\Tcpip\..\{93A12C1E-B9C0-4CF8-A40D-583E41832959}: NameServer = 213.36.80.1,213.36.80.2 O17 - HKLM\System\CS1\Services\Tcpip\..\{54A351C6-FD77-4C28-90E4-928DAD9C87DD}: NameServer = 213.36.80.1,213.36.80.2 O17 - HKLM\System\CS2\Services\Tcpip\..\{54A351C6-FD77-4C28-90E4-928DAD9C87DD}: NameServer = 213.36.80.1,213.36.80.2 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MSI_WLAN_Service - Unknown owner - C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe Voila, alors moi je n'y comprend rien Si quelqu'un pouvait m'aider
×
×
  • Créer...