Aller au contenu

Murad

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    11

  • Inscription

  • Dernière visite

Murad's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. Murad
    .
  2. Murad
    je me suis tromper de rapport desoler lol , je met le bon voila DiagHelp version v1.4 - http://www.malekal.com excute le 23/02/2008 à 21:56:40.11 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\NTOSBOOT-B00DFAAD.pf -->23/02/2008 19:25:34 C:\WINDOWS\prefetch\U2.EXE-0C867A1C.pf -->24/12/2007 22:49:45 C:\WINDOWS\prefetch\REGEDIT.EXE-1B606482.pf -->24/12/2007 22:49:45 C:\WINDOWS\prefetch\W.EXE-023FC26E.pf -->24/12/2007 22:49:44 C:\WINDOWS\prefetch\CTFMON.EXE-0E17969B.pf -->24/12/2007 22:49:39 C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->24/12/2007 22:49:39 C:\WINDOWS\prefetch\RUNDLL32.EXE-49F747DB.pf -->24/12/2007 22:49:38 C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf -->24/12/2007 22:49:37 C:\WINDOWS\prefetch\MSTSC.EXE-39B7CECA.pf -->24/12/2007 22:49:32 C:\WINDOWS\prefetch\TSCUPGRD.EXE-27CF3779.pf -->24/12/2007 22:49:31 C:\WINDOWS\System32\drivers\avipbb.sys -->23/02/2008 15:43:32 C:\WINDOWS\System32\drivers\mdc8021x.sys -->25/12/2007 12:22:38 C:\WINDOWS\System32\drivers\alcxwdm.sys -->26/10/2007 11:20:40 C:\WINDOWS\System32\drivers\avgntdd.sys -->09/08/2007 13:04:11 C:\WINDOWS\System32\drivers\avgntmgr.sys -->18/07/2007 14:22:19 C:\WINDOWS\System32\drivers\ssmdrv.sys -->01/03/2007 10:34:36 C:\WINDOWS\System32\drivers\DgivEcpXP.sys -->16/08/2006 04:04:44 C:\WINDOWS\System32\servdat.slm -->29/02/2008 19:19:05 C:\WINDOWS\System32\wqtptfwv.ini2 -->23/02/2008 13:36:45 C:\WINDOWS\System32\coh.cache -->23/02/2008 12:48:35 C:\WINDOWS\System32\ikmoq.ini -->23/02/2008 12:32:31 C:\WINDOWS\System32\ikmoq.ini2 -->23/02/2008 12:32:23 C:\WINDOWS\System32\mcrh.tmp -->22/02/2008 23:56:54 C:\WINDOWS\System32\wqtptfwv.tmp -->22/02/2008 20:40:10 C:\WINDOWS\System32\wqtptfwv.ini -->22/02/2008 20:40:10 C:\WINDOWS\System32\grmmgoix.ini -->22/02/2008 20:39:20 C:\WINDOWS\System32\vxtaipci.ini -->22/02/2008 20:29:16 C:\WINDOWS\System32\rlbwehgn.ini -->21/02/2008 19:03:20 C:\WINDOWS\System32\fecgligw.ini -->20/02/2008 21:17:50 C:\WINDOWS\System32\FNTCACHE.DAT -->19/02/2008 22:30:27 C:\WINDOWS\System32\asedlarl.ini -->19/02/2008 12:02:48 C:\WINDOWS\System32\usjdvlat.ini -->17/02/2008 20:40:17 C:\WINDOWS\System32\nnnkhhi.dll -->17/02/2008 12:03:50 C:\WINDOWS\System32\gebawvt.dll -->17/02/2008 11:54:20 C:\WINDOWS\System32\xxyxwvt.dll -->17/02/2008 11:53:12 C:\WINDOWS\System32\odqobjij.ini -->16/02/2008 18:57:46 C:\WINDOWS\System32\eesuiewh.ini -->15/02/2008 18:53:46 C:\WINDOWS\System32\PerfStringBackup.INI -->13/02/2008 21:22:01 C:\WINDOWS\System32\perfh009.dat -->13/02/2008 21:22:01 C:\WINDOWS\System32\perfc009.dat -->13/02/2008 21:22:01 C:\WINDOWS\System32\perfh00C.dat -->13/02/2008 21:22:00 C:\WINDOWS\System32\perfc00C.dat -->13/02/2008 21:22:00 C:\WINDOWS.log -->23/02/2008 19:23:47 C:\WINDOWS\wiadebug.log -->23/02/2008 19:23:28 C:\WINDOWS\wiaservc.log -->23/02/2008 19:23:26 C:\WINDOWS\bootstat.dat -->23/02/2008 19:22:50 C:\WINDOWS\WindowsUpdate.log -->23/02/2008 19:22:00 C:\WINDOWS\ntbtlog.txt -->23/02/2008 18:10:38 C:\WINDOWS\SchedLgU.Txt -->23/02/2008 18:05:40 C:\WINDOWS\setupapi.log -->23/02/2008 16:28:01 C:\WINDOWS\mozver.dat -->23/02/2008 16:27:05 C:\WINDOWS\win.ini -->23/02/2008 16:05:27 C:\WINDOWS\system.ini -->23/02/2008 16:05:27 C:\WINDOWS\setupact.log -->23/02/2008 13:30:10 C:\WINDOWS\nsreg.dat -->23/02/2008 13:06:42 C:\WINDOWS\cookies.ini -->23/02/2008 11:04:42 C:\WINDOWS\ssndii_is.log -->20/02/2008 21:18:52 winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Unsigned ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ explorer.exe pid: 1504 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x58b50000 0x9a000 5.82.2900.2527 C:\WINDOWS\system32\comctl32.dll 0x76f80000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x745e0000 0x2c6000 3.01.4000.2435 C:\WINDOWS\system32\msi.dll 0x00e20000 0x27000 3.10.0349.0000 C:\WINDOWS\system32\msls31.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x64000000 0x48000 2005.01.0001.0012 C:\Program Files\Yahoo!\Common\YMMAPI.dll 0x10000000 0x11000 7.00.0000.0010 C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll 0x7c250000 0x102000 7.10.3077.0000 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL 0x02570000 0x56000 7.10.3052.0004 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll 0x5a500000 0x4e000 8.01.0178.0000 C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll 0x78130000 0x9b000 8.00.50727.0163 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll 0x096c0000 0x7b000 5.02.3802.3802 C:\WINDOWS\system32\Audiodev.dll 0x086d0000 0x246000 10.00.0000.3802 C:\WINDOWS\system32\WMVCore.DLL 0x070d0000 0x3a000 10.00.0000.3802 C:\WINDOWS\system32\WMASF.DLL ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 620 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe 0x58b50000 0x9a000 5.82.2900.2527 C:\WINDOWS\system32\COMCTL32.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76f80000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL 0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est B014-E3E9 Répertoire de C:\WINDOWS\temp 31/07/2006 11:27 217,088 alcrmv.exe 31/07/2006 11:19 315,392 alcupd.exe 01/08/2006 15:02 49,152 ChCfg.exe 06/01/2008 17:23 13,246,206 Globe7Update_8.0.0.1.exe 08/12/2006 15:20 10,528,768 RTLCPL.exe 16/04/2007 15:28 577,536 soundman.exe 6 fichier(s) 24,934,142 octets 0 Rép(s) 2,898,518,016 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est B014-E3E9 Répertoire de C:\WINDOWS\system32 19/08/2004 17:09 6,144 csrss.exe 1 fichier(s) 6,144 octets 0 Rép(s) 2,898,518,016 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est B014-E3E9 Répertoire de C:\WINDOWS\Downloaded Program Files 23/02/2008 14:38 <REP> . 23/02/2008 14:38 <REP> .. 24/12/2007 22:35 65 desktop.ini 02/12/2007 08:56 1,570 hardwaredetection.inf 2 fichier(s) 1,635 octets Total des fichiers listés : 2 fichier(s) 1,635 octets 2 Rép(s) 2,898,518,016 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-23 21:57:41 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 596 - csrss.exe 620 - winlogon.exe 664 - services.exe 676 - lsass.exe 832 - svchost.exe 896 - svchost.exe 992 - svchost.exe 1032 - svchost.exe 1240 - alg.exe 1320 - avguard.exe 1504 - explorer.exe 1624 - avgnt.exe 1896 - sched.exe 1956 - svchost.exe 3336 - IEXPLORE.EXE 5180 - firefox.exe 5864 - cmd.exe Total number of processes = 18 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntoskrnl.exe 8070E000 - \WINDOWS\system32\hal.dll F9D53000 - \WINDOWS\system32\KDCOM.DLL F9C63000 - \WINDOWS\system32\BOOTVID.dll F9803000 - ACPI.sys F9D55000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS F97F2000 - pci.sys F9853000 - isapnp.sys F9863000 - ohci1394.sys F9873000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS F9C67000 - compbatt.sys F9C6B000 - \WINDOWS\system32\DRIVERS\BATTC.SYS F9E1B000 - pciide.sys F9AD3000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS F97D4000 - pcmcia.sys F9883000 - MountMgr.sys F97B5000 - ftdisk.sys F9D57000 - dmload.sys F978F000 - dmio.sys F9C6F000 - ACPIEC.sys F9E1C000 - \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS F9ADB000 - PartMgr.sys F9E1D000 - siside.sys F9893000 - VolSnap.sys F9777000 - atapi.sys F98A3000 - disk.sys F98B3000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS F9758000 - fltMgr.sys F9741000 - KSecDD.sys F96B4000 - Ntfs.sys F9687000 - NDIS.sys F9C73000 - sisperf.sys F98C3000 - sisidex.sys F9AE3000 - sisagp.sys F966C000 - Mup.sys F9943000 - \SystemRoot\system32\DRIVERS\intelppm.sys F95CD000 - \SystemRoot\system32\DRIVERS\sisgrp.sys F95B9000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS F9953000 - \SystemRoot\system32\DRIVERS\i8042prt.sys F9B4B000 - \SystemRoot\system32\DRIVERS\kbdclass.sys F957E000 - \SystemRoot\system32\DRIVERS\SynTP.sys F9D63000 - \SystemRoot\system32\DRIVERS\USBD.SYS F9B53000 - \SystemRoot\system32\DRIVERS\mouclass.sys F956D000 - \SystemRoot\system32\DRIVERS\serial.sys F9D03000 - \SystemRoot\system32\DRIVERS\serenum.sys F9B5B000 - \SystemRoot\system32\DRIVERS\fdc.sys F9559000 - \SystemRoot\system32\DRIVERS\parport.sys F9D07000 - \SystemRoot\system32\DRIVERS\CmBatt.sys F9B63000 - \SystemRoot\system32\DRIVERS\usbohci.sys F9536000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS F9963000 - \SystemRoot\system32\DRIVERS\cdrom.sys F9973000 - \SystemRoot\system32\DRIVERS\redbook.sys F9513000 - \SystemRoot\system32\DRIVERS\ks.sys F944B000 - \SystemRoot\system32\DRIVERS\LTSM.sys F9B6B000 - \SystemRoot\System32\Drivers\Modem.SYS F905C000 - \SystemRoot\system32\drivers\ALCXWDM.SYS F9038000 - \SystemRoot\system32\drivers\portcls.sys F9993000 - \SystemRoot\system32\drivers\drmk.sys F9004000 - \SystemRoot\system32\DRIVERS\RT2500.sys F9E71000 - \SystemRoot\system32\DRIVERS\audstub.sys F99A3000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys F9D13000 - \SystemRoot\system32\DRIVERS\ndistapi.sys F8FED000 - \SystemRoot\system32\DRIVERS\ndiswan.sys F99B3000 - \SystemRoot\system32\DRIVERS\raspppoe.sys F99C3000 - \SystemRoot\system32\DRIVERS\raspptp.sys F9B73000 - \SystemRoot\system32\DRIVERS\TDI.SYS F8FDC000 - \SystemRoot\system32\DRIVERS\psched.sys F99D3000 - \SystemRoot\system32\DRIVERS\msgpc.sys F9B7B000 - \SystemRoot\system32\DRIVERS\ptilink.sys F9B83000 - \SystemRoot\system32\DRIVERS\raspti.sys F8F83000 - \SystemRoot\system32\DRIVERS\rdpdr.sys F99E3000 - \SystemRoot\system32\DRIVERS\termdd.sys F9D67000 - \SystemRoot\system32\DRIVERS\swenum.sys F8F4F000 - \SystemRoot\system32\DRIVERS\update.sys F9D2F000 - \SystemRoot\system32\DRIVERS\mssmbios.sys F99F3000 - \SystemRoot\System32\Drivers\NDProxy.SYS F9B8B000 - \SystemRoot\system32\DRIVERS\flpydisk.sys F9A33000 * ?????????????<????????????????????????? --[Hidden]-- F9D6B000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F9EEC000 - \SystemRoot\System32\Drivers\Null.SYS F9D6D000 - \SystemRoot\System32\Drivers\Beep.SYS F9EF3000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys F9B9B000 - \SystemRoot\System32\drivers\vga.sys F9D6F000 - \SystemRoot\System32\Drivers\mnmdd.SYS F9D71000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F9BA3000 - \SystemRoot\System32\Drivers\Msfs.SYS F9BAB000 - \SystemRoot\System32\Drivers\Npfs.SYS F9623000 - \SystemRoot\system32\DRIVERS\rasacd.sys EF654000 - \SystemRoot\system32\DRIVERS\ipsec.sys EF5FC000 - \SystemRoot\system32\DRIVERS\tcpip.sys EF5D4000 - \SystemRoot\system32\DRIVERS\netbt.sys EF5B2000 - \SystemRoot\System32\drivers\afd.sys F9A53000 - \SystemRoot\system32\DRIVERS\netbios.sys F9D73000 - \SystemRoot\system32\drivers\srvkp.sys F9BBB000 - \SystemRoot\system32\DRIVERS\ssmdrv.sys EF591000 - \SystemRoot\system32\DRIVERS\ipnat.sys F9A63000 - \SystemRoot\system32\DRIVERS\wanarp.sys EF566000 - \SystemRoot\system32\DRIVERS\rdbss.sys EF4F7000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys F9A83000 - \SystemRoot\System32\Drivers\Fips.SYS F9A93000 - \SystemRoot\system32\DRIVERS\avipbb.sys F9D75000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys F9F08000 - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys EF4AC000 - \SystemRoot\System32\Drivers\Fastfat.SYS EF494000 - \SystemRoot\System32\Drivers\dump_atapi.sys F9D77000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys F8FC8000 - \SystemRoot\System32\drivers\Dxapi.sys F9BD3000 - \SystemRoot\System32\watchdog.sys BF9C1000 - \SystemRoot\System32\drivers\dxg.sys F9F3F000 - \SystemRoot\System32\drivers\dxgthk.sys BF9D3000 - \SystemRoot\System32\SiSGRV.dll EE384000 - \SystemRoot\system32\DRIVERS\mdc8021x.sys EE117000 - \SystemRoot\system32\drivers\wdmaud.sys EE444000 - \SystemRoot\system32\drivers\sysaudio.sys EDF27000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys F9DD5000 - \SystemRoot\System32\Drivers\ParVdm.SYS EDF72000 - \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys EDD6D000 - \SystemRoot\system32\DRIVERS\srv.sys EDB65000 - \SystemRoot\System32\Drivers\Cdfs.SYS ED9D1000 - \SystemRoot\system32\drivers\kmixer.sys F9E50000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 122 Liste des programmes installes Adobe Flash Player ActiveX ASUS WLAN Card Utilities/Driver Avira AntiVir PersonalEdition Classic Capitalism II (remove only) Correctif pour Windows XP (KB893357) Correctif Windows XP - KB834707 Correctif Windows XP - KB867282 Correctif Windows XP - KB873333 Correctif Windows XP - KB873339 Correctif Windows XP - KB884020 Correctif Windows XP - KB884883 Correctif Windows XP - KB885222 Correctif Windows XP - KB885250 Correctif Windows XP - KB885523 Correctif Windows XP - KB885626 Correctif Windows XP - KB885835 Correctif Windows XP - KB885836 Correctif Windows XP - KB885894 Correctif Windows XP - KB886185 Correctif Windows XP - KB886677 Correctif Windows XP - KB886716 Correctif Windows XP - KB887742 Correctif Windows XP - KB888113 Correctif Windows XP - KB888302 Correctif Windows XP - KB890047 Correctif Windows XP - KB890175 Correctif Windows XP - KB890831 Correctif Windows XP - KB890859 Correctif Windows XP - KB890923 Correctif Windows XP - KB891781 Correctif Windows XP - KB893086 Correctif Windows XP - KB896626 Google Earth HijackThis 1.99.1 Launch Manager Lecteur Windows Media 10 Lucent Technologies Soft Modem AMR Ma-Config.com plugin Microsoft Office XP Professional with FrontPage mIRC Mise à jour de sécurité pour Step by Step Interactive Training (KB898458) Mise à jour de sécurité pour Windows XP (KB883939) Mise à jour de sécurité pour Windows XP (KB890046) Mise à jour de sécurité pour Windows XP (KB893066) Mise à jour de sécurité pour Windows XP (KB896358) Mise à jour de sécurité pour Windows XP (KB896422) Mise à jour de sécurité pour Windows XP (KB896428) Mise à jour de sécurité pour Windows XP (KB901214) Mise à jour de sécurité pour Windows XP (KB903235) Mise à jour pour Windows XP (KB894391) Mise à jour pour Windows XP (KB898461) Mise à jour pour Windows XP (KB900930) Mozilla Firefox (2.0.0.12) Panda TotalScan Readiris Pro 10 RealPlayer Realtek AC'97 Audio SAS 9.1 SAS Private JRE (J2SE Java Runtime Environment 1.4.2_09) SiS 650 SPSS 11.0 for Windows Student Version SPSS pour Windows 10.0 Synaptics TouchPad VideoLAN VLC media player 0.8.6d WebFldrs XP Windows Installer 3.1 (KB893803) Windows Live Messenger Windows Live Sign-in Assistant Windows Media Format Runtime Yahoo! Browser Services Yahoo! Install Manager Yahoo! Internet Mail Yahoo! Messenger Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est B014-E3E9 Répertoire de C:\Program Files 23/02/2008 19:34 <REP> . 23/02/2008 19:34 <REP> .. 23/02/2008 13:17 <REP> Adobe 25/12/2007 12:22 <REP> ASUS 24/12/2007 23:34 <REP> Avance Sound Manager 23/02/2008 15:40 <REP> Avira 24/12/2007 23:34 <REP> AvRack 23/01/2008 22:59 <REP> a?sembly 23/01/2008 23:01 <REP> A?pPatch 24/12/2007 22:33 <REP> ComPlus Applications 23/02/2008 12:19 <REP> Dot1XCfg 23/02/2008 14:13 <REP> Fichiers communs 23/01/2008 22:57 <REP> F?nts 23/01/2008 22:57 <REP> F?nts 26/12/2007 17:59 <REP> Google 23/02/2008 17:56 <REP> Grisoft 23/02/2008 21:34 <REP> Hijackthis 23/02/2008 14:15 <REP> Insider 23/02/2008 15:52 <REP> Internet Explorer 24/12/2007 23:58 <REP> Launch Manager 26/12/2007 22:57 <REP> ma-config.com 26/12/2007 12:54 <REP> Microsoft ActiveSync 26/12/2007 12:54 <REP> Microsoft Office 13/02/2008 22:39 <REP> mIRC 23/02/2008 21:53 <REP> Mozilla Firefox 25/12/2007 01:07 <REP> MSN Messenger 23/01/2008 23:00 <REP> M?crosoft 23/01/2008 22:59 <REP> M?crosoft.NET 23/02/2008 12:33 <REP> NetMeeting 24/12/2007 22:44 <REP> Outlook Express 23/02/2008 16:28 <REP> Panda Security 19/02/2008 20:36 <REP> Readiris10 01/01/2008 22:14 <REP> Real 26/12/2007 23:17 <REP> Realtek AC97 23/02/2008 14:17 <REP> Router 11/01/2008 16:21 <REP> SAS 24/12/2007 22:35 <REP> Services en ligne 24/12/2007 23:36 <REP> SiS Compatible VGA V2.07k 21/02/2008 16:13 <REP> SPSS 21/02/2008 21:33 <REP> SPSS Student 30/01/2008 18:50 <REP> SPSSSentinelLM 24/12/2007 23:39 <REP> Synaptics 17/02/2008 11:54 <REP> s?curity 23/01/2008 22:58 <REP> S?mantec 23/01/2008 22:57 <REP> s?mbols 23/01/2008 23:01 <REP> s?stem 23/01/2008 23:00 <REP> s?stem32 29/02/2008 23:21 <REP> Temporary 23/01/2008 22:59 <REP> T?sks 01/01/2008 21:31 <REP> VideoLAN 06/01/2008 22:12 <REP> Windows Live Toolbar 27/12/2007 00:56 <REP> Windows Media Player 24/12/2007 22:32 <REP> Windows NT 23/02/2008 14:37 <REP> Words 23/01/2008 22:56 <REP> W?nSxS 07/01/2008 20:42 <REP> Yahoo! 13/02/2008 22:57 <REP> YesMessenger 23/01/2008 22:59 <REP> ?dobe 23/01/2008 22:59 <REP> ?ppPatch 23/01/2008 23:01 <REP> ??pPatch 17/02/2008 11:54 <REP> ?icrosoft 23/01/2008 22:58 <REP> ?icrosoft.NET 23/01/2008 23:00 <REP> ??crosoft 23/01/2008 22:59 <REP> ??crosoft.NET 23/01/2008 22:58 <REP> ?racle 23/01/2008 22:58 <REP> ?asks 23/01/2008 22:59 <REP> ??sks 23/01/2008 22:59 <REP> ?dobe 23/01/2008 22:57 <REP> ?ppPatch 23/01/2008 22:57 <REP> ?ssembly 23/01/2008 22:57 <REP> ??sembly 23/01/2008 23:01 <REP> ??pPatch 23/01/2008 23:02 <REP> ?ymantec 23/01/2008 23:01 <REP> ?ymbols 23/01/2008 22:59 <REP> ?ystem 23/01/2008 22:56 <REP> ?ystem32 23/01/2008 22:57 <REP> ??curity 23/01/2008 22:58 <REP> ??mbols 23/01/2008 22:58 <REP> ??stem 23/01/2008 22:58 <REP> ??stem32 17/02/2008 11:54 <REP> ?icrosoft 17/02/2008 11:54 <REP> ?icrosoft.NET 17/02/2008 11:57 <REP> ??crosoft 17/02/2008 11:57 <REP> ??crosoft.NET 17/02/2008 11:57 <REP> ?racle 23/01/2008 22:57 <REP> ?asks 23/01/2008 22:59 <REP> ??sks 0 fichier(s) 0 octets 87 Rép(s) 2,898,501,632 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est B014-E3E9 Répertoire de C:\Program Files\fichiers communs 23/02/2008 14:13 <REP> . 23/02/2008 14:13 <REP> .. 23/02/2008 13:17 <REP> Adobe 26/12/2007 12:54 <REP> Designer 26/12/2007 23:16 <REP> InstallShield 12/01/2008 19:24 <REP> Microsoft Shared 24/12/2007 22:34 <REP> MSSoap 24/12/2007 23:26 <REP> ODBC 01/01/2008 22:15 <REP> Real 24/12/2007 22:34 <REP> Services 24/12/2007 23:26 <REP> SpeechEngines 23/02/2008 12:57 <REP> Symantec Shared 26/12/2007 12:54 <REP> System 01/01/2008 22:15 <REP> xing shared 0 fichier(s) 0 octets 14 Rép(s) 2,898,501,632 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est B014-E3E9 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 26/12/2007 12:54 <REP> . 26/12/2007 12:54 <REP> .. 26/12/2007 12:54 <REP> 1033 14/02/2001 21:45 1,318,912 MSONSEXT.DLL 13/02/2001 00:23 58,784 MSOSV.DLL 03/06/1999 12:09 122,937 MSOWS409.DLL 07/03/2001 07:00 127,033 MSOWS40c.DLL 06/08/2000 09:04 401,462 MSVCP60.DLL 22/01/2001 03:25 69,632 PKMAXCTL.DLL 22/01/2001 03:25 872,448 PKMCDO.DLL 22/01/2001 03:25 159,744 PKMCORE.DLL 07/02/2001 09:59 106,496 PKMFORMS.DLL 22/01/2001 03:25 671,744 PKMRES.DLL 22/01/2001 03:25 28,672 PKMSSTLB.DLL 22/01/2001 03:25 40,960 PKMTEMPL.DLL 22/01/2001 03:25 24,576 PKMTRACE.DLL 22/01/2001 03:25 86,016 PKMWS.DLL 22/01/2001 03:25 237,568 PROMDEMO.DLL 22/01/2001 03:25 184,320 SECMGR.DLL 22/01/2001 03:25 323,584 VAIDDMGR.DLL 22/01/2001 03:25 32,768 VAIMEM.DLL 18 fichier(s) 4,867,656 octets 3 Rép(s) 2,898,497,536 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est B014-E3E9 Répertoire de C:\ 13/02/2008 21:47 15,452,536 IE7-WindowsXP-x86-enu.exe 1 fichier(s) 15,452,536 octets 0 Rép(s) 2,898,497,536 octets libres c:\Documents and Settings\ali\Application Data\WinTouch\WTUninstaller.exe c:\Documents and Settings\ali\Bureau\DiagHelp\DiagHelp\catchme.exe c:\Documents and Settings\ali\Bureau\DiagHelp\DiagHelp\diff.exe c:\Documents and Settings\ali\Bureau\DiagHelp\DiagHelp\dumphive.exe c:\Documents and Settings\ali\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\ali\Bureau\DiagHelp\DiagHelp\find2.exe c:\Documents and Settings\ali\Bureau\DiagHelp\DiagHelp\Fport.exe c:\Documents and Settings\ali\Bureau\DiagHelp\DiagHelp\grep.exe c:\Documents and Settings\ali\Bureau\DiagHelp\DiagHelp\gzip.exe c:\Documents and Settings\ali\Bureau\DiagHelp\DiagHelp\KProcCheck.exe c:\Documents and Settings\ali\Bureau\DiagHelp\DiagHelp\LFiles.exe c:\Documents and Settings\ali\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe c:\Documents and Settings\ali\Bureau\DiagHelp\DiagHelp\md5sums.exe c:\Documents and Settings\ali\Bureau\DiagHelp\DiagHelp\pslist.exe c:\Documents and Settings\ali\Bureau\DiagHelp\DiagHelp\sigcheck.exe c:\Documents and Settings\ali\Bureau\DiagHelp\DiagHelp\streams.exe c:\Documents and Settings\ali\Bureau\DiagHelp\DiagHelp\swreg.exe c:\Documents and Settings\ali\Bureau\DiagHelp\DiagHelp\tar.exe c:\Documents and Settings\ali\Local Settings\Temp\Install_WLMessenger.exe c:\Documents and Settings\ali\Local Settings\Temp\qml1oi8c.exe c:\Documents and Settings\ali\Local Settings\Temp\SymLCSVC.EXE c:\Documents and Settings\ali\Local Settings\Temp\NAV14.4.0.12\NAVSetup.exe c:\Documents and Settings\ali\Local Settings\Temp\NAV14.4.0.12\Stub.exe c:\Documents and Settings\ali\Local Settings\Temp\NAV14.4.0.12\NAV\External\CommonFi\SYMSHARE\SMNLnch.exe c:\Documents and Settings\ali\Local Settings\Temp\NAV14.4.0.12\NAV\External\NORTON\APP\NavShcom.exe c:\Documents and Settings\ali\Local Settings\Temp\NAV14.4.0.12\NAV\External\NORTON\APP\NAVStub.exe c:\Documents and Settings\ali\Local Settings\Temp\NAV14.4.0.12\NAV\External\NORTON\APP\Navw32.exe c:\Documents and Settings\ali\Local Settings\Temp\NAV14.4.0.12\NAV\External\NORTON\APP\Navwnt.exe c:\Documents and Settings\ali\Local Settings\Temp\NAV14.4.0.12\NAV\IWP\CommonFi\FWCfg.exe c:\Documents and Settings\ali\Local Settings\Temp\NAV14.4.0.12\NAV\Parent\CommonFi\SUBUPDT.exe c:\Documents and Settings\ali\Local Settings\Temp\NAV14.4.0.12\NAV\Parent\CommonFi\SYMSHARE\SecHist\MCUI32.exe c:\Documents and Settings\ali\Local Settings\Temp\NAV14.4.0.12\NAV\Parent\NORTON\App\isPwdSvc.exe c:\Documents and Settings\ali\Local Settings\Temp\NAV14.4.0.12\NAV\Parent\NORTON\App\isUAC.exe c:\Documents and Settings\ali\Local Settings\Temp\NAV14.4.0.12\NAV\Parent\NORTON\App\osCheck.exe c:\Documents and Settings\ali\Local Settings\Temp\NAV14.4.0.12\NAV\SymLT\CommonFi\OPC\CfgWiz.exe c:\Documents and Settings\ali\Local Settings\Temp\NAV14.4.0.12\NAV\SymLT\CommonFi\OPC\cltUAC.exe c:\Documents and Settings\ali\Local Settings\Temp\NAV14.4.0.12\NAV\SymLT\CommonFi\OPC\cltUIStb.exe c:\Documents and Settings\ali\Local Settings\Temp\NAV14.4.0.12\NAV\SymLT\CommonFi\OPC\SSAutoRN.exe c:\Documents and Settings\ali\Local Settings\Temp\NAV14.4.0.12\NAV\SymLT\CommonFi\OPC\SYMCUW.exe c:\Documents and Settings\ali\Local Settings\Temp\NAV14.4.0.12\Suport64\SEVINST\Sevntx64.exe c:\Documents and Settings\ali\Local Settings\Temp\NAV14.4.0.12\Suport64\SymNet\SND_x64\SYMSHARE\IDS\IdsInst.exe c:\Documents and Settings\ali\Local Settings\Temp\NAV14.4.0.12\Support\AppCore\AppCore\AppSvc32.exe c:\Documents and Settings\ali\Local Settings\Temp\NAV14.4.0.12\Support\ccCommon\ccCommon\ccApp.exe c:\Documents and Settings\ali\Local Settings\Temp\NAV14.4.0.12\Support\ccCommon\ccCommon\ccEvtMgr.exe c:\Documents and Settings\ali\Local Settings\Temp\NAV14.4.0.12\Support\ccCommon\ccCommon\ccLgView.exe c:\Documents and Settings\ali\Local Settings\Temp\NAV14.4.0.12\Support\ccCommon\ccCommon\ccSetMgr.exe c:\Documents and Settings\ali\Local Settings\Temp\NAV14.4.0.12\Support\ccCommon\ccCommon\ccSvcHst.exe c:\Documents and Settings\ali\Local Settings\Temp\NAV14.4.0.12\Support\LUpdate\ALUNOTIF.EXE c:\Documents and Settings\ali\Local Settings\Temp\NAV14.4.0.12\Support\LUpdate\ALUSDSVC.EXE c:\Documents and Settings\ali\Local Settings\Temp\NAV14.4.0.12\Support\LUpdate\AUpdate.exe c:\Documents and Settings\ali\Local Settings\Temp\NAV14.4.0.12\Support\LUpdate\Lsetup.exe c:\Documents and Settings\ali\Local Settings\Temp\NAV14.4.0.12\Support\LUpdate\LuAll.exe c:\Documents and Settings\ali\Local Settings\Temp\NAV14.4.0.12\Support\LUpdate\LUCBPRXY.EXE c:\Documents and Settings\ali\Local Settings\Temp\NAV14.4.0.12\Support\LUpdate\LuCheck.exe c:\Documents and Settings\ali\Local Settings\Temp\NAV14.4.0.12\Support\LUpdate\LUCOMSVR.EXE c:\Documents and Settings\ali\Local Settings\Temp\NAV14.4.0.12\Support\LUpdate\LuConfig.exe c:\Documents and Settings\ali\Local Settings\Temp\NAV14.4.0.12\Support\LUpdate\LUInit.exe c:\Documents and Settings\ali\Local Settings\Temp\NAV14.4.0.12\Support\LUpdate\NotifyHA.exe c:\Documents and Settings\ali\Local Settings\Temp\NAV14.4.0.12\Support\LUpdate\SYMRTINS.EXE c:\Documents and Settings\ali\Local Settings\Temp\NAV14.4.0.12\Support\MSI\wiupdate.exe c:\Documents and Settings\ali\Local Settings\Temp\NAV14.4.0.12\Support\Reporter\Reporter.exe c:\Documents and Settings\ali\Local Settings\Temp\NAV14.4.0.12\Support\SEVINST\Sevinst.exe c:\Documents and Settings\ali\Local Settings\Temp\NAV14.4.0.12\Support\SPBBC\SPBBC32\SYMSHARE\SPBBC\UpdMgr.exe c:\Documents and Settings\ali\Local Settings\Temp\NAV14.4.0.12\Support\SymLnch\LnchStub.exe c:\Documents and Settings\ali\Local Settings\Temp\NAV14.4.0.12\Support\SymLnch\SymLnch.exe c:\Documents and Settings\ali\Local Settings\Temp\NAV14.4.0.12\Support\SymNet\SymNet\SNDSrvc.exe c:\Documents and Settings\ali\Local Settings\Temp\NAV14.4.0.12\Support\SymNet\SymNet\SYMSHARE\IDS\IdsInst.exe c:\Documents and Settings\ali\Local Settings\Temp\NAV14.4.0.12\Support\uiNPC\uiNPC\NPC\LoadOpts.exe c:\Documents and Settings\ali\Local Settings\Temp\NAV14.4.0.12\Support\uiNPC\uiNPC\NPC\uiStub.exe c:\Documents and Settings\ali\Local Settings\Temp\RarSFX0\basic\preupd.exe c:\Documents and Settings\ali\Local Settings\Temp\RarSFX0\basic\sched.exe c:\Documents and Settings\ali\Local Settings\Temp\RarSFX0\basic\setup.exe c:\Documents and Settings\ali\Local Settings\Temp\RarSFX0\basic\update.exe c:\Documents and Settings\ali\Local Settings\Temp\RarSFX0\basic\wsctool.exe c:\Documents and Settings\ali\Local Settings\Temp\RarSFX1\basic\preupd.exe c:\Documents and Settings\ali\Local Settings\Temp\RarSFX1\basic\sched.exe c:\Documents and Settings\ali\Local Settings\Temp\RarSFX1\basic\setup.exe c:\Documents and Settings\ali\Local Settings\Temp\RarSFX1\basic\update.exe c:\Documents and Settings\ali\Local Settings\Temp\RarSFX1\basic\wsctool.exe c:\Documents and Settings\ali\Local Settings\Temp\~nsu.tmp\Au_.exe c:\Documents and Settings\ali\Local Settings\Temporary Internet Files\Content.IE5\M8YXVPCS\IE7-WindowsXP-x86-enu[1].exe c:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\AP0FF62A05.exe c:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APD3FBF1AE.exe c:\Documents and Settings\All Users\Menu Démarrer\Programmes\IDEUtil\SISIDE.exe c:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll c:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll c:\Documents and Settings\ali\Local Settings\Application Data\Microsoft\Messenger\Brands\FT01\wlmbrand.dll c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll ****** Fin du rapport DiagHelp Veuillez svp envoyer le fichier C:\upload_moi_ALIMURAD.tar.gz a l'adresse http://upload.malekal.com
  3. Murad
    lol ok pas de soucis, bon match a toi ! Voila le rapport de panda et je continu la suite ;*********************************************************************************************************************************************************************************** ANALYSIS: 2008-02-23 21:32:44 PROTECTIONS: 1 MALWARE: 10 SUSPECTS: 0 ;*********************************************************************************************************************************************************************************** PROTECTIONS Description Version Active Updated ;=================================================================================================================================================================================== Avira AntiVir PersonalEdition 7.0.2.180 No Yes ;=================================================================================================================================================================================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=================================================================================================================================================================================== 00029434 spyware/virtumonde Spyware No 1 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} 00029434 spyware/virtumonde Spyware No 1 Yes No hkey_classes_root\clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.com.com/] 00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Cookies\ali@xiti[1].txt 00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.xiti.com/] 00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Cookies\[email protected][1].txt 00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.fe.lea.lycos.fr/] 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.apmebf.com/] 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Cookies\ali@apmebf[1].txt 00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.bluestreak.com/] 00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.adviva.net/] 00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.smartadserver.com/] 00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.smartadserver.com/] 00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.smartadserver.com/] 00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.smartadserver.com/] 01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.adserver.easyad.info/] 01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Cookies\[email protected][1].txt 02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.advancedcleaner.com/] 02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.advancedcleaner.com/] 02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Cookies\ali@advancedcleaner[1].txt 02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.advancedcleaner.com/] 02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.advancedcleaner.com/] 02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.advancedcleaner.com/] 02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.advancedcleaner.com/] ;=================================================================================================================================================================================== SUSPECTS Location ;=================================================================================================================================================================================== ;===================================================================================================================================================================================
  4. Murad
    lol voila le rapport et je scan toute suite avec panda Logfile of HijackThis v1.99.1 Scan saved at 20:03:07, on 23/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\mljkihi.dll (file missing) O2 - BHO: (no name) - {77B3CE50-7129-4152-8734-81964BFD5AF4} - C:\WINDOWS\system32\qomki.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: 0 - {90C43A67-1F2E-4068-EDA8-B3928E8F0C98} - C:\Program Files\Internet Explorer\lavujawu.dll (file missing) O2 - BHO: {243d966f-cbe1-11b8-71a4-3d64c591d7a9} - {9a7d195c-46d3-4a17-8b11-1ebcf669d342} - C:\WINDOWS\system32\aoudnfhf.dll (file missing) O2 - BHO: (no name) - {A7026507-D764-4155-8A5D-7CD2B82729AD} - C:\Program Files\..\cyfokyqo89104.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000 O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichier...on_2_0_4_12.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Sentinel LM - Unknown owner - C:\Program Files\SPSSSentinelLM\lservnt.exe (file missing)
  5. Murad
    Voila le rapport, --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 19:21:26 23/02/2008 + Résultat de l'analyse: HKLM\SOFTWARE\Classes\WR -> Adware.Generic : Nettoyé. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo -> Adware.Generic : Nettoyé. C:\Documents and Settings\ali\Local Settings\Temporary Internet Files\Content.IE5\UJSND2JY\tk58[1].exe -> Adware.ZQuest : Nettoyé. C:\WINDOWS\tk58.exe -> Adware.ZQuest : Nettoyé. C:\WINDOWS\b147.exe -> Downloader.Agent.fjn : Nettoyé. C:\WINDOWS\TTC-4444.exe -> Not-A-Virus.Adware.TTC : Nettoyé. C:\WINDOWS\system32\uwce9\renamd83122.exe -> Not-A-Virus.Adware.TTC : Nettoyé. C:\Documents and Settings\ali\Local Settings\Temp\removalfile.bat -> Not-A-Virus.Adware.Virtumonde : Nettoyé. C:\WINDOWS\system32\khfcaab.dll -> Not-A-Virus.Adware.Virtumonde : Nettoyé. C:\WINDOWS\system32\nnnmllk.dll -> Not-A-Virus.Adware.Virtumonde : Nettoyé. C:\WINDOWS\system32\yayvvus.dll -> Not-A-Virus.Adware.Virtumonde : Nettoyé. :mozilla.208:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé. C:\Documents and Settings\ali\Cookies\[email protected][1].txt -> TrackingCookie.Adrevolver : Nettoyé. :mozilla.150:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Adtrak : Nettoyé. C:\Documents and Settings\ali\Cookies\[email protected][1].txt -> TrackingCookie.Adtrak : Nettoyé. C:\Documents and Settings\ali\Cookies\ali@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.20:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Adviva : Nettoyé. C:\Documents and Settings\ali\Cookies\ali@adviva[1].txt -> TrackingCookie.Adviva : Nettoyé. C:\Documents and Settings\ali\Cookies\ali@adviva[2].txt -> TrackingCookie.Adviva : Nettoyé. C:\Documents and Settings\ali\Cookies\ali@adviva[3].txt -> TrackingCookie.Adviva : Nettoyé. :mozilla.63:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé. C:\Documents and Settings\ali\Cookies\ali@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé. :mozilla.180:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé. C:\Documents and Settings\ali\Cookies\ali@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé. C:\Documents and Settings\ali\Cookies\ali@bluestreak[3].txt -> TrackingCookie.Bluestreak : Nettoyé. :mozilla.154:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé. :mozilla.155:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé. :mozilla.156:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé. :mozilla.157:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé. :mozilla.158:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé. :mozilla.159:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé. :mozilla.160:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé. C:\Documents and Settings\ali\Cookies\ali@casalemedia[1].txt -> TrackingCookie.Casalemedia : Nettoyé. :mozilla.58:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé. C:\Documents and Settings\ali\Cookies\ali@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé. :mozilla.182:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé. :mozilla.183:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé. :mozilla.184:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé. C:\Documents and Settings\ali\Cookies\ali@fastclick[1].txt -> TrackingCookie.Fastclick : Nettoyé. :mozilla.249:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé. :mozilla.73:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé. :mozilla.195:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé. :mozilla.196:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé. :mozilla.152:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyé. :mozilla.153:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyé. C:\Documents and Settings\ali\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Nettoyé. :mozilla.211:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyé. :mozilla.212:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyé. C:\Documents and Settings\ali\Cookies\ali@questionmarket[1].txt -> TrackingCookie.Questionmarket : Nettoyé. :mozilla.194:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Real : Nettoyé. C:\Documents and Settings\ali\Cookies\ali@real[1].txt -> TrackingCookie.Real : Nettoyé. :mozilla.53:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé. :mozilla.54:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé. :mozilla.55:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé. :mozilla.56:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé. :mozilla.106:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Searchingbooth : Nettoyé. C:\Documents and Settings\ali\Cookies\[email protected][1].txt -> TrackingCookie.Searchingbooth : Nettoyé. :mozilla.105:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.219:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.220:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.221:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.222:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.223:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.224:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. C:\Documents and Settings\ali\Cookies\[email protected][2].txt -> TrackingCookie.Serving-sys : Nettoyé. C:\Documents and Settings\ali\Cookies\ali@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé. C:\Documents and Settings\ali\Cookies\ali@sextracker[2].txt -> TrackingCookie.Sextracker : Nettoyé. :mozilla.10:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.6:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.7:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.8:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.9:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. C:\Documents and Settings\ali\Cookies\ali@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé. C:\Documents and Settings\ali\Cookies\ali@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.37:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé. :mozilla.201:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé. C:\Documents and Settings\ali\Cookies\ali@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Nettoyé. :mozilla.11:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.12:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.64:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Webtrends : Nettoyé. :mozilla.233:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.238:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.240:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.241:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.242:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.243:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.283:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. C:\Documents and Settings\ali\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Nettoyé. C:\Documents and Settings\ali\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Nettoyé. C:\Documents and Settings\ali\Cookies\[email protected][3].txt -> TrackingCookie.Yieldmanager : Nettoyé. C:\Documents and Settings\ali\Cookies\[email protected][4].txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.187:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé. :mozilla.188:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé. :mozilla.189:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé. :mozilla.190:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé. :mozilla.191:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé. :mozilla.192:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé. :mozilla.193:C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé. C:\Documents and Settings\ali\Cookies\ali@zedo[1].txt -> TrackingCookie.Zedo : Nettoyé. Fin du rapport
  6. Murad
    lol je sais le constat et lourd...
  7. Murad
    bah j`avais fait la procedure, donc j`avais desinstaller antivir tout simplement. Donc voici le rapport, sinon je dois cliker sur desinfecter ? (parce-que je crois avoir fermer la fenetre lol) Desoler pour les fautes d`ortographe, je suis sur un clavier anglais ;*********************************************************************************************************************************************************************************** ANALYSIS: 2008-02-23 17:36:19 PROTECTIONS: 1 MALWARE: 31 SUSPECTS: 0 ;*********************************************************************************************************************************************************************************** PROTECTIONS Description Version Active Updated ;=================================================================================================================================================================================== Avira AntiVir PersonalEdition 7.0.2.180 No Yes ;=================================================================================================================================================================================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=================================================================================================================================================================================== 00029434 spyware/virtumonde Spyware No 1 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} 00029434 spyware/virtumonde Spyware No 1 Yes No hkey_classes_root\clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Cookies\ali@casalemedia[1].txt 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.casalemedia.com/] 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.doubleclick.net/] 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Cookies\ali@doubleclick[1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Cookies\ali@atdmt[2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.atdmt.com/] 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.tradedoubler.com/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.fastclick.net/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Cookies\ali@fastclick[1].txt 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.fastclick.net/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.fastclick.net/] 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.tribalfusion.com/] 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Cookies\ali@tribalfusion[1].txt 00161854 Cookie/nCase TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Cookies\[email protected][1].txt 00161854 Cookie/nCase TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.banners.searchingbooth.com/] 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.com.com/] 00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.xiti.com/] 00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Cookies\ali@xiti[1].txt 00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.fe.lea.lycos.fr/] 00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Cookies\[email protected][1].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Cookies\[email protected][4].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Cookies\[email protected][2].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Cookies\[email protected][3].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.ad.yieldmanager.com/] 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Cookies\ali@apmebf[1].txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.apmebf.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Cookies\ali@serving-sys[2].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.serving-sys.com/] 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Cookies\[email protected][2].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.bs.serving-sys.com/] 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.server.iad.liveperson.net/] 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Cookies\[email protected][2].txt 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.server.iad.liveperson.net/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Cookies\ali@advertising[1].txt 00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Cookies\ali@sextracker[2].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.questionmarket.com/] 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Cookies\ali@questionmarket[1].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.questionmarket.com/] 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.zedo.com/] 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.zedo.com/] 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.zedo.com/] 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Cookies\ali@zedo[1].txt 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.zedo.com/] 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.zedo.com/] 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.zedo.com/] 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.zedo.com/] 00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.bluestreak.com/] 00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Cookies\ali@bluestreak[3].txt 00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Cookies\ali@adviva[3].txt 00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Cookies\ali@adviva[2].txt 00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.adviva.net/] 00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Cookies\ali@adviva[1].txt 00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Cookies\ali@smartadserver[1].txt 00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.smartadserver.com/] 00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.smartadserver.com/] 00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.smartadserver.com/] 00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.smartadserver.com/] 00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.smartadserver.com/] 00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Cookies\ali@smartadserver[2].txt 00514952 Adware/TTC Adware No 0 Yes No C:\Documents and Settings\ali\Local Settings\Temporary Internet Files\Content.IE5\UJSND2JY\tk58[1].exe 00514952 Adware/TTC Adware No 0 Yes No C:\WINDOWS\tk58.exe 01308048 Adware/TTC Adware No 0 Yes No C:\WINDOWS\TTC-4444.exe 01308048 Adware/TTC Adware No 0 Yes No C:\WINDOWS\system32\uwce9\renamd83122.exe 01308049 Adware/TTC Adware No 0 No No C:\WINDOWS\TTC-4444.exe[TTC.dll] 01308049 Adware/TTC Adware No 0 No No C:\WINDOWS\system32\uwce9\renamd83122.exe[TTC.dll] 01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Cookies\[email protected][1].txt 01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.adserver.easyad.info/] 01658945 Adware/TTC Adware No 0 No No C:\WINDOWS\TTC-4444.exe[folder.js] 01658945 Adware/TTC Adware No 0 No No C:\WINDOWS\system32\uwce9\renamd83122.exe[folder.js] 02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.advancedcleaner.com/] 02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.advancedcleaner.com/] 02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.advancedcleaner.com/] 02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.advancedcleaner.com/] 02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.advancedcleaner.com/] 02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Application Data\Mozilla\Firefox\Profiles\y71520kc.default\cookies.txt[.advancedcleaner.com/] 02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\ali\Cookies\ali@advancedcleaner[1].txt 02896257 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\khfcaab.dll 02896257 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\yayvvus.dll 02896257 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\nnnmllk.dll 02898726 Trj/Downloader.SLC Virus/Trojan No 1 Yes No C:\WINDOWS\b147.exe ;=================================================================================================================================================================================== SUSPECTS Location ;=================================================================================================================================================================================== ;===================================================================================================================================================================================
  8. Murad
    ok c`est rien de toute facon je l`avais bien vue , scan en cour
  9. Murad
    ok merci, je dois desactiver le bouclier de antivir ou pas avant ?
  10. Murad
    Ok merci l`ami est ensuite ?
  11. Murad
    Bonjour a tous !! Voici mon rapport hijackthis après la procédure, c`est clean ou pas ? merci d`avance ! Vous faites du bon boulot !! Logfile of HijackThis v1.99.1 Scan saved at 15:32:03, on 23/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\mljkihi.dll (file missing) O2 - BHO: (no name) - {77B3CE50-7129-4152-8734-81964BFD5AF4} - C:\WINDOWS\system32\qomki.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: 0 - {90C43A67-1F2E-4068-EDA8-B3928E8F0C98} - C:\Program Files\Internet Explorer\lavujawu.dll O2 - BHO: {243d966f-cbe1-11b8-71a4-3d64c591d7a9} - {9a7d195c-46d3-4a17-8b11-1ebcf669d342} - C:\WINDOWS\system32\aoudnfhf.dll (file missing) O2 - BHO: (no name) - {A7026507-D764-4155-8A5D-7CD2B82729AD} - C:\Program Files\..\cyfokyqo89104.dll O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000 O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichier...on_2_0_4_12.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll O20 - Winlogon Notify: mljkihi - mljkihi.dll (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Sentinel LM - Unknown owner - C:\Program Files\SPSSSentinelLM\lservnt.exe (file missing)
×
×
  • Créer...