الحالة
موضوع مغلق

lina1

عضو جديد
التسجيل
22/1/09
المشاركات
7
الإعجابات
0
#1
ممكن تساعدني

PHP:
[ FindyKill V4.714 ]
# User : Administrateur - WINDOWS_XP
# Emplacement : C:\Program Files\FindyKill
# Outils Mis a jours le 19/01/09 par Chiquitine29
# Recherche effectuée à 19:11:34 le 21.01.2009
# Windows XP - Internet Explorer 6.0.2900.2180

# [ FindyKill V4.714 - Scan ] 

[ Processus actifs ] 

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rsvp.exe

[ Fichiers/Dossiers infectieux ] 


[ C:\ ]


[ C:\WINDOWS ]


[ C:\WINDOWS\Prefetch ]


[ C:\WINDOWS\system32 ]


[ C:\WINDOWS\system32\drivers ]


[ C:\Documents and Settings\Administrateur\Application Data ]


[ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp ]


[ Registre / Startup ] 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
MsnMsgr=~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
NBJ="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
SweetIM=C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
Skype="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
updateMgr=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
Messenger (Yahoo!)="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
I just want to say I love Milko and I need a drink=C:\Documents and Settings\Administrateur\Local Settings\Application Data\svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
NWEReboot=
TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
Smart Start UP=C:\Program Files\NewSoft\Smart Start UP\PnPDetect.exe /Automation
<NO NAME>=
wcmdmgr=C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
Monitor=C:\WINDOWS\PixArt\PAC207\Monitor.exe
ZoneAlarm Client="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
Installed=1
NoChange=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1

[HKEY_CURRENT_USER\software\local appwizard-generated applications\eMedia]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\Jeu de Dames]

[ Registre / Clés infectieuses ] 




[ Etat / Services ] 

# Services : [ Auto=2 / Demande=3 / Désactivé=4 ]
Ndisuio - # Type de démarrage = 3

Ip6Fw - # Type de démarrage = 3

SharedAccess - # Type de démarrage = 2

wuauserv - # Type de démarrage = 2


[ Recherche dans supports amovibles] 


# Informations :
C: - Lecteur fixe

# presence des fichiers :


[ Registre / Mountpoint2 ] 

Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5db0d5a-ad90-11dd-903c-4d6564696130}\Shell\AutoRun\command
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5db0d5a-ad90-11dd-903c-4d6564696130}\Shell\explore\Command
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5db0d5a-ad90-11dd-903c-4d6564696130}\Shell\open\Command


[ ! Fin du rapport # FindyKill V4.714 ! ]
 

lina1

عضو جديد
التسجيل
22/1/09
المشاركات
7
الإعجابات
0
#2
و هل ممكن عمل سيدي بوت و جهازي مخترق مع العلم انه في هده اللحضة ايقونة ستارت لا توجد عندي و كل ما حاولت عمل ريستارت للجهاز تضهر هده الايقونة
la restauration systeme été mise hors tension par la strategie de groupe pour mettre la estaurationsysteme sous tension sous tension contacter votre administrateur de groupe
 

mah.chae

عضو فعال
التسجيل
29/9/07
المشاركات
106
الإعجابات
13
#3

lina1

عضو جديد
التسجيل
22/1/09
المشاركات
7
الإعجابات
0
#4
شكرا لاجابتك لقد عملت حدف بنفس البرنامج و اعطاني هدا التقرير بعد الحدف لكن لست ادري ما العمل بعد دلك

PHP:
###################### [ FindyKill V4.714 ]
# User : Administrateur - WINDOWS_XP
# Executed from : C:\Program Files\FindyKill
# Update on 19/01/09 by Chiquitine29
# Start at 15:30:49 the 22.01.2009
# Windows XP - Internet Explorer 6.0.2900.2180

# [ FindyKill V4.714 - Deleting ] ###############

\\\\\\\\\\\\\\\\\\ [ Active Processes ] ///////////////////

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe

\\\\\\\\\\\\\\\\\\ [ Infected Files / Folders ] ///////////////////


################## [ C:\ ]


################## [ C:\WINDOWS ]


################## [ C:\WINDOWS\Prefetch ]

Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-238AA5EF.pf

################## [ C:\WINDOWS\system32 ]


################## [ C:\WINDOWS\system32\drivers ]


################## [ C:\Documents and Settings\Administrateur\Application Data ]


################## [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp ]


################## [ C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5 ]


\\\\\\\\\\\\\\\\\\ [ Registry / Infected keys ] ///////////////////


\\\\\\\\\\\\\\\\\\ [ States / Restarting of services ] ///////////////////

# Services : [ Auto=2 / Request=3 / Disable=4 ]
Ndisuio - # Type of startup = 3

Ip6Fw - # Type of startup = 2

SharedAccess - # Type of startup = 2

wuauserv - # Type of startup = 2


\\\\\\\\\\\\\\\\\\ [ Cleaning Removable drives ] ///////////////////

# Informations :
C: - Lecteur fixe

# deleting files :


\\\\\\\\\\\\\\\\\\ [ Registry / Mountpoint2 ] ///////////////////

Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5db0d5a-ad90-11dd-903c-4d6564696130}\Shell\AutoRun\command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5db0d5a-ad90-11dd-903c-4d6564696130}\Shell\explore\Command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5db0d5a-ad90-11dd-903c-4d6564696130}\Shell\open\Command

\\\\\\\\\\\\\\\\\\ [ Searching Other Infections ] ///////////////////


\\\\\\\\\\\\\\\\\\ [ Searching Cracks / Keygen ] ///////////////////

C:\Documents and Settings\Administrateur\Mes documents\youssef\youssef\Internet.Download.Manager.v4.03.Cracked-EXPLOSiON
C:\Documents and Settings\Administrateur\Mes documents\youssef\youssef\Internet.Download.Manager.v4.03.Cracked-EXPLOSiON\Internet.Download.Manager.v4.03.Cracked-EXPLOSiON
C:\Documents and Settings\Administrateur\Mes documents\youssef\youssef\Internet.Download.Manager.v4.03.Cracked-EXPLOSiON\Internet.Download.Manager.v4.03.Cracked-EXPLOSiON\EXPLOSiON.NFO
C:\Documents and Settings\Administrateur\Mes documents\youssef\youssef\Internet.Download.Manager.v4.03.Cracked-EXPLOSiON\Internet.Download.Manager.v4.03.Cracked-EXPLOSiON\file_id.diz
C:\Documents and Settings\Administrateur\Mes documents\youssef\youssef\Internet.Download.Manager.v4.03.Cracked-EXPLOSiON\Internet.Download.Manager.v4.03.Cracked-EXPLOSiON\GlobalErrors.log
C:\Documents and Settings\Administrateur\Mes documents\youssef\youssef\Internet.Download.Manager.v4.03.Cracked-EXPLOSiON\Internet.Download.Manager.v4.03.Cracked-EXPLOSiON\IDMan.exe
C:\Documents and Settings\Administrateur\Mes documents\youssef\youssef\Internet.Download.Manager.v4.03.Cracked-EXPLOSiON\Internet.Download.Manager.v4.03.Cracked-EXPLOSiON\IDManTypeInfo.tlb
C:\Documents and Settings\Administrateur\Mes documents\youssef\youssef\Internet.Download.Manager.v4.03.Cracked-EXPLOSiON\Internet.Download.Manager.v4.03.Cracked-EXPLOSiON\IDMGetAll.dll
C:\Documents and Settings\Administrateur\Mes documents\youssef\youssef\Internet.Download.Manager.v4.03.Cracked-EXPLOSiON\Internet.Download.Manager.v4.03.Cracked-EXPLOSiON\IDMIECC.dll
C:\Documents and Settings\Administrateur\Mes documents\youssef\youssef\Internet.Download.Manager.v4.03.Cracked-EXPLOSiON\Internet.Download.Manager.v4.03.Cracked-EXPLOSiON\idmmbc.dll
C:\Documents and Settings\Administrateur\Mes documents\youssef\youssef\Internet.Download.Manager.v4.03.Cracked-EXPLOSiON\Internet.Download.Manager.v4.03.Cracked-EXPLOSiON\idmmkb.dll
C:\Documents and Settings\Administrateur\Mes documents\youssef\youssef\Internet.Download.Manager.v4.03.Cracked-EXPLOSiON\Internet.Download.Manager.v4.03.Cracked-EXPLOSiON\IEExt.htm
C:\Documents and Settings\Administrateur\Mes documents\youssef\youssef\Internet.Download.Manager.v4.03.Cracked-EXPLOSiON\Internet.Download.Manager.v4.03.Cracked-EXPLOSiON\IEGetAll.htm
C:\Documents and Settings\Administrateur\Mes documents\youssef\youssef\Internet.Download.Manager.v4.03.Cracked-EXPLOSiON\Internet.Download.Manager.v4.03.Cracked-EXPLOSiON\keygen.exe
C:\Documents and Settings\Administrateur\Mes documents\youssef\youssef\Internet.Download.Manager.v4.03.Cracked-EXPLOSiON\Internet.Download.Manager.v4.03.Cracked-EXPLOSiON\Uninstall.exe
C:\Documents and Settings\Administrateur\Mes documents\youssef\youssef\Internet.Download.Manager.v4.03.Cracked-EXPLOSiON\Internet.Download.Manager.v4.03.Cracked-EXPLOSiON\UrlHistory.txt

################## [ ! End of report # FindyKill V4.714 ! ]
 
الحالة
موضوع مغلق

أعلى