malware et autre cochonerie
|
| Auteur |
Message |
2StoneeD4U
Camping à la Ferme
Navigateur : n.c.
Inscrit le: Mar 22, 2007
Messages: 952
Hors ligne |
 Posté le: Ven Avr 27, 2007 13:40 Sujet du message: malware et autre cochonerie |
 |
|
Salut j'ai lancer 1-2-3 spyware et advanced windowscare 2 personnal et sa me sor trop de truc qui me plaise pas du tout :
123 me trouve : des spy dans DSLMON.EXE et NSUPDATE.EXE
et advanced windowscare 2 personnal: i me trouve plein de chose
et voila un rapport hijack
si quelqu'un pouvais me dire si ya des truc inutile ou dangereux
et comment les degager merci d'avance
Logfile of HijackThis v1.99.1
Scan saved at 14:37:41, on 27/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\slrundll.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SAGEM\SAGEM F@st800\DSLMON.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
c:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.free.fr/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://freebox.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://freebox.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hp7063.tmp (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NsUpdate] C:\WINDOWS\NsUpdate.exe UPDATE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe /iconic
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st800\DSLMON.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://freebox.free.fr/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://acces-direct.net/15671/MereDeFamille40a.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe |
|
 |
|
|
NiCreteNiSoumise
Eleveur
Navigateur : 
Inscrit le: Nov 23, 2006
Messages: 340
Hors ligne |
|
|
|
|
2StoneeD4U
Camping à la Ferme
Navigateur : n.c.
Inscrit le: Mar 22, 2007
Messages: 952
Hors ligne |
| Posté le: Sam Avr 28, 2007 01:25 Sujet du message: |
|
|
sa ie mais hijacks me di i reste sa
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll (file missing) je lai suprimmer j'ai reboot et i me le retrouve
et ya sa que jarive meme pas a trouvé sur ma machine
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://acces-direct.net/15671/MereDeFamille40a.exe
alors voila le rapport de hitman
Hitman Pro 2.4.1 - Report
27-04-2007 23:49
Setup files external protection and inspection components
STATUS DESCRIPTION VERSION SIZE
Updated CWShredder Setup 2.19.0.1099 532480 bytes
Updated SpywareBlaster Setup 3.5.1.0 2566736 bytes
Updated Ad-Aware SE Personal Setup 1.0.6.0 2855080 bytes
Updated Spybot S&D Setup - 5037072 bytes
Updated Spy Sweeper Setup 4.5.8.683 8942160 bytes
Updates
STATUS DESCRIPTION SIZE
Updated Hitman Pro updater 489960 bytes
Updated Hitman Pro uninstaller 554832 bytes
Updated Hitman Pro 1876746 bytes
Unusable Spyware Block List 0 bytes
Updated Ad-Aware SE definitions 1128056 bytes
Updated Flash Player 8.0.24.0 1175648 bytes
Unusable eEye JScript Patch 1.01 0 bytes
Hitman Pro does not need to download updates
Disk Cleanup
Cleaned C:\Documents and Settings\ESPINET\Local Settings\Temp\Temporary Internet Files\Content.IE5
Cleaned C:\Documents and Settings\ESPINET\Local Settings\Temporary Internet Files\Content.IE5
Cleaned C:\Documents and Settings\ESPINET\Local Settings\Temp
Cleared 176 MB
Disk Cleanup clears folders with temporary Windows and Internet Files. Over time these folders can contain a lot of files, occupying a lot of disk space. This space could normally be used for documents and programs. Clearing the temporary folders is also an advantage for Hitman Pro because it will shorten inspection time of Ad-aware, Spy Sweeper and Spybot S&D. Also, the inspection programs will find fewer traces of spyware because potential spyware installation files are already wiped by Disk Cleanup.
System protection and immunization
Windows Security Update concerning WMF Vulnerability (KB912919)
System is protected against WMF Exploit
eEye Digital Security JScript Patch
Microsoft Internet Explorer is vulnerable to remote code execution due to an error in the processing of the "createTextRange()" method call applied on a radio button control.
For more information see http://www.eeye.com/html/research/alerts/AL20060324.html
System is NOT protected against JScript Exploit
Adobe Flash Player 8 ActiveX control upgrade
Critical vulnerabilities have been identified in Flash Player that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. Adobe recommends all Flash Player 8.0.22.0 and earlier users upgrade to version 8.0.24.0 (or higher).
For more information see http://www.macromedia.com/devnet/security/security_zone/apsb06-03.html
Applied workaround when logged in as Restricted User, based on TechNote: http://www.macromedia.com/go/624850b5
Shutting down Messenger service
The Messenger service can be abused to send ads and spam to computers in a network. Microsoft also released security updates to repair vulnerabilities in the Messenger service; attackers where able to run code through the Messenger service on unpatched systems. Note that the Messenger service has nothing to do with MSN Messenger en Windows Messenger.
Install on Demand has been disabled
When Install on Demand enabled, a Web page can download items to display the page properly, or perform a particular task. Web sites can abuse Installation on demand to install spyware. Note that when you disable Install on Demand you will no longer be prompted to download missing Language Pack components (for Web pages that require, for example, Japanese-text display support).
Trust level of zone Internet is set to Normal (Current User)
Trust level of zone Internet is set to Normal (All Users)
The trust level the Internet Zone should at least be set to Normal. This default setting causes Internet Explorer to prompt the user whenever potentially unsafe content is ready to download.
SpywareBlaster protection applied
Blocks the installation of spyware, adware, dialers, browser hijackers, and other potentially unwanted ActiveX-based software. With Internet Explorer 6 and Mozilla/Firefox, it also blocks cookies that may be used to track your activities, build a profile about your habits, collect information, or uniquely identify you to advertisers.
SpywareBlaster is freeware for personal and educational use. For more information see http://www.javacoolsoftware.com/spywareblaster.html
Could not apply Spyware Block List protection
The file blocklist.reg is missing
This protection prevents installation and execution of harmfull ActiveX controls in Internet Explorer.
Spybot - Search & Destroy 00:17:40
Version 1.4 (Build 2005-05-23) Latest detection update: 2007-04-25
Spybot - Search & Destroy can detect and remove spyware of different kinds from your computer (removal of adware, spyware, dialers, keyloggers, usage tracks, trojans and other baddies). Spybot S&D is also capable of blocking threatening ActiveX downloads (supplementing SpywareBlaster) to protect your system against spyware.
CarpeDiem Vars
CoolWWWSearch.SmartSearch
Vcodec
Winsoftware.WinAntiVirusPro2006
Smitfraud-C.
MyWay.MyBar
Microsoft.WindowsSecurityCenter.AntiVirusOverride
Microsoft.WindowsSecurityCenter.UpdateDisableNotify
Altnet
Cydoor
GAIN.Gator
InstaFink
WinAntiVirusPro2006
Zlob.Downloader
Avenue A, Inc.
MediaPlex
BlueStreak
DoubleClick
Hitman Pro AntiSpyware 1.9.4
This additional inspection is searching for spyware, viruses, worms and Trojans wich can not (up to now) be found or deleted by the external components.
# Legend: certified spyware
# found with heuristics
# links to spyware
# HKLM\..\Run, NsUpdate=C:\WINDOWS\NsUpdate.exe is deleted (key is orphan)
# HKLM\..\Run, CanalPlayer=C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe is deleted (key is orphan)
# HKCU\..\Run, BitTorrent=C:\Program Files\BitTorrent\bittorrent.exe is deleted (key is orphan)
Additional inspection did not find malicious software |
|
|
|
|
NiCreteNiSoumise
Eleveur
Navigateur :
Inscrit le: Nov 23, 2006
Messages: 340
Hors ligne |
|
|
|
|
2StoneeD4U
Camping à la Ferme
Navigateur : n.c.
Inscrit le: Mar 22, 2007
Messages: 952
Hors ligne |
|
|
|
|
|
|
|
NiCreteNiSoumise
Eleveur
Navigateur :
Inscrit le: Nov 23, 2006
Messages: 340
Hors ligne |
|
|
|
|
2StoneeD4U
Camping à la Ferme
Navigateur : n.c.
Inscrit le: Mar 22, 2007
Messages: 952
Hors ligne |
| Posté le: Sam Avr 28, 2007 15:21 Sujet du message: |
|
|
| oui il ni a que les fichier systeme qui sont proteger qui sont masquer |
|
|
|
|
NiCreteNiSoumise
Eleveur
Navigateur :
Inscrit le: Nov 23, 2006
Messages: 340
Hors ligne |
|
|
|
|
2StoneeD4U
Camping à la Ferme
Navigateur : n.c.
Inscrit le: Mar 22, 2007
Messages: 952
Hors ligne |
| Posté le: Dim Avr 29, 2007 19:07 Sujet du message: |
|
|
g sourtout un truc bizzare que je vois que par msconfig
Nwiz NWIZ.exe\instal hklm\software_microsoft\windows\currentversion\run |
|
|
|
|
|
Vous ne pouvez pas poster de nouveaux sujets dans ce forum
Vous ne pouvez pas répondre aux sujets dans ce forum
Vous ne pouvez pas éditer vos messages dans ce forum
Vous ne pouvez pas supprimer vos messages dans ce forum
Vous ne pouvez pas voter dans les sondages de ce forum
|
|
donc est-ce que je peu le retouver autrement qu'avec la recherche windows
Créé par phpBB © phpBB Groupe ; Traduction par : phpBB-fr.com
