- Accueil
- Forums
- OsLand
- Optimisation Windows
- malware et autre cochonerie
malware et autre cochonerie
Posté le: 27 avril 2007 à 14:40 
Salut j'ai lancer 1-2-3 spyware et advanced windowscare 2 personnal et sa me sor trop de truc qui me plaise pas du tout :
123 me trouve : des spy dans DSLMON.EXE et NSUPDATE.EXE
et advanced windowscare 2 personnal: i me trouve plein de chose
et voila un rapport hijack
si quelqu'un pouvais me dire si ya des truc inutile ou dangereux
et comment les degager merci d'avance
Logfile of HijackThis v1.99.1
Scan saved at 14:37:41, on 27/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\slrundll.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SAGEM\SAGEM F@st800\DSLMON.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
c:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.free.fr/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://freebox.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://freebox.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hp7063.tmp (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NsUpdate] C:\WINDOWS\NsUpdate.exe UPDATE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe /iconic
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st800\DSLMON.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://freebox.free.fr/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://acces-direct.net/15671/MereDeFamille40a.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
123 me trouve : des spy dans DSLMON.EXE et NSUPDATE.EXE
et advanced windowscare 2 personnal: i me trouve plein de chose
et voila un rapport hijack
si quelqu'un pouvais me dire si ya des truc inutile ou dangereux
et comment les degager merci d'avance
Logfile of HijackThis v1.99.1
Scan saved at 14:37:41, on 27/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\slrundll.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SAGEM\SAGEM F@st800\DSLMON.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
c:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.free.fr/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://freebox.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://freebox.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hp7063.tmp (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NsUpdate] C:\WINDOWS\NsUpdate.exe UPDATE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe /iconic
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st800\DSLMON.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://freebox.free.fr/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://acces-direct.net/15671/MereDeFamille40a.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
0 pour,0
Posté le: 27 avril 2007 à 16:23
http://www.hijackthis.de/fr pour utiliser ton rapport hijackthis.
N'hésite pas à passer un coup de "hitman pro" disponible sur clubic. Je me sers de ça pour nettoyer les pcs des clients ça tourne impec :
http://www.clubic.com/telecharger-fiche13745-hitman-pro.html
Refonte config en cours...
N'hésite pas à passer un coup de "hitman pro" disponible sur clubic. Je me sers de ça pour nettoyer les pcs des clients ça tourne impec :
http://www.clubic.com/telecharger-fiche13745-hitman-pro.html
| Citation: |
| Hitman Pro n'a absolument rien à voir avec le jeu du même nom. Il s'agit en fait d'un anti-spyware dont la particularité est d'automatiser l'exécution des anti-spyware les plus connus (Ad-Aware SE 6.2, Webroot SpySweeper 3, Spybot Search & Destroy 1.3, SpywareBlaster 3.2, McAfee Stinger). |
Refonte config en cours...
0 pour,0
Posté le: 28 avril 2007 à 02:25
sa ie mais hijacks me di i reste sa
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll (file missing) je lai suprimmer j'ai reboot et i me le retrouve
et ya sa que jarive meme pas a trouvé sur ma machine
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://acces-direct.net/15671/MereDeFamille40a.exe
alors voila le rapport de hitman
Hitman Pro 2.4.1 - Report
27-04-2007 23:49
Setup files external protection and inspection components
STATUS DESCRIPTION VERSION SIZE
Updated CWShredder Setup 2.19.0.1099 532480 bytes
Updated SpywareBlaster Setup 3.5.1.0 2566736 bytes
Updated Ad-Aware SE Personal Setup 1.0.6.0 2855080 bytes
Updated Spybot S&D Setup - 5037072 bytes
Updated Spy Sweeper Setup 4.5.8.683 8942160 bytes
Updates
STATUS DESCRIPTION SIZE
Updated Hitman Pro updater 489960 bytes
Updated Hitman Pro uninstaller 554832 bytes
Updated Hitman Pro 1876746 bytes
Unusable Spyware Block List 0 bytes
Updated Ad-Aware SE definitions 1128056 bytes
Updated Flash Player 8.0.24.0 1175648 bytes
Unusable eEye JScript Patch 1.01 0 bytes
Hitman Pro does not need to download updates
Disk Cleanup
Cleaned C:\Documents and Settings\ESPINET\Local Settings\Temp\Temporary Internet Files\Content.IE5
Cleaned C:\Documents and Settings\ESPINET\Local Settings\Temporary Internet Files\Content.IE5
Cleaned C:\Documents and Settings\ESPINET\Local Settings\Temp
Cleared 176 MB
Disk Cleanup clears folders with temporary Windows and Internet Files. Over time these folders can contain a lot of files, occupying a lot of disk space. This space could normally be used for documents and programs. Clearing the temporary folders is also an advantage for Hitman Pro because it will shorten inspection time of Ad-aware, Spy Sweeper and Spybot S&D. Also, the inspection programs will find fewer traces of spyware because potential spyware installation files are already wiped by Disk Cleanup.
System protection and immunization
Windows Security Update concerning WMF Vulnerability (KB912919)
System is protected against WMF Exploit
eEye Digital Security JScript Patch
Microsoft Internet Explorer is vulnerable to remote code execution due to an error in the processing of the "createTextRange()" method call applied on a radio button control.
For more information see http://www.eeye.com/html/research/alerts/AL20060324.html
System is NOT protected against JScript Exploit
Adobe Flash Player 8 ActiveX control upgrade
Critical vulnerabilities have been identified in Flash Player that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. Adobe recommends all Flash Player 8.0.22.0 and earlier users upgrade to version 8.0.24.0 (or higher).
For more information see http://www.macromedia.com/devnet/security/security_zone/apsb06-03.html
Applied workaround when logged in as Restricted User, based on TechNote: http://www.macromedia.com/go/624850b5
Shutting down Messenger service
The Messenger service can be abused to send ads and spam to computers in a network. Microsoft also released security updates to repair vulnerabilities in the Messenger service; attackers where able to run code through the Messenger service on unpatched systems. Note that the Messenger service has nothing to do with MSN Messenger en Windows Messenger.
Install on Demand has been disabled
When Install on Demand enabled, a Web page can download items to display the page properly, or perform a particular task. Web sites can abuse Installation on demand to install spyware. Note that when you disable Install on Demand you will no longer be prompted to download missing Language Pack components (for Web pages that require, for example, Japanese-text display support).
Trust level of zone Internet is set to Normal (Current User)
Trust level of zone Internet is set to Normal (All Users)
The trust level the Internet Zone should at least be set to Normal. This default setting causes Internet Explorer to prompt the user whenever potentially unsafe content is ready to download.
SpywareBlaster protection applied
Blocks the installation of spyware, adware, dialers, browser hijackers, and other potentially unwanted ActiveX-based software. With Internet Explorer 6 and Mozilla/Firefox, it also blocks cookies that may be used to track your activities, build a profile about your habits, collect information, or uniquely identify you to advertisers.
SpywareBlaster is freeware for personal and educational use. For more information see http://www.javacoolsoftware.com/spywareblaster.html
Could not apply Spyware Block List protection
The file blocklist.reg is missing
This protection prevents installation and execution of harmfull ActiveX controls in Internet Explorer.
Spybot - Search & Destroy 00:17:40
Version 1.4 (Build 2005-05-23) Latest detection update: 2007-04-25
Spybot - Search & Destroy can detect and remove spyware of different kinds from your computer (removal of adware, spyware, dialers, keyloggers, usage tracks, trojans and other baddies). Spybot S&D is also capable of blocking threatening ActiveX downloads (supplementing SpywareBlaster) to protect your system against spyware.
CarpeDiem Vars
CoolWWWSearch.SmartSearch
Vcodec
Winsoftware.WinAntiVirusPro2006
Smitfraud-C.
MyWay.MyBar
Microsoft.WindowsSecurityCenter.AntiVirusOverride
Microsoft.WindowsSecurityCenter.UpdateDisableNotify
Altnet
Cydoor
GAIN.Gator
InstaFink
WinAntiVirusPro2006
Zlob.Downloader
Avenue A, Inc.
MediaPlex
BlueStreak
DoubleClick
Hitman Pro AntiSpyware 1.9.4
This additional inspection is searching for spyware, viruses, worms and Trojans wich can not (up to now) be found or deleted by the external components.
# Legend: certified spyware
# found with heuristics
# links to spyware
# HKLM\..\Run, NsUpdate=C:\WINDOWS\NsUpdate.exe is deleted (key is orphan)
# HKLM\..\Run, CanalPlayer=C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe is deleted (key is orphan)
# HKCU\..\Run, BitTorrent=C:\Program Files\BitTorrent\bittorrent.exe is deleted (key is orphan)
Additional inspection did not find malicious software
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll (file missing) je lai suprimmer j'ai reboot et i me le retrouve
et ya sa que jarive meme pas a trouvé sur ma machine
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://acces-direct.net/15671/MereDeFamille40a.exe
alors voila le rapport de hitman
Hitman Pro 2.4.1 - Report
27-04-2007 23:49
Setup files external protection and inspection components
STATUS DESCRIPTION VERSION SIZE
Updated CWShredder Setup 2.19.0.1099 532480 bytes
Updated SpywareBlaster Setup 3.5.1.0 2566736 bytes
Updated Ad-Aware SE Personal Setup 1.0.6.0 2855080 bytes
Updated Spybot S&D Setup - 5037072 bytes
Updated Spy Sweeper Setup 4.5.8.683 8942160 bytes
Updates
STATUS DESCRIPTION SIZE
Updated Hitman Pro updater 489960 bytes
Updated Hitman Pro uninstaller 554832 bytes
Updated Hitman Pro 1876746 bytes
Unusable Spyware Block List 0 bytes
Updated Ad-Aware SE definitions 1128056 bytes
Updated Flash Player 8.0.24.0 1175648 bytes
Unusable eEye JScript Patch 1.01 0 bytes
Hitman Pro does not need to download updates
Disk Cleanup
Cleaned C:\Documents and Settings\ESPINET\Local Settings\Temp\Temporary Internet Files\Content.IE5
Cleaned C:\Documents and Settings\ESPINET\Local Settings\Temporary Internet Files\Content.IE5
Cleaned C:\Documents and Settings\ESPINET\Local Settings\Temp
Cleared 176 MB
Disk Cleanup clears folders with temporary Windows and Internet Files. Over time these folders can contain a lot of files, occupying a lot of disk space. This space could normally be used for documents and programs. Clearing the temporary folders is also an advantage for Hitman Pro because it will shorten inspection time of Ad-aware, Spy Sweeper and Spybot S&D. Also, the inspection programs will find fewer traces of spyware because potential spyware installation files are already wiped by Disk Cleanup.
System protection and immunization
Windows Security Update concerning WMF Vulnerability (KB912919)
System is protected against WMF Exploit
eEye Digital Security JScript Patch
Microsoft Internet Explorer is vulnerable to remote code execution due to an error in the processing of the "createTextRange()" method call applied on a radio button control.
For more information see http://www.eeye.com/html/research/alerts/AL20060324.html
System is NOT protected against JScript Exploit
Adobe Flash Player 8 ActiveX control upgrade
Critical vulnerabilities have been identified in Flash Player that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. Adobe recommends all Flash Player 8.0.22.0 and earlier users upgrade to version 8.0.24.0 (or higher).
For more information see http://www.macromedia.com/devnet/security/security_zone/apsb06-03.html
Applied workaround when logged in as Restricted User, based on TechNote: http://www.macromedia.com/go/624850b5
Shutting down Messenger service
The Messenger service can be abused to send ads and spam to computers in a network. Microsoft also released security updates to repair vulnerabilities in the Messenger service; attackers where able to run code through the Messenger service on unpatched systems. Note that the Messenger service has nothing to do with MSN Messenger en Windows Messenger.
Install on Demand has been disabled
When Install on Demand enabled, a Web page can download items to display the page properly, or perform a particular task. Web sites can abuse Installation on demand to install spyware. Note that when you disable Install on Demand you will no longer be prompted to download missing Language Pack components (for Web pages that require, for example, Japanese-text display support).
Trust level of zone Internet is set to Normal (Current User)
Trust level of zone Internet is set to Normal (All Users)
The trust level the Internet Zone should at least be set to Normal. This default setting causes Internet Explorer to prompt the user whenever potentially unsafe content is ready to download.
SpywareBlaster protection applied
Blocks the installation of spyware, adware, dialers, browser hijackers, and other potentially unwanted ActiveX-based software. With Internet Explorer 6 and Mozilla/Firefox, it also blocks cookies that may be used to track your activities, build a profile about your habits, collect information, or uniquely identify you to advertisers.
SpywareBlaster is freeware for personal and educational use. For more information see http://www.javacoolsoftware.com/spywareblaster.html
Could not apply Spyware Block List protection
The file blocklist.reg is missing
This protection prevents installation and execution of harmfull ActiveX controls in Internet Explorer.
Spybot - Search & Destroy 00:17:40
Version 1.4 (Build 2005-05-23) Latest detection update: 2007-04-25
Spybot - Search & Destroy can detect and remove spyware of different kinds from your computer (removal of adware, spyware, dialers, keyloggers, usage tracks, trojans and other baddies). Spybot S&D is also capable of blocking threatening ActiveX downloads (supplementing SpywareBlaster) to protect your system against spyware.
CarpeDiem Vars
CoolWWWSearch.SmartSearch
Vcodec
Winsoftware.WinAntiVirusPro2006
Smitfraud-C.
MyWay.MyBar
Microsoft.WindowsSecurityCenter.AntiVirusOverride
Microsoft.WindowsSecurityCenter.UpdateDisableNotify
Altnet
Cydoor
GAIN.Gator
InstaFink
WinAntiVirusPro2006
Zlob.Downloader
Avenue A, Inc.
MediaPlex
BlueStreak
DoubleClick
Hitman Pro AntiSpyware 1.9.4
This additional inspection is searching for spyware, viruses, worms and Trojans wich can not (up to now) be found or deleted by the external components.
# Legend: certified spyware
# found with heuristics
# links to spyware
# HKLM\..\Run, NsUpdate=C:\WINDOWS\NsUpdate.exe is deleted (key is orphan)
# HKLM\..\Run, CanalPlayer=C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe is deleted (key is orphan)
# HKCU\..\Run, BitTorrent=C:\Program Files\BitTorrent\bittorrent.exe is deleted (key is orphan)
Additional inspection did not find malicious software
0 pour,0
Posté le: 28 avril 2007 à 11:31
tu as fait une recherche dans ton dur de MereDeFamille40a.exe?
Sinon ça a l'air d'aller pour le plus important.
Pour les problèmes de vulnérabilité utilise firefox à la place d'ie:p
Refonte config en cours...
Sinon ça a l'air d'aller pour le plus important.
Pour les problèmes de vulnérabilité utilise firefox à la place d'ie:p
Refonte config en cours...
0 pour,0
Posté le: 28 avril 2007 à 12:42
meci d'avoir pris un moment pour moi
justement j'ai fais la recherche et je le touve pas c'est sa qui m'emm****
donc est-ce que je peu le retouver autrement qu'avec la recherche windows
pour firefox je l'utilise depuis un moment mais quand je matte mais mails msn m'ouvre systematiquement IE
justement j'ai fais la recherche et je le touve pas c'est sa qui m'emm****
donc est-ce que je peu le retouver autrement qu'avec la recherche windows
pour firefox je l'utilise depuis un moment mais quand je matte mais mails msn m'ouvre systematiquement IE
0 pour,0
Posté le: 28 avril 2007 à 16:09
tu affiches bien les fichiers cachés au moins?
Refonte config en cours...
Refonte config en cours...
0 pour,0
Posté le: 28 avril 2007 à 16:21
oui il ni a que les fichier systeme qui sont proteger qui sont masquer
0 pour,0
Posté le: 29 avril 2007 à 16:47
Je ne sais pas quoi te dire :X De toute façon il est lancé dans tes processus?
Refonte config en cours...
Refonte config en cours...
0 pour,0
Posté le: 29 avril 2007 à 20:07
g sourtout un truc bizzare que je vois que par msconfig
Nwiz NWIZ.exe\instal hklm\software_microsoft\windows\currentversion\run
Nwiz NWIZ.exe\instal hklm\software_microsoft\windows\currentversion\run
0 pour,0
- Accueil
- Forums
- OsLand
- Optimisation Windows
- malware et autre cochonerie
Vous ne pouvez pas poster de nouveaux sujets dans ce forum
Vous ne pouvez pas répondre aux sujets dans ce forum
Vous ne pouvez pas éditer vos messages dans ce forum
Vous ne pouvez pas supprimer vos messages dans ce forum
Vous ne pouvez pas voter dans les sondages de ce forum
Sujets similaires |
|||||
| Sujet | Auteur | Forum | Réponses | Posté le | |
|---|---|---|---|---|---|
 |
[OS] - DirectX - autre? | the_man3 | Optimisation Windows | 12 | 12 août 2023 à 15:39 |
|
Avis montre connecté ou autre, données santé. | niroman | Téléphones portables | 3 | 08 mai 2023 à 12:54 |
|
Setup 3 écrans, Support triple screen ou autre ? | alecc59 | Divers Hardware | 9 | 23 février 2022 à 10:05 |
|
[VDS] Petite collection matos d'un autre temps: 3dfx Inside | warlife | Ventes | 8 | 08 février 2022 à 19:11 |
- 15:18 Un inattendu mod pour Skyrim !
- 15:00 Test Pulsar Xlite V3 eS : une nouvelle référence en la matière !
- 14:16 CD PROJEKT RED annonce un The Witcher 3 REDkit
- 13:21 1foTradeDay 2024, that's all folks !
- 11:47 1foTradeDay 2024, on poursuit notre visite
- 11:32 Et si la RTX 5080 était la première ?
- 11:26 Sharkoon OfficePal M25W, une souris compacte pour tout faire ?
- 10:57 Des screenshots de GTA San Andreas en version RTX Remix
- 10:51 1foTradeDay 2024, on fait un premier tour !
- 10:20 En mai, Windows 10 à seulement 13 euros, Windows 11 à 19 euros
Chargement pilotes réseau au démarrage avant les programmes [ Divers Hardware ]
kain21 il y a 5 minutes.
Soucis Ecran Noir et freeze [ L'atelier ]
Raissen67 il y a 22 minutes.
Insatisfaction du jour 2024 [ Le poulailler ]
Mitch_ il y a 22 minutes.
Fail-out 4 [ Jeux pc ]
funkydata il y a 36 minutes.
Vos jeux du moment [ GameLand ]
insolegeek il y a 42 minutes.- Test Pulsar Xlite V3 eS : une nouvelle référence en la ma... [ Claviers et souris ]
JMC il y a 2 heures. 
Satisfaction du jour 2024 [ Le poulailler ]
Yoshikan il y a 2 heures.- Ordinateur qui ne démarre pas [ L'atelier ]
PaliPalo il y a 4 heures. - Config semi-Pro [ L'atelier ]
mini-pouce il y a 8 heures. - Quel proc pour upgrade ma config (AM4) [ CPU, Cartes mères, RAM ]
ekivok79 il y a 16 heures. 
1 présentation aujourd'hui- Tous les forums