Derniers tutoriels :
Sondage :
Publicité
Derniers articles :
Hello Everybody...I have a big spam problem... :( - Version imprimable +- Forums d'entraide informatique - Les forums de PCW (http://forum.pcinfo-web.com) +-- Forum : Forum Informatique (/forumdisplay.php?fid=39) +--- Forum : Sécurité Informatique (/forumdisplay.php?fid=2) +--- Discussion : Hello Everybody...I have a big spam problem... :( (/showthread.php?tid=181) |
Hello Everybody...I have a big spam problem... :( - Sum 41 - 23-07-2006 17:37 PM Hi...First of all I'm not French and a friend of mine recommended this site... I have a spam problem that I tried so hard to fix that but I couldnt...When I start internet explorer or an application that uses internet explorer, a pop-up window appears that contains a message "Advertisement by Outerinfo"...And also it contains advertisements of some companies... Here is my HijackThis log file... Logfile of HijackThis v1.99.1 Scan saved at 9:31:07 PM, on 7/23/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Babylon\Babylon.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\MXOALDR.EXE C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\PPATCH~1\javaw.exe C:\WINDOWS\ECURIT~1\winword.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Documents and Settings\ad\Application Data\Map Maker\MMManager.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\ntvdm.exe C:\HJT\HijackThis.exe R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon.exe -AutoStart O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [dos_win.exe] C:\WINDOWS\system32\dos_win.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [Niru] "C:\WINDOWS\system32\PPATCH~1\javaw.exe" -vt ndrv O4 - HKCU\..\Run: [Pvi] C:\WINDOWS\ECURIT~1\winword.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - HKCU\..\Run: [Sticker] C:\Program Files\MoRUN.net\NotesPlusPlus\notespp.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: SunClock5.lnk = C:\Documents and Settings\ad\Application Data\Map Maker\MMManager.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\wuaclt.dll O20 - Winlogon Notify: Explorer - C:\WINDOWS\system32\jbsh400.dll (file missing) O20 - Winlogon Notify: klogon - "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klogon.dll" (file missing) O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe How can I fix that problem? If you help me, I will really be happy...Thanks a lot... :| - Troll - 23-07-2006 18:00 PM Hello ! Welcome to Pc-Info You may have some trojan or malware in you pc, and you have a lot of BHO :o So, Can you read the french ? If yes, do that it's written >>here<< and give us the ewido report If you don't understand something I said tell it me (I'm not english...so I can do some errors in writting in this langage ). Good evening - Sum 41 - 23-07-2006 18:12 PM Hi Troll...Thanks for help... ) I can't speak French... But I installed 4 programs that I saw on that link...(CCleaner, Adaware, Ewido and Spybot)... If you explain the steps on that link shortly, I will be happy... (Your English is so good...I can understand everything that you wrote... )) - Troll - 23-07-2006 18:32 PM Thanks for my english The steps aren't very complicated, For CCleaner, launch it and, on the right bottom of the window, there's a button "lancer le nettoyage", clic on Second step : Ad-aware, don't use the second link, it's for turning it on french. The software may be in english by default, so you clic update on the bottom of the window (a little earth...), you clic on connecting and you answer yes for downloading update file. Then you clic on close for closing window. Then this, clic on the next button and select complete system scan, clic on the scan button and let it scanning, it wont be very long. After the scan, delete all files that has found, withou moving them in quarantine. For spybot, it's very simple. You can turn it on english by the language button. After this, clic on update and update it. Clic then on the scan button "check problems" and let scanning, after the scan, delete all files that has been founded For ewido, it's in english too, you update and scan too. And after, you give us the report by CNTRL + A (select all) , CNTRL + C (copy) and CNTRL+V (stick). We see after that the on-line scanner of kaspersky - Sum 41 - 23-07-2006 21:06 PM Hi Troll, Finally all steps are ended... ) Here is the report of ewido... --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 1:00:07 AM 7/24/2006 + Scan result: C:\WINDOWS\system32\__delete_on_reboot__w_u_a_c_l_t_._d_l_l_ -> Adware.PurityScan : No action taken. C:\WINDOWS\&#1109;ecurity\__delete_on_reboot__w_i_n_w_o_r_d_._e_x_e_ -> Adware.PurityScan : No action taken. [1024] C:\WINDOWS\system32\wuaclt.dll -> Adware.PurityScan : No action taken. [1148] C:\WINDOWS\system32\wuaclt.dll -> Adware.PurityScan : No action taken. [1216] C:\WINDOWS\system32\wuaclt.dll -> Adware.PurityScan : No action taken. [1304] C:\WINDOWS\system32\wuaclt.dll -> Adware.PurityScan : No action taken. [1384] C:\WINDOWS\system32\wuaclt.dll -> Adware.PurityScan : No action taken. [1392] C:\WINDOWS\system32\wuaclt.dll -> Adware.PurityScan : No action taken. [1660] C:\WINDOWS\system32\wuaclt.dll -> Adware.PurityScan : No action taken. [1736] C:\WINDOWS\system32\wuaclt.dll -> Adware.PurityScan : No action taken. [1744] C:\WINDOWS\system32\wuaclt.dll -> Adware.PurityScan : No action taken. [4012] C:\WINDOWS\system32\wuaclt.dll -> Adware.PurityScan : No action taken. [4048] C:\WINDOWS\ECURIT~1\winword.exe -> Adware.PurityScan : No action taken. [808] C:\WINDOWS\system32\wuaclt.dll -> Adware.PurityScan : No action taken. C:\WINDOWS\system32\&#913;&#1088;pPatch\__delete_on_reboot__j_a_v_a_w_._e_x_e_ -> Downloader.PurityScan.co : No action taken. C:\WINDOWS\system32\ld100.tmp -> Downloader.Zlob.zu : No action taken. C:\WINDOWS\system32\regperf.exe -> Downloader.Zlob.zu : No action taken. C:\Program Files\outlook\p.zip/Setup.exe -> Worm.VB.dw : No action taken. ::Report end ------------------------------------------------------------------------- It says no action taken...But after saving this report I removed all of these infections... - Troll - 24-07-2006 03:59 AM If you removed the infections AFTER generating of the report it's normal, because when the report has been generated, this infections weren't deleted yet If you have deleted all infections so it's good. Now, have you always spam after this ? - Bilifly - 24-07-2006 07:27 AM Hello Sum 41, Welcome The report of Ewido that you come from poster did not remove the infections, it is marked "No action taken" Therefore, it is necessary that you always remake the scanne except connection Internet (by disconnecting your cable USB or LAN or key Wi-Fi) and all the closed programs With the end of the scan, you remove these infectionsen doing this : click with dimensions of "Set all elements to:" and select Delete, so that it removes all the found infected files. Then, click on Apply all actions Then, stations the new report of Ewido Hello Everybody...I have a big spam problem... :( - Sum 41 - 24-07-2006 09:20 AM Hi Troll,Bilifly, I took the Ewido's report before taking the action...After taking this report, I removed all of the infected files...And my computer seems OK now... )) If I see the same pop-up window again, I will write here... )) Thank you so much... ) Have a good time... )) |