Sujet Précédent Sujet Suivant

Impossible d'eliminer spywares.

Fermé
solaro Messages postés 7 Date d'inscription mardi 31 mai 2005 Statut Membre Dernière intervention 14 août 2007 - 16 août 2005 à 10:34
balltrap34 Messages postés 16240 Date d'inscription jeudi 8 janvier 2004 Statut Contributeur sécurité Dernière intervention 28 novembre 2009 - 27 août 2005 à 19:35
bonjour,
depuis quelques jours je n'arrive pas a eliminer spywares, malgré une tentative en mode sans echec et l utilisation de spyboot,ad-ware,regcleaner,a-squarred.
voici le rapport de hijackthis;
Logfile of HijackThis v1.99.1
Scan saved at 10:23:53, on 16/08/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\etb\pokapoka63.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\program files\180searchassistant\sais.exe
C:\WINDOWS\switpa.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\wocu\aubo.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\sqlserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\PowerArchiver\POWERARC.EXE
D:\_Solaro\Mes fichiers reçus\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.aaawebfinder.com/sp2.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.fr/nwshp?hl=fr&gl=fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 70.84.252.218 onlineaccounts2.abbeynational.co.uk
O1 - Hosts: 70.84.252.218 www3.aibgbonline.co.uk
O1 - Hosts: 70.84.252.218 www.bank.alliance-leicester.co.uk
O1 - Hosts: 70.84.252.218 login.iblogin.com
O1 - Hosts: 70.84.252.218 ww2.bankofscotlandhalifax-online.co.uk
O1 - Hosts: 70.84.252.218 inet.barclays.co.uk
O1 - Hosts: 70.84.252.218 iibank.barclays.co.uk
O1 - Hosts: 70.84.252.218 iibank.cahoot.com
O1 - Hosts: 70.84.252.218 www3.coventrybuildingsociety.co.uk
O1 - Hosts: 70.84.252.218 ww.hsbc.co.uk
O1 - Hosts: 70.84.252.218 login.ebank.offshore.hsbc.co.je
O1 - Hosts: 70.84.252.218 ww3.online-offshore.lloydstsb.com
O1 - Hosts: 70.84.252.218 ww3.online-business.lloydstsb.co.uk
O1 - Hosts: 70.84.252.218 ww3.online.lloydstsb.co.uk
O1 - Hosts: 70.84.252.218 ww3.online.lloydstsb.co.uk
O1 - Hosts: 70.84.252.218 ww3.online-business.lloydstsb.co.uk
O1 - Hosts: 70.84.252.218 ob2.nationet.com
O1 - Hosts: 70.84.252.218 ww3.onlinebanking.natwestoffshore.com
O1 - Hosts: 70.84.252.218 ww1.nwolb.com
O1 - Hosts: 70.84.252.218 ww1.onlinebanking.iombank.com
O1 - Hosts: 70.84.252.218 ww1.www.rbsdigital.com
O1 - Hosts: 70.84.252.218 welcome.smile.co.uk
O1 - Hosts: 70.84.252.218 login.365online.com
O1 - Hosts: 70.84.252.218 wvw.citizensbankonline.com
O1 - Hosts: 70.84.252.218 esecure.regionsnet.com
O1 - Hosts: 70.84.252.218 rollb.associatedbank.com
O1 - Hosts: 70.84.252.218 upb.unionplanters.com
O1 - Hosts: 70.84.252.218 www.onlinebanking.huntington.com
O1 - Hosts: 70.84.252.218 inet.southtrustonlinebanking.com
O1 - Hosts: 70.84.252.218 logon.personal.wamu.com
O1 - Hosts: 70.84.252.218 login.compassweb.com
O1 - Hosts: 70.84.252.218 logon.firstmeritib.com
O1 - Hosts: 70.84.252.218 login.ccfcuonline.org
O1 - Hosts: 70.84.252.218 ww3.etimebanker.bankofthewest.com
O1 - Hosts: 70.84.252.218 ww2.onlinebanking.lasallebank.com
O1 - Hosts: 70.84.252.218 wvw.totallyfreebanking.com
O1 - Hosts: 70.84.252.218 www.online.wellsfargo.com
O1 - Hosts: 70.84.252.218 www.onlinebanking.bankofoklahoma.com
O1 - Hosts: 70.84.252.218 accounts4.keybank.com
O1 - Hosts: 70.84.252.218 logon.bankone.com
O1 - Hosts: 70.84.252.218 www.secure.tdbanknorth.com
O1 - Hosts: 70.84.252.218 www.secure.mvnt4.com
O1 - Hosts: 70.84.252.218 ww.mynfbonline.com
O1 - Hosts: 70.84.252.218 login.forumcuonline.com
O1 - Hosts: 70.84.252.218 www.eds.usersonlnet.com
O1 - Hosts: 70.84.252.218 www.onlineid.bankofamerica.com
O1 - Hosts: 70.84.252.218 wvw.e-gold.com
O1 - Hosts: 70.84.252.218 pcbs.peoples.com
O1 - Hosts: 70.84.252.218 www.global1.onlinebank.com
O1 - Hosts: 70.84.252.218 ww2.mybranch.lafcu.com
O1 - Hosts: 70.84.252.218 login.webbanking.comerica.com
O1 - Hosts: 70.84.252.218 web.banking.firsttennessee.com
O1 - Hosts: 70.84.252.218 logon.members1st.org
O1 - Hosts: 70.84.252.218 www.cib.ibanking-services.com
O1 - Hosts: 70.84.252.218 www.miwebbusbank.ebanking-services.com
O1 - Hosts: 70.84.252.218 wvw.paypal.com
O1 - Hosts: 70.84.252.218 www.signin.ebay.com
O1 - Hosts: 70.84.252.218 wvw.etrade.com
O1 - Hosts: 70.84.252.218 ww4.fleethomelink.fleet.com
O1 - Hosts: 70.84.252.218 ww3.connect.skyfi.com
O1 - Hosts: 70.84.252.218 www6.usbank.com
O1 - Hosts: 70.84.252.218 www.bvi.bancodevalencia.es
O1 - Hosts: 70.84.252.218 extrant.banesto.es
O1 - Hosts: 70.84.252.218 banesnt.banesto.es
O1 - Hosts: 70.84.252.218 activia.caixagalicia.es
O1 - Hosts: 70.84.252.218 www.bancae.caixapenedes.com
O1 - Hosts: 70.84.252.218 login.caixasabadell.net
O1 - Hosts: 70.84.252.218 oii.cajamadrid.es
O1 - Hosts: 70.84.252.218 login.cajamar.es
O1 - Hosts: 70.84.252.218 login.ccm.es
O1 - Hosts: 70.84.252.218 ww.unicaja.es
O1 - Hosts: 70.84.252.218 www5.bancopopular.es
O1 - Hosts: 70.84.252.218 ww3.bbvanet.com
O1 - Hosts: 70.84.252.218 ww.bayernlb.de
O1 - Hosts: 70.84.252.218 ww2.berliner-volksbank.de
O1 - Hosts: 70.84.252.218 ww7.homebanking-berlin.de
O1 - Hosts: 70.84.252.218 portal09.commerzbanking.de
O1 - Hosts: 70.84.252.218 www.meine.deutsche-bank.de
O1 - Hosts: 70.84.252.218 ww2.dresdner-privat.de
O1 - Hosts: 70.84.252.218 ww.e-banking.helaba.de
O1 - Hosts: 70.84.252.218 ww.hsh-nordbank.de
O1 - Hosts: 70.84.252.218 www.my.hypovereinsbank.de
O1 - Hosts: 70.84.252.218 ww3.homebanking-berlin.de
O1 - Hosts: 70.84.252.218 ww3.homebanking-berlin.de
O1 - Hosts: 70.84.252.218 www.banking.lbbw.de
O1 - Hosts: 70.84.252.218 lrp.sparkasse-banking.de
O1 - Hosts: 70.84.252.218 ww3.homebanking-niedersachsen.de
O1 - Hosts: 70.84.252.218 www.onlinebanking.norisbank.de
O1 - Hosts: 70.84.252.218 www.banking.postbank.de
O1 - Hosts: 70.84.252.218 wvw.internetbanking.gad.de
O1 - Hosts: 70.84.252.218 ww1.portal.izb.de
O1 - Hosts: 70.84.252.218 wvw.kunden-service.lbs.de
O1 - Hosts: 70.84.252.218 ibanking.seb.de
O1 - Hosts: 70.84.252.218 bw7.sparkasse-banking.de
O1 - Hosts: 70.84.252.218 ww2.homebanking-sparkasse.de
O1 - Hosts: 70.84.252.218 ww2.vr-networld-ebanking.de
O1 - Hosts: 70.84.252.218 ww.bics.fr
O1 - Hosts: 70.84.252.218 www.co.caixabank.fr
O1 - Hosts: 70.84.252.218 ww.creditmutuel.fr
O1 - Hosts: 70.84.252.218 internetbank.intesabci.it
O1 - Hosts: 70.84.252.218 ww.extensive.bancalombarda.it
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [sais] c:\program files\180searchassistant\sais.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [mbqxcbcz] C:\WINDOWS\mbqxcbcz.exe
O4 - HKLM\..\Run: [switp] C:\WINDOWS\switpa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Ubsl] C:\Program Files\wocu\aubo.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\WINDOWS\System32\shdocvw.dll
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/fra_pao_med.exe
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int12.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://216.127.33.119/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121716482458
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=4678
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{74F09936-9177-4274-8F54-06DFE19966CC}: NameServer = 212.27.32.176,212.27.32.177
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Remote Procedure Call (RPC) Monitoring (Rpcmon) - Unknown owner - C:\WINDOWS\system32\csrs.exe (file missing)
O23 - Service: sqlserver - Unknown owner - C:\WINDOWS\sqlserv.exe
O23 - Service: tsecure - Unknown owner - C:\WINDOWS\tsecure.exe (file missing)

si vous pouviez m'aider svp avt l ultime operation, le formatage.
merci beaucoup
A voir également:

2 réponses

Réponse 1 / 2
max49
27 août 2005 à 19:07
Salut,

Et tu n'as pas essayé Windows Antispyware Beta 1, c'est un trés bon Anti-Spyware, vas le télécharger sur : http://maxime.voisin.nom.fr/pages/page_10pag.html

Bonne chance
0
Réponse 2 / 2
balltrap34 Messages postés 16240 Date d'inscription jeudi 8 janvier 2004 Statut Contributeur sécurité Dernière intervention 28 novembre 2009 331
27 août 2005 à 19:35
salut

► imprime ceci pour ne rien oublier et tous faire
tous faire dans l ordre imperativement
-------------------------
► tous da bord telecharge ces programmes si tu ne les a pas et met les a jour mais ne les utilise pas encore et verifie que tu as les bonnes version c est imperatif

ad-aware (1)version 1.06

(ici) http://www.florensac-chasse-trap.com/ section virus
voir demo
http://pageperso.aol.fr/balltrap34/adwseflash.zip
0