Sujet Précédent Sujet Suivant

Bookedspace

Olivebon -  
 Olivier -
Bonjour à tous

Je souhaiterai connaitre la méthode pour me débarrasser de ce "spyware: Bookedspace.
Malgré sa suppression avec ad-aware 6.0 et regcleaner, il revient toujours. Résultat, à chaque utilisation d'internet explorer l'utilisation de la mémoire monte en flèche (d'après le gestionnaire des taches) jusqu'a coincer completement le PC.
SE windows 2000pro (c'est l'ordi du boulot...).
Au passage j'ai d'autres saloperies du type Aaa_soft kkk,pppp et autres qui me polluent la vie et impossible de s'en séparer.
je suis preneur de toutes idées.
Merci d'avance.
Olivier

3 réponses

Réponse 1 / 3
Utilisateur anonyme
 
Salut
telecharges ca et scannes puis colles le rapport ici

http://tomcoyote.com/hjt/#Top
0
Olivier
 
Voilà le résultat du scan:
Bonne lecture! Pour ma part je n'y comprend que peu de chose.
Merci par avance
pour info, depuis mon premier message j'ai passé Spybot (il m'a éliminé pas mal de "saloperies") et fait ce scan après.
Bookedspace semble avoir disparu, seulement j'ai toujours des problèmes lors de l'utilisation d'IE (version6): "CPU usage" à fond à chaque changement de page pendant de longues secondes et l'utilisation mémoire qui grimpe par palier....

Logfile of HijackThis v1.98.2
Scan saved at 15:14:35, on 25/11/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\INV32CLI.EXE
C:\EPOAgent\naimas32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\SUSS.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\WUSER32.EXE
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\WINNT\Explorer.EXE
C:\EPOAgent\naimag32.exe
C:\WINNT\system32\rsyutpv.exe
C:\WINNT\system32\internat.exe
C:\MS\SMS\BIN\pcmwin32.exe
C:\WINNT\system32\ntvdm.exe
C:\MS\SMS\BIN\climonnt.exe
C:\WINNT\system32\taskmgr.exe
C:\WINNT\system32\ltmx.exe
C:\Mes docs\archives\programmes\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://supacoopa.directwebsearch.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://supacoopa.directwebsearch.net/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://supacoopa.directwebsearch.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://supacoopa.directwebsearch.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.begin2search.com/sidesearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://imp2-q.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://supacoopa.directwebsearch.net/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://supacoopa.directwebsearch.net/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://supacoopa.directwebsearch.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://supacoopa.directwebsearch.net/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://supacoopa.directwebsearch.net/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Equant
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxytpc.ren.globalone.net/scripts/tpcgo.asp
R3 - URLSearchHook: (no name) - {BD3D6181-3081-45F1-C06C-1E25A38D9CB0} - C:\WINNT\Efeipier.dll
F3 - REG:win.ini: load= SMSRUN32.BAT
O1 - Hosts: 193.252.6.194 SRVGPW257
O1 - Hosts: 192.9.5.6 SRVDTNOTES
O1 - Hosts: 192.9.4.12 TPCUN006
O1 - Hosts: 192.9.4.213 TPCUN016
O1 - Hosts: 192.9.4.176 TPCUN018
O1 - Hosts: 192.9.4.212 TPCUN020
O1 - Hosts: 192.9.4.7 TPCUN024
O1 - Hosts: 192.9.5.75 TPCUN027
O1 - Hosts: 192.9.4.5 TPCUN050
O1 - Hosts: 192.9.4.6 TPCUN051
O1 - Hosts: 192.9.4.27 TPCUN052
O1 - Hosts: 192.9.4.121 TPCUN102
O1 - Hosts: 192.9.4.122 TPCUN103
O1 - Hosts: 192.9.4.179 PC7428
O1 - Hosts: 69.50.179.52 AUTO.SEARCH.MSN.COM
O1 - Hosts: 69.50.179.52 AUTO.SEARCH.MSN.COM
O1 - Hosts: 69.31.79.102 AUTO.SEARCH.MSN.COM
O1 - Hosts: 69.31.79.102 AUTO.SEARCH.MSN.COM
O1 - Hosts: 69.31.79.102 AUTO.SEARCH.MSN.COM
O1 - Hosts: 69.31.79.102 AUTO.SEARCH.MSN.COM
O1 - Hosts: 69.31.79.102 AUTO.SEARCH.MSN.COM
O1 - Hosts: 69.31.79.102 AUTO.SEARCH.MSN.COM
O1 - Hosts: 69.31.79.102 AUTO.SEARCH.MSN.COM
O1 - Hosts: 69.31.79.102 AUTO.SEARCH.MSN.COM
O1 - Hosts: 69.31.79.102 AUTO.SEARCH.MSN.COM
O1 - Hosts: 69.31.79.102 AUTO.SEARCH.MSN.COM
O1 - Hosts: 69.31.79.102 AUTO.SEARCH.MSN.COM
O1 - Hosts: 69.31.79.102 AUTO.SEARCH.MSN.COM
O1 - Hosts: 69.31.79.102 AUTO.SEARCH.MSN.COM
O1 - Hosts: 69.31.79.102 AUTO.SEARCH.MSN.COM
O1 - Hosts: 69.31.79.102 AUTO.SEARCH.MSN.COM
O1 - Hosts: 69.31.79.102 AUTO.SEARCH.MSN.COM
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINNT\bxxs5.dll
O2 - BHO: MultiMPPObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINNT\multimpp.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {08227B4B-54FE-4C4D-809F-BCA46292FC5B} - (no file)
O2 - BHO: (no name) - {158B307C-E666-5AB6-D321-66557EAE2649} - C:\WINNT\system32\skq.dll
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINNT\system32\winb2s32.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - (no file)
O2 - BHO: ohb - {CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} - C:\WINNT\system32\dsktrf.dll
O2 - BHO: (no name) - {CC766BD4-8D78-859D-4E1B-AC2A366CC231} - C:\WINNT\Efeipier.dll
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765724820} - C:\WINNT\system32\wer4820.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Search - {A9F7FF22-62E4-0B34-8F81-E6D4FD41185D} - C:\WINNT\Efeipier.dll
O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - C:\WINNT\system32\winb2s32.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NaimAgent_UI] C:\EPOAgent\naimag32.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINNT\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [temklt] C:\WINNT\system32\rsyutpv.exe
O4 - HKLM\..\Run: [satmat] C:\WINNT\satmat.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\ygua.exe
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://69.31.79.102/searchinfoxyz.chm::/searchinfoxyz.exe
O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://c:\nosuch.mht!http://www.ruworld.com/chm/files.chm::/file.exe
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - (no file)
0
Réponse 2 / 3
Utilisateur anonyme
 
Coches et fixes ca en mode sans echec

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://supacoopa.directwebsearch.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://supacoopa.directwebsearch.net/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://supacoopa.directwebsearch.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://supacoopa.directwebsearch.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.begin2search.com/sidesearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://imp2-q.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://supacoopa.directwebsearch.net/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://supacoopa.directwebsearch.net/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://supacoopa.directwebsearch.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://supacoopa.directwebsearch.net/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://supacoopa.directwebsearch.net/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Equant
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxytpc.ren.globalone.net/scripts/tpcgo.asp
R3 - URLSearchHook: (no name) - {BD3D6181-3081-45F1-C06C-1E25A38D9CB0} - C:\WINNT\Efeipier.dll
F3 - REG:win.ini: load= SMSRUN32.BAT
O1 - Hosts: 193.252.6.194 SRVGPW257
O1 - Hosts: 192.9.5.6 SRVDTNOTES
O1 - Hosts: 192.9.4.12 TPCUN006
O1 - Hosts: 192.9.4.213 TPCUN016
O1 - Hosts: 192.9.4.176 TPCUN018
O1 - Hosts: 192.9.4.212 TPCUN020
O1 - Hosts: 192.9.4.7 TPCUN024
O1 - Hosts: 192.9.5.75 TPCUN027
O1 - Hosts: 192.9.4.5 TPCUN050
O1 - Hosts: 192.9.4.6 TPCUN051
O1 - Hosts: 192.9.4.27 TPCUN052
O1 - Hosts: 192.9.4.121 TPCUN102
O1 - Hosts: 192.9.4.122 TPCUN103
O1 - Hosts: 192.9.4.179 PC7428
O1 - Hosts: 69.50.179.52 AUTO.SEARCH.MSN.COM
O1 - Hosts: 69.50.179.52 AUTO.SEARCH.MSN.COM
O1 - Hosts: 69.31.79.102 AUTO.SEARCH.MSN.COM
O1 - Hosts: 69.31.79.102 AUTO.SEARCH.MSN.COM
O1 - Hosts: 69.31.79.102 AUTO.SEARCH.MSN.COM
O1 - Hosts: 69.31.79.102 AUTO.SEARCH.MSN.COM
O1 - Hosts: 69.31.79.102 AUTO.SEARCH.MSN.COM
O1 - Hosts: 69.31.79.102 AUTO.SEARCH.MSN.COM
O1 - Hosts: 69.31.79.102 AUTO.SEARCH.MSN.COM
O1 - Hosts: 69.31.79.102 AUTO.SEARCH.MSN.COM
O1 - Hosts: 69.31.79.102 AUTO.SEARCH.MSN.COM
O1 - Hosts: 69.31.79.102 AUTO.SEARCH.MSN.COM
O1 - Hosts: 69.31.79.102 AUTO.SEARCH.MSN.COM
O1 - Hosts: 69.31.79.102 AUTO.SEARCH.MSN.COM
O1 - Hosts: 69.31.79.102 AUTO.SEARCH.MSN.COM
O1 - Hosts: 69.31.79.102 AUTO.SEARCH.MSN.COM
O1 - Hosts: 69.31.79.102 AUTO.SEARCH.MSN.COM
O1 - Hosts: 69.31.79.102 AUTO.SEARCH.MSN.COM
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINNT\bxxs5.dll
O2 - BHO: (no name) - {08227B4B-54FE-4C4D-809F-BCA46292FC5B} - (no file)
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINNT\system32\winb2s32.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll O2 - BHO: (no name) - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - (no file)
O2 - BHO: ohb - {CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} - C:\WINNT\system32\dsktrf.dll
O2 - BHO: (no name) - {CC766BD4-8D78-859D-4E1B-AC2A366CC231} - C:\WINNT\Efeipier.dll
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765724820} - C:\WINNT\system32\wer4820.dll
O3 - Toolbar: Search - {A9F7FF22-62E4-0B34-8F81-E6D4FD41185D} - C:\WINNT\Efeipier.dll
O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - C:\WINNT\system32\winb2s32.dll
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINNT\bxxs5.dll,DllRun
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht! SALOPERIE
http://69.31.79.102/searchinfoxyz.chm::/searchinfoxyz.exe
O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://c:\nosuch.mht!http://www.ruworld.com/chm/files.chm::/file.exe
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - (no file)
0
Réponse 3 / 3
Olivier
 
Salut Waël

Merci pour tout, j'ai l'impression que tout est rentré dans l'ordre.
Sympa ce petit utilitaire mais à utiliser avec précaution....
Merci encore
0