Spywares
Résolu
Ben
-
Ben -
Ben -
Bonjour,
Des spywares (je suppose) ainsi que des ouvertures de sites (www.yomanda85,..) réapparaissent à chaque fois, même après avoir effectué adaware, spydoctor,..
Merci de votre aide.
Hijackthis de mon pc:
Logfile of HijackThis v1.99.1
Scan saved at 16:21:58, on 07/01/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\PcNicCtl.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINNT\system32\tp4mon.exe
C:\WINNT\system32\Promon.exe
C:\WINNT\system32\RunDll32.exe
C:\WINNT\system32\ltmsg.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\xpsp2.exe
C:\Program Files\Ydgdwi\Tvvbcfw.exe
C:\Program Files\mawu\omuo.exe
C:\WINNT\system32\NotifyPhoneBook.exe
C:\WINNT\msnt.exe
C:\WINNT\msnt.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\180searchassistant\salm.exe
C:\WINNT\system32\9dsa0cbm.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: load=C:\WINNT\sdf.exe
O1 - Hosts: 172.16.121.3 COPROM
O1 - Hosts: 172.16.121.4 COPSG
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem220.dll
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180searchassistant\salmhook.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [Windows Explorer] LSAS.exe
O4 - HKLM\..\Run: [Qlafvb] C:\Program Files\Ydgdwi\Tvvbcfw.exe
O4 - HKLM\..\Run: [Ruwxxtwf] C:\Program Files\Kqniri\Fummm.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [Windows 32 System TM] winsys32tm.exe
O4 - HKLM\..\Run: [Microsoft Explorer ] iexplorer.exe
O4 - HKLM\..\Run: [Userinterface Reporter] srv32.exe
O4 - HKLM\..\Run: [Microsoft xpsp2] xpsp2.exe
O4 - HKLM\..\Run: [CrocPopup+ ] C:\Program Files\crocpopup+\Crocpopup+.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [salm] c:\program files\180searchassistant\salm.exe
O4 - HKLM\..\Run: [krsteb] C:\WINNT\krsteb.exe
O4 - HKLM\..\Run: [9dsa0cbm] C:\WINNT\system32\9dsa0cbm.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\RunServices: [Windows Explorer] LSAS.exe
O4 - HKLM\..\RunServices: [Windows 32 System TM] winsys32tm.exe
O4 - HKLM\..\RunServices: [Microsoft Explorer ] iexplorer.exe
O4 - HKLM\..\RunServices: [Userinterface Reporter] srv32.exe
O4 - HKCU\..\Run: [Ruwxxtwf] C:\Program Files\Kqniri\Fummm.exe
O4 - HKCU\..\Run: [Qlafvb] C:\Program Files\Ydgdwi\Tvvbcfw.exe
O4 - HKCU\..\Run: [Windows 32 System TM] winsys32tm.exe
O4 - HKCU\..\Run: [Microsoft xpsp2] xpsp2.exe
O4 - HKCU\..\Run: [Damc] C:\Program Files\mawu\omuo.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c1.cab
O16 - DPF: {185204B6-2D45-11D6-BBBE-00A024E02106} (ApplicationManager Control) - http://192.168.006.196/ApplicationManager.ocx
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=4850
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ans.teledis.be
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ans.teledis.be
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ans.teledis.be
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = ans.teledis.be
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\system32\ibmpmsvc.exe
O23 - Service: IntelPcNicCtl - Unknown owner - C:\WINNT\System32\PcNicCtl.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SNMP Trap Service (SNMPTRAP) - Unknown owner - C:\WINNT\system32\snmptrap.exe (file missing)
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Des spywares (je suppose) ainsi que des ouvertures de sites (www.yomanda85,..) réapparaissent à chaque fois, même après avoir effectué adaware, spydoctor,..
Merci de votre aide.
Hijackthis de mon pc:
Logfile of HijackThis v1.99.1
Scan saved at 16:21:58, on 07/01/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\PcNicCtl.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINNT\system32\tp4mon.exe
C:\WINNT\system32\Promon.exe
C:\WINNT\system32\RunDll32.exe
C:\WINNT\system32\ltmsg.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\xpsp2.exe
C:\Program Files\Ydgdwi\Tvvbcfw.exe
C:\Program Files\mawu\omuo.exe
C:\WINNT\system32\NotifyPhoneBook.exe
C:\WINNT\msnt.exe
C:\WINNT\msnt.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\180searchassistant\salm.exe
C:\WINNT\system32\9dsa0cbm.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: load=C:\WINNT\sdf.exe
O1 - Hosts: 172.16.121.3 COPROM
O1 - Hosts: 172.16.121.4 COPSG
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem220.dll
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180searchassistant\salmhook.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [Windows Explorer] LSAS.exe
O4 - HKLM\..\Run: [Qlafvb] C:\Program Files\Ydgdwi\Tvvbcfw.exe
O4 - HKLM\..\Run: [Ruwxxtwf] C:\Program Files\Kqniri\Fummm.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [Windows 32 System TM] winsys32tm.exe
O4 - HKLM\..\Run: [Microsoft Explorer ] iexplorer.exe
O4 - HKLM\..\Run: [Userinterface Reporter] srv32.exe
O4 - HKLM\..\Run: [Microsoft xpsp2] xpsp2.exe
O4 - HKLM\..\Run: [CrocPopup+ ] C:\Program Files\crocpopup+\Crocpopup+.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [salm] c:\program files\180searchassistant\salm.exe
O4 - HKLM\..\Run: [krsteb] C:\WINNT\krsteb.exe
O4 - HKLM\..\Run: [9dsa0cbm] C:\WINNT\system32\9dsa0cbm.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\RunServices: [Windows Explorer] LSAS.exe
O4 - HKLM\..\RunServices: [Windows 32 System TM] winsys32tm.exe
O4 - HKLM\..\RunServices: [Microsoft Explorer ] iexplorer.exe
O4 - HKLM\..\RunServices: [Userinterface Reporter] srv32.exe
O4 - HKCU\..\Run: [Ruwxxtwf] C:\Program Files\Kqniri\Fummm.exe
O4 - HKCU\..\Run: [Qlafvb] C:\Program Files\Ydgdwi\Tvvbcfw.exe
O4 - HKCU\..\Run: [Windows 32 System TM] winsys32tm.exe
O4 - HKCU\..\Run: [Microsoft xpsp2] xpsp2.exe
O4 - HKCU\..\Run: [Damc] C:\Program Files\mawu\omuo.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c1.cab
O16 - DPF: {185204B6-2D45-11D6-BBBE-00A024E02106} (ApplicationManager Control) - http://192.168.006.196/ApplicationManager.ocx
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=4850
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ans.teledis.be
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ans.teledis.be
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ans.teledis.be
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = ans.teledis.be
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\system32\ibmpmsvc.exe
O23 - Service: IntelPcNicCtl - Unknown owner - C:\WINNT\System32\PcNicCtl.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SNMP Trap Service (SNMPTRAP) - Unknown owner - C:\WINNT\system32\snmptrap.exe (file missing)
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
1 réponse
fait un scan avec kaspersky antivirus personal http://www.kaspersky.com/fr/evaluation si il ne te les vire pas il te donnera le nom .
A+