spyware 180SearchStubInstall

spyware 180SearchStubInstall - Sécurité - Windows & Software

Marsh Posté le 13-09-2005 à 10:46:45    

kelk1 peut-il m'aider a résoudre 1 pb de spyware ? C 180SearchStubInstall ke je n'arrive pas à éradiquer !! G utiliser ad-aware: il ne la pas détecter !, g donc pris spybot search & destroy 1.4 (tout 2 mis a jour): il me le trouve ! je fais "corriger les problèmes", mais il demande 1 redémarage du syteme pour l'éradiquer! je redémarre, il re-scan (avant d'initialiser ma session), il dis que les pb sont corrigés :) (coche verte). Puis j'attend l'iniatlisation complet de la session, et le démarage des services et processus ! je re-scan avec spybot, et là qu'est-ce que je vois: le meme spyware qu'il était sencé éradiquer !!! je vais donc directement dans "regedit" pour l'éliminer (option spybot : "aller à l'emplacement" ), je fais "suppr" sur la clé! (confirmation pour la supression: OUI, > suprrimer) je fais F5 (actualiser), ET LA VOILA QUI REAPPARAIT !!!!
 
Et à chaque redémarrage du système c'est le meme pb ! jsais plus quoi faire !
 
PLEASE, HELP ME ! je  :pt1cable:


---------------
Modestie et solidarité
Reply

Marsh Posté le 13-09-2005 à 10:46:45   

Reply

Marsh Posté le 13-09-2005 à 10:54:45    

Télécharge HijackThis ici : http://216.180.233.162/~merijn/files/HijackThis.exe
 
et poste le logfile

Reply

Marsh Posté le 13-09-2005 à 10:58:13    

Voici le log file de hijackthis :
 
Logfile of HijackThis v1.99.1
Scan saved at 10:57:12, on 13/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
E:\Program Files\Panda Platinum 2005 Internet Security\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\GEARSec.exe
E:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
E:\Program Files\Panda Platinum 2005 Internet Security\PaSSrv.exe
E:\Program Files\Panda Platinum 2005 Internet Security\PavFnSvr.exe
E:\Program Files\Panda Platinum 2005 Internet Security\Pavkre.exe
C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
E:\Program Files\Panda Platinum 2005 Internet Security\pavsrv51.exe
E:\Program Files\Panda Platinum 2005 Internet Security\AVENGINE.EXE
E:\Program Files\Panda Platinum 2005 Internet Security\prevsrv.exe
E:\Program Files\Panda Platinum 2005 Internet Security\PsImSvc.exe
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
E:\Program Files\Panda Platinum 2005 Internet Security\apvxdwin.exe
C:\WINDOWS\System32\alg.exe
E:\Program Files\Panda Platinum 2005 Internet Security\SRVLOAD.EXE
E:\Program Files\Panda Platinum 2005 Internet Security\WebProxy.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
E:\program files\qttask.exe
E:\Program Files\Motherboard Monitor 5\MBM5.EXE
E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
E:\Program Files\SuperCopier\SuperCopier.exe
E:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
E:\RamBoost XP\rambxpfr.exe
E:\Program Files\eMule\emule.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Panda Platinum 2005 Internet Security\IFACE.EXE
C:\Program Files\Outlook Express\msimn.exe
E:\logiciels\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.free.fr/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://images.google.fr/webhp?hl=fr&tab=iw&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://freebox.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =  
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =  
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =  
O1 - Hosts: 213.219.251.78 www.google.com
O1 - Hosts: 213.219.251.78 google.com
O1 - Hosts: 213.219.251.78 www.google.co.uk
O1 - Hosts: 213.219.251.78 google.co.uk
O1 - Hosts: 213.219.251.78 www.google.ca
O1 - Hosts: 213.219.251.78 google.ca
O1 - Hosts: 213.219.251.78 www.google.es
O1 - Hosts: 213.219.251.78 google.es
O1 - Hosts: 213.219.251.78 www.google.de
O1 - Hosts: 213.219.251.78 google.de
O1 - Hosts: 213.219.251.78 www.google.fr
O1 - Hosts: 213.219.251.78 google.fr
O1 - Hosts: 213.219.251.78 www.google.com.au
O1 - Hosts: 213.219.251.78 google.com.au
O1 - Hosts: 213.219.251.79 www.yahoo.com
O1 - Hosts: 213.219.251.79 yahoo.com
O1 - Hosts: 66.218.75.184 mail.yahoo.com
O1 - Hosts: 213.219.251.80 www.msn.com
O1 - Hosts: 213.219.251.80 msn.com
O1 - Hosts: 213.219.251.80 search.msn.com
O1 - Hosts: 213.219.251.80 www.search.msn.com
O1 - Hosts: 213.219.251.80 go.com
O1 - Hosts: 213.219.251.80 www.go.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PopupManager Class - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - E:\Program Files\Popup Manager\PopupMgr_1.0.1.5.dll
O2 - BHO: (no name) - {39D201FE-D88D-CB27-7969-58E1C7BB5F14} - C:\DOCUME~1\ADMINI~1\APPLIC~1\WEBMOV~1\MapiSafe.exe (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\program files\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MBM 5] "E:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Norton Ghost 9.0] E:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [SCANINICIO] "E:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "E:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [vsjdnmz] C:\WINDOWS\system32\dtccrh.exe r
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "E:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "E:\Program Files\Panda Platinum 2005 Internet Security\PasSrv.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "E:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [NBJ] "E:\Program Files\nero\Nero BackItUp\nbj.exe"
O4 - HKCU\..\Run: [SuperCopier.exe] E:\Program Files\SuperCopier\SuperCopier.exe
O4 - HKCU\..\Run: [AWMON] "E:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [RamBoostXp] E:\RamBoost XP\rambxpfr.exe
O4 - HKCU\..\Run: [180ClientStubInstall] "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sais.exe"
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\windows\$hf_mig$\kb887472\sp2qfe\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\windows\$hf_mig$\kb887472\sp2qfe\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O14 - IERESET.INF: START_PAGE_URL=http://freebox.free.fr/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?li [...] lcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6 [...] vSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.ya [...] 040510.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6 [...] /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 1192958964
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D11D5A4-A188-4794-B326-EB7B9A487BCC}: NameServer = 212.27.32.176,212.27.32.177
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton Ghost - Symantec Corporation - E:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Panda Antispam Server Service (PASSRV) - Unknown owner - E:\Program Files\Panda Platinum 2005 Internet Security\PaSSrv.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - E:\Program Files\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - E:\Program Files\Panda Platinum 2005 Internet Security\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - E:\Program Files\Panda Platinum 2005 Internet Security\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - E:\Program Files\Panda Platinum 2005 Internet Security\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - E:\Program Files\Panda Platinum 2005 Internet Security\pavsrv51.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - E:\Program Files\Panda Platinum 2005 Internet Security\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - E:\Program Files\Panda Platinum 2005 Internet Security\PsImSvc.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - E:\Program Files\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - E:\Program Files\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
 


---------------
Modestie et solidarité
Reply

Marsh Posté le 13-09-2005 à 11:10:26    

Alors, tu boot an mode sans échec, tu fixes ça :
 
O2 - BHO: (no name) - {39D201FE-D88D-CB27-7969-58E1C7BB5F14} - C:\DOCUME~1\ADMINI~1\APPLIC~1\WEBMOV~1\MapiSafe.exe (file missing)
O4 - HKLM\..\Run: [vsjdnmz] C:\WINDOWS\system32\dtccrh.exe r
O4 - HKCU\..\Run: [180ClientStubInstall] "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sais.exe"
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.ya [...] 040510.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab  
 
 
et tu shoot les fichiers dtccrh.exe et sais .exe
 
 
....alors ?  :)

Reply

Marsh Posté le 13-09-2005 à 13:52:26    

ouf! merci c partis ! :)


---------------
Modestie et solidarité
Reply

Marsh Posté le 13-09-2005 à 14:02:23    

De rien !  :D

Reply

Sujets relatifs:

Leave a Replay

Make sure you enter the(*)required information where indicate.HTML code is not allowed