Pub : trop c'est trop

Fermé

manucool2 Messages postés 16 Date d'inscription lundi 18 août 2008 Statut Membre Dernière intervention 24 août 2008 - 18 août 2008 à 10:41
E..T Messages postés 6087 Date d'inscription vendredi 1 février 2008 Statut Contributeur Dernière intervention 3 mars 2024 - 25 août 2008 à 23:55

Bonjour,
Bonjour,
depuis quelques temps, lorsque j'utilise IE6 ou bien Mozilla, des publicités apparaissent via l'ouverture de fenêtres supplémentaires. Ces pubs sont de plus en plus nombreuses et commencent à me taper sur les nerfs...
J'ai essayé différentes solutions pour les éliminer mais rien n'y fait (spybot...). J'utilise IE6, Norton pour le parefeu et l'antivirus et ma version est Windows XP sp2.

pour info voici le rapport hijakthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:48, on 18/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\documents and settings\propriétaire\local settings\application data\uokeyyg.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
c:\fotowin\RTETPISv.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/qfr9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.free.fr:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
N3 - Netscape 7: user_pref("browser.startup.homepage", "https://www.boursorama.com/"); (C:\Documents and Settings\PROPRIÉTAIRE\Application Data\Mozilla\Profiles\default\ic10xhhw.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_France.src"); (C:\Documents and Settings\PROPRIÉTAIRE\Application Data\Mozilla\Profiles\default\ic10xhhw.slt\prefs.js)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1006E3B9-F7C8-4cb6-AFDB-EEE844FE1259} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: (no name) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [uokeyyg] "c:\documents and settings\propriétaire\local settings\application data\uokeyyg.exe" uokeyyg
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .vcs: C:\PROGRA~1\Netscape\COMMUN~1\Program\PLUGINS\npvcal32.dll
O12 - Plugin for .wmv: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/024ab0f3e7c9b9e6ee16/netzip/RdxIE601_fr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} - http://www.pixdiscount.fr/clients/ImageUploader3.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} - http://activex.microgaming.com/DLHelper/version7/DLHelper.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_02) -
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
O16 - DPF: {E504AD79-2E1A-4EE6-814D-53DE1EEB75AF} (Canal+ Active MSWAY) - https://www.canalplus.com/canalplay/
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RTE : Partage TAPI (RTETAPIService) - RTE Software - c:\fotowin\RTETPISv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

A voir également:

Pub : trop c'est trop
Bloqueur de pub youtube - Guide
Youtube sans pub - Guide
Netflix avec pub avis - Guide
YT Siphon : une extension pour contourner la pub sur YouTube - Guide
Stop pub gratuit - Télécharger - Divers Utilitaires

29 réponses

Réponse 21 / 29

manucool2 Messages postés 16 Date d'inscription lundi 18 août 2008 Statut Membre Dernière intervention 24 août 2008
22 août 2008 à 21:12

le voici ...

ComboFix 08-08-21.02 - Propriétaire 2008-08-22 20:50:40.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.250 [GMT 2:00]
Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Downloaded Program Files\Temp
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\system32\MSINET.oca
D:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-22 to 2008-08-22 ))))))))))))))))))))))))))))))))))))
.

2008-08-22 20:27 . 2008-08-22 20:27 <REP> d-------- C:\Program Files\Téléchargement PHOTOWAYS
2008-08-22 14:22 . 2008-08-22 14:22 <REP> d-------- C:\WINDOWS\LastGood
2008-08-20 21:08 . 2008-08-20 21:11 <REP> d-------- C:\Lop SD
2008-08-19 12:26 . 2008-08-19 12:26 164 --a------ C:\install.dat
2008-08-18 13:01 . 2008-08-18 13:01 <REP> d-------- C:\Program Files\MSXML 4.0
2008-08-18 10:51 . 2008-08-18 10:51 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-18 10:51 . 2008-08-18 10:51 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Malwarebytes
2008-08-18 10:51 . 2008-08-18 10:51 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Malwarebytes
2008-08-18 10:51 . 2008-08-18 10:51 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Malwarebytes
2008-08-18 10:51 . 2008-08-18 10:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-18 10:51 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-18 10:51 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-16 08:21 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-16 08:20 . 2008-04-11 20:51 683,520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-16 08:20 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-15 09:45 . 2006-06-02 21:32 33,792 -----c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-08-15 09:41 . 2008-08-15 09:42 <REP> d-------- C:\71332eb2285d5109bfcb
2008-08-14 13:29 . 2008-08-14 13:29 <REP> d-------- C:\WINDOWS\provisioning
2008-08-14 13:27 . 2008-08-14 13:27 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-08-14 13:19 . 2008-08-14 13:19 <REP> d-------- C:\WINDOWS\EHome
2008-08-08 23:07 . 2008-08-18 10:34 <REP> d-------- C:\Program Files\Spyware Terminator
2008-08-08 23:07 . 2008-08-18 10:34 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Spyware Terminator
2008-08-08 23:07 . 2008-08-18 10:34 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Spyware Terminator
2008-08-08 23:07 . 2008-08-18 10:34 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Spyware Terminator
2008-08-08 23:07 . 2008-08-12 23:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-08-08 23:07 . 2008-08-08 23:07 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-08-08 23:02 . 2008-08-08 23:02 <REP> d-------- C:\Program Files\ToniArts
2008-08-07 21:59 . 2008-08-07 21:59 <REP> d-------- C:\Program Files\Candleworks
2008-08-04 20:28 . 2008-08-08 08:16 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\U3
2008-08-04 20:28 . 2008-08-08 08:16 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\U3
2008-08-04 20:28 . 2008-08-08 08:16 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\U3
2008-08-02 21:42 . 2004-08-04 07:41 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2008-08-02 21:39 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-22 18:28 --------- d---a-w C:\Program Files\Fichiers communs\Symantec Shared
2008-08-21 18:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-20 18:22 --------- d-----w C:\Program Files\Navilog1
2008-08-19 11:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-19 10:29 82,432 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-08-19 10:29 2,022,912 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-08-18 10:57 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-13 21:48 2,008,064 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-08-13 21:48 13,312 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-08-13 21:45 2,008,064 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-08-13 21:45 13,312 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-08-13 21:41 2,777,600 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-08-13 21:41 2,008,064 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-08-08 21:04 --------- d---a-w C:\Program Files\Norton AntiVirus
2008-08-08 21:04 --------- d-----w C:\Program Files\emule
2008-08-08 21:04 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Calendrier Xtra
2008-08-08 21:04 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Calendrier Xtra
2008-08-08 21:04 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Calendrier Xtra
2008-08-08 21:04 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Azureus
2008-08-08 21:04 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Azureus
2008-08-08 21:04 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Azureus
2008-08-04 19:09 --------- d-----w C:\Program Files\Mindscape
2008-07-18 20:56 70,088 -c--a-w C:\Documents and Settings\Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
2008-07-18 20:56 70,088 -c--a-w C:\Documents and Settings\Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
2008-07-18 20:56 70,088 -c--a-w C:\Documents and Settings\Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 19:13 --------- d---a-w C:\Program Files\Java
2008-07-16 21:01 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\ZipGenius
2008-07-16 21:01 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\ZipGenius
2008-07-16 21:01 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\ZipGenius
2008-07-16 17:47 --------- d-----w C:\Program Files\Fnac
2008-07-16 17:46 --------- d-----w C:\Program Files\Yahoo!
2008-07-16 17:36 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\NewsLeecher
2008-07-16 17:36 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\NewsLeecher
2008-07-16 17:36 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\NewsLeecher
2008-07-13 14:00 91,744 -c--a-w C:\WINDOWS\BPMNT.dll
2008-07-13 14:00 71,749 -c--a-w C:\WINDOWS\HCExtOutput.dll
2008-07-13 14:00 69,689 -c--a-w C:\WINDOWS\UNZIP.DLL
2008-07-13 14:00 507,904 -c--a-w C:\WINDOWS\TMUPDATE.DLL
2008-07-13 14:00 333,576 -c--a-w C:\WINDOWS\tsc.exe
2008-07-13 14:00 286,720 -c--a-w C:\WINDOWS\PATCH.EXE
2008-07-13 14:00 1,213,784 -c--a-w C:\WINDOWS\vsapi32.dll
2008-07-12 18:59 --------- d-----w C:\Program Files\Common Files
2008-07-12 18:45 --------- d-----w C:\Program Files\CCleaner
2008-07-12 18:43 --------- d-----w C:\Program Files\Trend Micro
2008-07-09 19:02 --------- d-----w C:\Program Files\PagesConso Toolbar
2008-07-09 19:02 --------- d-----w C:\Program Files\mp3
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-03 20:49 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Grisoft
2008-07-03 20:49 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Grisoft
2008-07-03 20:49 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Grisoft
2008-07-03 20:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-07-03 20:19 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\gtk-2.0
2008-07-03 20:19 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\gtk-2.0
2008-07-03 20:19 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\gtk-2.0
2008-07-03 20:02 --------- d-----w C:\Program Files\Inkscape
2008-07-03 19:52 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Inkscape
2008-07-03 19:52 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Inkscape
2008-07-03 19:52 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Inkscape
2008-07-03 19:45 --------- d-----w C:\Program Files\PDF Editor Objects 2
2008-07-03 19:41 74,752 ----a-w C:\WINDOWS\cadkasdeinst01e.exe
2008-07-03 18:12 --------- d---a-w C:\Program Files\Fichiers communs\Adobe
2008-06-30 12:09 --------- d-----w C:\Program Files\DM Softwares
2008-06-30 11:22 --------- d-----w C:\Program Files\RegCleaner
2008-06-30 11:16 165 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-06-30 09:10 --------- d-----w C:\Program Files\Executive Software
2008-06-30 08:42 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Emjysoft
2008-06-30 08:42 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Emjysoft
2008-06-30 08:42 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Emjysoft
2008-06-28 20:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2008-06-27 20:44 364,565 ----a-w C:\Documents and Settings\Propriétaire\Application Data\mdbu.bin
2008-06-27 20:44 364,565 ----a-w C:\Documents and Settings\Propriétaire\Application Data\mdbu.bin
2008-06-27 20:44 364,565 ----a-w C:\Documents and Settings\Propriétaire\Application Data\mdbu.bin
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2004-08-19 21:05 61 -csh--w C:\WINDOWS\cnerolf.dat
2005-01-14 19:21 21 -csh--w C:\WINDOWS\dpwtddxp.dll
2005-01-01 21:55 14 -csh--w C:\WINDOWS\dpwtpdxp.dll
2004-01-25 18:23 32 -csha-w C:\WINDOWS\{4D6F5508-DFB8-4576-92BC-B7D3B891AB89}.dat
2003-01-01 19:32 32 -csha-w C:\WINDOWS\{5D266292-3C9C-4B24-908F-60F0EABB3CA7}.dat
2005-01-01 21:55 21 -csh--w C:\WINDOWS\system32\dpwtdaxp.dll
2005-01-01 21:55 14 -csh--w C:\WINDOWS\system32\dpwtpaxp.dll
2005-03-28 09:22 10,022 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
2005-01-14 19:21 12 -csh--w C:\WINDOWS\system32\spwtpaxp.dll
2003-01-01 19:32 32 --sha-w C:\WINDOWS\system32\{341822E4-5E56-41AA-9824-4CA7B1C80AA1}.dat
2004-01-25 18:23 32 -csha-w C:\WINDOWS\system32\{3D1DEF9E-123D-4CB3-B553-194218865DFF}.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"NVIEW"="nview.dll" [2003-05-03 07:19 835654 C:\WINDOWS\system32\nview.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-03 07:19 4640768]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-12 04:02 61440]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 00:04 52736]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 15:07 114688]
"ccRegVfy"="c:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe" [2003-07-15 14:42 60344]
"ccApp"="c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2003-07-15 14:36 54512]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-19 22:10 335872]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2004-09-22 21:22 714000]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-14 19:42 155648]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-05 08:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-04 04:35 50176 C:\WINDOWS\ALCXMNTR.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2004-08-24 12:22 263280]
"Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [2004-10-29 09:52 218232]

C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 15:11:14 27136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"VIDC.NTN1"= NUVision.ax

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 8.0 Icône AOL.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL 8.0 Icône AOL.lnk
backup=C:\WINDOWS\pss\AOL 8.0 Icône AOL.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Gestionnaire de APM.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Gestionnaire de APM.lnk
backup=C:\WINDOWS\pss\Gestionnaire de APM.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Gestionnaire de lancement d'application fax.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Gestionnaire de lancement d'application fax.lnk
backup=C:\WINDOWS\pss\Gestionnaire de lancement d'application fax.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinScheduler.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\InterVideo WinScheduler.lnk
backup=C:\WINDOWS\pss\InterVideo WinScheduler.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkvMon.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NkvMon.exe.lnk
backup=C:\WINDOWS\pss\NkvMon.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^PyGrenouille.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\PyGrenouille.lnk
backup=C:\WINDOWS\pss\PyGrenouille.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^ubisoft register.lnk]
path=C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\ubisoft register.lnk
backup=C:\WINDOWS\pss\ubisoft register.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-11 11:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsWnd]
--------- 2007-07-31 20:37 815104 C:\Program Files\Brownie\BrStsWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cld2000.exe]
--a------ 2007-10-03 17:22 3080704 C:\Program Files\Calendrier\Cld2000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Grenouille]
--a------ 2001-06-10 11:32 557056 C:\Program Files\Grenouille.com\Grenouille\Grenouil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mozilla Quick Launch]
--a------ 2003-02-08 10:50 481264 C:\Program Files\Netscape\Netscape\Netscp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-08-20 01:09 1667584 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2006-07-29 20:34 5354792 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-14 19:42 155648 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2002-09-14 05:42 212992 C:\WINDOWS\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
--a------ 2003-02-13 16:01 155648 C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
--a------ 2005-01-05 14:57 95456 C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2003-05-03 07:19 323584 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
--a--c--- 2003-05-08 08:32 36864 C:\WINDOWS\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"G6FTPServer"=2 (0x2)
"XCOMM"=2 (0x2)
"bdss"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 RTETAPIService;RTE : Partage TAPI;c:\fotowin\RTETPISv.exe [2000-05-25 20:23]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 07:58]
S1 tvtool;tvtool;C:\Program Files\TVTool 9.6.1\tvtool.sys []
S2 FILESpy;FILESpy;C:\Program Files\Softwin\BitDefender Professional Edition\filespy.sys []
S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 12:35]
S3 NUVision;NUVision II Video Service;C:\WINDOWS\system32\DRIVERS\nuvvid2.sys [2001-10-28 23:34]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
S4 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2006-04-11 21:19]

*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

2008-08-22 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2004-08-24 12:22]
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - (no file)
MSConfigStartUp-AltnetPointsManager - c:\program files\altnet\points manager\points manager.exe
MSConfigStartUp-avgnt - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
MSConfigStartUp-BDNewsAgent - C:\Program Files\Softwin\BitDefender Professional Edition\bdnagent.exe
MSConfigStartUp-ChrisTV Agent - C:\TV2\ChrisTV_Agent.exe
MSConfigStartUp-DAEMON Tools-1033 - C:\D-Tools\daemon.exe
MSConfigStartUp-fnacVOD - C:\Program Files\fnacVOD\fnacVOD.exe
MSConfigStartUp-KAZAA - C:\Program Files\Kazaa\kazaa.exe
MSConfigStartUp-NetAppel - C:\Program Files\NetAppel\NetAppel.exe
MSConfigStartUp-New - C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL
MSConfigStartUp-P2P Networking - C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
MSConfigStartUp-RealTray - C:\Program Files\Real\RealPlayer\RealPlay.exe
MSConfigStartUp-Skype - C:\Skype\Phone\Skype.exe
MSConfigStartUp-Snappy Fax - C:\Program Files\Snappy Fax Version 4\sf4.exe
MSConfigStartUp-TkBellExe - C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
MSConfigStartUp-TomTomHOME - C:\Program Files\TomTom HOME 2\HOMERunner.exe
MSConfigStartUp-WinampAgent - C:\Program Files\Winamp\winampa.exe
MSConfigStartUp-WINSOS VERIFY - C:\Program Files\Winsos\WINSOS.EXE

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\yeyytcji.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/
FF -: plugin - C:\PROGRA~1\Netscape\COMMUN~1\Program\Plugins\npaudio.dll
FF -: plugin - C:\PROGRA~1\Netscape\COMMUN~1\Program\Plugins\npavi32.dll
FF -: plugin - C:\PROGRA~1\Netscape\COMMUN~1\Program\Plugins\NPBeatSP.dll
FF -: plugin - C:\PROGRA~1\Netscape\COMMUN~1\Program\Plugins\npdrmv2.dll
FF -: plugin - C:\PROGRA~1\Netscape\COMMUN~1\Program\Plugins\npdsplay.dll
FF -: plugin - C:\PROGRA~1\Netscape\COMMUN~1\Program\Plugins\NPJava11.dll
FF -: plugin - C:\PROGRA~1\Netscape\COMMUN~1\Program\Plugins\NPJava12.dll
FF -: plugin - C:\PROGRA~1\Netscape\COMMUN~1\Program\Plugins\NPJava13.dll
FF -: plugin - C:\PROGRA~1\Netscape\COMMUN~1\Program\Plugins\NPJava32.dll
FF -: plugin - C:\PROGRA~1\Netscape\COMMUN~1\Program\Plugins\NPJPI141_02.dll
FF -: plugin - C:\PROGRA~1\Netscape\COMMUN~1\Program\Plugins\NPMetaStream3.dll
FF -: plugin - C:\PROGRA~1\Netscape\COMMUN~1\Program\Plugins\npnul32.dll
FF -: plugin - C:\PROGRA~1\Netscape\COMMUN~1\Program\Plugins\NPOJI610.dll
FF -: plugin - C:\PROGRA~1\Netscape\COMMUN~1\Program\Plugins\nppdf32.dll
FF -: plugin - C:\PROGRA~1\Netscape\COMMUN~1\Program\Plugins\npqtplugin.dll
FF -: plugin - C:\PROGRA~1\Netscape\COMMUN~1\Program\Plugins\npqtplugin2.dll
FF -: plugin - C:\PROGRA~1\Netscape\COMMUN~1\Program\Plugins\npqtplugin3.dll
FF -: plugin - C:\PROGRA~1\Netscape\COMMUN~1\Program\Plugins\npqtplugin4.dll
FF -: plugin - C:\PROGRA~1\Netscape\COMMUN~1\Program\Plugins\npqtplugin5.dll
FF -: plugin - C:\PROGRA~1\Netscape\COMMUN~1\Program\Plugins\npqtplugin6.dll
FF -: plugin - C:\PROGRA~1\Netscape\COMMUN~1\Program\Plugins\npqtplugin7.dll
FF -: plugin - C:\PROGRA~1\Netscape\COMMUN~1\Program\Plugins\NPSVG3.dll
FF -: plugin - C:\PROGRA~1\Netscape\COMMUN~1\Program\Plugins\NPSWF32.dll
FF -: plugin - C:\PROGRA~1\Netscape\COMMUN~1\Program\Plugins\npvcal32.dll
FF -: plugin - C:\PROGRA~1\Netscape\COMMUN~1\Program\Plugins\npwmsdrm.dll
FF -: plugin - C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll
FF -: plugin - C:\Program Files\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPNd2fn.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-22 20:54:05
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\sockspy.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\sockspy.dll
.
Temps d'accomplissement: 2008-08-22 20:56:35
ComboFix-quarantined-files.txt 2008-08-22 18:56:04

Pre-Run: 17,934,839,808 octets libres
Post-Run: 17,937,108,992 octets libres

346 --- E O F --- 2008-08-18 11:05:50

Réponse 22 / 29

E..T Messages postés 6087 Date d'inscription vendredi 1 février 2008 Statut Contributeur Dernière intervention 3 mars 2024 426
22 août 2008 à 22:12

Bonsoir,
Poste un rapport hijackthis.
++

Réponse 23 / 29

manucool2 Messages postés 16 Date d'inscription lundi 18 août 2008 Statut Membre Dernière intervention 24 août 2008
22 août 2008 à 22:32

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:32, on 2008-08-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
c:\fotowin\RTETPISv.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/qfr9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.free.fr:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
N3 - Netscape 7: user_pref("browser.startup.homepage", "https://www.boursorama.com/"); (C:\Documents and Settings\PROPRIÉTAIRE\Application Data\Mozilla\Profiles\default\ic10xhhw.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_France.src"); (C:\Documents and Settings\PROPRIÉTAIRE\Application Data\Mozilla\Profiles\default\ic10xhhw.slt\prefs.js)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .vcs: C:\PROGRA~1\Netscape\COMMUN~1\Program\PLUGINS\npvcal32.dll
O12 - Plugin for .wmv: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/024ab0f3e7c9b9e6ee16/netzip/RdxIE601_fr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} - http://www.pixdiscount.fr/clients/ImageUploader3.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RTE : Partage TAPI (RTETAPIService) - RTE Software - c:\fotowin\RTETPISv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Réponse 24 / 29

varfendell Messages postés 3256 Date d'inscription jeudi 27 décembre 2007 Statut Membre Dernière intervention 8 février 2020 703
22 août 2008 à 23:30

et bien ton rapport est clean, tu ne devrait plus avoir de problemes ^^

nettoie un petit coup ton ordi et c'est bon:

télécharge ccleaner (tutoriel ici par VIRUS_KILLER ou en voici un autre)
passe un bon coup de balais sur ton ordi:
-effectue plusieurs fois le nettoyage avec le nettoyeur
-idem avec la fonction registre
-supprime les programmes au démarrage qui sont inutile.

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 25 / 29

E..T Messages postés 6087 Date d'inscription vendredi 1 février 2008 Statut Contributeur Dernière intervention 3 mars 2024 426
23 août 2008 à 00:18

Bonsoir,

Connais tu ceci >> c:\fotowin\RTETPISv.exe ??

Met à jour internet explorer
>> https://support.microsoft.com/fr-fr/allproducts
Pourquoi le laisser à jour >> [https://forum.malekal.com/viewtopic.php?f=45&t=12405&p=95936#p95936 ICI

Vérifie JAVA >> ICI c'est une chose importante aussi.
Installe la dernière version de adobe >> Ici

Une foi que les nouvelles versions sont installées virent les anciennes.

Ensuite tu vas fixer ces lignes avec hijackthis, comme suit
Tu réouvres hijack
Tu refais un scan en choisissant >> Do a system scan and loge and file
Et après tu verras une option Fix checked coche la ligne et valides. Seulement celles la.

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/024ab0f3e7c9b9e6ee16/netzip/RdxIE601_fr.cab

Redémarre un coup ton pc et dis nous comment il se comporte ?

Et poste un dernier rapport hijackthis.

@++

Réponse 26 / 29

manucool2 Messages postés 16 Date d'inscription lundi 18 août 2008 Statut Membre Dernière intervention 24 août 2008
23 août 2008 à 16:28

RAS

voici le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:26, on 2008-08-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
c:\fotowin\RTETPISv.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qfr9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.free.fr:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
N3 - Netscape 7: user_pref("browser.startup.homepage", "https://www.boursorama.com/"); (C:\Documents and Settings\PROPRIÉTAIRE\Application Data\Mozilla\Profiles\default\ic10xhhw.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_France.src"); (C:\Documents and Settings\PROPRIÉTAIRE\Application Data\Mozilla\Profiles\default\ic10xhhw.slt\prefs.js)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .vcs: C:\PROGRA~1\Netscape\COMMUN~1\Program\PLUGINS\npvcal32.dll
O12 - Plugin for .wmv: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} - http://www.pixdiscount.fr/clients/ImageUploader3.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RTE : Partage TAPI (RTETAPIService) - RTE Software - c:\fotowin\RTETPISv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Réponse 27 / 29

E..T Messages postés 6087 Date d'inscription vendredi 1 février 2008 Statut Contributeur Dernière intervention 3 mars 2024 426
24 août 2008 à 10:53

Bonjour

Message25 >> Connais tu ceci >> c:\fotowin\RTETPISv.exe ??

Met à jour internet explorer
>> https://support.microsoft.com/fr-fr/allproducts
Pourquoi le laisser à jour >> ICI

Vérifie JAVA >> ICI c'est une chose importante aussi.
Installe la dernière version de adobe >> Ici

Une foi que les nouvelles versions sont installées virent les anciennes.

Tu ne l'as pas fait ? pourquoi ? Il faut le faire c'est important!

+++

Réponse 28 / 29

Utilisateur anonyme
24 août 2008 à 11:05

Salut ,
De passage ,

Dans le rapport Combofix :


2004-08-19 21:05 61 -csh--w C:\WINDOWS\cnerolf.dat
2005-01-14 19:21 21 -csh--w C:\WINDOWS\dpwtddxp.dll
2005-01-01 21:55 14 -csh--w C:\WINDOWS\dpwtpdxp.dll
2004-01-25 18:23 32 -csha-w C:\WINDOWS\{4D6F5508-DFB8-4576-92BC-B7D3B891AB89}.dat
2003-01-01 19:32 32 -csha-w C:\WINDOWS\{5D266292-3C9C-4B24-908F-60F0EABB3CA7}.dat
2005-01-01 21:55 21 -csh--w C:\WINDOWS\system32\dpwtdaxp.dll
2005-01-01 21:55 14 -csh--w C:\WINDOWS\system32\dpwtpaxp.dll
2005-01-14 19:21 12 -csh--w C:\WINDOWS\system32\spwtpaxp.dll
2003-01-01 19:32 32 --sha-w C:\WINDOWS\system32\{341822E4-5E56-41AA-9824-4CA7B1C80AA1}.dat
2004-01-25 18:23 32 -csha-w C:\WINDOWS\system32\{3D1DEF9E-123D-4CB3-B553-194218865DFF}.dat

Faudrait s'y intéresser.

++

Réponse 29 / 29

E..T Messages postés 6087 Date d'inscription vendredi 1 février 2008 Statut Contributeur Dernière intervention 3 mars 2024 426
25 août 2008 à 23:55

Bonsoir

Analyses ces fichiers sur Virus total :
https://www.virustotal.com/gui/

C:\WINDOWS\cnerolf.dat
C:\WINDOWS\dpwtddxp.dll
C:\WINDOWS\dpwtpdxp.dll
C:\WINDOWS\{4D6F5508-DFB8-4576-92BC-B7D3B891AB89}.dat
C:\WINDOWS\{5D266292-3C9C-4B24-908F-60F0EABB3CA7}.dat
C:\WINDOWS\system32\dpwtdaxp.dll
C:\WINDOWS\system32\dpwtpaxp.dll
C:\WINDOWS\system32\spwtpaxp.dll
C:\WINDOWS\system32\{341822E4-5E56-41AA-9824-4CA7B1C80AA1}.dat
C:\WINDOWS\system32\{3D1DEF9E-123D-4CB3-B553-194218865DFF}.dat

Envoi les rapports.

++

Discussions similaires

Cherche chanteur et titre chanson pub kinder noel 2023

Ouvrir un fichier .pub sans Publisher

Recherche nom acteur Pub

retrouver un spot publicitaire radio ?

Discussions similaires

Newsletters