neopaulo

Alors j'ai bien suivi toutes les étapes et voici le contenu du fichier "log.txt" : (j'ai envoyé le fichier compressé comme demandé) ComboFix 09-02-21.01 - Karine et Paulo 2009-02-22 19:58:29.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2046.1536 [GMT 1:00] Lancé depuis: c:\internet\ComboFix.exe Commutateurs utilisés :: e:\documents and settings\Karine et Paulo\Bureau\CFScript.txt AV: avast! antivirus 4.8.1296 [VPS 090221-0] *On-access scanning enabled* (Updated) * Un nouveau point de restauration a été créé FILE :: e:\windows\nsreg.dat e:\windows\pop.htm e:\windows\system32\drivers\MTictwl.sys e:\windows\system32\ezsidmv.dat . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . e:\windows\nsreg.dat e:\windows\pop.htm e:\windows\system32\drivers\MTictwl.sys e:\windows\system32\ezsidmv.dat e:\windows\system32\jwtch32.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-22 au 2009-02-22 )))))))))))))))))))))))))))))))))))) . 2009-02-22 19:46 . 2009-02-22 19:46 <REP> d-------- E:\rsit 2009-02-22 19:04 . 2009-02-22 19:23 <REP> d-------- e:\program files\FindyKill 2009-02-22 18:22 . 2009-02-22 18:22 <REP> d-------- e:\documents and settings\Karine et Paulo\Application Data\Malwarebytes 2009-02-22 18:22 . 2009-02-22 18:22 <REP> d-------- e:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes 2009-02-22 18:22 . 2009-02-11 10:19 38,496 --a------ e:\windows\system32\drivers\mbamswissarmy.sys 2009-02-22 18:22 . 2009-02-11 10:19 15,504 --a------ e:\windows\system32\drivers\mbam.sys 2009-02-22 10:45 . 2009-02-22 19:01 <REP> d-------- e:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2009-02-18 11:09 . 2009-02-20 16:53 <REP> d-------- e:\documents and settings\All Users.WINDOWS\Application Data\TrackMania 2009-02-16 20:29 . 2008-10-10 04:52 4,379,984 --a------ e:\windows\system32\D3DX9_40.dll 2009-02-16 20:29 . 2008-10-27 10:04 514,384 --a------ e:\windows\system32\XAudio2_3.dll 2009-02-16 20:29 . 2008-10-27 10:04 70,992 --a------ e:\windows\system32\XAPOFX1_2.dll 2009-02-16 20:29 . 2008-10-27 10:04 23,376 --a------ e:\windows\system32\X3DAudio1_5.dll 2009-02-16 19:39 . 2009-02-16 19:39 <REP> d-------- e:\program files\Bonjour 2009-02-16 15:27 . 2009-02-16 15:27 <REP> d-------- e:\documents and settings\All Users.WINDOWS\Application Data\GameHouse 2009-02-15 13:29 . 2009-02-20 14:59 <REP> d-------- e:\documents and settings\Karine et Paulo\Application Data\PlayFirst 2009-02-15 13:29 . 2009-02-20 14:59 <REP> d-------- e:\documents and settings\All Users.WINDOWS\Application Data\PlayFirst 2009-02-10 20:11 . 2009-02-10 20:11 <REP> d-------- e:\windows\system32\Praxisoft 2009-02-10 20:11 . 2009-02-10 20:11 <REP> d-------- e:\program files\Praxisoft 2009-02-10 20:10 . 2009-02-10 20:10 <REP> d-------- e:\documents and settings\Karine et Paulo\WINDOWS 2009-02-10 20:10 . 1997-11-19 15:49 303,616 --a------ e:\windows\IsUninst.exe 2009-02-09 20:29 . 2003-02-24 16:20 827,392 -ra------ e:\windows\system32\Flash.ocx 2009-02-09 20:27 . 2009-02-09 20:27 <REP> d-------- e:\documents and settings\Karine et Paulo\Application Data\InstallShield 2009-02-08 12:14 . 2009-02-08 17:12 <REP> d-------- e:\documents and settings\Karine et Paulo\Application Data\Notepad++ 2009-02-08 11:59 . 2009-02-08 12:06 <REP> d-------- e:\program files\Vuze 2009-02-08 11:48 . 2009-02-08 11:48 <REP> d--h----- e:\windows\PIF 2009-02-07 17:09 . 2009-02-07 17:09 <REP> d-------- e:\documents and settings\Karine et Paulo\Application Data\Thunderbird 2009-02-06 22:33 . 2009-02-22 16:57 <REP> d-------- e:\documents and settings\Karine et Paulo\Application Data\FileZilla 2009-01-29 10:55 . 2009-02-07 00:22 <REP> d-------- e:\documents and settings\Karine et Paulo\Application Data\VSO 2009-01-29 09:14 . 2009-01-29 09:14 385 --a------ e:\windows\ODBC.INI 2009-01-25 19:37 . 2009-02-22 18:40 <REP> d-------- e:\documents and settings\Karine et Paulo\Application Data\skypePM 2009-01-25 19:37 . 2009-01-25 19:37 <REP> d-------- e:\documents and settings\All Users.WINDOWS\Application Data\Skype 2009-01-25 00:46 . 2009-01-25 00:46 <REP> d-------- e:\documents and settings\Karine et Paulo\Application Data\Talkback . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-22 17:40 --------- d-----w e:\documents and settings\Karine et Paulo\Application Data\Skype 2009-02-22 09:54 --------- d-----w e:\documents and settings\Karine et Paulo\Application Data\Azureus 2009-02-20 15:35 --------- d-----w e:\program files\Zylom Games 2009-02-20 13:59 --------- d-----w e:\documents and settings\Karine et Paulo\Application Data\Zylom 2009-02-11 22:31 --------- d-----w e:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help 2009-02-09 19:29 --------- d--h--w e:\program files\InstallShield Installation Information 2009-01-30 19:58 --------- d-----w e:\documents and settings\Karine et Paulo\Application Data\dvdcss 2009-01-30 19:17 --------- d-----w e:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer 2009-01-29 21:00 --------- d-----w e:\program files\Microsoft Works 2009-01-29 11:24 --------- d-----w e:\documents and settings\Karine et Paulo\Application Data\Apple Computer 2009-01-29 09:41 --------- d-----w e:\documents and settings\Karine et Paulo\Application Data\Ahead 2009-01-25 18:37 --------- d-----w e:\program files\Fichiers communs\Skype 2009-01-17 19:01 --------- d-----w e:\program files\iPod 2009-01-17 19:01 --------- d-----w e:\program files\Fichiers communs\Apple 2009-01-17 19:01 --------- d-----w e:\documents and settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2009-01-17 18:29 --------- d-----w e:\program files\QuickTime 2009-01-17 18:28 --------- d-----w e:\program files\Apple Software Update 2009-01-17 18:28 --------- d-----w e:\documents and settings\All Users.WINDOWS\Application Data\Apple 2009-01-04 15:42 --------- d-----w e:\documents and settings\All Users.WINDOWS\Application Data\Fugazo 2009-01-04 14:08 --------- d-----w e:\program files\Fichiers communs\Ahead 2009-01-04 13:48 --------- d-----w e:\program files\Fichiers communs\Adobe 2009-01-04 13:19 --------- d-----w e:\documents and settings\All Users.WINDOWS\Application Data\NOS 2009-01-04 12:52 --------- d-----w e:\documents and settings\All Users.WINDOWS\Application Data\Diskeeper Corporation 2009-01-04 12:44 --------- d-----w e:\documents and settings\All Users.WINDOWS\Application Data\Azureus 2009-01-04 11:41 --------- d-----w e:\documents and settings\All Users.WINDOWS\Application Data\ma-config.com 2009-01-04 11:31 --------- d-----w e:\documents and settings\Karine et Paulo\Application Data\vlc 2009-01-04 11:25 --------- d-----w e:\documents and settings\All Users.WINDOWS\Application Data\Zylom 2009-01-04 11:09 --------- d-----w e:\documents and settings\Karine et Paulo\Application Data\ImgBurn 2009-01-04 11:08 --------- d-----w e:\program files\Windows Media Connect 2 2009-01-04 10:55 --------- dcsh--w e:\program files\Fichiers communs\WindowsLiveInstaller 2009-01-04 10:53 --------- d-----w e:\documents and settings\All Users.WINDOWS\Application Data\WLInstaller 2009-01-04 10:30 --------- d-----w e:\program files\Fichiers communs\Wise Installation Wizard 2009-01-04 10:30 --------- d-----w e:\program files\AGEIA Technologies 2009-01-03 21:55 --------- d-----w e:\program files\Realtek 2009-01-03 21:14 --------- d-----w e:\program files\Services en ligne 2008-03-04 18:59 0 ----a-w e:\program files\temp01 . ((((((((((((((((((((((((((((( SnapShot@2009-02-22_18.53.47,25 ))))))))))))))))))))))))))))))))))))))))) . - 2009-01-23 15:49:38 63,188 ----a-w e:\windows\system32\perfc009.dat + 2009-02-22 18:24:09 63,188 ----a-w e:\windows\system32\perfc009.dat - 2009-01-23 15:49:38 76,144 ----a-w e:\windows\system32\perfc00C.dat + 2009-02-22 18:24:09 76,144 ----a-w e:\windows\system32\perfc00C.dat - 2009-01-23 15:49:38 403,968 ----a-w e:\windows\system32\perfh009.dat + 2009-02-22 18:24:09 403,968 ----a-w e:\windows\system32\perfh009.dat - 2009-01-23 15:49:38 470,828 ----a-w e:\windows\system32\perfh00C.dat + 2009-02-22 18:24:09 470,828 ----a-w e:\windows\system32\perfh00C.dat + 2009-02-22 19:00:47 16,384 ----atw e:\windows\Temp\Perflib_Perfdata_28c.dat + 2009-02-22 19:00:40 16,384 ----atw e:\windows\Temp\Perflib_Perfdata_3c0.dat + 2009-02-22 19:00:31 16,384 ----atw e:\windows\Temp\Perflib_Perfdata_604.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="e:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "ctfmon.exe"="e:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Skype"="e:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320] "Steam"="d:\steam\Steam.exe" [2009-02-16 1410296] "SpybotSD TeaTimer"="d:\spybot - search & destroy\TeaTimer.exe" [2009-01-26 2144088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="d:\avast4\ashDisp.exe" [2008-11-26 81000] "NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2008-09-17 13574144] "SunJavaUpdateSched"="e:\program files\Java\jre6\bin\jusched.exe" [2009-01-04 136600] "NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2008-09-17 86016] "Adobe Reader Speed Launcher"="d:\adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "NeroFilterCheck"="e:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "JMB36X IDE Setup"="e:\windows\JM\JMInsIDE.exe" [2006-10-30 36864] "JMB36X Configure"="e:\windows\system32\JMRaidSetup.exe" [2006-10-30 1953792] "QuickTime Task"="e:\program files\QuickTime\qttask.exe" [2008-11-04 413696] "iTunesHelper"="d:\itunes\iTunesHelper.exe" [2008-11-20 290088] "MultiScreen"="d:\multiscreen\MultiScreen.exe" [2008-02-22 114688] "RTHDCPL"="RTHDCPL.EXE" [2006-11-15 e:\windows\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-17 e:\windows\SkyTel.exe] "nwiz"="nwiz.exe" [2008-09-17 e:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="e:\windows\System32\CTFMON.EXE" [2008-04-14 15360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "e:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "e:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "d:\\HomePlayer\\HomePlayer.exe"= "d:\\HomePlayer\\VLC\\vlc.exe"= "d:\\eMule\\emule.exe"= "d:\\Azureus\\Azureus.exe"= "d:\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "d:\\iTunes\\iTunes.exe"= "e:\\WINDOWS\\system32\\MPSMC_01.EXE"= "d:\\FileZilla\\FileZilla.exe"= "e:\\Program Files\\Vuze\\Azureus.exe"= "d:\\MagicTune Premium\\MagicTune.exe"= "e:\\Program Files\\Bonjour\\mDNSResponder.exe"= "j:\\Paulo\\TmNationsForever\\TmForever.exe"= "e:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 aswSP;avast! Self Protection;e:\windows\system32\drivers\aswSP.sys [2009-01-03 111184] R2 aswFsBlk;aswFsBlk;e:\windows\system32\drivers\aswFsBlk.sys [2009-01-04 20560] S3 getPlus® Helper;getPlus® Helper;e:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-09-22 33752] S3 maconfservice;Ma-Config Service;d:\ma-config.com\maconfservice.exe [2008-12-19 195752] . Contenu du dossier 'Tâches planifiées' 2009-02-16 e:\windows\Tasks\AppleSoftwareUpdate.job - e:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . - - - - ORPHELINS SUPPRIMES - - - - HKLM-Run-Microsoft netswitch - e:\windows\system32\jwtch32.exe . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uInternet Settings,ProxyOverride = *.local IE: E&xporter vers Microsoft Excel - d:\micros~1\Office12\EXCEL.EXE/3000 DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_1_0_4.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-22 20:00:58 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*] "C040710900063D11C8EF10054038389C"="E?\\WINDOWS\\system32\\FM20ENU.DLL" . ------------------------ Autres processus actifs ------------------------ . d:\avast4\aswUpdSv.exe d:\avast4\ashServ.exe e:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe e:\program files\Bonjour\mDNSResponder.exe d:\diskeeper\DkService.exe e:\program files\Java\jre6\bin\jqs.exe d:\magictune premium\MagicTuneEngine.exe e:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe e:\windows\system32\nvsvc32.exe e:\windows\system32\rundll32.exe d:\avast4\ashMaiSv.exe d:\avast4\ashWebSv.exe d:\yz_dck0083_full_fr\YzDock.exe e:\program files\iPod\bin\iPodService.exe e:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Heure de fin: 2009-02-22 20:05:56 - La machine a redémarré ComboFix-quarantined-files.txt 2009-02-22 19:05:54 ComboFix2.txt 2009-02-22 18:55:34 ComboFix3.txt 2009-02-22 17:54:27 Avant-CF: 15 218 159 616 octets libres Après-CF: 15,204,831,232 octets libres Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4 215 --- E O F --- 2009-02-11 22:32:16 Désolé mais je n'ai pas le fichier jwtch32.exe dans /windows/system32... En revanche il doit être présent dans l'archive que j'ai envoyée sur les conseils de pear.

Bonjour, J'ai télécharger le logiciel, installé la console de microsoft, puis laissé faire le logiciel tout seul... Pour l'instant les pop-up s'ouvrent toujours ( et aussi souvent......). voici le rapport qui est apparu à la fin : ComboFix 09-02-21.01 - Karine et Paulo 2009-02-22 18:52:24.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2046.1437 [GMT 1:00] Lancé depuis: c:\internet\ComboFix.exe AV: avast! antivirus 4.8.1296 [VPS 090221-0] *On-access scanning enabled* (Updated) * Un nouveau point de restauration a été créé . ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-22 au 2009-02-22 )))))))))))))))))))))))))))))))))))) . 2009-02-22 18:22 . 2009-02-22 18:22 <REP> d-------- e:\documents and settings\Karine et Paulo\Application Data\Malwarebytes 2009-02-22 18:22 . 2009-02-22 18:22 <REP> d-------- e:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes 2009-02-22 18:22 . 2009-02-11 10:19 38,496 --a------ e:\windows\system32\drivers\mbamswissarmy.sys 2009-02-22 18:22 . 2009-02-11 10:19 15,504 --a------ e:\windows\system32\drivers\mbam.sys 2009-02-22 10:45 . 2009-02-22 11:10 <REP> d-------- e:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2009-02-21 17:20 . 2009-02-22 18:52 162 --a------ e:\windows\pop.htm 2009-02-21 17:16 . 2009-02-18 17:27 28,672 --a------ e:\windows\system32\jwtch32.exe 2009-02-18 11:09 . 2009-02-20 16:53 <REP> d-------- e:\documents and settings\All Users.WINDOWS\Application Data\TrackMania 2009-02-16 20:29 . 2008-10-10 04:52 4,379,984 --a------ e:\windows\system32\D3DX9_40.dll 2009-02-16 20:29 . 2008-10-27 10:04 514,384 --a------ e:\windows\system32\XAudio2_3.dll 2009-02-16 20:29 . 2008-10-27 10:04 70,992 --a------ e:\windows\system32\XAPOFX1_2.dll 2009-02-16 20:29 . 2008-10-27 10:04 23,376 --a------ e:\windows\system32\X3DAudio1_5.dll 2009-02-16 19:39 . 2009-02-16 19:39 <REP> d-------- e:\program files\Bonjour 2009-02-16 15:27 . 2009-02-16 15:27 <REP> d-------- e:\documents and settings\All Users.WINDOWS\Application Data\GameHouse 2009-02-15 13:29 . 2009-02-20 14:59 <REP> d-------- e:\documents and settings\Karine et Paulo\Application Data\PlayFirst 2009-02-15 13:29 . 2009-02-20 14:59 <REP> d-------- e:\documents and settings\All Users.WINDOWS\Application Data\PlayFirst 2009-02-10 20:11 . 2009-02-10 20:11 <REP> d-------- e:\windows\system32\Praxisoft 2009-02-10 20:11 . 2009-02-10 20:11 <REP> d-------- e:\program files\Praxisoft 2009-02-10 20:10 . 2009-02-10 20:10 <REP> d-------- e:\documents and settings\Karine et Paulo\WINDOWS 2009-02-10 20:10 . 1997-11-19 15:49 303,616 --a------ e:\windows\IsUninst.exe 2009-02-09 20:29 . 2003-02-24 16:20 827,392 -ra------ e:\windows\system32\Flash.ocx 2009-02-09 20:28 . 2006-08-28 17:12 13,312 --a------ e:\windows\system32\drivers\MTictwl.sys 2009-02-09 20:27 . 2009-02-09 20:27 <REP> d-------- e:\documents and settings\Karine et Paulo\Application Data\InstallShield 2009-02-08 12:14 . 2009-02-08 17:12 <REP> d-------- e:\documents and settings\Karine et Paulo\Application Data\Notepad++ 2009-02-08 11:59 . 2009-02-08 12:06 <REP> d-------- e:\program files\Vuze 2009-02-08 11:48 . 2009-02-08 11:48 <REP> d--h----- e:\windows\PIF 2009-02-07 17:09 . 2009-02-07 17:09 <REP> d-------- e:\documents and settings\Karine et Paulo\Application Data\Thunderbird 2009-02-06 22:33 . 2009-02-22 16:57 <REP> d-------- e:\documents and settings\Karine et Paulo\Application Data\FileZilla 2009-01-29 10:55 . 2009-02-07 00:22 <REP> d-------- e:\documents and settings\Karine et Paulo\Application Data\VSO 2009-01-29 09:14 . 2009-01-29 09:14 385 --a------ e:\windows\ODBC.INI 2009-01-25 19:37 . 2009-02-22 18:40 <REP> d-------- e:\documents and settings\Karine et Paulo\Application Data\skypePM 2009-01-25 19:37 . 2009-01-25 19:37 <REP> d-------- e:\documents and settings\All Users.WINDOWS\Application Data\Skype 2009-01-25 19:37 . 2009-01-25 19:37 56 --ah----- e:\windows\system32\ezsidmv.dat 2009-01-25 00:46 . 2009-01-25 00:46 <REP> d-------- e:\documents and settings\Karine et Paulo\Application Data\Talkback 2009-01-25 00:46 . 2009-01-25 00:46 0 --a------ e:\windows\nsreg.dat . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-22 17:40 --------- d-----w e:\documents and settings\Karine et Paulo\Application Data\Skype 2009-02-22 09:54 --------- d-----w e:\documents and settings\Karine et Paulo\Application Data\Azureus 2009-02-20 15:35 --------- d-----w e:\program files\Zylom Games 2009-02-20 13:59 --------- d-----w e:\documents and settings\Karine et Paulo\Application Data\Zylom 2009-02-11 22:31 --------- d-----w e:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help 2009-02-09 19:29 --------- d--h--w e:\program files\InstallShield Installation Information 2009-01-30 19:58 --------- d-----w e:\documents and settings\Karine et Paulo\Application Data\dvdcss 2009-01-30 19:17 --------- d-----w e:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer 2009-01-29 21:00 --------- d-----w e:\program files\Microsoft Works 2009-01-29 11:24 --------- d-----w e:\documents and settings\Karine et Paulo\Application Data\Apple Computer 2009-01-29 09:41 --------- d-----w e:\documents and settings\Karine et Paulo\Application Data\Ahead 2009-01-25 18:37 --------- d-----w e:\program files\Fichiers communs\Skype 2009-01-17 19:01 --------- d-----w e:\program files\iPod 2009-01-17 19:01 --------- d-----w e:\program files\Fichiers communs\Apple 2009-01-17 19:01 --------- d-----w e:\documents and settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2009-01-17 18:29 --------- d-----w e:\program files\QuickTime 2009-01-17 18:28 --------- d-----w e:\program files\Apple Software Update 2009-01-17 18:28 --------- d-----w e:\documents and settings\All Users.WINDOWS\Application Data\Apple 2009-01-04 15:42 --------- d-----w e:\documents and settings\All Users.WINDOWS\Application Data\Fugazo 2009-01-04 14:08 --------- d-----w e:\program files\Fichiers communs\Ahead 2009-01-04 13:48 --------- d-----w e:\program files\Fichiers communs\Adobe 2009-01-04 13:19 --------- d-----w e:\documents and settings\All Users.WINDOWS\Application Data\NOS 2009-01-04 12:52 --------- d-----w e:\documents and settings\All Users.WINDOWS\Application Data\Diskeeper Corporation 2009-01-04 12:44 --------- d-----w e:\documents and settings\All Users.WINDOWS\Application Data\Azureus 2009-01-04 12:43 410,984 ----a-w e:\windows\system32\deploytk.dll 2009-01-04 11:41 --------- d-----w e:\documents and settings\All Users.WINDOWS\Application Data\ma-config.com 2009-01-04 11:31 --------- d-----w e:\documents and settings\Karine et Paulo\Application Data\vlc 2009-01-04 11:25 --------- d-----w e:\documents and settings\All Users.WINDOWS\Application Data\Zylom 2009-01-04 11:09 --------- d-----w e:\documents and settings\Karine et Paulo\Application Data\ImgBurn 2009-01-04 11:08 --------- d-----w e:\program files\Windows Media Connect 2 2009-01-04 10:55 --------- dcsh--w e:\program files\Fichiers communs\WindowsLiveInstaller 2009-01-04 10:53 --------- d-----w e:\documents and settings\All Users.WINDOWS\Application Data\WLInstaller 2009-01-04 10:30 --------- d-----w e:\program files\Fichiers communs\Wise Installation Wizard 2009-01-04 10:30 --------- d-----w e:\program files\AGEIA Technologies 2009-01-03 21:55 --------- d-----w e:\program files\Realtek 2009-01-03 21:14 --------- d-----w e:\program files\Services en ligne 2008-12-20 22:47 826,368 ----a-w e:\windows\system32\wininet.dll 2008-12-12 10:18 87,336 ----a-w e:\windows\system32\dns-sd.exe 2008-12-12 10:11 61,440 ----a-w e:\windows\system32\dnssd.dll 2008-03-04 18:59 0 ----a-w e:\program files\temp01 . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="e:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "ctfmon.exe"="e:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Skype"="e:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320] "Steam"="d:\steam\Steam.exe" [2009-02-16 1410296] "SpybotSD TeaTimer"="d:\spybot - search & destroy\TeaTimer.exe" [2009-01-26 2144088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="d:\avast4\ashDisp.exe" [2008-11-26 81000] "NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2008-09-17 13574144] "SunJavaUpdateSched"="e:\program files\Java\jre6\bin\jusched.exe" [2009-01-04 136600] "NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2008-09-17 86016] "Adobe Reader Speed Launcher"="d:\adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "NeroFilterCheck"="e:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "JMB36X IDE Setup"="e:\windows\JM\JMInsIDE.exe" [2006-10-30 36864] "JMB36X Configure"="e:\windows\system32\JMRaidSetup.exe" [2006-10-30 1953792] "QuickTime Task"="e:\program files\QuickTime\qttask.exe" [2008-11-04 413696] "iTunesHelper"="d:\itunes\iTunesHelper.exe" [2008-11-20 290088] "MultiScreen"="d:\multiscreen\MultiScreen.exe" [2008-02-22 114688] "Microsoft netswitch"="e:\windows\system32\jwtch32.exe" [2009-02-18 28672] "RTHDCPL"="RTHDCPL.EXE" [2006-11-15 e:\windows\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-17 e:\windows\SkyTel.exe] "nwiz"="nwiz.exe" [2008-09-17 e:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="e:\windows\System32\CTFMON.EXE" [2008-04-14 15360] e:\documents and settings\Karine et Paulo\Menu D‚marrer\Programmes\D‚marrage\ YzDock.lnk - d:\yz_dck0083_full_fr\YzDock.exe [2006-09-24 386560] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "e:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "e:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "d:\\HomePlayer\\HomePlayer.exe"= "d:\\HomePlayer\\VLC\\vlc.exe"= "d:\\eMule\\emule.exe"= "d:\\Azureus\\Azureus.exe"= "d:\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "d:\\iTunes\\iTunes.exe"= "e:\\WINDOWS\\system32\\MPSMC_01.EXE"= "d:\\FileZilla\\FileZilla.exe"= "e:\\Program Files\\Vuze\\Azureus.exe"= "d:\\MagicTune Premium\\MagicTune.exe"= "e:\\Program Files\\Bonjour\\mDNSResponder.exe"= "j:\\Paulo\\TmNationsForever\\TmForever.exe"= "e:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 aswSP;avast! Self Protection;e:\windows\system32\drivers\aswSP.sys [2009-01-03 111184] R2 aswFsBlk;aswFsBlk;e:\windows\system32\drivers\aswFsBlk.sys [2009-01-04 20560] S3 getPlus® Helper;getPlus® Helper;e:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-09-22 33752] S3 maconfservice;Ma-Config Service;d:\ma-config.com\maconfservice.exe [2008-12-19 195752] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d65129c6-ed02-11dd-a608-001a9265ddf5}] \Shell\AutoRun\command - e:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe . Contenu du dossier 'Tâches planifiées' 2009-02-16 e:\windows\Tasks\AppleSoftwareUpdate.job - e:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uInternet Settings,ProxyOverride = *.local IE: E&xporter vers Microsoft Excel - d:\micros~1\Office12\EXCEL.EXE/3000 DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_1_0_4.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-22 18:53:26 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*] "C040710900063D11C8EF10054038389C"="E?\\WINDOWS\\system32\\FM20ENU.DLL" . Heure de fin: 2009-02-22 18:54:26 ComboFix-quarantined-files.txt 2009-02-22 17:54:24 Avant-CF: 13ÿ128ÿ335ÿ360 octets libres AprÞs-CF: 14,261,145,600 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] e:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4 182 --- E O F --- 2009-02-11 22:32:16

Bonjour à tous, Et tout d'abord un grand merci à tous ceux qui prennent du temps pour aider les gens un peu perdus comme moi.... Comme le titre de mon message l'indique, depuis ce matin j'ai un énorme problème avec ces maudites pop-up; il s'agit toujours de pub (casino en ligne, meetic, etc.). J'ai installé spybot, et depuis la protection résidente bloque toutes les ouvertures. Néanmoins, j'ai toujours un 'ploup' quand il bloque une ouverture (toutes les 10s environ...). Et cela se produit même quand IE est fermé.. Quand je vais dans "outils, options Internet, confidentialité", je ne peux plus activer le bloqueur de fenêtres publicitaires (certains paramètres sont gérés par votre administrateur système... --> moi normalement !) Bref, je sature. J'ai installé Hijackthis, mais comme je n'y connais rien et que je n'ai pas du tout envie de faire une bêtise, je n'ai touché à rien, je vous poste simplement le rapport : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:59:08, on 22/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe d:\Avast4\aswUpdSv.exe d:\Avast4\ashServ.exe E:\WINDOWS\Explorer.EXE E:\WINDOWS\RTHDCPL.EXE D:\Avast4\ashDisp.exe E:\Program Files\Java\jre6\bin\jusched.exe E:\WINDOWS\system32\RUNDLL32.EXE D:\iTunes\iTunesHelper.exe D:\multiscreen\MultiScreen.exe E:\Program Files\Windows Live\Messenger\MsnMsgr.Exe E:\WINDOWS\system32\ctfmon.exe D:\Steam\Steam.exe D:\yz_dck0083_full_fr\YzDock.exe E:\WINDOWS\system32\spoolsv.exe E:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe E:\Program Files\Bonjour\mDNSResponder.exe D:\Diskeeper\DkService.exe E:\Program Files\Java\jre6\bin\jqs.exe d:\MagicTune Premium\MagicTuneEngine.exe E:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe E:\WINDOWS\system32\nvsvc32.exe E:\WINDOWS\System32\svchost.exe d:\Avast4\ashMaiSv.exe d:\Avast4\ashWebSv.exe d:\MagicTune Premium\MagicTune.exe E:\Program Files\iPod\bin\iPodService.exe E:\Program Files\Windows Live\Messenger\usnsvc.exe D:\foxmail\Foxmail.exe D:\HomePlayer\HomePlayer.exe D:\HomePlayer\vlc\vlc.exe D:\wamp\wampmanager.exe d:\wamp\bin\mysql\mysql5.1.30\bin\mysqld.exe d:\wamp\bin\apache\apache2.2.11\bin\httpd.exe D:\wamp\bin\apache\apache2.2.11\bin\httpd.exe E:\WINDOWS\system32\jwtch32.exe d:\Spybot - Search & Destroy\TeaTimer.exe E:\Program Files\Internet Explorer\iexplore.exe d:\HijackThis\HijackThis.exe E:\Program Files\Internet Explorer\iexplore.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - d:\SPYBOT~1\SDHelper.dll O2 - BHO: DebugBar BHO - {69FC0024-10EB-480A-BBF2-3BF4E78E17B1} - d:\DebugBar\DebugInfoBar.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: DebugBar - {3E1201F4-1707-409F-BB45-A5F192381DA0} - d:\DebugBar\DebugToolBar.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [avast!] d:\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [JMB36X IDE Setup] E:\WINDOWS\JM\JMInsIDE.exe O4 - HKLM\..\Run: [JMB36X Configure] E:\WINDOWS\system32\JMRaidSetup.exe boot O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [MultiScreen] d:\multiscreen\MultiScreen.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Microsoft netswitch] E:\WINDOWS\system32\jwtch32.exe O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [steam] "D:\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [spybotSD TeaTimer] d:\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: YzDock.lnk = D:\yz_dck0083_full_fr\YzDock.exe O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1231020286281 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1231066922093 O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichier...ion_3_1_0_4.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - E:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - d:\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - d:\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - d:\Avast4\ashWebSv.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Diskeeper - Diskeeper Corporation - D:\Diskeeper\DkService.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - E:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - D:\ma-config.com\maconfservice.exe O23 - Service: MagicTuneEngine - Unknown owner - d:\MagicTune Premium\MagicTuneEngine.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe O23 - Service: wampapache - Apache Software Foundation - d:\wamp\bin\apache\apache2.2.11\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - d:\wamp\bin\mysql\mysql5.1.30\bin\mysqld.exe -- End of file - 9166 bytes Encore un grand merci à ceux qui se pencheront sur mon problème... En plus d'une solution, je veux bien des explications pour essayer de comprendre..