comment suprimer le spyware qui ouvre des pages?
Forum Sécurité - Virus : comment suprimer le spyware qui ouvre des pages?
Désinstalle/réinstalle 
Répondre à Angeldark
Voici le rapport:
ComboFix 08-11-02.05 - tijocanard 2008-11-03 22:21:56.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1123 [GMT 1:00]
Lancé depuis: c:\users\tijocanard\Desktop\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\AutoRun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-03 au 2008-11-03 ))))))))))))))))))))))))))))))))))))
.
2008-11-02 19:52 . 2008-11-02 19:52 268 --ah----- C:\sqmdata00.sqm
2008-11-02 19:52 . 2008-11-02 19:52 244 --ah----- C:\sqmnoopt00.sqm
2008-11-02 17:19 . 2008-11-02 17:19 <REP> d-------- c:\windows\Sun
2008-11-02 16:51 . 2008-11-02 16:51 <REP> dr------- c:\users\tijocanard\Pictures
2008-11-02 11:35 . 2008-11-03 20:06 <REP> d-------- c:\program files\Navilog1
2008-11-01 17:58 . 2008-11-01 17:58 <REP> d-------- c:\program files\Trend Micro
2008-11-01 14:50 . 2008-11-01 14:50 <REP> d-------- c:\windows\System32\AGEIA
2008-11-01 14:50 . 2008-11-01 14:50 <REP> d-------- c:\program files\AGEIA Technologies
2008-11-01 12:28 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\System32\d3dx9_26.dll
2008-10-31 14:15 . 2008-10-31 14:15 <REP> d-------- c:\users\tijocanard\AppData\Roaming\TuneUp Software
2008-10-31 14:15 . 2008-10-31 14:15 355,584 --a------ c:\windows\System32\TuneUpDefragService.exe
2008-10-31 14:15 . 2008-05-29 09:28 28,416 --a------ c:\windows\System32\uxtuneup.dll
2008-10-31 14:15 . 2008-05-29 09:28 16,640 --a------ c:\windows\System32\authuitu.dll
2008-10-31 14:14 . 2008-10-31 14:14 <REP> d-------- c:\users\All Users\TuneUp Software
2008-10-31 14:14 . 2008-10-31 14:14 <REP> d-------- c:\programdata\TuneUp Software
2008-10-31 14:14 . 2008-10-31 14:15 <REP> d-------- c:\program files\TuneUp Utilities 2008
2008-10-30 18:21 . 2008-10-31 14:11 <REP> d-------- c:\users\All Users\Spybot - Search & Destroy
2008-10-30 18:21 . 2008-10-31 14:11 <REP> d-------- c:\programdata\Spybot - Search & Destroy
2008-10-30 14:25 . 2008-10-30 18:17 106 --a------ c:\windows\System32\BIN_STRSBW.SPT
2008-10-29 12:42 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-29 12:42 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-29 12:42 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-10-28 11:33 . 2008-11-01 19:39 <REP> d-------- c:\users\tijocanard\AppData\Roaming\uTorrent
2008-10-26 14:16 . 2008-10-26 14:16 <REP> d-------- c:\users\tijocanard\workspace
2008-10-23 20:14 . 2008-10-23 20:14 <REP> d-------- c:\users\tijocanard\AppData\Roaming\Warsow
2008-10-23 18:19 . 2008-10-23 18:21 <REP> d-------- c:\users\tijocanard\iWizz
2008-10-22 22:23 . 2008-10-22 22:24 <REP> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-22 22:23 . 2008-10-22 22:24 <REP> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-22 22:23 . 2008-10-22 22:24 <REP> d-------- c:\program files\iTunes
2008-10-22 22:23 . 2008-10-22 22:23 <REP> d-------- c:\program files\iPod
2008-10-18 16:06 . 2008-10-18 16:18 <REP> d-------- c:\users\tijocanard\halo
2008-10-15 22:06 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-10-15 22:06 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-10-15 22:06 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-10-15 22:06 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-10-15 22:06 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-10-15 19:59 . 2008-10-15 19:59 <REP> d-------- c:\users\tijocanard\AppData\Roaming\Visicom Media
2008-10-15 19:58 . 2008-10-15 19:58 <REP> d-------- c:\program files\Visicom Media
2008-10-15 19:53 . 2008-09-18 03:16 2,032,640 --a------ c:\windows\System32\win32k.sys
2008-10-15 19:53 . 2008-08-27 02:06 288,768 --a------ c:\windows\System32\drivers\srv.sys
2008-10-15 19:52 . 2008-09-18 06:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe
2008-10-15 19:52 . 2008-09-18 06:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe
2008-10-15 19:52 . 2008-10-02 02:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2008-10-15 19:52 . 2008-10-02 04:49 827,392 --a------ c:\windows\System32\wininet.dll
2008-10-09 20:32 . 2007-06-13 11:12 3,186,688 --a------ c:\windows\System32\cdintf300.dll
2008-10-09 20:32 . 2007-06-13 11:12 3,186,688 --a------ c:\windows\System32\acXMLParser.dll
2008-10-09 20:31 . 2008-10-09 20:31 <REP> d-------- c:\users\All Users\Ciel
2008-10-09 20:31 . 2008-10-09 20:31 <REP> d-------- c:\programdata\Ciel
2008-10-09 20:31 . 2008-10-09 20:31 <REP> d-------- c:\program files\Common Files\Sage
2008-10-09 20:31 . 2008-10-09 20:31 <REP> d-------- c:\program files\Common Files\Ciel
2008-10-09 20:31 . 2008-10-09 20:31 <REP> d-------- c:\program files\Ciel
2008-10-04 16:47 . 2008-10-04 16:47 <REP> d-------- c:\temp\FR_Windows_XP_Professional_with_SP2
2008-10-03 20:41 . 2008-10-03 20:49 <REP> d-------- c:\program files\adslTV
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-02 16:22 --------- d-----w c:\users\tijocanard\AppData\Roaming\FileZilla
2008-11-01 20:07 41,620 ----a-w c:\users\tijocanard\AppData\Roaming\nvModes.dat
2008-11-01 13:51 --------- d-----w c:\program files\Xvid
2008-11-01 13:49 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-01 11:20 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-31 13:05 --------- d-----w c:\users\tijocanard\AppData\Roaming\OpenOffice.org2
2008-10-22 21:23 --------- d-----w c:\programdata\Apple Computer
2008-10-22 15:29 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-18 15:11 --------- d-----w c:\program files\Microsoft Games
2008-10-16 17:09 --------- d-----w c:\programdata\Microsoft Help
2008-10-15 21:21 --------- d-----w c:\program files\Windows Mail
2008-10-15 20:38 --------- d-----w c:\programdata\TrackMania
2008-10-04 19:50 --------- d-----w c:\users\tijocanard\AppData\Roaming\vlc
2008-10-04 13:57 --------- d-----w c:\program files\Java
2008-09-30 17:12 --------- d-----w c:\program files\FileZilla Client
2008-09-29 16:40 --------- d-----w c:\program files\Yooda
2008-09-28 20:09 --------- d-----w c:\program files\Microsoft SQL Server
2008-09-27 15:53 --------- d-----w c:\program files\Microsoft Visual Studio 9.0
2008-09-27 15:53 --------- d-----w c:\program files\Business Objects
2008-09-27 15:49 --------- d-----w c:\program files\Microsoft.NET
2008-09-27 15:47 --------- d-----w c:\program files\Windows Mobile 5.0 SDK R2
2008-09-27 15:47 --------- d-----w c:\program files\Microsoft Device Emulator
2008-09-27 15:45 --------- d-----w c:\program files\Microsoft Synchronization Services
2008-09-27 15:45 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2008-09-27 15:36 --------- d-----w c:\programdata\PreEmptive Solutions
2008-09-27 15:36 --------- d-----w c:\program files\Common Files\Merge Modules
2008-09-27 15:30 --------- d-----w c:\program files\MSBuild
2008-09-27 15:30 --------- d-----w c:\program files\HTML Help Workshop
2008-09-27 15:24 --------- d-----w c:\program files\Microsoft SDKs
2008-09-27 15:24 --------- d-----w c:\program files\CE Remote Tools
2008-09-27 10:42 --------- d-----w c:\users\tijocanard\AppData\Roaming\Apple Computer
2008-09-27 10:40 --------- d-----w c:\program files\Bonjour
2008-09-27 10:39 --------- d-----w c:\program files\QuickTime
2008-09-27 10:38 --------- d-----w c:\program files\Common Files\Apple
2008-09-27 10:37 --------- d-----w c:\program files\Apple Software Update
2008-09-27 10:36 --------- d-----w c:\programdata\Apple
2008-09-27 10:31 --------- d-----w c:\users\tijocanard\AppData\Roaming\Stellarium
2008-09-27 10:29 --------- d-----w c:\program files\iWizz
2008-09-24 19:36 --------- d-----w c:\program files\Microsoft Web Designer Tools
2008-09-24 17:05 --------- d-----w c:\programdata\InstallShield
2008-09-24 17:05 --------- d-----w c:\program files\Common Files\InstallShield
2008-09-24 16:43 --------- d-----w c:\program files\Recuva
2008-09-14 15:43 --------- d-----w c:\program files\OpenOffice.org 2.4
2008-09-14 15:05 --------- d-----w c:\programdata\FLEXnet
2008-09-13 10:40 --------- d-----w c:\program files\Lavalys
2008-09-12 17:48 --------- d-----w c:\programdata\Codemasters
2008-09-10 15:57 --------- d-----w c:\programdata\WindowsSearch
2008-08-29 08:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-05-27 19:26 174 --sha-w c:\program files\desktop.ini
2007-12-14 16:27 207,953,378 ----a-w c:\users\tijocanard\Portable Counter-Strike Source by ZeroX.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-12 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-12 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-12 81920]
"KMCONFIG"="c:\program files\Mouse Driver\StartAutorun.exe" [2007-03-06 212992]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
--a------ 2008-06-02 08:28 81920 c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A2D85D1F-2275-417D-9783-B5628E0FDAD6}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DD37C771-1D7B-4214-8B3C-546C71557187}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{9DA9FD20-5DB9-426D-A6AE-9116DB9F6553}c:\\program files\\tmunitedforever\\tmforever.exe"= UDP:c:\program files\tmunitedforever\tmforever.exe:TmForever
"UDP Query User{D58E1E0C-C551-4CAE-9445-E90AA3A970FB}c:\\program files\\tmunitedforever\\tmforever.exe"= TCP:c:\program files\tmunitedforever\tmforever.exe:TmForever
"{5EDAE365-7417-4545-B5C4-87E83283CEEE}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{19FF1D51-51DC-4FF4-86CA-73139599C4E4}c:\\program files\\tmunitedforever\\tmforever.exe"= UDP:c:\program files\tmunitedforever\tmforever.exe:TmForever
"UDP Query User{A47622CA-F48D-4432-AE6F-15E86226CABF}c:\\program files\\tmunitedforever\\tmforever.exe"= TCP:c:\program files\tmunitedforever\tmforever.exe:TmForever
"TCP Query User{1CE846F6-1815-4E0F-921B-6117FD6D7E63}c:\\program files\\trackmania united\\tmunited.exe"= UDP:c:\program files\trackmania united\tmunited.exe:TmUnited
"UDP Query User{D950C745-40E3-4C6C-BCBD-8B535AD8902A}c:\\program files\\trackmania united\\tmunited.exe"= TCP:c:\program files\trackmania united\tmunited.exe:TmUnited
"{3E445F01-628A-4952-B636-DA5FC996A9A1}"= UDP:58746
ando P2P TCP Listening Port
"{F13CD0A4-9BAD-4848-9B4C-C6EC2EA4B49C}"= TCP:58746ando P2P UDP Listening Port
"{7D87B3DF-B271-49F7-B2DA-E8B05BA0BF93}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4D9B035B-6EA1-4199-9B1E-D47242CC1712}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{F85B5BB3-BD2A-446F-9732-A6C82923D2A2}c:\\program files\\microsoft games\\halo\\halo.exe"= UDP:c:\program files\microsoft games\halo\halo.exe:Halo
"UDP Query User{868240D8-B4F2-47A6-8399-FA071E7DBD29}c:\\program files\\microsoft games\\halo\\halo.exe"= TCP:c:\program files\microsoft games\halo\halo.exe:Halo
"{7F8A84BF-AA97-4C3E-8853-288FB88B5FE6}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{2221C88B-F7A8-4A0A-9F02-5B384CDABA22}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{C12C68AA-FCDD-4246-83DB-628F9C1A9099}f:\\warsow\\warsow_x86.exe"= UDP:f:\warsow\warsow_x86.exe:Warsow
"UDP Query User{B1684B4C-78C5-4D24-8676-7F3D32A62E3A}f:\\warsow\\warsow_x86.exe"= TCP:f:\warsow\warsow_x86.exe:Warsow
"TCP Query User{F0E43222-DB44-450A-856D-65F340B2444A}c:\\users\\tijocanard\\appdata\\local\\temp\\rar$ex00.198\\volley.exe"= UDP:c:\users\tijocanard\appdata\local\temp\rar$ex00.198\volley.exe:volley.exe
"UDP Query User{F421F487-E11E-46B4-A474-25758317E2AD}c:\\users\\tijocanard\\appdata\\local\\temp\\rar$ex00.198\\volley.exe"= TCP:c:\users\tijocanard\appdata\local\temp\rar$ex00.198\volley.exe:volley.exe
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Mouse Driver\KMWDSrv.exe [2007-04-05 208896]
R2 UxTuneUp;TuneUp Extension de thème;c:\windows\System32\svchost.exe [2008-01-19 21504]
S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [2008-05-01 30464]
S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [2008-05-01 12672]
S3 STETH;SpeedTouch Ethernet Adapter NT Driver;c:\windows\system32\DRIVERS\steth.sys [2008-05-01 40320]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-10-31 355584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10c2dc4d-3d26-11dd-95cf-0016d359cbc1}]
\shell\AutoRun\command - G:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aff1a4b4-1565-11dd-bff9-0016d359cbc1}]
\shell\AutoRun\command - F:\LaunchU3.exe -a
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
2008-11-03 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23]
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\users\tijocanard\AppData\Roaming\Mozilla\Firefox\Profiles\nxflvlld.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
FF -: plugin - d:\program files\Adobe\Acrobat 8.0\Acrobat\browser\nppdf32.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-03 22:35:53
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-11-03 22:37:42
ComboFix-quarantined-files.txt 2008-11-03 21:37:37
Avant-CF: 26 355 945 472 octets libres
Après-CF: 24,748,556,288 octets libres
220 --- E O F --- 2008-10-31 15:18:47
Sans être indiscret tu à l'air de bien t'y connaitre en sécurité!
merci pour ton aide j'espère que ça enlèvera le spyware.
Les 2 logiciels que tu m'a fait utiliser ont l'air assez puisants.
Reposte un rapport Hijackthis
Répondre à Angeldark
C'est bon alors, continue 
Répondre à Angeldark
