A l'aide, j'ai un sacré espion indétectable ni par spybot, ad-aware ou même spyblocker. J'ai une popup IE qui s'ouvre même lorsque IE n'est pas ouvert à la base. Alors je file le résutat du tasklist /svc
Image Name PID Services
========================= ====== =============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 616 N/A
csrss.exe 680 N/A
winlogon.exe 704 N/A
services.exe 748 Eventlog, PlugPlay
lsass.exe 760 PolicyAgent, ProtectedStorage, SamSs
ati2evxx.exe 912 Ati HotKey Poller
svchost.exe 940 RpcSs
svchost.exe 1036 AudioSrv, Browser, CryptSvc, Dhcp, dmserver,
ERSvc, EventSystem,
FastUserSwitchingCompatibility, helpsvc,
Iprip, Irmon, lanmanserver,
lanmanworkstation, Messenger, Netman, Nla,
RasAuto, RasMan, Schedule, seclogon, SENS,
ShellHWDetection, srservice, TapiSrv,
TermService, Themes, TrkWks, uploadmgr,
W32Time, winmgmt, wuauserv, WZCSVC
svchost.exe 1236 Dnscache
svchost.exe 1252 LmHosts, SSDPSRV, WebClient
spoolsv.exe 1408 Spooler
CTSVCCDA.EXE 1560 Creative Service for CDROM Access
MDM.EXE 1608 MDM
svchost.exe 1688 PowerManager
tcpsvcs.exe 1728 SimpTcp
snmp.exe 1752 SNMP
svchost.exe 1788 stisvc
vsmon.exe 1864 vsmon
MsPMSPSv.exe 140 WMDM PMSP Service
ati2evxx.exe 1132 N/A
explorer.exe 1260 N/A
SOUNDMAN.EXE 1724 N/A
atiptaxx.exe 1592 N/A
winampa.exe 1784 N/A
WFWIZ.exe 1576 N/A
zlclient.exe 1856 N/A
mmtask.exe 1892 N/A
mm_tray.exe 1900 N/A
Loader.exe 1976 N/A
slmss.exe 1984 N/A
mwsvm.exe 2012 N/A
key2dvag.exe 2036 N/A
AutoUpdate.exe 344 N/A
ctfmon.exe 320 N/A
msnmsgr.exe 380 N/A
WCESCOMM.EXE 168 N/A
PopUpKiller.exe 428 N/A
WZQKPICK.EXE 452 N/A
rundll32.exe 1848 N/A
wuauclt.exe 2392 N/A
SysAI.exe 3092 N/A
ACDSee6.exe 3852 N/A
DBLocalServer.exe 3916 N/A
IEXPLORE.EXE 332 N/A
regsvrac32.exe 1820 N/A
IEXPLORE.EXE 2096 N/A
regsvrac32.exe 2588 N/A
HijackThis.exe 3072 N/A
regsvrac32.exe 3552 N/A
notepad.exe 3740 N/A
IEXPLORE.EXE 4008 N/A
cmd.exe 3588 N/A
tasklist.exe 2404 N/A
wmiprvse.exe 2748 N/A
---------------------------------
et un autre de Hijackthis...
Logfile of HijackThis v1.97.7
Scan saved at 00:29:28, on 19/05/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\svchost.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\ClearSearch\Loader.exe
C:\Program Files\Common Files\slmss\slmss.exe
C:\WINDOWS\mwsvm.exe
C:\WINDOWS\System32\key2dvag.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUpKiller.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\SysAI\SysAI.exe
C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe
C:\Program Files\Fichiers communs\ACD Systems\DBLocalServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\regsvrac32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\regsvrac32.exe
C:\Documents and Settings\TITI\Bureau\Titi\hijackthis\HijackThis.exe
C:\WINDOWS\System32\regsvrac32.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.9online.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekseek.com/quicksearc [...] sion_id=18
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\Program Files\ClearSearch\CSIE.DLL
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\SysAI\AproposPlugin.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUp.dll
O2 - BHO: DefaultSearch.SeekSeek - {5074851C-F67A-488E-A9C9-C244573F4068} - C:\WINDOWS\ieasst.dll
O2 - BHO: (no name) - {D537A3D0-8C07-4D62-953F-162207F5090D} - C:\WINDOWS\system32\regsvrac32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe
O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [532U36T] key2dvag.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUpKiller.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\RunOnce: [5eynqf.exe] C:\WINDOWS\System32\5eynqf.exe
O4 - HKCU\..\RunOnce: [5eynqf.exe] C:\WINDOWS\System32\5eynqf.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O9 - Extra button: Recherche (HKLM)
O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install026.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub [...] wflash.cab
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/fr/SysWebTelecom.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9AC8DF33-7CF6-40B9-8BF9-0FEEC9CFD420}: NameServer = 192.168.0.1
-------------------------------------------------
Merci de trouvez la faille....