Sujet Précédent Sujet Suivant

Probleme de virus

Résolu/Fermé
cyril.du.68 - 21 oct. 2008 à 19:08
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 21 oct. 2008 à 20:31
Bonjour,
voila enfaite j'ai plein de pub qui vienne a mon ecran , j'ai lue plusieur poste on dit de telecharcher spybot ces fait il trouve win32.agent.gvu et virtumonde.dll mais imposible de les suprimer donc jai telecharger hijackthis et voici le raport:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:13:07, on 21/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\BUtilityBar\BisonBar.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Beauseigneur\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BisonBar] C:\WINDOWS\BUtilityBar\BisonBar.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /idle
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [e309f5f6] rundll32.exe "C:\WINDOWS\system32\worflrti.dll",b
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TotalSecure2009] C:\Program Files\TS-2009\scan.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega.DMFacade.Interface) - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O20 - AppInit_DLLs: npeasu.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
A voir également:

5 réponses

Réponse 1 / 5
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
21 oct. 2008 à 20:25
re,

post le rapport en entier + un nouveau rapport hijack this egalement

@´+

Wreck this mess...
1
Réponse 2 / 5
Sacabouffe Messages postés 9427 Date d'inscription dimanche 19 août 2007 Statut Membre Dernière intervention 29 mai 2009 1 835
21 oct. 2008 à 20:26
Salut
Pour le ComboFix c'est là

ComboFix 08-10-19.04 - Beauseigneur 2008-10-21 19:49:58.1 - [color=red][b]FAT32/b/colorx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.441 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Beauseigneur\Bureau\ComboFi­x.exe
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/B/COLOR
.

((((((((((((((((((((((((((((((((((((­ Autres suppressions ))))))))))))))))))))))))))))))))))))­))))))))))))
.

C:\Documents and Settings\Beauseigneur\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Program Files\TS-2009
C:\Program Files\TS-2009\scan.exe
C:\Program Files\TS-2009\totalsecure.s2
C:\Program Files\TS-2009\totalsecure.s3
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\k.txt
C:\WINDOWS\system32\awtqrpop.dll
C:\WINDOWS\system32\config\systempro­file\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\hgGWoopP.dll
C:\WINDOWS\system32\itrlfrow.ini
C:\WINDOWS\system32\ksiktxht.dll
C:\WINDOWS\system32\npeasu.dll
C:\WINDOWS\system32\opnlKAtT.dll
C:\WINDOWS\system32\poprqtwa.ini
C:\WINDOWS\system32\poprqtwa.ini2
C:\WINDOWS\system32\worflrti.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-21 au 2008-10-21 ))))))))))))))))))))))))))))))))))))­
.

2008-10-21 18:35 . 2008-10-21 18:35 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-21 18:35 . 2008-10-21 18:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-20 16:18 . 2008-10-20 16:18 <REP> d-------- C:\Casino
2008-10-19 22:31 . 2008-10-19 22:31 <REP> d-------- C:\Documents and Settings\Beauseigneur\Application Data\AdobeUM
2008-10-19 22:14 . 2008-10-19 22:14 <REP> d-------- C:\Program Files\Hercules
2008-10-19 22:14 . 2007-02-08 18:37 19,456 --a------ C:\WINDOWS\system32\hdjcprop.dll
2008-10-19 22:14 . 2007-02-08 18:28 11,008 --a------ C:\WINDOWS\system32\drivers\hdjctrl.sys
2008-10-19 22:10 . 2008-10-19 22:10 <REP> d--hs---- C:\FOUND.000
2008-10-19 21:48 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-10-19 21:48 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
2008-10-19 21:19 . 2008-10-19 21:19 <REP> d-------- C:\Program Files\Guillemot
2008-10-19 21:19 . 2007-02-08 17:29 118,784 --a------ C:\WINDOWS\system32\HDJAPI.dll
2008-10-19 21:19 . 2005-01-28 11:49 106,496 --a------ C:\WINDOWS\system32\GUStrLib.dll
2008-10-19 21:19 . 2007-01-09 13:47 86,016 --a------ C:\WINDOWS\system32\HRFDongle.dll
2008-10-19 21:19 . 2007-02-08 18:23 39,296 --a------ C:\WINDOWS\system32\drivers\HDJMidi.sys
2008-10-19 21:19 . 2007-02-09 09:27 23,040 --a------ C:\WINDOWS\system32\HDJSAPI.dll
2008-10-19 21:17 . 2008-10-19 21:18 <REP> d-------- C:\Documents and Settings\Beauseigneur\Application Data\InstallShield
2008-10-19 21:16 . 2008-10-19 21:16 <REP> d-------- C:\Program Files\VirtualDJ
2008-10-19 21:11 . 2008-10-19 21:11 <REP> d-------- C:\Downloads
2008-10-19 21:11 . 2008-10-19 21:11 <REP> d-------- C:\Documents and Settings\Beauseigneur\Application Data\GetRightToGo
2008-10-19 14:49 . 2008-10-19 14:49 0 --a------ C:\WINDOWS\mngui.INI
2008-10-19 14:43 . 2008-10-19 14:43 <REP> d-------- C:\Documents and Settings\Beauseigneur\Application Data\Teleca
2008-10-19 14:41 . 2008-10-19 14:41 <REP> d-------- C:\Documents and Settings\Beauseigneur\Application Data\Sony Ericsson
2008-10-19 14:40 . 2008-10-19 14:40 <REP> d-------- C:\Program Files\Fichiers communs\Teleca Shared
2008-10-15 20:51 . 2008-08-14 15:23 2,191,232 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 20:51 . 2008-08-14 15:23 2,147,328 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 20:51 . 2008-08-14 15:23 2,068,096 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 20:51 . 2008-08-14 15:23 2,025,984 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-15 20:51 . 2008-09-15 17:26 1,846,528 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-15 20:51 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-09 21:23 . 2008-10-09 21:23 <REP> d-------- C:\WINDOWS\Sun
2008-10-07 21:21 . 2007-02-05 19:56 6,082,560 -ra------ C:\WINDOWS\system\cmcnfgu.cpl
2008-10-07 21:21 . 2005-12-29 09:45 917,504 -ra------ C:\WINDOWS\system\cmds3du.dll
2008-10-07 21:21 . 2005-12-29 09:45 712,704 -ra------ C:\WINDOWS\system32\a3dpropu.dll
2008-10-07 21:21 . 2005-12-29 09:46 98,304 -ra------ C:\WINDOWS\system32\cmudau.dll
2008-10-07 21:21 . 2005-12-29 09:45 61,440 -ra------ C:\WINDOWS\system\cmsnxeye.exe
2008-10-07 21:21 . 2005-12-29 09:45 16,384 -ra------ C:\WINDOWS\system32\cmpropu.dll
2008-10-07 21:21 . 2006-12-01 13:27 495 -ra------ C:\WINDOWS\system\CmcnfgU.ini
2008-10-07 21:20 . 2008-10-07 21:20 16 --a------ C:\WINDOWS\wininit.ini
2008-10-07 21:10 . 2004-08-10 20:00 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-10-07 19:00 . 2008-10-07 19:00 <REP> d-------- C:\Documents and Settings\Beauseigneur\Application Data\Propellerhead Software
2008-10-07 19:00 . 2008-10-07 19:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
2008-10-07 19:00 . 2008-10-07 19:01 368,640 --a------ C:\WINDOWS\system32\ReWire.dll
2008-10-07 19:00 . 2008-10-07 19:01 233,472 --a------ C:\WINDOWS\system32\REX Shared Library.dll
2008-10-07 18:26 . 2008-10-07 18:26 <REP> d-------- C:\Program Files\Propellerhead
2008-10-07 17:55 . 2005-12-29 09:46 1,390,656 -ra------ C:\WINDOWS\system32\drivers\cmudaxu.sys
2008-10-07 17:55 . 2005-12-29 09:45 712,704 --a------ C:\WINDOWS\system32\dllcache\a3d.dll
2008-10-07 17:55 . 2005-12-29 09:45 712,704 -ra------ C:\WINDOWS\system32\a3d.dll
2008-10-07 17:55 . 2005-12-29 09:45 315,392 -ra------ C:\WINDOWS\system\cmifltr.dll
2008-10-07 17:55 . 2005-12-29 09:45 241,664 -ra------ C:\WINDOWS\system32\cmdrvrmu.exe
2008-10-07 17:55 . 2005-12-29 09:45 45,056 -ra------ C:\WINDOWS\system32\cmdrvrmu.dll
2008-10-07 17:54 . 2008-10-07 17:54 <REP> d-------- C:\Program Files\SilverCrest Vibration Headset
2008-10-07 17:54 . 2006-12-01 15:47 129,654 -r------- C:\WINDOWS\JACKBMP.BMP
2008-10-07 17:54 . 2007-01-16 01:49 65,536 -r------- C:\WINDOWS\VMix.dll
2008-10-07 17:54 . 2005-12-29 09:46 40,960 -r------- C:\WINDOWS\CmiUSB2Uninstall.exe
2008-10-07 17:54 . 2007-02-01 18:11 13,824 -r------- C:\WINDOWS\Thumbs.db
2008-10-07 17:54 . 2005-12-29 09:45 5,690 -r------- C:\WINDOWS\Cmudau.ini
2008-10-07 17:54 . 2006-12-01 14:02 2,302 -r------- C:\WINDOWS\logo.ico
2008-10-07 17:53 . 2008-04-13 20:45 60,032 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-10-07 17:53 . 2008-04-13 20:45 60,032 --a------ C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-10-07 17:53 . 2004-08-10 20:00 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-10-07 17:53 . 2004-08-10 20:00 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-10-07 17:14 . 2008-10-07 17:14 <REP> d-------- C:\Program Files\Buzz
2008-10-07 17:11 . 2008-10-07 17:11 <REP> d-------- C:\Program Files\Jeskola Buzz
2008-10-07 17:05 . 2008-10-07 17:05 <REP> d-------- C:\Program Files\Audacity
2008-10-01 21:24 . 2008-10-01 21:24 <REP> d-------- C:\Program Files\Free Audio Pack
2008-10-01 21:24 . 1998-06-17 01:00 516,173 --a------ C:\WINDOWS\system32\MSVCP60D.DLL
2008-10-01 21:24 . 2003-08-07 17:01 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-09-23 18:30 . 2008-09-23 18:30 <REP> d-------- C:\Program Files\Shareaza
2008-09-23 18:30 . 2008-09-23 18:30 <REP> d-------- C:\Documents and Settings\Beauseigneur\Application Data\Shareaza
2008-09-23 14:43 . 2008-09-23 14:43 <REP> d-------- C:\Documents and Settings\Beauseigneur\Application Data\Azureus
2008-09-23 14:43 . 2008-09-23 14:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-09-23 14:26 . 2008-09-23 14:26 <REP> d-------- C:\Program Files\eMule
2008-09-22 18:07 . 2008-09-22 18:07 <REP> d-------- C:\Program Files\AirPort
2008-09-21 21:01 . 2008-09-21 21:01 8,840 --a------ C:\WINDOWS\SEC15B3.PNF
2008-09-21 20:57 . 2008-09-21 20:57 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-09-21 20:57 . 2008-09-21 20:57 <REP> d-------- C:\WINDOWS\system32\fr
2008-09-21 20:57 . 2008-09-21 20:57 <REP> d-------- C:\WINDOWS\system32\bits
2008-09-21 20:57 . 2008-09-21 20:57 <REP> d-------- C:\WINDOWS\l2schemas
2008-09-21 20:55 . 2008-09-21 20:55 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-09-21 20:51 . 2008-09-21 20:51 2,948 --a------ C:\WINDOWS\SEC2E3.PNF

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-15 15:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-14 20:21 --------- d-----w C:\Documents and Settings\Beauseigneur\Application Data\dBpoweramp
2008-09-14 20:20 --------- d-----w C:\Documents and Settings\Beauseigneur\Application Data\AccurateRip
2008-09-14 20:19 5,052,280 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2008-09-14 19:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-14 18:37 --------- d-----w C:\Program Files\VirginMega
2008-09-14 14:30 --------- d-----w C:\Documents and Settings\Beauseigneur\Application Data\LimeWire
2008-09-13 12:16 --------- d-----w C:\Documents and Settings\Beauseigneur\Application Data\vlc
2008-09-12 23:22 --------- d-----w C:\Program Files\VideoLAN
2008-09-12 14:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-09-12 14:24 --------- d-----w C:\Documents and Settings\Beauseigneur\Application Data\CyberLink
2008-09-12 14:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-09-11 20:17 --------- d-----w C:\Program Files\iTunes
2008-09-11 20:17 --------- d-----w C:\Program Files\iPod
2008-09-11 20:17 --------- d-----w C:\Program Files\Bonjour
2008-09-11 20:17 --------- d-----w C:\Documents and Settings\Beauseigneur\Application Data\Apple Computer
2008-09-11 20:16 --------- d-----w C:\Program Files\QuickTime
2008-09-11 20:16 --------- d-----w C:\Program Files\Apple Software Update
2008-09-11 20:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-11 20:15 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-09-11 20:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-09-11 19:03 --------- d-----w C:\Program Files\Azureus
2008-09-11 19:00 --------- d-----w C:\Program Files\Lexmark X1100 Series
2008-09-11 18:57 --------- d-----w C:\Program Files\Google
2008-09-11 18:56 --------- d-----w C:\Program Files\Java
2008-09-11 18:54 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-09-11 18:51 --------- d-----w C:\Program Files\LimeWire
2008-09-11 18:50 --------- d-----w C:\Program Files\DVD Shrink
2008-09-11 18:50 --------- d-----w C:\Program Files\Alwil Software
2008-09-11 18:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-09-11 18:49 --------- d-----w C:\Program Files\Cool MP3 Converter
2008-09-11 18:48 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-09-11 18:48 --------- d-----w C:\Documents and Settings\Beauseigneur\Application Data\DAEMON Tools
2008-09-11 18:47 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-11 18:27 --------- d-sh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-09-11 18:26 --------- d-----w C:\Program Files\Windows Live
2008-09-11 18:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-10 22:00 --------- d-----w C:\Program Files\Yahoo!
2008-09-10 21:39 --------- d-----w C:\Program Files\Launch Manager
2008-09-10 21:38 --------- d-----w C:\Program Files\Synaptics
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-20 05:10 670,208 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-20 05:10 670,208 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2008-08-20 05:10 620,544 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2008-08-20 05:10 3,088,896 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-20 05:10 1,499,648 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-08-14 13:23 2,147,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:23 2,025,984 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 10:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-14 53248]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"BisonBar"="C:\WINDOWS\BUtilityBar\BisonBar.exe" [2006-09-08 245760]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-09-23 61440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 421888]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 413696]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-27 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-15 C:\WINDOWS\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=npeasu.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Acer Empowering Technology.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Acer Empowering Technology.lnk
backup=C:\WINDOWS\pss\Acer Empowering Technology.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePresentation HPD]
--a------ 2006-03-31 16:39 204800 C:\Acer\Empowering Technology\ePresentation\ePresentation.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-05-10 11:12 90112 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boot]
--a------ 2006-03-15 22:12 579584 C:\Acer\Empowering Technology\ePower\Boot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
--a------ 2006-05-30 12:11 421888 C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
--a------ 2003-08-19 10:48 57344 C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
--a------ 2006-06-22 22:59 602112 C:\PROGRA~1\LAUNCH~1\LManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 04:34 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
--a------ 2005-05-11 17:15 45056 C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\System32\\dpvsetup.exe"=
"C:\\Program Files\\Guillemot\\tools\\giWebUpdater.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Bonjour

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;C:\WINDOWS\system32\eLock2BurnerLockDriver.sys [ ]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;C:\WINDOWS\system32\eLock2FSCTLDriver.sys [ ]
S3 cmudau;C-Media USB Sound Interface;C:\WINDOWS\system32\drivers\cmudaxu.sys [2005-12-29 1390656]
S3 HDJCtrl;Hercules DJ Control MP3 Service;C:\WINDOWS\system32\Drivers\HDJCtrl.sys [2007-02-08 11008]
S3 HDJMidi;Hercules DJ Console MIDI;C:\WINDOWS\system32\DRIVERS\HDJMidi.sys [2007-02-08 39296]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wsvad_driver;Daniusoft Audio Device;C:\WINDOWS\system32\drivers\VirtualAudio.sys [2008-07-11 20608]
.
Contenu du dossier 'Tâches planifiées'

2008-09-11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{42AE1DA1-FF60-4435-A81F-9B6538F865A6} - C:\WINDOWS\system32\hgGWoopP.dll
BHO-{470347e3-6bbd-40a4-9adf-a294ddc20041} - C:\WINDOWS\system32\npeasu.dll
BHO-{50CB3372-3E86-434F-93BD-8C81B69ABF05} - C:\WINDOWS\system32\awtqrpop.dll
HKCU-Run-TotalSecure2009 - C:\Program Files\TS-2009\scan.exe
HKLM-Run-e309f5f6 - C:\WINDOWS\system32\worflrti.dll
HKLM-Run-LaunchApp - (no file)
HKLM-Run-CmUsbSound - cmcnfgu.cpl
ShellExecuteHooks-{42AE1DA1-FF60-4435-A81F-9B6538F865A6} - C:\WINDOWS\system32\hgGWoopP.dll
MSConfigStartUp-eLockMonitor - C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe


.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
R0 -: HKLM-Main,Start Page = hxxp://fr.fr.acer.yahoo.com
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://fr.fr.acer.yahoo.com/
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/

O16 -: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - hxxps://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
C:\WINDOWS\Downloaded Program Files\setup.inf
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-21 19:56:00
Windows 5.1.2600 Service Pack 3 FAT NTAPI

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\LEXPPS.EXE
C:\ACER\EMPOWERING TECHNOLOGY\EPERFORMANCE\MEMCHECK.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE
C:\WINDOWS\EHOME\EHRECVR.EXE
C:\WINDOWS\EHOME\EHSCHED.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\LIGHTSCRIBE\LSSRVC.EXE
C:\WINDOWS\EHOME\MCRDSVC.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\WINDOWS\SYSTEM32\WBEM\WMIAPSRV.EXE
C:\WINDOWS\SYSTEM32\DLLHOST.EXE
C:\WINDOWS\EHOME\EHMSAS.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Heure de fin: 2008-10-21 19:58:13 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-21 17:58:06

Avant-CF: 82 030 919 680 octets libres
Après-CF: 82,392,547,328 octets libres

315 --- E O F --- 2008-10-16 16:59:17

voila aide moi stppp

Bonne continuation ;-)
1
Réponse 3 / 5
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
21 oct. 2008 à 20:31
On va finir par bien se connaitre sacabouffe; moi c´est julie ? et toi ? hi hi

cyril68,

post un nouveau rapport hijack this stp

@+
1
Réponse 4 / 5
cyril.du.68
21 oct. 2008 à 20:14
ComboFix 08-10-19.04 - Beauseigneur 2008-10-21 19:49:58.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.441 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Beauseigneur\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Beauseigneur\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Program Files\TS-2009
C:\Program Files\TS-2009\scan.exe
C:\Program Files\TS-2009\totalsecure.s2
C:\Program Files\TS-2009\totalsecure.s3
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\k.txt
C:\WINDOWS\system32\awtqrpop.dll
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\hgGWoopP.dll
C:\WINDOWS\system32\itrlfrow.ini
C:\WINDOWS\system32\ksiktxht.dll
C:\WINDOWS\system32\npeasu.dll
C:\WINDOWS\system32\opnlKAtT.dll
C:\WINDOWS\system32\poprqtwa.ini
C:\WINDOWS\system32\poprqtwa.ini2
C:\WINDOWS\system32\worflrti.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-21 au 2008-10-21 ))))))))))))))))))))))))))))))))))))
.

2008-10-21 18:35 . 2008-10-21 18:35 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-21 18:35 . 2008-10-21 18:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-20 16:18 . 2008-10-20 16:18 <REP> d-------- C:\Casino
2008-10-19 22:31 . 2008-10-19 22:31 <REP> d-------- C:\Documents and Settings\Beauseigneur\Application Data\AdobeUM
2008-10-19 22:14 . 2008-10-19 22:14 <REP> d-------- C:\Program Files\Hercules
2008-10-19 22:14 . 2007-02-08 18:37 19,456 --a------ C:\WINDOWS\system32\hdjcprop.dll
2008-10-19 22:14 . 2007-02-08 18:28 11,008 --a------ C:\WINDOWS\system32\drivers\hdjctrl.sys
2008-10-19 22:10 . 2008-10-19 22:10 <REP> d--hs---- C:\FOUND.000
2008-10-19 21:48 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-10-19 21:48 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
2008-10-19 21:19 . 2008-10-19 21:19 <REP> d-------- C:\Program Files\Guillemot
2008-10-19 21:19 . 2007-02-08 17:29 118,784 --a------ C:\WINDOWS\system32\HDJAPI.dll
2008-10-19 21:19 . 2005-01-28 11:49 106,496 --a------ C:\WINDOWS\system32\GUStrLib.dll
2008-10-19 21:19 . 2007-01-09 13:47 86,016 --a------ C:\WINDOWS\system32\HRFDongle.dll
2008-10-19 21:19 . 2007-02-08 18:23 39,296 --a------ C:\WINDOWS\system32\drivers\HDJMidi.sys
2008-10-19 21:19 . 2007-02-09 09:27 23,040 --a------ C:\WINDOWS\system32\HDJSAPI.dll
2008-10-19 21:17 . 2008-10-19 21:18 <REP> d-------- C:\Documents and Settings\Beauseigneur\Application Data\InstallShield
2008-10-19 21:16 . 2008-10-19 21:16 <REP> d-------- C:\Program Files\VirtualDJ
2008-10-19 21:11 . 2008-10-19 21:11 <REP> d-------- C:\Downloads
2008-10-19 21:11 . 2008-10-19 21:11 <REP> d-------- C:\Documents and Settings\Beauseigneur\Application Data\GetRightToGo
2008-10-19 14:49 . 2008-10-19 14:49 0 --a------ C:\WINDOWS\mngui.INI
2008-10-19 14:43 . 2008-10-19 14:43 <REP> d-------- C:\Documents and Settings\Beauseigneur\Application Data\Teleca
2008-10-19 14:41 . 2008-10-19 14:41 <REP> d-------- C:\Documents and Settings\Beauseigneur\Application Data\Sony Ericsson
2008-10-19 14:40 . 2008-10-19 14:40 <REP> d-------- C:\Program Files\Fichiers communs\Teleca Shared
2008-10-15 20:51 . 2008-08-14 15:23 2,191,232 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 20:51 . 2008-08-14 15:23 2,147,328 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 20:51 . 2008-08-14 15:23 2,068,096 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 20:51 . 2008-08-14 15:23 2,025,984 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-15 20:51 . 2008-09-15 17:26 1,846,528 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-15 20:51 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-09 21:23 . 2008-10-09 21:23 <REP> d-------- C:\WINDOWS\Sun
2008-10-07 21:21 . 2007-02-05 19:56 6,082,560 -ra------ C:\WINDOWS\system\cmcnfgu.cpl
2008-10-07 21:21 . 2005-12-29 09:45 917,504 -ra------ C:\WINDOWS\system\cmds3du.dll
2008-10-07 21:21 . 2005-12-29 09:45 712,704 -ra------ C:\WINDOWS\system32\a3dpropu.dll
2008-10-07 21:21 . 2005-12-29 09:46 98,304 -ra------ C:\WINDOWS\system32\cmudau.dll
2008-10-07 21:21 . 2005-12-29 09:45 61,440 -ra------ C:\WINDOWS\system\cmsnxeye.exe
2008-10-07 21:21 . 2005-12-29 09:45 16,384 -ra------ C:\WINDOWS\system32\cmpropu.dll
2008-10-07 21:21 . 2006-12-01 13:27 495 -ra------ C:\WINDOWS\system\CmcnfgU.ini
2008-10-07 21:20 . 2008-10-07 21:20 16 --a------ C:\WINDOWS\wininit.ini
2008-10-07 21:10 . 2004-08-10 20:00 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-10-07 19:00 . 2008-10-07 19:00 <REP> d-------- C:\Documents and Settings\Beauseigneur\Application Data\Propellerhead Software
2008-10-07 19:00 . 2008-10-07 19:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
2008-10-07 19:00 . 2008-10-07 19:01 368,640 --a------ C:\WINDOWS\system32\ReWire.dll
2008-10-07 19:00 . 2008-10-07 19:01 233,472 --a------ C:\WINDOWS\system32\REX Shared Library.dll
2008-10-07 18:26 . 2008-10-07 18:26 <REP> d-------- C:\Program Files\Propellerhead
2008-10-07 17:55 . 2005-12-29 09:46 1,390,656 -ra------ C:\WINDOWS\system32\drivers\cmudaxu.sys
2008-10-07 17:55 . 2005-12-29 09:45 712,704 --a------ C:\WINDOWS\system32\dllcache\a3d.dll
2008-10-07 17:55 . 2005-12-29 09:45 712,704 -ra------ C:\WINDOWS\system32\a3d.dll
2008-10-07 17:55 . 2005-12-29 09:45 315,392 -ra------ C:\WINDOWS\system\cmifltr.dll
2008-10-07 17:55 . 2005-12-29 09:45 241,664 -ra------ C:\WINDOWS\system32\cmdrvrmu.exe
2008-10-07 17:55 . 2005-12-29 09:45 45,056 -ra------ C:\WINDOWS\system32\cmdrvrmu.dll
2008-10-07 17:54 . 2008-10-07 17:54 <REP> d-------- C:\Program Files\SilverCrest Vibration Headset
2008-10-07 17:54 . 2006-12-01 15:47 129,654 -r------- C:\WINDOWS\JACKBMP.BMP
2008-10-07 17:54 . 2007-01-16 01:49 65,536 -r------- C:\WINDOWS\VMix.dll
2008-10-07 17:54 . 2005-12-29 09:46 40,960 -r------- C:\WINDOWS\CmiUSB2Uninstall.exe
2008-10-07 17:54 . 2007-02-01 18:11 13,824 -r------- C:\WINDOWS\Thumbs.db
2008-10-07 17:54 . 2005-12-29 09:45 5,690 -r------- C:\WINDOWS\Cmudau.ini
2008-10-07 17:54 . 2006-12-01 14:02 2,302 -r------- C:\WINDOWS\logo.ico
2008-10-07 17:53 . 2008-04-13 20:45 60,032 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-10-07 17:53 . 2008-04-13 20:45 60,032 --a------ C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-10-07 17:53 . 2004-08-10 20:00 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-10-07 17:53 . 2004-08-10 20:00 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-10-07 17:14 . 2008-10-07 17:14 <REP> d-------- C:\Program Files\Buzz
2008-10-07 17:11 . 2008-10-07 17:11 <REP> d-------- C:\Program Files\Jeskola Buzz
2008-10-07 17:05 . 2008-10-07 17:05 <REP> d-------- C:\Program Files\Audacity
2008-10-01 21:24 . 2008-10-01 21:24 <REP> d-------- C:\Program Files\Free Audio Pack
2008-10-01 21:24 . 1998-06-17 01:00 516,173 --a------ C:\WINDOWS\system32\MSVCP60D.DLL
2008-10-01 21:24 . 2003-08-07 17:01 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-09-23 18:30 . 2008-09-23 18:30 <REP> d-------- C:\Program Files\Shareaza
2008-09-23 18:30 . 2008-09-23 18:30 <REP> d-------- C:\Documents and Settings\Beauseigneur\Application Data\Shareaza
2008-09-23 14:43 . 2008-09-23 14:43 <REP> d-------- C:\Documents and Settings\Beauseigneur\Application Data\Azureus
2008-09-23 14:43 . 2008-09-23 14:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-09-23 14:26 . 2008-09-23 14:26 <REP> d-------- C:\Program Files\eMule
2008-09-22 18:07 . 2008-09-22 18:07 <REP> d-------- C:\Program Files\AirPort
2008-09-21 21:01 . 2008-09-21 21:01 8,840 --a------ C:\WINDOWS\SEC15B3.PNF
2008-09-21 20:57 . 2008-09-21 20:57 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-09-21 20:57 . 2008-09-21 20:57 <REP> d-------- C:\WINDOWS\system32\fr
2008-09-21 20:57 . 2008-09-21 20:57 <REP> d-------- C:\WINDOWS\system32\bits
2008-09-21 20:57 . 2008-09-21 20:57 <REP> d-------- C:\WINDOWS\l2schemas
2008-09-21 20:55 . 2008-09-21 20:55 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-09-21 20:51 . 2008-09-21 20:51 2,948 --a------ C:\WINDOWS\SEC2E3.PNF

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-15 15:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-14 20:21 --------- d-----w C:\Documents and Settings\Beauseigneur\Application Data\dBpoweramp
2008-09-14 20:20 --------- d-----w C:\Documents and Settings\Beauseigneur\Application Data\AccurateRip
2008-09-14 20:19 5,052,280 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2008-09-14 19:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-14 18:37 --------- d-----w C:\Program Files\VirginMega
2008-09-14 14:30 --------- d-----w C:\Documents and Settings\Beauseigneur\Application Data\LimeWire
2008-09-13 12:16 --------- d-----w C:\Documents and Settings\Beauseigneur\Application Data\vlc
2008-09-12 23:22 --------- d-----w C:\Program Files\VideoLAN
2008-09-12 14:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-09-12 14:24 --------- d-----w C:\Documents and Settings\Beauseigneur\Application Data\CyberLink
2008-09-12 14:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-09-11 20:17 --------- d-----w C:\Program Files\iTunes
2008-09-11 20:17 --------- d-----w C:\Program Files\iPod
2008-09-11 20:17 --------- d-----w C:\Program Files\Bonjour
2008-09-11 20:17 --------- d-----w C:\Documents and Settings\Beauseigneur\Application Data\Apple Computer
2008-09-11 20:16 --------- d-----w C:\Program Files\QuickTime
2008-09-11 20:16 --------- d-----w C:\Program Files\Apple Software Update
2008-09-11 20:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-11 20:15 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-09-11 20:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-09-11 19:03 --------- d-----w C:\Program Files\Azureus
2008-09-11 19:00 --------- d-----w C:\Program Files\Lexmark X1100 Series
2008-09-11 18:57 --------- d-----w C:\Program Files\Google
2008-09-11 18:56 --------- d-----w C:\Program Files\Java
2008-09-11 18:54 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-09-11 18:51 --------- d-----w C:\Program Files\LimeWire
2008-09-11 18:50 --------- d-----w C:\Program Files\DVD Shrink
2008-09-11 18:50 --------- d-----w C:\Program Files\Alwil Software
2008-09-11 18:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-09-11 18:49 --------- d-----w C:\Program Files\Cool MP3 Converter
2008-09-11 18:48 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-09-11 18:48 --------- d-----w C:\Documents and Settings\Beauseigneur\Application Data\DAEMON Tools
2008-09-11 18:47 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-11 18:27 --------- d-sh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-09-11 18:26 --------- d-----w C:\Program Files\Windows Live
2008-09-11 18:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-10 22:00 --------- d-----w C:\Program Files\Yahoo!
2008-09-10 21:39 --------- d-----w C:\Program Files\Launch Manager
2008-09-10 21:38 --------- d-----w C:\Program Files\Synaptics
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-20 05:10 670,208 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-20 05:10 670,208 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2008-08-20 05:10 620,544 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2008-08-20 05:10 3,088,896 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-20 05:10 1,499,648 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-08-14 13:23 2,147,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:23 2,025,984 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 10:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 5
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
21 oct. 2008 à 19:33
Salut,

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Repost également un nouveau rapport hijack this stp

@+
-1

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses