Se connecter / S'enregistrer
Votre question

virus TR/vundo.gn

Tags :
  • Acer
  • Sécurité
Dernière réponse : dans Sécurité et virus
30 Avril 2008 03:09:23

Bonjour,

le trojan TR/Vundo.gen est bien accroché à mon PC... pas moyen de l'enlever avec antivir ni vundofix.

J'ai vu qu'il y avait un moyen de l'enlever grâce à hijackthis et combofix, quelqu'un peut-il m'aider dans cette démarche ?

Merci d'avance

Voici le rapport de hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:06:14, on 2008-04-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\xampplite\apache\bin\apache.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\UnivLaval\cvpnd.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WeatherEye.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\PAStiSvc.exe
D:\xampplite\apache\bin\apache.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\TONYED~1\LOCALS~1\Temp\RtkBtMnt.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\TONY EDITH\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4020100D-29D7-4392-AFD5-5AD713FF4B88} - C:\WINDOWS\system32\rqRHBTmK.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BM313e2b3d] Rundll32.exe "C:\WINDOWS\system32\sxlprxtr.dll",s
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O4 - HKCU\..\Run: [MétéoIMédia] C:\WeatherEye
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Universite Laval Client VPN ULaval.lnk = C:\Program Files\UnivLaval\vpngui.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://geo.ville.quebec.qc.ca/carte_int/acgm.cab
O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - C:\Program Files\ImpotRapide 2007\ic2007pp.dll
O20 - Winlogon Notify: rqRHBTmK - C:\WINDOWS\SYSTEM32\rqRHBTmK.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apache2 - Apache Software Foundation - D:\xampplite\apache\bin\apache.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\UnivLaval\cvpnd.exe
O23 - Service: mysql - Unknown owner - D:\xampplite\mysql\bin\mysqld-nt.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 8008 bytes

Autres pages sur : virus vundo

30 Avril 2008 09:41:36

:hello:  Bonjour,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM

    ;) 
    30 Avril 2008 18:28:45

    Salut Merrilym,
    et merci pour ton aide.

    Voici le rapport de malwareByte's anti-malware :

    Malwarebytes' Anti-Malware 1.11
    Version de la base de données: 700

    Type de recherche: Examen complet (C:\|D:\|K:\|)
    Eléments examinés: 105936
    Temps écoulé: 2 hour(s), 55 minute(s), 23 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 6
    Valeur(s) du Registre infectée(s): 2
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 16

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\rqRHBTmK.dll (Trojan.Vundo) -> Unloaded module successfully.

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\CLSID\{4020100d-29d7-4392-afd5-5ad713ff4b88} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4020100d-29d7-4392-afd5-5ad713ff4b88} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqrhbtmk (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{4020100d-29d7-4392-afd5-5ad713ff4b88} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM313e2b3d (Trojan.Agent) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\rqRHBTmK.dll (Trojan.Vundo) -> Delete on reboot.
    C:\System Volume Information\_restore{9DD3F3E8-B9D2-4B43-86C6-42956C30E17F}\RP452\A0069326.DLL (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{9DD3F3E8-B9D2-4B43-86C6-42956C30E17F}\RP454\A0069410.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{9DD3F3E8-B9D2-4B43-86C6-42956C30E17F}\RP454\A0069506.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{9DD3F3E8-B9D2-4B43-86C6-42956C30E17F}\RP456\A0069699.DLL (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{9DD3F3E8-B9D2-4B43-86C6-42956C30E17F}\RP457\A0069877.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{9DD3F3E8-B9D2-4B43-86C6-42956C30E17F}\RP458\A0069884.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{9DD3F3E8-B9D2-4B43-86C6-42956C30E17F}\RP458\A0069888.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{9DD3F3E8-B9D2-4B43-86C6-42956C30E17F}\RP458\A0069908.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{9DD3F3E8-B9D2-4B43-86C6-42956C30E17F}\RP458\A0069951.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{9DD3F3E8-B9D2-4B43-86C6-42956C30E17F}\RP458\A0069952.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{9DD3F3E8-B9D2-4B43-86C6-42956C30E17F}\RP458\A0069959.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{9DD3F3E8-B9D2-4B43-86C6-42956C30E17F}\RP458\A0069960.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\vkabxwoy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\rqRHyWml.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    D:\programmes\Nero Ultra 6.6.1.15a + Keygen + Audio Plugins\Keygen\Keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    Contenus similaires
    30 Avril 2008 18:38:40


    ... petite info supplémentaire: le virus est toujours là, AntiVir le détecte toujours.

    Je ne sais pas si c'est nécessaire, mais je te joins le nouveau rapport hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:37:43, on 2008-04-30
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    D:\xampplite\apache\bin\apache.exe
    C:\Program Files\UnivLaval\cvpnd.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\system32\svchost.exe
    D:\xampplite\apache\bin\apache.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\Documents and Settings\TONY EDITH\Bureau\HiJackThis.exe
    C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\DOCUME~1\TONYED~1\LOCALS~1\Temp\RtkBtMnt.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WeatherEye.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\sistray.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {4020100D-29D7-4392-AFD5-5AD713FF4B88} - C:\WINDOWS\system32\rqRHBTmK.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
    O4 - HKCU\..\Run: [MétéoIMédia] C:\WeatherEye
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Universite Laval Client VPN ULaval.lnk = C:\Program Files\UnivLaval\vpngui.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://geo.ville.quebec.qc.ca/carte_int/acgm.cab
    O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - C:\Program Files\ImpotRapide 2007\ic2007pp.dll
    O20 - Winlogon Notify: rqRHBTmK - C:\WINDOWS\SYSTEM32\rqRHBTmK.dll
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apache2 - Apache Software Foundation - D:\xampplite\apache\bin\apache.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\UnivLaval\cvpnd.exe
    O23 - Service: mysql - Unknown owner - D:\xampplite\mysql\bin\mysqld-nt.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

    --
    End of file - 7834 bytes
    30 Avril 2008 19:06:36

    :hello: 

    1) [~] Aller dans poste de travail/outils/option des dossiers/affichage/afficher les fichiers et dossiers cachés/Appliquer - - > OK
    [~] Aller dans poste de travail/outils/option des dossiers/affichage/décocher masquer les fichiers protégés du système d'exploitation./Appliquer - - > OK

    Tu recocheras après.


    - Poste de travail/outils/option des dossiers/affichage/décocher masquer les extensions dont le type est connu./Appliquer - - > OK

    2) Désactive toute protection résidente ( antivirus…) !
    Déconnecte-toi d’internet, ferme tous les programmes en cours et laisse combofix travailler : ne fais donc pas autre chose en même temps !


    Télécharge Combofix de sUBs
    Sauvegarde le sur ton bureau et pas ailleurs !
    Redémarre en mode sans échecs : aide ici >>>
    http://forum.telecharger.01net.com/telecharger/virus_et...
    /!\ Ne jamais redémarrer en mode sans échec via msconfig ! /!\

    Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport. Il se trouve ici : C:\Combofix.txt

    3) Copie/colle un nouveau rapport HiJackThis avec.

    Bonne soirée :hello: 
    30 Avril 2008 23:49:42


    Hello,

    voilà donc le rapport de combofix :

    ComboFix 08-04-29.3 - TONY EDITH 2008-04-30 17:38:35.3 - FAT32x86 MINIMAL
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.289 [GMT -4:00]
    Endroit: C:\Documents and Settings\TONY EDITH\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\rqRHBTmK.dll

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-28 to 2008-04-30 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-30 07:30 . 2008-04-30 07:30 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-30 07:30 . 2008-04-30 07:30 <REP> d-------- C:\Documents and Settings\TONY EDITH\Application Data\Malwarebytes
    2008-04-30 07:30 . 2008-04-30 07:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-29 19:24 . 2008-04-29 19:24 <REP> d-------- C:\VundoFix Backups
    2008-04-29 19:22 . 2008-04-29 19:22 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
    2008-04-29 19:16 . 2008-04-29 19:16 <REP> d-------- C:\Program Files\Avira
    2008-04-29 19:16 . 2008-04-29 19:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-04-27 18:56 . 2008-04-27 18:56 <REP> d-------- C:\Program Files\NeroInstall.bak
    2008-04-27 18:50 . 2008-04-27 18:50 <REP> d-------- C:\Program Files\Nero
    2008-04-27 16:56 . 2008-04-27 16:57 <REP> d-------- C:\Program Files\uTorrent
    2008-04-25 20:16 . 2008-04-27 16:28 32 --a------ C:\WINDOWS\CDMKR32.INI
    2008-04-23 18:20 . 2006-08-01 15:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
    2008-04-23 18:19 . 2008-04-23 18:19 <REP> d-------- C:\Program Files\Realtek AC97
    2008-04-23 18:19 . 2006-11-17 05:40 18,804,736 --a------ C:\WINDOWS\system32\alsndmgr.cpl
    2008-04-23 18:19 . 2006-12-08 15:20 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
    2008-04-23 18:19 . 2008-01-24 16:36 4,127,488 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys
    2008-04-23 18:19 . 2007-04-16 15:28 577,536 --a------ C:\WINDOWS\soundman.exe
    2008-04-23 18:19 . 2006-07-31 11:19 315,392 --a------ C:\WINDOWS\alcupd.exe
    2008-04-23 18:19 . 2006-07-31 11:27 217,088 --a------ C:\WINDOWS\Alcrmv.exe
    2008-04-23 18:19 . 2006-10-18 02:53 147,456 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
    2008-04-23 18:19 . 2002-02-05 13:54 141,016 --a------ C:\WINDOWS\system32\alsndmgr.wav
    2008-04-22 22:04 . 2008-04-22 22:04 <REP> d-------- C:\Documents and Settings\TONY EDITH\Application Data\Canon
    2008-04-22 21:10 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2008-04-22 21:10 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
    2008-04-22 21:05 . 2008-04-22 21:05 <REP> d-------- C:\Documents and Settings\TONY EDITH\Application Data\ScanSoft
    2008-04-22 21:05 . 2008-04-22 21:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
    2008-04-22 21:05 . 2008-04-22 21:05 412 --a------ C:\WINDOWS\MAXLINK.INI
    2008-04-22 21:04 . 2008-04-22 21:04 <REP> d-------- C:\Program Files\ScanSoft
    2008-04-22 21:04 . 2008-04-22 21:04 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
    2008-04-22 21:04 . 2008-04-22 21:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
    2008-04-22 21:00 . 2008-04-22 21:00 <REP> d-------- C:\Program Files\Fichiers communs\CANON
    2008-04-22 20:57 . 2008-04-22 20:57 <REP> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
    2008-04-22 20:57 . 2008-04-22 20:57 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
    2008-04-22 20:57 . 2007-04-15 16:00 215,040 --a------ C:\WINDOWS\system32\CNMLM93.DLL
    2008-04-22 20:56 . 2008-04-22 20:56 <REP> d--h----- C:\Program Files\CanonBJ
    2008-04-22 20:56 . 2007-03-23 03:30 1,400,832 --a------ C:\WINDOWS\system32\CNC610C.DLL
    2008-04-22 20:56 . 2007-04-13 01:46 200,704 --a------ C:\WINDOWS\system32\CNC610L.DLL
    2008-04-22 20:56 . 2007-03-15 01:12 188,416 --a------ C:\WINDOWS\system32\CNC610O.DLL
    2008-04-22 20:56 . 2007-03-23 03:29 98,304 --a------ C:\WINDOWS\system32\CNC610I.DLL
    2008-04-22 20:54 . 2008-04-22 20:54 <REP> d-------- C:\Program Files\Canon
    2008-04-21 12:59 . 2008-04-22 07:20 646 ---hs---- C:\WINDOWS\system32\dugtbycw.ini
    2008-04-20 23:51 . 2008-04-29 18:09 109,734 --a------ C:\WINDOWS\BM313e2b3d.xml
    2008-04-20 18:43 . 2008-04-20 18:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-04-20 15:49 . 2008-04-27 22:59 116 --a------ C:\WINDOWS\NeroDigital.ini
    2008-04-20 15:37 . 2008-04-20 15:37 <REP> d-------- C:\Documents and Settings\TONY EDITH\Application Data\Ahead
    2008-04-20 15:35 . 2008-04-20 15:35 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
    2008-04-20 15:03 . 2008-04-20 15:03 0 --a------ C:\WINDOWS\Irremote.ini
    2008-04-20 11:51 . 2008-04-20 11:51 <REP> d-------- C:\Documents and Settings\TONY EDITH\Application Data\Nero
    2008-04-20 11:48 . 2008-04-20 11:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
    2008-04-20 11:47 . 2008-04-20 11:48 <REP> d-------- C:\Program Files\Fichiers communs\Nero
    2008-04-20 11:41 . 2008-04-20 11:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
    2008-04-14 18:26 . 2008-04-14 18:26 <REP> d-------- C:\Program Files\Astonsoft
    2008-04-14 18:26 . 2008-04-14 18:26 <REP> d-------- C:\Documents and Settings\TONY EDITH\Application Data\DeepBurner
    2008-04-07 21:04 . 2002-11-05 15:16 57,344 --a------ C:\WINDOWS\system32\Wnaspint.dll
    2008-04-04 18:13 . 2008-04-04 18:13 <REP> d-------- C:\Documents and Settings\TONY EDITH\Application Data\U3
    2008-03-09 17:22 . 2008-03-09 17:22 <REP> d-------- C:\WINDOWS\Internet Logs
    2008-03-09 17:20 . 2006-11-10 10:46 29,752 --------- C:\WINDOWS\system32\InstHelper.dll
    2008-03-09 17:20 . 2008-03-09 17:20 8 --a------ C:\WINDOWS\system32\success
    2008-03-09 17:18 . 2008-03-09 17:18 <REP> d-------- C:\Program Files\UnivLaval
    2008-03-09 17:18 . 2008-03-09 17:18 <REP> d-------- C:\Program Files\Fichiers communs\Deterministic Networks
    2008-03-09 17:18 . 2006-11-10 10:44 305,788 --a------ C:\WINDOWS\system32\drivers\CVPNDRVA.sys
    2008-03-09 17:18 . 2006-11-10 10:46 197,680 --a------ C:\WINDOWS\system32\vpnapi.dll
    2008-03-09 17:18 . 2006-11-10 10:46 193,584 --a------ C:\WINDOWS\system32\CSGina.dll
    2008-03-09 17:18 . 2006-09-21 17:55 126,864 --a------ C:\WINDOWS\system32\drivers\dne2000.sys
    2008-03-09 17:18 . 2006-09-21 17:55 101,904 --a------ C:\WINDOWS\system32\dneinobj.dll
    2008-03-09 17:18 . 2005-05-17 04:51 5,315 --a------ C:\WINDOWS\system32\drivers\CVirtA.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
    2008-02-28 21:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
    2008-02-26 20:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
    2008-02-20 05:35 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
    2008-02-18 20:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
    2008-02-16 09:32 670,208 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-02-16 09:32 670,208 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
    2008-02-16 09:32 620,544 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    2008-02-16 09:32 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
    2008-02-16 09:32 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
    2008-02-16 09:32 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    2008-02-16 09:32 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    2008-02-16 09:32 3,087,872 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-02-16 09:32 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
    2008-02-16 09:32 1,499,648 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
    2008-02-16 09:31 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
    2008-02-16 09:31 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    2008-02-16 09:31 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    2008-02-16 09:31 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
    2008-02-16 09:31 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    2008-02-16 09:31 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    2008-02-16 09:31 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
    2008-02-16 09:31 1,056,768 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
    2008-02-16 09:31 1,024,512 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
    2008-02-15 09:07 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
    2008-01-06 15:25 1,712,201 ----a-w C:\WINDOWS\system32\InetClnt.dll
    2007-05-19 03:17 15,174,784 ----a-w C:\Program Files\setupfre.exe
    2006-10-11 22:31 5,037,072 ----a-w C:\Program Files\spybotsd14.exe
    2006-10-07 18:04 14,405,024 ----a-w C:\Program Files\google-earth_google_earth_4.0.2091_beta_francais_14783.exe
    2006-10-06 23:14 6,512,888 ----a-w C:\Program Files\winamp53_full_emusic-7plus.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-04-29_20.02.23.64 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-04-30 00:00:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-04-30 21:41:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MétéoIMédia"="C:\WeatherEye" [ ]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="Alaunch" []
    "ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 18:15 45056]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 05:00 208952]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
    "SiSPower"="SiSPower.dll" [2005-07-13 02:55 49152 C:\WINDOWS\system32\SiSPower.dll]
    "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 17:00 397312]
    "D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 15:04 1544192]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
    "CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 12:01 644696]
    "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 12:50 1603152]
    "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472]
    "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 12:02 79400]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07 49263]
    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "Microsoft Updates"="svehost.exe" []

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.X264"= x264vfw.dll
    "VIDC.3iv2"= 3ivxVfWCodec.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
    --a------ 2005-10-19 18:19 49152 C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AspireService]
    C:\Program Files\Acer\Acer eMode Management\AspireService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    --a------ 2008-02-28 17:07 1828136 C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaSync]
    C:\Program Files\Acer\Acer eConsole\MediaSync.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    -ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\utorrent\\utorrent.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=

    R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
    R3 PAC7311;VGA SoC PC-Camer@;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-09-16 13:34]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 05:00]
    S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{479943e8-0294-11dd-9997-0015e9a886fd}]
    \Shell\AutoRun\command - F:\LaunchU3.exe

    *Newly Created Service* - INT15.SYS
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-30 17:41:35
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE
    C:\PROGRAM FILES\ANI\ANIWZCS2 SERVICE\ANIWZCSDS.EXE
    C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE
    D:\xampplite\apache\bin\apache.exe
    C:\PROGRAM FILES\UNIVLAVAL\CVPND.EXE
    C:\PROGRAM FILES\NERO\NERO8\NERO BACKITUP\NBSERVICE.EXE
    C:\WINDOWS\SYSTEM32\IOCTLSVC.EXE
    C:\WINDOWS\SYSTEM32\PASTISVC.EXE
    C:\WINDOWS\SYSTEM32\WDFMGR.EXE
    D:\xampplite\apache\bin\apache.exe
    C:\WEATHEREYE.EXE
    C:\DOCUME~1\TONYED~1\LOCALS~1\Temp\RtkBtMnt.EXE
    C:\WINDOWS\system32\sistray.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-30 17:43:30 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-04-30 21:43:26
    ComboFix3.txt 2008-04-30 00:02:58
    ComboFix2.txt 2008-04-30 00:16:36

    Pre-Run: 20,933,443,584 octets libres
    Post-Run: 20,451,852,288 octets libres

    225 --- E O F --- 2008-04-21 16:14:14



    ... et puis le rapport hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:44:21, on 2008-04-30
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    D:\xampplite\apache\bin\apache.exe
    C:\Program Files\UnivLaval\cvpnd.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\system32\svchost.exe
    D:\xampplite\apache\bin\apache.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WeatherEye.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\DOCUME~1\TONYED~1\LOCALS~1\Temp\RtkBtMnt.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\sistray.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Documents and Settings\TONY EDITH\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
    O4 - HKCU\..\Run: [MétéoIMédia] C:\WeatherEye
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Universite Laval Client VPN ULaval.lnk = C:\Program Files\UnivLaval\vpngui.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://geo.ville.quebec.qc.ca/carte_int/acgm.cab
    O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - C:\Program Files\ImpotRapide 2007\ic2007pp.dll
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apache2 - Apache Software Foundation - D:\xampplite\apache\bin\apache.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\UnivLaval\cvpnd.exe
    O23 - Service: mysql - Unknown owner - D:\xampplite\mysql\bin\mysqld-nt.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

    --
    End of file - 7766 bytes
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS