virus TR/vundo.gn

  Bonjour,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".

Afin de lancer la recherche, clic sur"Rechercher".

Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

AIDE : Tuto en images sur MBAM

 

Salut Merrilym,
et merci pour ton aide.

Voici le rapport de malwareByte's anti-malware :

Malwarebytes' Anti-Malware 1.11
Version de la base de données: 700

Type de recherche: Examen complet (C:\|D:\|K:\|)
Eléments examinés: 105936
Temps écoulé: 2 hour(s), 55 minute(s), 23 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 16

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\rqRHBTmK.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{4020100d-29d7-4392-afd5-5ad713ff4b88} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4020100d-29d7-4392-afd5-5ad713ff4b88} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqrhbtmk (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{4020100d-29d7-4392-afd5-5ad713ff4b88} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM313e2b3d (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\rqRHBTmK.dll (Trojan.Vundo) -> Delete on reboot.
C:\System Volume Information\_restore{9DD3F3E8-B9D2-4B43-86C6-42956C30E17F}\RP452\A0069326.DLL (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9DD3F3E8-B9D2-4B43-86C6-42956C30E17F}\RP454\A0069410.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9DD3F3E8-B9D2-4B43-86C6-42956C30E17F}\RP454\A0069506.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9DD3F3E8-B9D2-4B43-86C6-42956C30E17F}\RP456\A0069699.DLL (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9DD3F3E8-B9D2-4B43-86C6-42956C30E17F}\RP457\A0069877.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9DD3F3E8-B9D2-4B43-86C6-42956C30E17F}\RP458\A0069884.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9DD3F3E8-B9D2-4B43-86C6-42956C30E17F}\RP458\A0069888.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9DD3F3E8-B9D2-4B43-86C6-42956C30E17F}\RP458\A0069908.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9DD3F3E8-B9D2-4B43-86C6-42956C30E17F}\RP458\A0069951.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9DD3F3E8-B9D2-4B43-86C6-42956C30E17F}\RP458\A0069952.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9DD3F3E8-B9D2-4B43-86C6-42956C30E17F}\RP458\A0069959.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9DD3F3E8-B9D2-4B43-86C6-42956C30E17F}\RP458\A0069960.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\vkabxwoy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\rqRHyWml.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\programmes\Nero Ultra 6.6.1.15a + Keygen + Audio Plugins\Keygen\Keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.

... petite info supplémentaire: le virus est toujours là, AntiVir le détecte toujours.

Je ne sais pas si c'est nécessaire, mais je te joins le nouveau rapport hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:43, on 2008-04-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\xampplite\apache\bin\apache.exe
C:\Program Files\UnivLaval\cvpnd.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
D:\xampplite\apache\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Documents and Settings\TONY EDITH\Bureau\HiJackThis.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\DOCUME~1\TONYED~1\LOCALS~1\Temp\RtkBtMnt.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WeatherEye.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\sistray.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4020100D-29D7-4392-AFD5-5AD713FF4B88} - C:\WINDOWS\system32\rqRHBTmK.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O4 - HKCU\..\Run: [MétéoIMédia] C:\WeatherEye
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Universite Laval Client VPN ULaval.lnk = C:\Program Files\UnivLaval\vpngui.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://geo.ville.quebec.qc.ca/carte_int/acgm.cab
O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - C:\Program Files\ImpotRapide 2007\ic2007pp.dll
O20 - Winlogon Notify: rqRHBTmK - C:\WINDOWS\SYSTEM32\rqRHBTmK.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apache2 - Apache Software Foundation - D:\xampplite\apache\bin\apache.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\UnivLaval\cvpnd.exe
O23 - Service: mysql - Unknown owner - D:\xampplite\mysql\bin\mysqld-nt.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 7834 bytes

 

1) [~] Aller dans poste de travail/outils/option des dossiers/affichage/afficher les fichiers et dossiers cachés/Appliquer - - > OK
[~] Aller dans poste de travail/outils/option des dossiers/affichage/décocher masquer les fichiers protégés du système d'exploitation./Appliquer - - > OK

Tu recocheras après.


- Poste de travail/outils/option des dossiers/affichage/décocher masquer les extensions dont le type est connu./Appliquer - - > OK

2) Désactive toute protection résidente ( antivirus…) !
Déconnecte-toi d’internet, ferme tous les programmes en cours et laisse combofix travailler : ne fais donc pas autre chose en même temps !

Télécharge Combofix de sUBs
Sauvegarde le sur ton bureau et pas ailleurs !
Redémarre en mode sans échecs : aide ici >>>
http://forum.telecharger.01net.com/telecharger/virus_et...
/!\ Ne jamais redémarrer en mode sans échec via msconfig ! /!\

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport. Il se trouve ici : C:\Combofix.txt

3) Copie/colle un nouveau rapport HiJackThis avec.

Bonne soirée  

Hello,

voilà donc le rapport de combofix :

ComboFix 08-04-29.3 - TONY EDITH 2008-04-30 17:38:35.3 - FAT32x86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.289 [GMT -4:00]
Endroit: C:\Documents and Settings\TONY EDITH\Bureau\ComboFix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\rqRHBTmK.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-28 to 2008-04-30 ))))))))))))))))))))))))))))))))))))
.

2008-04-30 07:30 . 2008-04-30 07:30 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-30 07:30 . 2008-04-30 07:30 <REP> d-------- C:\Documents and Settings\TONY EDITH\Application Data\Malwarebytes
2008-04-30 07:30 . 2008-04-30 07:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-29 19:24 . 2008-04-29 19:24 <REP> d-------- C:\VundoFix Backups
2008-04-29 19:22 . 2008-04-29 19:22 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
2008-04-29 19:16 . 2008-04-29 19:16 <REP> d-------- C:\Program Files\Avira
2008-04-29 19:16 . 2008-04-29 19:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-27 18:56 . 2008-04-27 18:56 <REP> d-------- C:\Program Files\NeroInstall.bak
2008-04-27 18:50 . 2008-04-27 18:50 <REP> d-------- C:\Program Files\Nero
2008-04-27 16:56 . 2008-04-27 16:57 <REP> d-------- C:\Program Files\uTorrent
2008-04-25 20:16 . 2008-04-27 16:28 32 --a------ C:\WINDOWS\CDMKR32.INI
2008-04-23 18:20 . 2006-08-01 15:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-04-23 18:19 . 2008-04-23 18:19 <REP> d-------- C:\Program Files\Realtek AC97
2008-04-23 18:19 . 2006-11-17 05:40 18,804,736 --a------ C:\WINDOWS\system32\alsndmgr.cpl
2008-04-23 18:19 . 2006-12-08 15:20 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
2008-04-23 18:19 . 2008-01-24 16:36 4,127,488 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys
2008-04-23 18:19 . 2007-04-16 15:28 577,536 --a------ C:\WINDOWS\soundman.exe
2008-04-23 18:19 . 2006-07-31 11:19 315,392 --a------ C:\WINDOWS\alcupd.exe
2008-04-23 18:19 . 2006-07-31 11:27 217,088 --a------ C:\WINDOWS\Alcrmv.exe
2008-04-23 18:19 . 2006-10-18 02:53 147,456 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2008-04-23 18:19 . 2002-02-05 13:54 141,016 --a------ C:\WINDOWS\system32\alsndmgr.wav
2008-04-22 22:04 . 2008-04-22 22:04 <REP> d-------- C:\Documents and Settings\TONY EDITH\Application Data\Canon
2008-04-22 21:10 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-22 21:10 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-04-22 21:05 . 2008-04-22 21:05 <REP> d-------- C:\Documents and Settings\TONY EDITH\Application Data\ScanSoft
2008-04-22 21:05 . 2008-04-22 21:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-04-22 21:05 . 2008-04-22 21:05 412 --a------ C:\WINDOWS\MAXLINK.INI
2008-04-22 21:04 . 2008-04-22 21:04 <REP> d-------- C:\Program Files\ScanSoft
2008-04-22 21:04 . 2008-04-22 21:04 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
2008-04-22 21:04 . 2008-04-22 21:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-04-22 21:00 . 2008-04-22 21:00 <REP> d-------- C:\Program Files\Fichiers communs\CANON
2008-04-22 20:57 . 2008-04-22 20:57 <REP> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2008-04-22 20:57 . 2008-04-22 20:57 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-04-22 20:57 . 2007-04-15 16:00 215,040 --a------ C:\WINDOWS\system32\CNMLM93.DLL
2008-04-22 20:56 . 2008-04-22 20:56 <REP> d--h----- C:\Program Files\CanonBJ
2008-04-22 20:56 . 2007-03-23 03:30 1,400,832 --a------ C:\WINDOWS\system32\CNC610C.DLL
2008-04-22 20:56 . 2007-04-13 01:46 200,704 --a------ C:\WINDOWS\system32\CNC610L.DLL
2008-04-22 20:56 . 2007-03-15 01:12 188,416 --a------ C:\WINDOWS\system32\CNC610O.DLL
2008-04-22 20:56 . 2007-03-23 03:29 98,304 --a------ C:\WINDOWS\system32\CNC610I.DLL
2008-04-22 20:54 . 2008-04-22 20:54 <REP> d-------- C:\Program Files\Canon
2008-04-21 12:59 . 2008-04-22 07:20 646 ---hs---- C:\WINDOWS\system32\dugtbycw.ini
2008-04-20 23:51 . 2008-04-29 18:09 109,734 --a------ C:\WINDOWS\BM313e2b3d.xml
2008-04-20 18:43 . 2008-04-20 18:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-20 15:49 . 2008-04-27 22:59 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-20 15:37 . 2008-04-20 15:37 <REP> d-------- C:\Documents and Settings\TONY EDITH\Application Data\Ahead
2008-04-20 15:35 . 2008-04-20 15:35 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2008-04-20 15:03 . 2008-04-20 15:03 0 --a------ C:\WINDOWS\Irremote.ini
2008-04-20 11:51 . 2008-04-20 11:51 <REP> d-------- C:\Documents and Settings\TONY EDITH\Application Data\Nero
2008-04-20 11:48 . 2008-04-20 11:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-04-20 11:47 . 2008-04-20 11:48 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-04-20 11:41 . 2008-04-20 11:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-14 18:26 . 2008-04-14 18:26 <REP> d-------- C:\Program Files\Astonsoft
2008-04-14 18:26 . 2008-04-14 18:26 <REP> d-------- C:\Documents and Settings\TONY EDITH\Application Data\DeepBurner
2008-04-07 21:04 . 2002-11-05 15:16 57,344 --a------ C:\WINDOWS\system32\Wnaspint.dll
2008-04-04 18:13 . 2008-04-04 18:13 <REP> d-------- C:\Documents and Settings\TONY EDITH\Application Data\U3
2008-03-09 17:22 . 2008-03-09 17:22 <REP> d-------- C:\WINDOWS\Internet Logs
2008-03-09 17:20 . 2006-11-10 10:46 29,752 --------- C:\WINDOWS\system32\InstHelper.dll
2008-03-09 17:20 . 2008-03-09 17:20 8 --a------ C:\WINDOWS\system32\success
2008-03-09 17:18 . 2008-03-09 17:18 <REP> d-------- C:\Program Files\UnivLaval
2008-03-09 17:18 . 2008-03-09 17:18 <REP> d-------- C:\Program Files\Fichiers communs\Deterministic Networks
2008-03-09 17:18 . 2006-11-10 10:44 305,788 --a------ C:\WINDOWS\system32\drivers\CVPNDRVA.sys
2008-03-09 17:18 . 2006-11-10 10:46 197,680 --a------ C:\WINDOWS\system32\vpnapi.dll
2008-03-09 17:18 . 2006-11-10 10:46 193,584 --a------ C:\WINDOWS\system32\CSGina.dll
2008-03-09 17:18 . 2006-09-21 17:55 126,864 --a------ C:\WINDOWS\system32\drivers\dne2000.sys
2008-03-09 17:18 . 2006-09-21 17:55 101,904 --a------ C:\WINDOWS\system32\dneinobj.dll
2008-03-09 17:18 . 2005-05-17 04:51 5,315 --a------ C:\WINDOWS\system32\drivers\CVirtA.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-02-28 21:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-02-26 20:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:35 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-18 20:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2008-02-16 09:32 670,208 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-16 09:32 670,208 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2008-02-16 09:32 620,544 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2008-02-16 09:32 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2008-02-16 09:32 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2008-02-16 09:32 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2008-02-16 09:32 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-02-16 09:32 3,087,872 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-16 09:32 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2008-02-16 09:32 1,499,648 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-02-16 09:31 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2008-02-16 09:31 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2008-02-16 09:31 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2008-02-16 09:31 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2008-02-16 09:31 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2008-02-16 09:31 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2008-02-16 09:31 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2008-02-16 09:31 1,056,768 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2008-02-16 09:31 1,024,512 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2008-02-15 09:07 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2008-01-06 15:25 1,712,201 ----a-w C:\WINDOWS\system32\InetClnt.dll
2007-05-19 03:17 15,174,784 ----a-w C:\Program Files\setupfre.exe
2006-10-11 22:31 5,037,072 ----a-w C:\Program Files\spybotsd14.exe
2006-10-07 18:04 14,405,024 ----a-w C:\Program Files\google-earth_google_earth_4.0.2091_beta_francais_14783.exe
2006-10-06 23:14 6,512,888 ----a-w C:\Program Files\winamp53_full_emusic-7plus.exe
.

((((((((((((((((((((((((((((( snapshot@2008-04-29_20.02.23.64 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-30 00:00:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-30 21:41:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MétéoIMédia"="C:\WeatherEye" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 18:15 45056]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
"SiSPower"="SiSPower.dll" [2005-07-13 02:55 49152 C:\WINDOWS\system32\SiSPower.dll]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 17:00 397312]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 15:04 1544192]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 12:01 644696]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 12:50 1603152]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 12:02 79400]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07 49263]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Microsoft Updates"="svehost.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
--a------ 2005-10-19 18:19 49152 C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AspireService]
C:\Program Files\Acer\Acer eMode Management\AspireService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-02-28 17:07 1828136 C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaSync]
C:\Program Files\Acer\Acer eConsole\MediaSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\utorrent\\utorrent.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=

R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R3 PAC7311;VGA SoC PC-Camer@;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-09-16 13:34]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 05:00]
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{479943e8-0294-11dd-9997-0015e9a886fd}]
\Shell\AutoRun\command - F:\LaunchU3.exe

*Newly Created Service* - INT15.SYS
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-30 17:41:35
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE
C:\PROGRAM FILES\ANI\ANIWZCS2 SERVICE\ANIWZCSDS.EXE
C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE
D:\xampplite\apache\bin\apache.exe
C:\PROGRAM FILES\UNIVLAVAL\CVPND.EXE
C:\PROGRAM FILES\NERO\NERO8\NERO BACKITUP\NBSERVICE.EXE
C:\WINDOWS\SYSTEM32\IOCTLSVC.EXE
C:\WINDOWS\SYSTEM32\PASTISVC.EXE
C:\WINDOWS\SYSTEM32\WDFMGR.EXE
D:\xampplite\apache\bin\apache.exe
C:\WEATHEREYE.EXE
C:\DOCUME~1\TONYED~1\LOCALS~1\Temp\RtkBtMnt.EXE
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-30 17:43:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-30 21:43:26
ComboFix3.txt 2008-04-30 00:02:58
ComboFix2.txt 2008-04-30 00:16:36

Pre-Run: 20,933,443,584 octets libres
Post-Run: 20,451,852,288 octets libres

225 --- E O F --- 2008-04-21 16:14:14



... et puis le rapport hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:44:21, on 2008-04-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\xampplite\apache\bin\apache.exe
C:\Program Files\UnivLaval\cvpnd.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
D:\xampplite\apache\bin\apache.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WeatherEye.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\TONYED~1\LOCALS~1\Temp\RtkBtMnt.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\TONY EDITH\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O4 - HKCU\..\Run: [MétéoIMédia] C:\WeatherEye
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Universite Laval Client VPN ULaval.lnk = C:\Program Files\UnivLaval\vpngui.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://geo.ville.quebec.qc.ca/carte_int/acgm.cab
O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - C:\Program Files\ImpotRapide 2007\ic2007pp.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apache2 - Apache Software Foundation - D:\xampplite\apache\bin\apache.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\UnivLaval\cvpnd.exe
O23 - Service: mysql - Unknown owner - D:\xampplite\mysql\bin\mysqld-nt.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 7766 bytes