Rapport combofix

[Francois2285]

Salut, hier j'ai eu un petit problème avec msn. On m'a conseiller de passer combofix pour rêgler le problème. Voici le rapport. Merci de me donner un coup de main.

 

 

ComboFix 08-03-25.4 - Francois Tremblay 2008-03-26 22:12:07.1 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.606 [GMT -4:00]

Endroit: C:\Documents and Settings\Francois Tremblay\Mes documents\ComboFix.exe

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Francois Tremblay\Application Data\DriveCleaner 2006 Free

C:\Documents and Settings\Francois Tremblay\Application Data\DriveCleaner 2006 Free\Logs\update.log

C:\Documents and Settings\Francois Tremblay\Application Data\macromedia\Flash Player\#SharedObjects\YPLHXAGS\www.broadcaster.com

C:\Documents and Settings\Francois Tremblay\Application Data\macromedia\Flash Player\#SharedObjects\YPLHXAGS\www.broadcaster.com\bc_video_vars.sol

C:\Documents and Settings\Francois Tremblay\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com

C:\Documents and Settings\Francois Tremblay\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol

C:\Documents and Settings\Francois Tremblay\err.log

C:\Program Files\Fichiers communs\{3C969~1

C:\Program Files\Fichiers communs\{9C969~1

C:\Program Files\video activex object

C:\Program Files\video activex object\ot.ico

C:\Program Files\video activex object\ts.ico

C:\WINDOWS\system32\cbXomnLD.dll

C:\WINDOWS\system32\ljJBrPIC.dll

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\ssqnkli.dll

C:\WINDOWS\system32\ssqPfdeB.dll

C:\WINDOWS\system32\unsvchosts.lzma

C:\WINDOWS\system32\wvUkHWMG.dll

 

.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-02-27 to 2008-03-27 ))))))))))))))))))))))))))))))))))))

.

 

2008-03-26 21:42 . 2008-03-26 21:42 290,752 --a------ C:\WINDOWS\system32\jkkIXoME.dll

2008-03-26 20:42 . 2008-03-26 20:42 290,752 --a------ C:\WINDOWS\system32\ljJCstqq.dll

2008-03-26 19:41 . 2008-03-26 19:42 290,752 --a------ C:\WINDOWS\system32\pmnLbabx.dll

2008-03-26 18:41 . 2008-03-26 18:42 290,752 --a------ C:\WINDOWS\system32\qoMeCvts.dll

2008-03-26 17:18 . 2008-03-26 17:18 <REP> d-------- C:\Program Files\MSN Messenger

2008-03-26 16:23 . 2008-03-26 16:23 38,400 -r-hs---- C:\WINDOWS\msn.com

2008-03-21 13:32 . 2008-03-21 13:32 <REP> d-------- C:\Program Files\Veoh Networks

2008-03-02 22:02 . 2008-03-02 22:02 <REP> d-------- C:\WINDOWS\Profiles

2008-03-02 22:02 . 2008-03-02 22:02 <REP> d-------- C:\Documents and Settings\Francois Tremblay\Application Data\InterTrust

2008-03-01 22:39 . 2008-03-01 22:39 <REP> d-------- C:\mGame

2008-02-29 11:52 . 2004-08-10 16:00 1,689,088 --a------ C:\WINDOWS\system32\719cab4.dll

2008-02-28 18:02 . 2008-02-28 18:03 <REP> d-------- C:\Documents and Settings\Francois Tremblay\Application Data\Ventrilo

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-27 02:10 --------- d-----w C:\Documents and Settings\Francois Tremblay\Application Data\AVG7

2008-03-25 21:55 --------- d-----w C:\Program Files\mIRC

2008-03-21 17:34 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-03 02:02 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-02-28 22:00 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard

2008-01-05 01:46 102,400 ----a-w C:\WINDOWS\DIIUnin.exe

2007-04-05 12:39 765,715 --sh--w C:\WINDOWS\system32\qrqss.bak1

2007-04-12 19:46 747,197 --sh--w C:\WINDOWS\system32\qrqss.bak2

2007-04-12 20:28 733,679 --sh--w C:\WINDOWS\system32\qrqss.ini2

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 16:00 15360]

"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-02-22 21:42 3537968]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-13 02:44 8429568]

"RTHDCPL"="RTHDCPL.EXE" [2006-05-31 20:48 16208384 C:\WINDOWS\RTHDCPL.exe]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 16:00 208952]

"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 16:00 44032]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 16:00 59392]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 16:00 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 16:00 455168]

"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 16:00 345088]

"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 15:40 413696]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-18 13:32 579072]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

"QuickFinder Scheduler"="C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2005-12-01 01:45 77892]

"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-08-11 17:30 249856]

"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 17:30 81920]

"snpstd"="C:\WINDOWS\vsnpstd.exe" [2003-12-31 18:39 40960]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]

"nwiz"="nwiz.exe" [2007-04-13 02:44 1626112 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-13 02:44 81920]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]

"Windows live Messenger"="msn.com" [2008-03-26 16:23 38400 C:\WINDOWS\msn.com]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 16:00 15360]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-18 13:32 219136]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

"{9C96951F-0710-1036-0914-060821060002}"= "C:\Program Files\Fichiers communs\{9C96951F-0710-1036-0914-060821060002}\Update.exe" mc-110-12-0002400

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{060BB0AB-4B09-4C51-9ECB-9580A6D08D7F}"= C:\WINDOWS\system32\cbXomnLD.dll [ ]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXomnLD]

cbXomnLD.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqrq]

C:\WINDOWS\system32\ssqrq.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrge32]

winrge32.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\InterVideo WinCinema Manager.lnk

backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]

--a------ 2006-04-18 20:54 49152 C:\WINDOWS\system32\SysMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlazeServoTool]

C:\Program Files\BlazeVideo\BlazeDTV2.1\MediaDetector.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EleFunAnimatedWallpaper]

C:\Program Files\EleFun Multimedia\Xmass Tree Wallpaper\Xmass Tree.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\emMON]

--a------ 2006-05-30 22:24 61440 C:\WINDOWS\emMON.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]

--a------ 2005-05-11 17:15 45056 c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2007-04-13 02:44 81920 C:\WINDOWS\system32\NvMcTray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2007-04-13 02:44 1626112 C:\WINDOWS\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

--a------ 2006-05-15 22:04 2879488 C:\WINDOWS\SkyTel.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2006-11-09 16:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]

--a------ 2006-09-23 14:08 61440 C:\Acer\WR_PopUp\WarReg_PopUp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2006-11-21 13:38 35328 C:\Program Files\Winamp\winampa.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDVR SchSvr]

--a------ 2005-04-14 02:14 106496 C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{9C96951F-0710-1036-0914-060821060002}]

C:\Program Files\Fichiers communs\{9C96951F-0710-1036-0914-060821060002}\Update.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\InterVideo\\MSIPVS3\\WinDvr.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\jeux\\Starcraft\\StarCraft.exe"=

"C:\\StubInstaller.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\mIRC\\mirc.exe"=

"C:\\jeux\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=

"C:\\jeux\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"=

"C:\\jeux\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.6.6337-enUS-downloader.exe"=

"C:\\jeux\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe"=

"C:\\jeux\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe"=

"C:\\jeux\\heroesII\\HEROES2W.EXE"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\WINDOWS\\system32\\rundll32.exe"=

"C:\\Program Files\\Conference\\Conference.dll"=

"C:\\Documents and Settings\\Francois Tremblay\\Mes documents\\WoW-BurningCrusade-Trial-enUS-Installer-downloader.exe"=

"D:\\jeux\\NWN\\nwn2main.exe"=

"D:\\jeux\\NWN\\nwn2main_amdxp.exe"=

"D:\\jeux\\NWN\\nwupdate.exe"=

"D:\\jeux\\NWN\\nwn2server.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"D:\\jeux\\Disciples 2 Collector's Edition\\Discipl2.exe"=

"C:\\Documents and Settings\\Francois Tremblay\\Mes documents\\silkroad\\Silkroad_Full-Client_Downloader.exe"=

"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"C:\\Program Files\\Internet Explorer\\iexplore.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

 

R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-10 16:00]

R3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 15:46]

R3 psdfilter;psdfilter;C:\WINDOWS\system32\Drivers\psdfilter.sys [2006-04-07 21:17]

R3 psdvdisk;psdvdisk;C:\WINDOWS\system32\Drivers\psdvdisk.sys [2006-03-08 18:10]

S3 USB28xxBGA;USB 2820 Device;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-09-12 22:21]

S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-08-22 00:38]

S3 XDva098;XDva098;C:\WINDOWS\system32\XDva098.sys []

S3 XDva104;XDva104;C:\WINDOWS\system32\XDva104.sys []

S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 11:38]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

 

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

"2008-03-21 21:16:32 C:\WINDOWS\Tasks\1-Click Maintenance.job"

- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe

"2008-01-08 17:00:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2007-04-24 22:44:30 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1168904061.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I

"2008-03-27 02:21:26 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Program Files\Windows Defender\MpCmdRun.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-26 22:18:46

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\WINDOWS\system32\imapi.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\eHome\ehmsas.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-03-26 22:21:54 - machine was rebooted

ComboFix-quarantined-files.txt 2008-03-27 02:21:51

.

2008-03-26 16:12:05 --- E O F ---

[Falkra]

Bonsoir, et on t'a laissé en plan après ? ComboFix n'est pas à utiliser à la légère, il ne faut pas l'utiliser comme solution à tout, surtout si on ne sait pas ce qu'on fait. Si la personne qui te l'a conseillé ne sait pas exactement ce qu'est ComboFix... ce n'est pas le meilleur conseil qu'on pouvait te donner.

 

PS : je ne sais pas si c'est le cas, mais ne te fais pas désinfecter sur 2 forums en même temps.

 

 

 

Poste un rapport HijackThis (2.0.2) qu'on y voie plus clair. Il y avait manifestement plusieurs infections.

 

Télécharger HijackThis vers ton bureau à aprtir de ce lien :

http://www.trendsecure.com/portal/en-US/_d.../HiJackThis.exe

Double clique dessus et fais Do a system scan and save a logfile.

Copie colle le rapport qui va s'afficher dans ta prochaine réponse.

 

@ toute

[Francois2285]

Voilà le rapport Hijackthis. Merci !

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:47:05, on 2008-03-26

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

C:\WINDOWS\vsnpstd.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe

C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\WINDOWS\eHome\ehSched.exe

c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\msn.com

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Francois Tremblay\Mes documents\HiJackThis\HijackThis.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Program Files\Internet Explorer\iexplore.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...k/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://cf.rd.yahoo.com/customize/ycomp/def...://cf.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {3B35DBFD-A282-483E-9791-A2B806B740AD} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {9F70249C-C946-4636-ADBE-A31D4661F49a} - (no file)

O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - (no file)

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\oqbdqjvw.dll",setvm

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\ixvtuytl.dll",setvm

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Windows live Messenger] msn.com

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Policies\Explorer\Run: [{9C96951F-0710-1036-0914-060821060002}] "C:\Program Files\Fichiers communs\{9C96951F-0710-1036-0914-060821060002}\Update.exe" mc-110-12-0002400

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe

O4 - Global Startup: Acer Empowering Technology.lnk = ?

O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

O8 - Extra context menu item: Ouvrir dans WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_USAv1001 Class) - http://ares.netgame.com/download/mglaunch_USAv1002.cab

O20 - Winlogon Notify: cbXomnLD - C:\WINDOWS\SYSTEM32\cbXomnLD.dll

O20 - Winlogon Notify: ssqrq - C:\WINDOWS\system32\ssqrq.dll (file missing)

O20 - Winlogon Notify: winrge32 - winrge32.dll (file missing)

O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe

[Falkra]

Re. Il y a pas mal de monde à virer ! On va faire un peu de tri, on finira autrement car tout ne partira pas.

 

 

Télécharge VundoFix.exe (par Atribune) sur ton bureau :

http://www.atribune.org/ccount/click.php?id=4

 

* Double-clique VundoFix.exe pour le lancer.

* Clique sur le bouton Scan for Vundo.

* Lorsque le scan est terminé, clique sur le bouton Fix Vundo

* Une invite te demandera si tu veux supprimer les fichiers, clique YES

* Après, le bureau disparaîtra un moment, c'est normal.

* Tu verras une invite qui t'annonce que ton PC va redémarrer; clique sur OK.

* Copie/colle le contenu du rapport situé dans C:\vundofix.txt

 

Note: Il est possible que VundoFix se trouve face à un fichier qu'il ne peut pas supprimer. Si cela se produit, il se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-dessus, à partir de "clique sur le bouton Scan for Vundo".

[Francois2285]

Salut, j'ai clické sur "fix vundo" après l'analyse de "scan for vundo" et le logiciel a répondu qu'il n'y avait pas de fichiers infectés.

 

@+

[Falkra]

Hum, il n'est plus ce qu'il était.

 

[*]Télécharge ]VirtumundoBeGone vers le bureau.

[*]Redémarre en mode sans échec. (F8 au démarrage et choisis Mode sans échec).

[*]Double clique sur VirtumundoBeGone.exe et suis les instructions

[*]Fais Exit lorsque les opérations sont terminées et redémarre en mode normal.

[*]Poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse.

 

NB : Si un message Ecran bleu "Erreur fatale" apparaît, pas d’inquiétude car c'est normal et attendu.