Win32:Adware-gen [Adw] :-(
on va continuer ensuite par
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
clique sur VirtumundoBeGone.exe
suis les instructions.
Quand il a finit, colle ici le rapport.
[11/27/2007, 19:21:26] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet
Files\Content.IE5\V22FBV0F\VirtumundoBeGone[1].exe
" )
[11/27/2007, 19:21:33] - Detected System Information:
[11/27/2007, 19:21:33] - Windows Version: 5.1.2600, Service Pack 2
[11/27/2007, 19:21:33] - Current Username: Aurélien (Admin)
[11/27/2007, 19:21:33] - Windows is in NORMAL mode.
[11/27/2007, 19:21:33] - Searching for Browser Helper Objects:
[11/27/2007, 19:21:33] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[11/27/2007, 19:21:33] - BHO 2: {0997A2BC-3A84-46CE-B8AC-276F83D7D71A} ()
[11/27/2007, 19:21:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/27/2007, 19:21:34] - Checking for HKLM\...\Winlogon\Notify\ejup83122.exe
[11/27/2007, 19:21:34] - Key not found: HKLM\...\Winlogon\Notify\ejup83122.exe, continuing.
[11/27/2007, 19:21:34] - BHO 3: {3A2224A0-B114-4491-9305-FD0E4B55FA1E} ()
[11/27/2007, 19:21:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/27/2007, 19:21:34] - Checking for HKLM\...\Winlogon\Notify\rqrsqop
[11/27/2007, 19:21:34] - Found: HKLM\...\Winlogon\Notify\rqrsqop - This is probably Virtumundo.
[11/27/2007, 19:21:34] - Assigning {3A2224A0-B114-4491-9305-FD0E4B55FA1E} MSEvents Object
[11/27/2007, 19:21:34] - BHO list has been changed! Starting over...
[11/27/2007, 19:21:34] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[11/27/2007, 19:21:34] - BHO 2: {0997A2BC-3A84-46CE-B8AC-276F83D7D71A} ()
[11/27/2007, 19:21:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/27/2007, 19:21:34] - Checking for HKLM\...\Winlogon\Notify\ejup83122.exe
[11/27/2007, 19:21:34] - Key not found: HKLM\...\Winlogon\Notify\ejup83122.exe, continuing.
[11/27/2007, 19:21:34] - BHO 3: {3A2224A0-B114-4491-9305-FD0E4B55FA1E} (MSEvents Object)
[11/27/2007, 19:21:34] - ALERT: Found MSEvents Object!
[11/27/2007, 19:21:34] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[11/27/2007, 19:21:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/27/2007, 19:21:34] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[11/27/2007, 19:21:34] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[11/27/2007, 19:21:34] - BHO 5: {5ab9a3a3-08b8-4a7d-bed2-7ede5a07e413} ()
[11/27/2007, 19:21:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/27/2007, 19:21:34] - Checking for HKLM\...\Winlogon\Notify\cqnwlnnj
[11/27/2007, 19:21:34] - Key not found: HKLM\...\Winlogon\Notify\cqnwlnnj, continuing.
[11/27/2007, 19:21:34] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[11/27/2007, 19:21:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/27/2007, 19:21:34] - No filename found. Continuing.
[11/27/2007, 19:21:34] - BHO 7: {84FEC272-7E46-4FF5-86AC-B3CA3B4BD4F7} ()
[11/27/2007, 19:21:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/27/2007, 19:21:34] - Checking for HKLM\...\Winlogon\Notify\jkkjk
[11/27/2007, 19:21:34] - Key not found: HKLM\...\Winlogon\Notify\jkkjk, continuing.
[11/27/2007, 19:21:34] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[11/27/2007, 19:21:34] - BHO 9: {A95B2816-1D7E-4561-A202-68C0DE02353A} ()
[11/27/2007, 19:21:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/27/2007, 19:21:34] - Checking for HKLM\...\Winlogon\Notify\vrdsqkjm
[11/27/2007, 19:21:34] - Found: HKLM\...\Winlogon\Notify\vrdsqkjm - This is probably Virtumundo.
[11/27/2007, 19:21:34] - Assigning {A95B2816-1D7E-4561-A202-68C0DE02353A} MSEvents Object
[11/27/2007, 19:21:34] - BHO list has been changed! Starting over...
[11/27/2007, 19:21:34] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[11/27/2007, 19:21:34] - BHO 2: {0997A2BC-3A84-46CE-B8AC-276F83D7D71A} ()
[11/27/2007, 19:21:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/27/2007, 19:21:34] - Checking for HKLM\...\Winlogon\Notify\ejup83122.exe
[11/27/2007, 19:21:34] - Key not found: HKLM\...\Winlogon\Notify\ejup83122.exe, continuing.
[11/27/2007, 19:21:34] - BHO 3: {3A2224A0-B114-4491-9305-FD0E4B55FA1E} (MSEvents Object)
[11/27/2007, 19:21:34] - ALERT: Found MSEvents Object!
[11/27/2007, 19:21:34] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[11/27/2007, 19:21:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/27/2007, 19:21:34] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[11/27/2007, 19:21:34] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[11/27/2007, 19:21:34] - BHO 5: {5ab9a3a3-08b8-4a7d-bed2-7ede5a07e413} ()
[11/27/2007, 19:21:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/27/2007, 19:21:34] - Checking for HKLM\...\Winlogon\Notify\cqnwlnnj
[11/27/2007, 19:21:34] - Key not found: HKLM\...\Winlogon\Notify\cqnwlnnj, continuing.
[11/27/2007, 19:21:34] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[11/27/2007, 19:21:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/27/2007, 19:21:34] - No filename found. Continuing.
[11/27/2007, 19:21:34] - BHO 7: {84FEC272-7E46-4FF5-86AC-B3CA3B4BD4F7} ()
[11/27/2007, 19:21:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/27/2007, 19:21:34] - Checking for HKLM\...\Winlogon\Notify\jkkjk
[11/27/2007, 19:21:34] - Key not found: HKLM\...\Winlogon\Notify\jkkjk, continuing.
[11/27/2007, 19:21:34] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[11/27/2007, 19:21:34] - BHO 9: {A95B2816-1D7E-4561-A202-68C0DE02353A} (MSEvents Object)
[11/27/2007, 19:21:34] - ALERT: Found MSEvents Object!
[11/27/2007, 19:21:34] - BHO 10: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[11/27/2007, 19:21:34] - BHO 11: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[11/27/2007, 19:21:34] - Finished Searching Browser Helper Objects
[11/27/2007, 19:21:34] - *** Detected MSEvents Object
[11/27/2007, 19:21:34] - Trying to remove MSEvents Object...
[11/27/2007, 19:21:35] - Terminating Process: IEXPLORE.EXE
[11/27/2007, 19:21:36] - Terminating Process: RUNDLL32.EXE
[11/27/2007, 19:21:36] - Disabling Automatic Shell Restart
[11/27/2007, 19:21:36] - Terminating Process: EXPLORER.EXE
[11/27/2007, 19:21:36] - Suspending the NT Session Manager System Service
[11/27/2007, 19:21:36] - Terminating Windows NT Logon/Logoff Manager
[11/27/2007, 19:21:36] - Re-enabling Automatic Shell Restart
[11/27/2007, 19:21:37] - File to disable: C:\WINDOWS\system32\rqrsqop.dll
[11/27/2007, 19:21:37] - Renaming C:\WINDOWS\system32\rqrsqop.dll -> C:\WINDOWS\system32\rqrsqop.dll.vir
[11/27/2007, 19:21:37] - File successfully renamed!
[11/27/2007, 19:21:37] - Removing HKLM\...\Browser Helper Objects\{3A2224A0-B114-4491-9305-FD0E4B55FA1E}
[11/27/2007, 19:21:37] - Removing
HKCR\CLSID\{3A2224A0-B114-4491-9305-FD0E4B55FA1E}
[11/27/2007, 19:21:37] - Adding Kill Bit for ActiveX for GUID: {3A2224A0-B114-4491-9305-FD0E4B55FA1E}
[11/27/2007, 19:21:37] - Deleting ATLEvents/MSEvents Registry entries
[11/27/2007, 19:21:37] - Removing HKLM\...\Winlogon\Notify\rqrsqop
[11/27/2007, 19:21:37] - Searching for Browser Helper Objects:
[11/27/2007, 19:21:37] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[11/27/2007, 19:21:37] - BHO 2: {0997A2BC-3A84-46CE-B8AC-276F83D7D71A} ()
[11/27/2007, 19:21:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/27/2007, 19:21:37] - Checking for HKLM\...\Winlogon\Notify\ejup83122.exe
[11/27/2007, 19:21:37] - Key not found: HKLM\...\Winlogon\Notify\ejup83122.exe, continuing.
[11/27/2007, 19:21:37] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[11/27/2007, 19:21:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/27/2007, 19:21:37] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[11/27/2007, 19:21:37] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[11/27/2007, 19:21:37] - BHO 4: {5ab9a3a3-08b8-4a7d-bed2-7ede5a07e413} ()
[11/27/2007, 19:21:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/27/2007, 19:21:37] - Checking for HKLM\...\Winlogon\Notify\cqnwlnnj
[11/27/2007, 19:21:37] - Key not found: HKLM\...\Winlogon\Notify\cqnwlnnj, continuing.
[11/27/2007, 19:21:37] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[11/27/2007, 19:21:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/27/2007, 19:21:37] - No filename found. Continuing.
[11/27/2007, 19:21:37] - BHO 6: {84FEC272-7E46-4FF5-86AC-B3CA3B4BD4F7} ()
[11/27/2007, 19:21:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/27/2007, 19:21:37] - Checking for HKLM\...\Winlogon\Notify\jkkjk
[11/27/2007, 19:21:37] - Key not found: HKLM\...\Winlogon\Notify\jkkjk, continuing.
[11/27/2007, 19:21:37] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[11/27/2007, 19:21:37] - BHO 8: {A95B2816-1D7E-4561-A202-68C0DE02353A} (MSEvents Object)
[11/27/2007, 19:21:37] - ALERT: Found MSEvents Object!
[11/27/2007, 19:21:37] - BHO 9: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[11/27/2007, 19:21:38] - BHO 10: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[11/27/2007, 19:21:38] - Finished Searching Browser Helper Objects
[11/27/2007, 19:21:38] - *** Detected MSEvents Object
[11/27/2007, 19:21:38] - Trying to remove MSEvents Object...
[11/27/2007, 19:21:39] - Terminating Process: IEXPLORE.EXE
[11/27/2007, 19:21:39] - Terminating Process: RUNDLL32.EXE
[11/27/2007, 19:21:39] - Disabling Automatic Shell Restart
[11/27/2007, 19:21:39] - Terminating Process: EXPLORER.EXE
[11/27/2007, 19:21:39] - Suspending the NT Session Manager System Service
[11/27/2007, 19:21:39] - Terminating Windows NT Logon/Logoff Manager
[11/27/2007, 19:21:39] - Re-enabling Automatic Shell Restart
[11/27/2007, 19:21:39] - File to disable: C:\WINDOWS\system32\vrdsqkjm.dll
[11/27/2007, 19:21:39] - Renaming C:\WINDOWS\system32\vrdsqkjm.dll -> C:\WINDOWS\system32\vrdsqkjm.dll.vir
[11/27/2007, 19:21:39] - File successfully renamed!
[11/27/2007, 19:21:39] - Removing HKLM\...\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}
[11/27/2007, 19:21:39] - Removing
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
[11/27/2007, 19:21:39] - Adding Kill Bit for ActiveX for GUID: {A95B2816-1D7E-4561-A202-68C0DE02353A}
[11/27/2007, 19:21:39] - Deleting ATLEvents/MSEvents Registry entries
[11/27/2007, 19:21:39] - Removing HKLM\...\Winlogon\Notify\vrdsqkjm
[11/27/2007, 19:21:39] - Searching for Browser Helper Objects:
[11/27/2007, 19:21:39] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[11/27/2007, 19:21:39] - BHO 2: {0997A2BC-3A84-46CE-B8AC-276F83D7D71A} ()
[11/27/2007, 19:21:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/27/2007, 19:21:39] - Checking for HKLM\...\Winlogon\Notify\ejup83122.exe
[11/27/2007, 19:21:39] - Key not found: HKLM\...\Winlogon\Notify\ejup83122.exe, continuing.
[11/27/2007, 19:21:39] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[11/27/2007, 19:21:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/27/2007, 19:21:39] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[11/27/2007, 19:21:39] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[11/27/2007, 19:21:39] - BHO 4: {5ab9a3a3-08b8-4a7d-bed2-7ede5a07e413} ()
[11/27/2007, 19:21:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/27/2007, 19:21:39] - Checking for HKLM\...\Winlogon\Notify\cqnwlnnj
[11/27/2007, 19:21:39] - Key not found: HKLM\...\Winlogon\Notify\cqnwlnnj, continuing.
[11/27/2007, 19:21:40] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[11/27/2007, 19:21:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/27/2007, 19:21:40] - No filename found. Continuing.
[11/27/2007, 19:21:40] - BHO 6: {84FEC272-7E46-4FF5-86AC-B3CA3B4BD4F7} ()
[11/27/2007, 19:21:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/27/2007, 19:21:40] - Checking for HKLM\...\Winlogon\Notify\jkkjk
[11/27/2007, 19:21:40] - Key not found: HKLM\...\Winlogon\Notify\jkkjk, continuing.
[11/27/2007, 19:21:40] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[11/27/2007, 19:21:40] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[11/27/2007, 19:21:40] - BHO 9: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[11/27/2007, 19:21:40] - Finished Searching Browser Helper Objects
[11/27/2007, 19:21:40] - Finishing up...
[11/27/2007, 19:21:40] - A restart is needed.
[11/27/2007, 19:21:40] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[11/27/2007, 19:21:59] - Attempting to Restart via STOP error (Blue Screen!)
à evilelf loool
je comprend rien à ce rapport....
ça serait bien qu´il repasse l´analiser
pas grave on va continuer avec combofix
http://download.bleepingccomputer.com/sUBs/ComboFix.exe
postes le rapport
- Télécharge VundoFix (by Atribune) sur ton bureau :
http://www.atribune.org/ccount/click.php?id=4
- Clique sur "VundoFix.exe" puis sur "Scan for Vundo"
- Lorsque le scan est terminé, clique sur "Remove Vundo". On te demandera si tu veux supprimer les fichiers, clique sur "Yes" (si le bureau disparaît c’est normal) puis on te demandera si tu veux redémarrer ton PC, clique alors sur OK.
Copie/colle le rapport ici (situer ici : "C:\vundofix.txt") ainsi qu´un nouveau log Hijackthis.
ComboFix 07-11-19.4 - Aurélien 2007-11-27 19:36:31.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.565 [GMT 1:00]
Running from: C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\GDWDGBYV\ComboFix[1].exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
C:\Documents and Settings\Aurélien\Bureau\Live Safety Center.lnk
C:\Documents and Settings\Aurélien\Bureau\Online Security Guide.lnk
C:\Documents and Settings\Aurélien\Favoris\Online Security Guide.lnk
C:\Documents and Settings\Gino\Bureau\Live Safety Center.lnk
C:\Documents and Settings\Gino\Bureau\Online Security Guide.lnk
C:\Documents and Settings\Gino\Favoris\Online Security Guide.lnk
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\system32\c3
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\h1
C:\WINDOWS\system32\jkkjk.dll
C:\WINDOWS\system32\kjkkj.ini
C:\WINDOWS\system32\kjkkj.ini2
C:\WINDOWS\system32\m4
C:\WINDOWS\system32\m4\ejup83122.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\vrdsqkjm.dllbox
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services
)))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NPF
-------\DomainService
-------\NPF
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-27 to 2007-11-27 ))))))))))))))))))))))))))))))))))))
.
2007-11-27 19:19 <REP> d-------- C:\VundoFix Backups
2007-11-27 18:30 <REP> d-------- C:\Program Files\Trend Micro
2007-11-27
13:21 78,912 --a------ C:\WINDOWS\system32\cqnwlnn
j.dll
2007-11-27
13:18 85,056 --a------ C:\WINDOWS\system32\wlgfnui
u.dll
2007-11-27
13:17 <REP> d-------- C:\WINDOWS\system32\rMa05yy
2007-11-27 13:17 <REP> d-------- C:\temp\abW9
2007-11-27
13:17 145,984 --a------ C:\WINDOWS\system32\klfliw
lk.dll
2007-11-26 11:03 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-27 12:18 134 ----a-w C:\n.bat
2007-11-27 12:17 512 ----a-w C:\z.dat
2007-11-27 12:17 172,032 ----a-w C:\winlogon.exe
2007-11-27 12:17 0 ----a-w C:\x.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg
)))))))))))))))))))))))))))))))))))))))))))))))))
.
.
- Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0997A2BC-3A84-46CE-B8AC-276F83D7D71A}]
C:\Program Files\Movie
Maker\mewofymyC:\WINDOWS\system32\m4\ejup83122.exe
.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5ab9a3a3-08b8-4a7d-bed2-7ede5a07e413}]
2007-11-27
13:22 78912 --a------ C:\WINDOWS\system32\cqnwlnnj
.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curr
entVersion\Run]
"SmpcSys"="C:\APPS\SMP\SmpSys.exe" [2005-11-17 08:51]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"swg"="C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNo
tifier.exe" [2007-08-19 16:55]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur
rentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT
\TINTSETP.exe" [2004-08-10 13:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TIN
TSETP.exe" [2004-08-10 13:00]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 13:01]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 13:27 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 17:04 C:\WINDOWS\SkyTel.exe]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-10 13:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-04-27 23:47 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-10 13:00 C:\WINDOWS\system32\rundll32.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 02:52]
"Vade Retro Outlook
Express"="C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_
oe.exe" [2004-10-04 12:03]
"DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 05:15]
"ISUSPM
Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\I
SUSPM.exe" []
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" []
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 13:00]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 10:31]
"EPSON Stylus C64
Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\
3\E_S10IC2.exe" [2003-05-27 04:08]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e
xe" [2001-07-09 10:50]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 08:18]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"
[2007-09-06 11:06]
"Client Access Service"="C:\Program Files\IBM\Client Access\cwbsvstr.exe" [2004-01-23 04:30]
"Client Access Help Update"="C:\Program Files\IBM\Client Access\cwbinhlp.exe" [2004-01-23 04:30]
"Client Access Check Version"="C:\Program Files\IBM\Client Access\cwbckver.exe" [2004-01-23 04:30]
"Client Access Express Welcome"="C:\Program Files\IBM\Client Access\cwbwlwiz.exe" [2004-01-23 04:30]
"Client Access PC5250 Sound"="C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe" [2004-01-23 04:30]
"OoPDFSettingsv6.exe"="C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe" [2007-07-27 13:58]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cu
rrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\cur
rentversion\policies\system]
"InstallVisualStyle"=
C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contr
ol\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkkjk.dll
R2 CVPNDRV;Cisco Systems IPsec
Driver;\??\C:\WINDOWS\system32\Drivers\CVPNDRV.sys
S0
viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viam
raid.sys
S3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys
S3 TUSB1150;devolo WLAN USB Stick;C:\WINDOWS\system32\DRIVERS\tusb1150.sys
.
Contenu du dossier ´Scheduled Tasks/Tƒches planifi‚es´
"2007-11-21 13:14:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
- ***********************************************
- *********************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-11-27 19:41:17
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
- ***********************************************
- *********************
.
Completion time: 2007-11-27 19:43:00 - machine was rebooted
.
--- E O F ---
ben je pense que ça doit-être bon... a confirmer par d´autre membre
repostes un rapport hijack pour verifier 
et pense a changer d´antivirus, antivir par exemple qui est bien meilleur et utilises avg antispyware à la place de spybot
Merci bcp a tous ! C´est passé :P
Bonne soirée
"Merci bcp a tous ! C´est passé :P "
Les pop up, j´en doute pas, le reste faut voir ...
De plus on a pas eu le rapport de Vundofix :honte;
- Aide à l'achat Mac
- Internet
- Macintosh
- Création de sites web
- Création de Jeux
- Linux
- Programmation
- Steam Deck
- Hardware