Besoin d'aide pour Trojan
ChtiLyonnais
Messages postés
6
Statut
Membre
-
ChtiLyonnais -
ChtiLyonnais -
Bonsoir mon problème est simple : je suis bombardé de messages de pub en tout genre pop ups et autres
mon bit defender reconnait et bloque trojan.dropper et trojan.agent.bon mais ne peut le supprimer
j'ai vu sur votre forum les manips à faire, j'ai tenter d'adapter sans succès vu que je suis un peu trop novice pour le faire (je pense)
mon sauveur existe-t-il ici???
mon bit defender reconnait et bloque trojan.dropper et trojan.agent.bon mais ne peut le supprimer
j'ai vu sur votre forum les manips à faire, j'ai tenter d'adapter sans succès vu que je suis un peu trop novice pour le faire (je pense)
mon sauveur existe-t-il ici???
A voir également:
- Besoin d'aide pour Trojan
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Anti trojan - Télécharger - Antivirus & Antimalwares
- Virus trojan al11 ✓ - Forum Virus
- Csrss.exe trojan fr ✓ - Forum Virus
- Trojan win32 - Forum Virus
14 réponses
Salut, juste un conseil, laisse IE et passe à Mozilla Firefox, tu verras que tu y gagneras en éfficacité avec tous les plugs in dispos tu arrive à bloquer ce que tu veut, tu rajoute adware se et roule raoul. Patrick.
c'est cetainement ce que je ferai
mais adaware plante au moment où il commence de toucher au fichiers sensible (ceux infectés) que detectent BD sans pouvoir les supprimer de mon disc
donc en attendant j'ai toujours 50.000 trucs qui viennent polluer mon pc sans parler des fenetres ki se ferment
mais adaware plante au moment où il commence de toucher au fichiers sensible (ceux infectés) que detectent BD sans pouvoir les supprimer de mon disc
donc en attendant j'ai toujours 50.000 trucs qui viennent polluer mon pc sans parler des fenetres ki se ferment
Bonjour,
comme si le maquillage rajeunissait !
Télécharge HijackThis ici:
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html
Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Démo : (Merci a Balltrap34 pour cette réalisation)
http://perso.orange.fr/rginformatique/section%20virus/Hijenr.gif
Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum
Démo : (Merci a Balltrap34 pour cette réalisation)
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
@+
comme si le maquillage rajeunissait !
Télécharge HijackThis ici:
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html
Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Démo : (Merci a Balltrap34 pour cette réalisation)
http://perso.orange.fr/rginformatique/section%20virus/Hijenr.gif
Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum
Démo : (Merci a Balltrap34 pour cette réalisation)
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
@+
Logfile of HijackThis v1.99.1
Scan saved at 00:30:52, on 22/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\CTsvcCDA.exe
D:\WINDOWS\System32\FTRTSVC.exe
D:\WINDOWS\system32\slserv.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
D:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Synaptics\SynTP\SynTPLpr.exe
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
D:\Program Files\Softwin\BitDefender10\bdagent.exe
D:\WINDOWS\system32\LVCOMSX.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\PROGRA~1\Wanadoo\TaskBarIcon.exe
D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
D:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
D:\PROGRA~1\Wanadoo\ComComp.exe
D:\Program Files\Softwin\BitDefender10\vsserv.exe
D:\PROGRA~1\Wanadoo\Toaster.exe
D:\PROGRA~1\Wanadoo\Inactivity.exe
D:\PROGRA~1\Wanadoo\PollingModule.exe
D:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\Documents and Settings\Olivier\Application Data\tmp31.tmp.exe
D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Documents and Settings\Olivier\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8320fe77-b9b0-4394-a5f0-5438c730cd56} - D:\WINDOWS\system32\igmSVC.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] D:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [BDMCon] D:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "D:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [winehq.org] rundll32.exe "D:\WINDOWS\pmlihf.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [WOOKIT] D:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4BA5F5AD-0539-473D-9AFD-BE3E55522B11}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{4BA5F5AD-0539-473D-9AFD-BE3E55522B11}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: d:\windows\system32\iifcyvs.dll
O20 - Winlogon Notify: igmSVC - D:\WINDOWS\SYSTEM32\igmSVC.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - D:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DomainService - - D:\Documents and Settings\Olivier\Application Data\tmp31.tmp.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - D:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - D:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: SmartLinkService (SLService) - - D:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - D:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - D:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Scan saved at 00:30:52, on 22/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\CTsvcCDA.exe
D:\WINDOWS\System32\FTRTSVC.exe
D:\WINDOWS\system32\slserv.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
D:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Synaptics\SynTP\SynTPLpr.exe
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
D:\Program Files\Softwin\BitDefender10\bdagent.exe
D:\WINDOWS\system32\LVCOMSX.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\PROGRA~1\Wanadoo\TaskBarIcon.exe
D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
D:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
D:\PROGRA~1\Wanadoo\ComComp.exe
D:\Program Files\Softwin\BitDefender10\vsserv.exe
D:\PROGRA~1\Wanadoo\Toaster.exe
D:\PROGRA~1\Wanadoo\Inactivity.exe
D:\PROGRA~1\Wanadoo\PollingModule.exe
D:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\Documents and Settings\Olivier\Application Data\tmp31.tmp.exe
D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Documents and Settings\Olivier\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8320fe77-b9b0-4394-a5f0-5438c730cd56} - D:\WINDOWS\system32\igmSVC.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] D:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [BDMCon] D:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "D:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [winehq.org] rundll32.exe "D:\WINDOWS\pmlihf.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [WOOKIT] D:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4BA5F5AD-0539-473D-9AFD-BE3E55522B11}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{4BA5F5AD-0539-473D-9AFD-BE3E55522B11}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: d:\windows\system32\iifcyvs.dll
O20 - Winlogon Notify: igmSVC - D:\WINDOWS\SYSTEM32\igmSVC.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - D:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DomainService - - D:\Documents and Settings\Olivier\Application Data\tmp31.tmp.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - D:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - D:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: SmartLinkService (SLService) - - D:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - D:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - D:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bonjour,
1) Tu n'as pas de parefeu. Ouvre ce lien et télécharge et configure erio en te servant du tuto.
http://kerio.probb.fr/Systemesd-exploitation-c1/Logiciels-et-tutoriels-gratuits-tries-par-categorie-f6/Tutoriel-pour-Kerio-4-version-gratuite-t201.htm
2) Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
Double-clique VundoFix.exe afin de le lancer.
Clique sur le bouton Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
Démarre ton PC à nouveau.
3) Rends toi sur ce site :
http://www.virustotal.com/xhtml/virustotal_en.html
Clique sur parcourir et cherche ce fichier :XXXXXXXXXXXXXXX
Clique sur send.
Un rapport va s'élaborer ligne à ligne.
Attends la fin. Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta réponse.
4) Remets un log Hijackthis.
@+
1) Tu n'as pas de parefeu. Ouvre ce lien et télécharge et configure erio en te servant du tuto.
http://kerio.probb.fr/Systemesd-exploitation-c1/Logiciels-et-tutoriels-gratuits-tries-par-categorie-f6/Tutoriel-pour-Kerio-4-version-gratuite-t201.htm
2) Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
Double-clique VundoFix.exe afin de le lancer.
Clique sur le bouton Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
Démarre ton PC à nouveau.
3) Rends toi sur ce site :
http://www.virustotal.com/xhtml/virustotal_en.html
Clique sur parcourir et cherche ce fichier :XXXXXXXXXXXXXXX
Clique sur send.
Un rapport va s'élaborer ligne à ligne.
Attends la fin. Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta réponse.
4) Remets un log Hijackthis.
@+
MON RAPPORT DE SCAN EN LIGNE__________________________________________________________
Complete scanning result of "iifcyvs.dll", received in VirusTotal at 06.22.2007, 10:51:42 (CET).
Antivirus Version Update Result
AhnLab-V3 2007.6.21.1 06.22.2007 Win-Trojan/Conhook.12494
AntiVir 7.4.0.34 06.21.2007 TR/Crypt.XPACK.Gen
Authentium 4.93.8 06.22.2007 no virus found
Avast 4.7.997.0 06.21.2007 Win32:Conhook-BP
AVG 7.5.0.476 06.22.2007 no virus found
BitDefender 7.2 06.22.2007 no virus found
CAT-QuickHeal 9.00 06.21.2007 TrojanDownloader.ConHook.bg
ClamAV devel-20070416 06.22.2007 no virus found
DrWeb 4.33 06.22.2007 no virus found
eSafe 7.0.15.0 06.21.2007 Win32.ConHook.bg
eTrust-Vet 30.8.3735 06.22.2007 no virus found
Ewido 4.0 06.21.2007 Downloader.ConHook.bg
FileAdvisor 1 06.22.2007 Not analyzed yet
Fortinet 2.91.0.0 06.22.2007 suspicious
F-Prot 4.3.2.48 06.21.2007 no virus found
F-Secure 6.70.13030.0 06.22.2007 Trojan-Downloader.Win32.ConHook.bg
Ikarus T3.1.1.8 06.22.2007 Trojan-Downloader.Win32.ConHook.bg
Kaspersky 4.0.2.24 06.22.2007 Trojan-Downloader.Win32.ConHook.bg
McAfee 5058 06.21.2007 no virus found
Microsoft 1.2701 06.22.2007 no virus found
NOD32v2 2343 06.21.2007 no virus found
Norman 5.80.02 06.21.2007 Virtumonde.GYA
Panda 9.0.0.4 06.22.2007 Trj/ConHook.CV
Sophos 4.18.0 06.21.2007 no virus found
Sunbelt 2.2.907.0 06.21.2007 Trojan-Downloader.Win32.ConHook.gen
Symantec 10 06.22.2007 no virus found
TheHacker 6.1.6.136 06.20.2007 no virus found
VBA32 3.12.0.2 06.21.2007 Trojan-Downloader.Win32.ConHook.bg
VirusBuster 4.3.23:9 06.21.2007 no virus found
Webwasher-Gateway 6.0.1 06.21.2007 Trojan.Crypt.XPACK.Gen
Aditional Information
File size: 12494 bytes
MD5: c05df1d4b1022b142c7be7058365b9cd
SHA1: 5c2d011b11fa3e54dd98a4181538993fc8c92802
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=c05df1d4b1022b142c7be7058365b9cd
packers: RLPack
Sunbelt info: Trojan-Downloader.Win32.ConHook.gen is a program that contacts remote websites, then downloads and executes additional malware in the infected machine.
MON DERNIER LOG HIJACKTHIS___________________________________________________________
Logfile of HijackThis v1.99.1
Scan saved at 11:07:08, on 22/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\CTsvcCDA.exe
D:\WINDOWS\System32\FTRTSVC.exe
D:\WINDOWS\system32\slserv.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
D:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
D:\Program Files\Softwin\BitDefender10\vsserv.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Synaptics\SynTP\SynTPLpr.exe
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
D:\Program Files\Softwin\BitDefender10\bdagent.exe
D:\WINDOWS\system32\LVCOMSX.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\PROGRA~1\Wanadoo\TaskBarIcon.exe
D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
D:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
D:\PROGRA~1\Wanadoo\ComComp.exe
D:\PROGRA~1\Wanadoo\Toaster.exe
D:\PROGRA~1\Wanadoo\Inactivity.exe
D:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
D:\PROGRA~1\Wanadoo\PollingModule.exe
D:\PROGRA~1\Wanadoo\Watch.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Olivier\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8320fe77-b9b0-4394-a5f0-5438c730cd56} - D:\WINDOWS\system32\igmSVC.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] D:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [BDMCon] D:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "D:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [winehq.org] rundll32.exe "D:\WINDOWS\pmlihf.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [WOOKIT] D:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4BA5F5AD-0539-473D-9AFD-BE3E55522B11}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{4BA5F5AD-0539-473D-9AFD-BE3E55522B11}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: d:\windows\system32\iifcyvs.dll
O20 - Winlogon Notify: igmSVC - D:\WINDOWS\SYSTEM32\igmSVC.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - D:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DomainService - Unknown owner - D:\Documents and Settings\Olivier\Application Data\tmp31.tmp.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - D:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - D:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: SmartLinkService (SLService) - - D:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - D:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - D:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Complete scanning result of "iifcyvs.dll", received in VirusTotal at 06.22.2007, 10:51:42 (CET).
Antivirus Version Update Result
AhnLab-V3 2007.6.21.1 06.22.2007 Win-Trojan/Conhook.12494
AntiVir 7.4.0.34 06.21.2007 TR/Crypt.XPACK.Gen
Authentium 4.93.8 06.22.2007 no virus found
Avast 4.7.997.0 06.21.2007 Win32:Conhook-BP
AVG 7.5.0.476 06.22.2007 no virus found
BitDefender 7.2 06.22.2007 no virus found
CAT-QuickHeal 9.00 06.21.2007 TrojanDownloader.ConHook.bg
ClamAV devel-20070416 06.22.2007 no virus found
DrWeb 4.33 06.22.2007 no virus found
eSafe 7.0.15.0 06.21.2007 Win32.ConHook.bg
eTrust-Vet 30.8.3735 06.22.2007 no virus found
Ewido 4.0 06.21.2007 Downloader.ConHook.bg
FileAdvisor 1 06.22.2007 Not analyzed yet
Fortinet 2.91.0.0 06.22.2007 suspicious
F-Prot 4.3.2.48 06.21.2007 no virus found
F-Secure 6.70.13030.0 06.22.2007 Trojan-Downloader.Win32.ConHook.bg
Ikarus T3.1.1.8 06.22.2007 Trojan-Downloader.Win32.ConHook.bg
Kaspersky 4.0.2.24 06.22.2007 Trojan-Downloader.Win32.ConHook.bg
McAfee 5058 06.21.2007 no virus found
Microsoft 1.2701 06.22.2007 no virus found
NOD32v2 2343 06.21.2007 no virus found
Norman 5.80.02 06.21.2007 Virtumonde.GYA
Panda 9.0.0.4 06.22.2007 Trj/ConHook.CV
Sophos 4.18.0 06.21.2007 no virus found
Sunbelt 2.2.907.0 06.21.2007 Trojan-Downloader.Win32.ConHook.gen
Symantec 10 06.22.2007 no virus found
TheHacker 6.1.6.136 06.20.2007 no virus found
VBA32 3.12.0.2 06.21.2007 Trojan-Downloader.Win32.ConHook.bg
VirusBuster 4.3.23:9 06.21.2007 no virus found
Webwasher-Gateway 6.0.1 06.21.2007 Trojan.Crypt.XPACK.Gen
Aditional Information
File size: 12494 bytes
MD5: c05df1d4b1022b142c7be7058365b9cd
SHA1: 5c2d011b11fa3e54dd98a4181538993fc8c92802
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=c05df1d4b1022b142c7be7058365b9cd
packers: RLPack
Sunbelt info: Trojan-Downloader.Win32.ConHook.gen is a program that contacts remote websites, then downloads and executes additional malware in the infected machine.
MON DERNIER LOG HIJACKTHIS___________________________________________________________
Logfile of HijackThis v1.99.1
Scan saved at 11:07:08, on 22/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\CTsvcCDA.exe
D:\WINDOWS\System32\FTRTSVC.exe
D:\WINDOWS\system32\slserv.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
D:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
D:\Program Files\Softwin\BitDefender10\vsserv.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Synaptics\SynTP\SynTPLpr.exe
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
D:\Program Files\Softwin\BitDefender10\bdagent.exe
D:\WINDOWS\system32\LVCOMSX.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\PROGRA~1\Wanadoo\TaskBarIcon.exe
D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
D:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
D:\PROGRA~1\Wanadoo\ComComp.exe
D:\PROGRA~1\Wanadoo\Toaster.exe
D:\PROGRA~1\Wanadoo\Inactivity.exe
D:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
D:\PROGRA~1\Wanadoo\PollingModule.exe
D:\PROGRA~1\Wanadoo\Watch.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Olivier\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8320fe77-b9b0-4394-a5f0-5438c730cd56} - D:\WINDOWS\system32\igmSVC.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] D:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [BDMCon] D:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "D:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [winehq.org] rundll32.exe "D:\WINDOWS\pmlihf.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [WOOKIT] D:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4BA5F5AD-0539-473D-9AFD-BE3E55522B11}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{4BA5F5AD-0539-473D-9AFD-BE3E55522B11}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: d:\windows\system32\iifcyvs.dll
O20 - Winlogon Notify: igmSVC - D:\WINDOWS\SYSTEM32\igmSVC.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - D:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DomainService - Unknown owner - D:\Documents and Settings\Olivier\Application Data\tmp31.tmp.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - D:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - D:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: SmartLinkService (SLService) - - D:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - D:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - D:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Bit Defender Internet Security version 10 (le mien^^) a un pare feu, un antispam, un anti spyware et un antivirus
Vundofix n'apu supprimer aucun fichier, le seul trouvé était 'C\Windows\system32\iifcyvs.dll'
j'ai fait l'analyse du scan en ligne sur celui ci
c'etait pas ca??
Vundofix n'apu supprimer aucun fichier, le seul trouvé était 'C\Windows\system32\iifcyvs.dll'
j'ai fait l'analyse du scan en ligne sur celui ci
c'etait pas ca??
Re,
même si un rapport semble vide, il peut nous être utile.
par exemple, tu n'as pas de vielles version de java pas à jour ?
Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu
remets un log hijackthis
@+
même si un rapport semble vide, il peut nous être utile.
par exemple, tu n'as pas de vielles version de java pas à jour ?
Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu
remets un log hijackthis
@+
RAPPORT VBG___________________________
[06/22/2007, 11:42:39] - VirtumundoBeGone v1.5 ( "D:\Documents and Settings\Olivier\Bureau\VirtumundoBeGone.exe" )
[06/22/2007, 11:48:50] - Detected System Information:
[06/22/2007, 11:48:50] - Windows Version: 5.1.2600, Service Pack 2
[06/22/2007, 11:48:50] - Current Username: Olivier (Admin)
[06/22/2007, 11:48:50] - Windows is in NORMAL mode.
[06/22/2007, 11:48:50] - Searching for Browser Helper Objects:
[06/22/2007, 11:48:50] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/22/2007, 11:48:50] - BHO 2: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/22/2007, 11:48:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/22/2007, 11:48:50] - No filename found. Continuing.
[06/22/2007, 11:48:50] - BHO 3: {8320fe77-b9b0-4394-a5f0-5438c730cd56} ()
[06/22/2007, 11:48:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/22/2007, 11:48:50] - Checking for HKLM\...\Winlogon\Notify\igmSVC
[06/22/2007, 11:48:50] - Found: HKLM\...\Winlogon\Notify\igmSVC - This is probably Virtumundo.
[06/22/2007, 11:48:50] - Assigning {8320fe77-b9b0-4394-a5f0-5438c730cd56} MSEvents Object
[06/22/2007, 11:48:50] - BHO list has been changed! Starting over...
[06/22/2007, 11:48:50] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/22/2007, 11:48:50] - BHO 2: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/22/2007, 11:48:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/22/2007, 11:48:50] - No filename found. Continuing.
[06/22/2007, 11:48:50] - BHO 3: {8320fe77-b9b0-4394-a5f0-5438c730cd56} (MSEvents Object)
[06/22/2007, 11:48:50] - ALERT: Found MSEvents Object!
[06/22/2007, 11:48:50] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[06/22/2007, 11:48:50] - Finished Searching Browser Helper Objects
[06/22/2007, 11:48:50] - *** Detected MSEvents Object
[06/22/2007, 11:48:50] - Trying to remove MSEvents Object...
[06/22/2007, 11:48:51] - Terminating Process: IEXPLORE.EXE
[06/22/2007, 11:48:51] - Terminating Process: RUNDLL32.EXE
[06/22/2007, 11:48:53] - Disabling Automatic Shell Restart
[06/22/2007, 11:48:53] - Terminating Process: EXPLORER.EXE
[06/22/2007, 11:48:53] - Suspending the NT Session Manager System Service
[06/22/2007, 11:48:53] - Terminating Windows NT Logon/Logoff Manager
[06/22/2007, 11:48:53] - Re-enabling Automatic Shell Restart
[06/22/2007, 11:48:54] - File to disable: D:\WINDOWS\system32\igmSVC.dll
[06/22/2007, 11:48:54] - Renaming D:\WINDOWS\system32\igmSVC.dll -> D:\WINDOWS\system32\igmSVC.dll.vir
[06/22/2007, 11:48:54] - File successfully renamed!
[06/22/2007, 11:48:54] - Removing HKLM\...\Browser Helper Objects\{8320fe77-b9b0-4394-a5f0-5438c730cd56}
[06/22/2007, 11:48:54] - Removing HKCR\CLSID\{8320fe77-b9b0-4394-a5f0-5438c730cd56}
[06/22/2007, 11:48:54] - Adding Kill Bit for ActiveX for GUID: {8320fe77-b9b0-4394-a5f0-5438c730cd56}
[06/22/2007, 11:48:54] - Deleting ATLEvents/MSEvents Registry entries
[06/22/2007, 11:48:54] - Removing HKLM\...\Winlogon\Notify\igmSVC
[06/22/2007, 11:48:54] - Searching for Browser Helper Objects:
[06/22/2007, 11:48:54] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/22/2007, 11:48:54] - BHO 2: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/22/2007, 11:48:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/22/2007, 11:48:54] - No filename found. Continuing.
[06/22/2007, 11:48:54] - BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[06/22/2007, 11:48:54] - Finished Searching Browser Helper Objects
[06/22/2007, 11:48:54] - Finishing up...
[06/22/2007, 11:48:54] - A restart is needed.
[06/22/2007, 11:49:03] - Attempting to Restart via STOP error (Blue Screen!)
HIJACKTHIS___________________________________
Logfile of HijackThis v1.99.1
Scan saved at 11:55:31, on 22/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Synaptics\SynTP\SynTPLpr.exe
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
D:\Program Files\Softwin\BitDefender10\bdagent.exe
D:\WINDOWS\system32\LVCOMSX.EXE
D:\PROGRA~1\Wanadoo\TaskBarIcon.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
D:\PROGRA~1\Wanadoo\Toaster.exe
D:\PROGRA~1\Wanadoo\Inactivity.exe
D:\PROGRA~1\Wanadoo\PollingModule.exe
D:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
D:\WINDOWS\system32\CTsvcCDA.exe
D:\WINDOWS\System32\FTRTSVC.exe
D:\WINDOWS\system32\slserv.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
D:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
D:\Program Files\Softwin\BitDefender10\vsserv.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Wanadoo\GestionnaireInternet.exe
D:\Program Files\Wanadoo\ComComp.exe
D:\Program Files\Wanadoo\Watch.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\Documents and Settings\Olivier\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] D:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [BDMCon] D:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "D:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [winehq.org] rundll32.exe "D:\WINDOWS\khedbc.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [WOOKIT] D:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4BA5F5AD-0539-473D-9AFD-BE3E55522B11}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{4BA5F5AD-0539-473D-9AFD-BE3E55522B11}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{4BA5F5AD-0539-473D-9AFD-BE3E55522B11}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: d:\windows\system32\iifcyvs.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - D:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DomainService - Unknown owner - D:\Documents and Settings\Olivier\Application Data\tmp31.tmp.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - D:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - D:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: SmartLinkService (SLService) - - D:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - D:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - D:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
[06/22/2007, 11:42:39] - VirtumundoBeGone v1.5 ( "D:\Documents and Settings\Olivier\Bureau\VirtumundoBeGone.exe" )
[06/22/2007, 11:48:50] - Detected System Information:
[06/22/2007, 11:48:50] - Windows Version: 5.1.2600, Service Pack 2
[06/22/2007, 11:48:50] - Current Username: Olivier (Admin)
[06/22/2007, 11:48:50] - Windows is in NORMAL mode.
[06/22/2007, 11:48:50] - Searching for Browser Helper Objects:
[06/22/2007, 11:48:50] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/22/2007, 11:48:50] - BHO 2: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/22/2007, 11:48:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/22/2007, 11:48:50] - No filename found. Continuing.
[06/22/2007, 11:48:50] - BHO 3: {8320fe77-b9b0-4394-a5f0-5438c730cd56} ()
[06/22/2007, 11:48:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/22/2007, 11:48:50] - Checking for HKLM\...\Winlogon\Notify\igmSVC
[06/22/2007, 11:48:50] - Found: HKLM\...\Winlogon\Notify\igmSVC - This is probably Virtumundo.
[06/22/2007, 11:48:50] - Assigning {8320fe77-b9b0-4394-a5f0-5438c730cd56} MSEvents Object
[06/22/2007, 11:48:50] - BHO list has been changed! Starting over...
[06/22/2007, 11:48:50] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/22/2007, 11:48:50] - BHO 2: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/22/2007, 11:48:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/22/2007, 11:48:50] - No filename found. Continuing.
[06/22/2007, 11:48:50] - BHO 3: {8320fe77-b9b0-4394-a5f0-5438c730cd56} (MSEvents Object)
[06/22/2007, 11:48:50] - ALERT: Found MSEvents Object!
[06/22/2007, 11:48:50] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[06/22/2007, 11:48:50] - Finished Searching Browser Helper Objects
[06/22/2007, 11:48:50] - *** Detected MSEvents Object
[06/22/2007, 11:48:50] - Trying to remove MSEvents Object...
[06/22/2007, 11:48:51] - Terminating Process: IEXPLORE.EXE
[06/22/2007, 11:48:51] - Terminating Process: RUNDLL32.EXE
[06/22/2007, 11:48:53] - Disabling Automatic Shell Restart
[06/22/2007, 11:48:53] - Terminating Process: EXPLORER.EXE
[06/22/2007, 11:48:53] - Suspending the NT Session Manager System Service
[06/22/2007, 11:48:53] - Terminating Windows NT Logon/Logoff Manager
[06/22/2007, 11:48:53] - Re-enabling Automatic Shell Restart
[06/22/2007, 11:48:54] - File to disable: D:\WINDOWS\system32\igmSVC.dll
[06/22/2007, 11:48:54] - Renaming D:\WINDOWS\system32\igmSVC.dll -> D:\WINDOWS\system32\igmSVC.dll.vir
[06/22/2007, 11:48:54] - File successfully renamed!
[06/22/2007, 11:48:54] - Removing HKLM\...\Browser Helper Objects\{8320fe77-b9b0-4394-a5f0-5438c730cd56}
[06/22/2007, 11:48:54] - Removing HKCR\CLSID\{8320fe77-b9b0-4394-a5f0-5438c730cd56}
[06/22/2007, 11:48:54] - Adding Kill Bit for ActiveX for GUID: {8320fe77-b9b0-4394-a5f0-5438c730cd56}
[06/22/2007, 11:48:54] - Deleting ATLEvents/MSEvents Registry entries
[06/22/2007, 11:48:54] - Removing HKLM\...\Winlogon\Notify\igmSVC
[06/22/2007, 11:48:54] - Searching for Browser Helper Objects:
[06/22/2007, 11:48:54] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/22/2007, 11:48:54] - BHO 2: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/22/2007, 11:48:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/22/2007, 11:48:54] - No filename found. Continuing.
[06/22/2007, 11:48:54] - BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[06/22/2007, 11:48:54] - Finished Searching Browser Helper Objects
[06/22/2007, 11:48:54] - Finishing up...
[06/22/2007, 11:48:54] - A restart is needed.
[06/22/2007, 11:49:03] - Attempting to Restart via STOP error (Blue Screen!)
HIJACKTHIS___________________________________
Logfile of HijackThis v1.99.1
Scan saved at 11:55:31, on 22/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Synaptics\SynTP\SynTPLpr.exe
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
D:\Program Files\Softwin\BitDefender10\bdagent.exe
D:\WINDOWS\system32\LVCOMSX.EXE
D:\PROGRA~1\Wanadoo\TaskBarIcon.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
D:\PROGRA~1\Wanadoo\Toaster.exe
D:\PROGRA~1\Wanadoo\Inactivity.exe
D:\PROGRA~1\Wanadoo\PollingModule.exe
D:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
D:\WINDOWS\system32\CTsvcCDA.exe
D:\WINDOWS\System32\FTRTSVC.exe
D:\WINDOWS\system32\slserv.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
D:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
D:\Program Files\Softwin\BitDefender10\vsserv.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Wanadoo\GestionnaireInternet.exe
D:\Program Files\Wanadoo\ComComp.exe
D:\Program Files\Wanadoo\Watch.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\Documents and Settings\Olivier\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] D:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [BDMCon] D:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "D:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [winehq.org] rundll32.exe "D:\WINDOWS\khedbc.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [WOOKIT] D:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4BA5F5AD-0539-473D-9AFD-BE3E55522B11}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{4BA5F5AD-0539-473D-9AFD-BE3E55522B11}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{4BA5F5AD-0539-473D-9AFD-BE3E55522B11}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: d:\windows\system32\iifcyvs.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - D:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DomainService - Unknown owner - D:\Documents and Settings\Olivier\Application Data\tmp31.tmp.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - D:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - D:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: SmartLinkService (SLService) - - D:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - D:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - D:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
re,
1) Rends toi sur ce site :
http://www.virustotal.com/xhtml/virustotal_en.html
Clique sur parcourir et cherche ce fichier : D:\Documents and Settings\Olivier\Application Data\tmp31.tmp.exe
Clique sur send.
Un rapport va s'élaborer ligne à ligne.
Attends la fin. Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta réponse.
2) Double-clique VundoFix.exe afin de le lancer.
Fais un clic droit dans la fenêtre blanche et clique "Add more files?"
Dans la nouvelle fenêtre qui apparait, Copie/colle le chemin du fichier suivant dans la première case (au haut):
d:\windows\system32\iifcyvs.dll
Copie/colle le chemin du fichier suivant dans la seconde case (au centre):
D:\WINDOWS\khedbc.dll
Clique sur le bouton "Add File(s)"
Clique sur le bouton "Close Window".
Clique à nouveau sur "Remove Vundo"
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
3) Relance HijackThis.
Choisis Do a scan only
Coche la case devant les lignes suivantes
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [winehq.org] rundll32.exe "D:\WINDOWS\khedbc.dll",realset
O20 - AppInit_DLLs: d:\windows\system32\iifcyvs.dll
Ferme toutes les fenêtres (hormis HijackThis), y compris ton navigateur.
Clique sur fix checked.
Ferme Hijackthis.
4) Redémarre l'ordi et remets un log Hijackthis.
@+
1) Rends toi sur ce site :
http://www.virustotal.com/xhtml/virustotal_en.html
Clique sur parcourir et cherche ce fichier : D:\Documents and Settings\Olivier\Application Data\tmp31.tmp.exe
Clique sur send.
Un rapport va s'élaborer ligne à ligne.
Attends la fin. Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta réponse.
2) Double-clique VundoFix.exe afin de le lancer.
Fais un clic droit dans la fenêtre blanche et clique "Add more files?"
Dans la nouvelle fenêtre qui apparait, Copie/colle le chemin du fichier suivant dans la première case (au haut):
d:\windows\system32\iifcyvs.dll
Copie/colle le chemin du fichier suivant dans la seconde case (au centre):
D:\WINDOWS\khedbc.dll
Clique sur le bouton "Add File(s)"
Clique sur le bouton "Close Window".
Clique à nouveau sur "Remove Vundo"
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
3) Relance HijackThis.
Choisis Do a scan only
Coche la case devant les lignes suivantes
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [winehq.org] rundll32.exe "D:\WINDOWS\khedbc.dll",realset
O20 - AppInit_DLLs: d:\windows\system32\iifcyvs.dll
Ferme toutes les fenêtres (hormis HijackThis), y compris ton navigateur.
Clique sur fix checked.
Ferme Hijackthis.
4) Redémarre l'ordi et remets un log Hijackthis.
@+
excuse moi pour le délai de reponse
j'etais pas chezmoi ce week end et je viens de rentrer à l'instant!!!
j'ai essayé tes conseils c'etait un peu long et j'ai essayé d'executer spybot sur les conseils d'un pote
pour l'instant j'ai plus rien
alors j'attend on verra bien
je te redis si ca revient
merci pour tout
j'etais pas chezmoi ce week end et je viens de rentrer à l'instant!!!
j'ai essayé tes conseils c'etait un peu long et j'ai essayé d'executer spybot sur les conseils d'un pote
pour l'instant j'ai plus rien
alors j'attend on verra bien
je te redis si ca revient
merci pour tout
Bonjour,
aucun souci pour le délai.
par contre, tu n'as pas de parefeu et rien ne me dit que tu nes pas encore infectré.
Poste le rapport de Vundofix avec un nouveau log Hijackthis.
@+
aucun souci pour le délai.
par contre, tu n'as pas de parefeu et rien ne me dit que tu nes pas encore infectré.
Poste le rapport de Vundofix avec un nouveau log Hijackthis.
@+
j'ai bien un pare feu, je viens de réinstaller mon bitdefender (les maj ne se faisaient plus)
donc pas de soucis de ce coté
sinon vundofix merde parce que comme il n'arrive pas à supprimer il arrete pas de relancer mon ordi
(les fichiers que blok mon aintivirus sont tous soir dans :
- D:\Documents and Settings\Olivier\Application Data
- D:\Documents and Settings\Olivier\Local Settings\Temporary Internet Files\Content.IE5)
je te donne lelog hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 10:18:26, on 26/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\CTsvcCDA.exe
D:\WINDOWS\System32\FTRTSVC.exe
D:\WINDOWS\system32\slserv.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
D:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Synaptics\SynTP\SynTPLpr.exe
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\PROGRA~1\Wanadoo\TaskBarIcon.exe
D:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\Program Files\Softwin\BitDefender10\bdmcon.exe
D:\Program Files\Softwin\BitDefender10\bdagent.exe
D:\WINDOWS\system32\ctfmon.exe
D:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
D:\PROGRA~1\Wanadoo\ComComp.exe
D:\PROGRA~1\Wanadoo\Toaster.exe
D:\PROGRA~1\Wanadoo\Inactivity.exe
D:\PROGRA~1\Wanadoo\PollingModule.exe
D:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
D:\PROGRA~1\Wanadoo\Watch.exe
D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
D:\Program Files\Softwin\BitDefender10\vsserv.exe
D:\Documents and Settings\Olivier\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - D:\WINDOWS\system32\tmp7.tmp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {8320fe77-b9b0-4394-a5f0-5438c730cd56} - D:\WINDOWS\system32\certil.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] D:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [BDMCon] "D:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "D:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [winehq.org] rundll32.exe "D:\WINDOWS\awtrrp.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [WOOKIT] D:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4BA5F5AD-0539-473D-9AFD-BE3E55522B11}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{4BA5F5AD-0539-473D-9AFD-BE3E55522B11}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: d:\windows\system32\iifcyvs.dll
O20 - Winlogon Notify: certil - D:\WINDOWS\SYSTEM32\certil.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - D:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DomainService - Unknown owner - D:\Documents and Settings\Olivier\Application Data\tmp31.tmp.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - D:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - D:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: SmartLinkService (SLService) - - D:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - D:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - D:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
donc pas de soucis de ce coté
sinon vundofix merde parce que comme il n'arrive pas à supprimer il arrete pas de relancer mon ordi
(les fichiers que blok mon aintivirus sont tous soir dans :
- D:\Documents and Settings\Olivier\Application Data
- D:\Documents and Settings\Olivier\Local Settings\Temporary Internet Files\Content.IE5)
je te donne lelog hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 10:18:26, on 26/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\CTsvcCDA.exe
D:\WINDOWS\System32\FTRTSVC.exe
D:\WINDOWS\system32\slserv.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
D:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Synaptics\SynTP\SynTPLpr.exe
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\PROGRA~1\Wanadoo\TaskBarIcon.exe
D:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\Program Files\Softwin\BitDefender10\bdmcon.exe
D:\Program Files\Softwin\BitDefender10\bdagent.exe
D:\WINDOWS\system32\ctfmon.exe
D:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
D:\PROGRA~1\Wanadoo\ComComp.exe
D:\PROGRA~1\Wanadoo\Toaster.exe
D:\PROGRA~1\Wanadoo\Inactivity.exe
D:\PROGRA~1\Wanadoo\PollingModule.exe
D:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
D:\PROGRA~1\Wanadoo\Watch.exe
D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
D:\Program Files\Softwin\BitDefender10\vsserv.exe
D:\Documents and Settings\Olivier\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - D:\WINDOWS\system32\tmp7.tmp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {8320fe77-b9b0-4394-a5f0-5438c730cd56} - D:\WINDOWS\system32\certil.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] D:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [BDMCon] "D:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "D:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [winehq.org] rundll32.exe "D:\WINDOWS\awtrrp.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [WOOKIT] D:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4BA5F5AD-0539-473D-9AFD-BE3E55522B11}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{4BA5F5AD-0539-473D-9AFD-BE3E55522B11}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: d:\windows\system32\iifcyvs.dll
O20 - Winlogon Notify: certil - D:\WINDOWS\SYSTEM32\certil.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - D:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DomainService - Unknown owner - D:\Documents and Settings\Olivier\Application Data\tmp31.tmp.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - D:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - D:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: SmartLinkService (SLService) - - D:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - D:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - D:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
