Virus et fichier tmp, résultat de scan
FinNesS
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour, j'ai eu v'là 1 mois plusieurs infections du genre, trojen, virus et spyware.. j'ai essayé 5 anti-virus, et je suis rendu maintenant avec AVAST!.. AVAST a détecter la majoritée des virus et les as auté enfin je crois.. j'ai ad-aware pour auter les espions ! MAIS il ne trouve rien.. AVASt ne trouve plus rien non plus et je suis pogner avec des GROS bug... :: Lorsque je vais sur Iexplorer des panneaux m'ouvre de toutes sorte des choses.. Une fois sur 2 je perd ma barre de tâche en bas et je ne suis plus capable de la r'avoir.. Ensuite 2 icone suspect on apparu sur mon bureau..Window Update et Window Help..Qui se supprime pas.. et maintenant j'suis rendu ak 1000 fichier tmp ds mes documents et ds mon C:, mon icone C: a changé... Je suis sous Vista.. je vien de fiare un san ak Hijack voici le résultat..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:32:47, on 2007-12-21
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\vVX3000.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.capitaledumetal.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\KEM.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [a8012a5d] rundll32.exe "C:\Windows\system32\nntghbfu.dll",b
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DomainService - Unknown owner - C:\Windows\system32\frqkpppi.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\Windows\system32\windows
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:32:47, on 2007-12-21
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\vVX3000.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.capitaledumetal.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\KEM.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [a8012a5d] rundll32.exe "C:\Windows\system32\nntghbfu.dll",b
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DomainService - Unknown owner - C:\Windows\system32\frqkpppi.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\Windows\system32\windows
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
A voir également:
- Virus et fichier tmp, résultat de scan
- Fichier bin - Guide
- Fichier epub - Guide
- Fichier rar - Guide
- Comment réduire la taille d'un fichier - Guide
- Fichier .dat - Guide
9 réponses
slt,
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
Télécharge maintenant Navilog1 depuis-ce lien :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, Fais un Clic-droit sur le raccourci Navilog1 présent sur ton bureau et choisis "Exécuter
en tant qu'administrateur".
Au menu principal, Fais le choix 1
Laisse toi guider et patiente.
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche le blocnote va s'ouvrir.
Copie-colle l'intégralité du rapport dans une réponse.
Referme le blocnote
Le rapport fixnavi.txt est en outre sauvegardé dans %systemdrive%.
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
Télécharge maintenant Navilog1 depuis-ce lien :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, Fais un Clic-droit sur le raccourci Navilog1 présent sur ton bureau et choisis "Exécuter
en tant qu'administrateur".
Au menu principal, Fais le choix 1
Laisse toi guider et patiente.
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche le blocnote va s'ouvrir.
Copie-colle l'intégralité du rapport dans une réponse.
Referme le blocnote
Le rapport fixnavi.txt est en outre sauvegardé dans %systemdrive%.
Voici ce que sa donne :
Search Navipromo version 3.3.8 commencé le 2007-12-21 à 15:13:11,00
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 11.12.2007 à 18h00 par IL-MAFIOSO
Microsoft Windows Vista 6.0.6000
Internet Explorer : 7.0.6000.16575
Système de fichiers : NTFS
Executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans C:\Windows ***
*** Recherche dossiers dans C:\Program Files ***
*** Recherche dossiers dans C:\ProgramData ***
*** Recherche dossiers dans C:\ProgramData\Microsoft\Windows\Start Menu\Programs ***
*** Recherche dossiers dans c:\users\chantale gagnon\appdata\roaming\microsoft\windows\start menu\programs ***
*** Recherche dossiers dans C:\Users\Chantale Gagnon\AppData\Local\virtualstore\Program Files ***
*** Recherche dossiers dans C:\Users\Chantale Gagnon\AppData\Roaming ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans C:\Windows\system32 *
* Recherche dans C:\Users\Chantale Gagnon\AppData\Local\Microsoft *
* Recherche dans C:\Users\Chantale Gagnon\AppData\Local *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans C:\Windows\system32 :
* Dans C:\Users\Chantale Gagnon\AppData\Local\Microsoft :
* Dans C:\Users\Chantale Gagnon\AppData\Local :
3)Recherche Certificats :
Certificat Egroup absent !
4)Recherche fichiers connus :
C:\Windows\system32\fhhhk.bak1 trouvé ! infection Vundo possible non traitée par cet outil !
C:\Windows\system32\fhhhk.bak2 trouvé ! infection Vundo possible non traitée par cet outil !
*** Analyse terminée le 2007-12-21 à 15:24:15,13 ***
Search Navipromo version 3.3.8 commencé le 2007-12-21 à 15:13:11,00
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 11.12.2007 à 18h00 par IL-MAFIOSO
Microsoft Windows Vista 6.0.6000
Internet Explorer : 7.0.6000.16575
Système de fichiers : NTFS
Executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans C:\Windows ***
*** Recherche dossiers dans C:\Program Files ***
*** Recherche dossiers dans C:\ProgramData ***
*** Recherche dossiers dans C:\ProgramData\Microsoft\Windows\Start Menu\Programs ***
*** Recherche dossiers dans c:\users\chantale gagnon\appdata\roaming\microsoft\windows\start menu\programs ***
*** Recherche dossiers dans C:\Users\Chantale Gagnon\AppData\Local\virtualstore\Program Files ***
*** Recherche dossiers dans C:\Users\Chantale Gagnon\AppData\Roaming ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans C:\Windows\system32 *
* Recherche dans C:\Users\Chantale Gagnon\AppData\Local\Microsoft *
* Recherche dans C:\Users\Chantale Gagnon\AppData\Local *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans C:\Windows\system32 :
* Dans C:\Users\Chantale Gagnon\AppData\Local\Microsoft :
* Dans C:\Users\Chantale Gagnon\AppData\Local :
3)Recherche Certificats :
Certificat Egroup absent !
4)Recherche fichiers connus :
C:\Windows\system32\fhhhk.bak1 trouvé ! infection Vundo possible non traitée par cet outil !
C:\Windows\system32\fhhhk.bak2 trouvé ! infection Vundo possible non traitée par cet outil !
*** Analyse terminée le 2007-12-21 à 15:24:15,13 ***
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".
O4 - HKLM\..\Run: [a8012a5d] rundll32.exe "C:\Windows\system32\nntghbfu.dll",b
___________________
télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\Windows\system32\fhhhk.bak1
C:\Windows\system32\fhhhk.bak2
C:\Windows\system32\nntghbfu.dll
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
_________________________
scan avec vundofix (colle le rapport)
Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4
Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.
Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
____________________________
combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
___________________________
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
___________________________
colle un rapport hijackthis
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
manuel :
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
O4 - HKLM\..\Run: [a8012a5d] rundll32.exe "C:\Windows\system32\nntghbfu.dll",b
___________________
télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\Windows\system32\fhhhk.bak1
C:\Windows\system32\fhhhk.bak2
C:\Windows\system32\nntghbfu.dll
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
_________________________
scan avec vundofix (colle le rapport)
Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4
Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.
Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
____________________________
combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
___________________________
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
___________________________
colle un rapport hijackthis
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
manuel :
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
Rapport de OTmoveit:
C:\Windows\system32\fhhhk.bak1 moved successfully.
C:\Windows\system32\fhhhk.bak2 moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\nntghbfu.dll
C:\Windows\system32\nntghbfu.dll NOT unregistered.
C:\Windows\system32\nntghbfu.dll moved successfully.
Created on 12-22-2007 11:26:52
Rapport de vundofix: ( Pas Sur que sa soit sa :S)
C:\windows\System32\anwagmco.dll
C:\windows\System32\anwagmco.dllbox
C:\Windows\System32\apjtudul.dll
C:\Windows\System32\btaxwtdg.dll
C:\Windows\System32\byyxoupw.dll
C:\Windows\System32\eeqmwfmm.dll
C:\Windows\System32\errqecie.dll
C:\Windows\System32\eubbgmmj.dll
C:\Windows\System32\fhhhk.ini
C:\Windows\System32\flmyiweq.dll
C:\Windows\System32\fwcarpgt.dll
C:\Windows\System32\hsngvqsx.dll
C:\windows\System32\igrsxwpa.dll
C:\windows\System32\igrsxwpa.dllbox
C:\Windows\System32\jmmgbbue.ini
C:\Windows\System32\khhhf.dll
C:\Windows\System32\ljjjhhh.dll
C:\Windows\System32\nolpsive.dll
C:\Windows\System32\nyunnseu.exe
C:\Windows\System32\oknposqa.dll
C:\Windows\System32\pdhlnyuc.dll
C:\Windows\System32\pljdoxrr.dll
C:\Windows\System32\pmnopnk.dll
C:\Windows\System32\qtlfbmxd.dll
C:\Windows\System32\rjfpmssh.dll
C:\Windows\System32\rpxbexxc.dll
C:\Windows\System32\scouxcna.dll
C:\Windows\System32\ssqqrsq.dll
C:\Windows\System32\tgpracwf.ini
C:\Windows\System32\tutxwiop.dll
C:\Windows\System32\uskthkld.dll
C:\Windows\System32\wvutrqr.dll
C:\Windows\System32\xebnhdem.dll
C:\Windows\System32\yduwefxv.dll
Rapport de Combofix:
ComboFix 07-12-21.4 - Chantale Gagnon 2007-12-22 12:33:34.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.359 [GMT -5:00]
Running from: C:\Users\Chantale Gagnon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1MXQ5PJH\ComboFix[1].exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\System32\dlkhtksu.ini
C:\Windows\System32\fhhhk.bak1
C:\Windows\System32\fhhhk.ini
C:\Windows\system32\khhhf.dll
C:\Windows\System32\poiwxtut.ini
C:\Windows\system32\ssqqrsq.dll
C:\Windows\system32\tutxwiop.dll
C:\Windows\system32\uskthkld.dll
C:\Windows\system32\wvutrqr.dll
C:\Windows\system32\x64
C:\Windows\system32\xebnhdem.dll
C:\Windows\system32\yduwefxv.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-22 to 2007-12-22 ))))))))))))))))))))))))))))))))))))
.
2007-12-22 12:05 . 2007-12-22 12:05 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe
2007-12-22 11:44 . 2007-12-22 11:44 7,168 --a------ C:\Windows\System32\windows
2007-12-22 11:24 . 2007-12-22 11:24 14,033 --a------ C:\pos5AB7.tmp
2007-12-22 08:58 . 2007-12-22 08:58 165,472 --a------ C:\Windows\System32\vtlvaleu.dll
2007-12-21 20:26 . 2007-12-21 21:33 190 --a------ C:\Windows\wininit.ini
2007-12-21 19:56 . 2007-12-22 11:25 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2007-12-21 19:56 . 2007-12-22 11:25 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2007-12-21 13:31 . 2007-12-21 13:31 <REP> d-------- C:\Program Files\Trend Micro
2007-12-21 10:03 . 2007-12-22 12:06 <REP> d-------- C:\VundoFix Backups
2007-12-20 21:00 . 2007-12-20 21:15 987,910 ---hs---- C:\Windows\System32\ufbhgtnn.ini
2007-12-20 20:57 . 2007-12-20 20:57 165,472 --a------ C:\Windows\System32\eqospdrp.dll
2007-12-18 17:20 . 2007-12-21 15:31 <REP> d-------- C:\Program Files\Navilog1
2007-12-17 20:47 . 2007-12-19 16:32 971,465 ---hs---- C:\Windows\System32\cxxebxpr.ini
2007-12-16 08:53 . 2007-12-17 18:13 971,405 ---hs---- C:\Windows\System32\aqsopnko.ini
2007-12-14 19:44 . 2007-12-15 17:38 952,487 ---hs---- C:\Windows\System32\tgpracwf.ini
2007-12-13 19:17 . 2007-12-13 19:17 143 --a------ C:\Windows\System32\mcrh.tmp
2007-12-11 16:27 . 2007-12-11 16:27 1,327,104 --a------ C:\Windows\System32\quartz.dll
2007-12-11 16:27 . 2007-12-11 16:27 223,232 --a------ C:\Windows\System32\WMASF.DLL
2007-12-11 16:27 . 2007-12-11 16:27 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2007-12-11 16:27 . 2007-12-11 16:27 2,048 --a------ C:\Windows\System32\asferror.dll
2007-12-11 16:25 . 2007-12-11 16:25 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2007-12-11 16:25 . 2007-12-11 16:25 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2007-12-11 16:25 . 2007-12-11 16:25 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2007-12-11 16:25 . 2007-12-11 16:25 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2007-12-11 16:24 . 2007-12-11 16:24 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe
2007-12-11 16:24 . 2007-12-11 16:24 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe
2007-12-11 16:23 . 2007-12-11 16:23 2,048 --a------ C:\Windows\System32\tzres.dll
2007-12-10 20:45 . 2007-12-11 17:00 859,280 ---hs---- C:\Windows\System32\hssmpfjr.ini
2007-12-09 08:48 . 2007-12-09 14:03 834,384 ---hs---- C:\Windows\System32\dxmbfltq.ini
2007-12-06 16:45 . 2007-12-06 16:45 <REP> d-------- C:\Users\All Users\Lavasoft
2007-12-06 16:45 . 2007-12-06 16:45 <REP> d-------- C:\ProgramData\Lavasoft
2007-12-06 16:45 . 2007-12-06 16:45 <REP> d-------- C:\Program Files\Lavasoft
2007-12-06 16:44 . 2007-12-06 16:44 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-06 16:25 . 2007-12-06 16:36 831,701 ---hs---- C:\Windows\System32\ancxuocs.ini
2007-12-04 22:28 . 2007-12-04 22:28 <REP> d-------- C:\Users\All Users\Grisoft
2007-12-04 22:28 . 2007-12-04 22:28 <REP> d-------- C:\ProgramData\Grisoft
2007-12-04 22:08 . 2007-12-04 22:11 <REP> d-------- C:\Program Files\MenaceControle
2007-12-04 22:08 . 2007-12-04 22:11 <REP> d-------- C:\Program Files\Common Files\MenaceControle
2007-12-04 22:08 . 2004-10-07 13:39 89,088 --a------ C:\Windows\System32\atl71.dll
2007-12-04 21:40 . 2007-12-04 21:40 <REP> d-------- C:\Program Files\Alwil Software
2007-12-04 21:40 . 2003-03-18 16:20 1,060,864 --a------ C:\Windows\System32\MFC71.dll
2007-12-04 21:40 . 2007-12-04 08:04 837,496 --a------ C:\Windows\System32\aswBoot.exe
2007-12-04 21:40 . 2004-01-09 04:13 380,928 --a------ C:\Windows\System32\actskin4.ocx
2007-12-04 21:40 . 2007-12-04 07:54 95,608 --a------ C:\Windows\System32\AvastSS.scr
2007-12-04 21:40 . 2007-12-04 09:52 45,648 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2007-12-04 21:40 . 2007-12-04 09:51 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys
2007-12-04 21:40 . 2007-12-04 09:53 23,152 --a------ C:\Windows\System32\drivers\aswRdr.sys
2007-12-04 13:42 . 2007-12-04 20:44 <REP> d----c--- C:\Windows\System32\DRVSTORE
2007-12-04 13:24 . 2005-09-23 08:29 626,688 --a------ C:\Windows\System32\msvcr80.dll
2007-12-04 09:37 . 2007-12-04 09:43 802,258 ---hs---- C:\Windows\System32\hjqxhwhu.ini
2007-12-04 08:30 . 2007-12-04 08:30 <REP> d-------- C:\Users\Chantale Gagnon\AbiSuite
2007-12-04 08:30 . 2007-12-04 08:30 <REP> d-------- C:\Program Files\AbiSuite2
2007-12-02 20:08 . 2007-12-03 13:42 794,120 ---hs---- C:\Windows\System32\qvdhksyc.ini
2007-11-22 18:32 . 2007-11-22 18:32 <REP> d-------- C:\Program Files\CCleaner
2007-11-22 15:48 . 2006-11-29 13:06 3,426,072 --a------ C:\Windows\System32\d3dx9_32.dll
2007-11-22 15:46 . 2007-11-22 15:46 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-11-22 15:45 . 2007-11-22 15:45 <REP> d-------- C:\Windows\PCHEALTH
2007-11-22 15:39 . 2007-12-09 14:08 <REP> d-------- C:\Users\All Users\WLInstaller
2007-11-22 15:39 . 2007-12-09 14:08 <REP> d-------- C:\ProgramData\WLInstaller
2007-11-22 15:39 . 2007-11-22 15:42 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-20 14:00 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-16 20:28 --------- d-----w C:\Program Files\WarRock
2007-12-15 01:10 --------- d-----w C:\Users\Chantale Gagnon\AppData\Roaming\uTorrent
2007-12-11 21:26 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-09 19:11 --------- d-----w C:\Program Files\Windows Live
2007-12-06 21:49 9,344 ----a-w C:\Windows\system32\drivers\NSDriver.sys
2007-12-06 21:49 8,320 ----a-w C:\Windows\system32\drivers\AWRTRD.sys
2007-11-17 01:33 --------- d-----w C:\Program Files\SystemRequirementsLab
2007-11-16 02:30 --------- d-----w C:\Program Files\uTorrent
2007-11-16 02:27 --------- d-----w C:\Program Files\BitTorrent
2007-11-14 22:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-14 22:25 --------- d-----w C:\Program Files\Silkroad
2007-11-14 08:01 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2007-11-14 08:01 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-11-14 08:01 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2007-11-14 08:01 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-14 08:01 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2007-11-14 08:00 --------- d-----w C:\Program Files\Windows Mail
2007-11-11 05:06 --------- d-----w C:\Program Files\EA GAMES
2007-11-11 04:09 --------- d-----w C:\Users\Chantale Gagnon\AppData\Roaming\BitTorrent
2007-10-23 22:49 586,752 ----a-w C:\Windows\WLXPGSS.SCR
2007-10-07 14:11 22,328 ----a-w C:\Users\Chantale Gagnon\AppData\Roaming\PnkBstrK.sys
2007-08-30 03:07 174 --sha-w C:\Program Files\desktop.ini
2007-07-30 23:57 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-07-30 23:57 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-07-30 23:57 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 12:49]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 07:35]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-07-20 14:08]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 06:24]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 17:53]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-01-12 16:48]
"VX3000"="C:\Windows\vVX3000.exe" [2006-12-05 14:39]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 15:01 C:\Windows\RtHDVCpl.exe]
"SetPoint"="C:\Program Files\Logitech\SetPoint\KEM.EXE" [2004-10-28 08:29]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-09-13 14:38]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-09-13 14:38]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-09-13 14:38]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 08:00]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-07-20 14:08:31]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2007-07-20 14:07:58]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\Windows\system32\khhhf.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders credssp.dll
R0 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2media.sys [2006-11-20 15:14]
R0 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sd.sys [2005-12-19 16:15]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 09:52]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-01-04 13:13]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-09-13 14:23]
R3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 02:30]
R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-12-08 15:02]
R3 VX3000;VX-3000;C:\Windows\system32\DRIVERS\VX3000.sys [2006-12-05 14:39]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 14:18]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84b49655-54b0-11dc-b392-0019db3963a9}]
\shell\AutoRun\command - E:\AUTORUN.EXE
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-22 18:10:00 C:\Windows\Tasks\User_Feed_Synchronization-{663C7FD4-CAC6-47E9-BB4F-BF770036F346}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-22 13:08:44
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-22 13:11:03
.
2007-12-19 21:36:36 --- E O F ---
Rapport de Bitdefender:
Fichier analysé
Statut
C:\qoobox\Quarantine\C\Windows\System32\khhhf.dll.vir
Infecté par: Trojan.Vundo.DRM
C:\qoobox\Quarantine\C\Windows\System32\khhhf.dll.vir
Echec de la désinfection
C:\qoobox\Quarantine\C\Windows\System32\khhhf.dll.vir
Supprimé
C:\qoobox\Quarantine\C\Windows\System32\ssqqrsq.dll.vir
Infecté par: Trojan.Vundo.DQU
C:\qoobox\Quarantine\C\Windows\System32\ssqqrsq.dll.vir
Echec de la désinfection
C:\qoobox\Quarantine\C\Windows\System32\ssqqrsq.dll.vir
Supprimé
C:\qoobox\Quarantine\C\Windows\System32\tutxwiop.dll.vir
Infecté par: Trojan.Vundo.DRT
C:\qoobox\Quarantine\C\Windows\System32\tutxwiop.dll.vir
Echec de la désinfection
C:\qoobox\Quarantine\C\Windows\System32\tutxwiop.dll.vir
Supprimé
C:\qoobox\Quarantine\C\Windows\System32\wvutrqr.dll.vir
Infecté par: Trojan.Vundo.DQU
C:\qoobox\Quarantine\C\Windows\System32\wvutrqr.dll.vir
Echec de la désinfection
C:\qoobox\Quarantine\C\Windows\System32\wvutrqr.dll.vir
Supprimé
C:\qoobox\Quarantine\C\Windows\System32\yduwefxv.dll.vir
Infecté par: Trojan.Vundo.DSJ
C:\qoobox\Quarantine\C\Windows\System32\yduwefxv.dll.vir
Echec de la désinfection
C:\qoobox\Quarantine\C\Windows\System32\yduwefxv.dll.vir
Supprimé
C:\qoobox\Quarantine\catchme2007-12-22_130837.00.zip=>khhhf.dll
Infecté par: Trojan.Vundo.DRM
C:\qoobox\Quarantine\catchme2007-12-22_130837.00.zip=>khhhf.dll
Echec de la désinfection
C:\qoobox\Quarantine\catchme2007-12-22_130837.00.zip=>khhhf.dll
Supprimé
C:\qoobox\Quarantine\catchme2007-12-22_130837.00.zip
Mis à jour
C:\VundoFix Backups\btaxwtdg.dll.bad
Infecté par: Trojan.Vundo.DSJ
C:\VundoFix Backups\btaxwtdg.dll.bad
Echec de la désinfection
C:\VundoFix Backups\btaxwtdg.dll.bad
Supprimé
C:\VundoFix Backups\byyxoupw.dll.bad
Infecté par: Trojan.Vundo.DSJ
C:\VundoFix Backups\byyxoupw.dll.bad
Echec de la désinfection
C:\VundoFix Backups\byyxoupw.dll.bad
Supprimé
C:\VundoFix Backups\eeqmwfmm.dll.bad
Infecté par: Trojan.Vundo.DSJ
C:\VundoFix Backups\eeqmwfmm.dll.bad
Echec de la désinfection
C:\VundoFix Backups\eeqmwfmm.dll.bad
Supprimé
C:\VundoFix Backups\errqecie.dll.bad
Infecté par: Trojan.Vundo.DSJ
C:\VundoFix Backups\errqecie.dll.bad
Echec de la désinfection
C:\VundoFix Backups\errqecie.dll.bad
Supprimé
C:\VundoFix Backups\eubbgmmj.dll.bad
Infecté par: Trojan.Vundo.DRT
C:\VundoFix Backups\eubbgmmj.dll.bad
Echec de la désinfection
C:\VundoFix Backups\eubbgmmj.dll.bad
Supprimé
C:\VundoFix Backups\flmyiweq.dll.bad
Infecté par: Trojan.Vundo.DSJ
C:\VundoFix Backups\flmyiweq.dll.bad
Echec de la désinfection
C:\VundoFix Backups\flmyiweq.dll.bad
Supprimé
C:\VundoFix Backups\fwcarpgt.dll.bad
Infecté par: Trojan.Vundo.DRT
C:\VundoFix Backups\fwcarpgt.dll.bad
Echec de la désinfection
C:\VundoFix Backups\fwcarpgt.dll.bad
Supprimé
C:\VundoFix Backups\hsngvqsx.dll.bad
Infecté par: Trojan.Vundo.DSJ
C:\VundoFix Backups\hsngvqsx.dll.bad
Echec de la désinfection
C:\VundoFix Backups\hsngvqsx.dll.bad
Supprimé
C:\VundoFix Backups\khhhf.dll.bad
Infecté par: Trojan.Vundo.DRM
C:\VundoFix Backups\khhhf.dll.bad
Echec de la désinfection
C:\VundoFix Backups\khhhf.dll.bad
Supprimé
C:\VundoFix Backups\ljjjhhh.dll.bad
Infecté par: Trojan.Vundo.DQU
C:\VundoFix Backups\ljjjhhh.dll.bad
Echec de la désinfection
C:\VundoFix Backups\ljjjhhh.dll.bad
Supprimé
C:\VundoFix Backups\nolpsive.dll.bad
Infecté par: Trojan.Vundo.DSJ
C:\VundoFix Backups\nolpsive.dll.bad
Echec de la désinfection
C:\VundoFix Backups\nolpsive.dll.bad
Supprimé
C:\VundoFix Backups\nyunnseu.exe.bad
Infecté par: Trojan.Fotomoto.H
C:\VundoFix Backups\nyunnseu.exe.bad
Echec de la désinfection
C:\VundoFix Backups\nyunnseu.exe.bad
Supprimé
C:\VundoFix Backups\oknposqa.dll.bad
Infecté par: Trojan.Vundo.DRT
C:\VundoFix Backups\oknposqa.dll.bad
Echec de la désinfection
C:\VundoFix Backups\oknposqa.dll.bad
Supprimé
C:\VundoFix Backups\pdhlnyuc.dll.bad
Infecté par: Trojan.Vundo.DRV
C:\VundoFix Backups\pdhlnyuc.dll.bad
Echec de la désinfection
C:\VundoFix Backups\pdhlnyuc.dll.bad
Supprimé
C:\VundoFix Backups\pljdoxrr.dll.bad
Infecté par: Trojan.Vundo.DSJ
C:\VundoFix Backups\pljdoxrr.dll.bad
Echec de la désinfection
C:\VundoFix Backups\pljdoxrr.dll.bad
Supprimé
C:\VundoFix Backups\pmnopnk.dll.bad
Infecté par: Trojan.Vundo.DQU
C:\VundoFix Backups\pmnopnk.dll.bad
Echec de la désinfection
C:\VundoFix Backups\pmnopnk.dll.bad
Supprimé
C:\VundoFix Backups\qtlfbmxd.dll.bad
Infecté par: Trojan.Vundo.DRT
C:\VundoFix Backups\qtlfbmxd.dll.bad
Echec de la désinfection
C:\VundoFix Backups\qtlfbmxd.dll.bad
Supprimé
C:\VundoFix Backups\rjfpmssh.dll.bad
Infecté par: Trojan.Vundo.DRT
C:\VundoFix Backups\rjfpmssh.dll.bad
Echec de la désinfection
C:\VundoFix Backups\rjfpmssh.dll.bad
Supprimé
C:\VundoFix Backups\rpxbexxc.dll.bad
Infecté par: Trojan.Vundo.DRT
C:\VundoFix Backups\rpxbexxc.dll.bad
Echec de la désinfection
C:\VundoFix Backups\rpxbexxc.dll.bad
Supprimé
C:\VundoFix Backups\scouxcna.dll.bad
Infecté par: Trojan.Vundo.DRT
C:\VundoFix Backups\scouxcna.dll.bad
Echec de la désinfection
C:\VundoFix Backups\scouxcna.dll.bad
Supprimé
C:\_OTMoveIt\MovedFiles\Windows\system32\nntghbfu.dll
Infecté par: Trojan.Vundo.DRT
C:\_OTMoveIt\MovedFiles\Windows\system32\nntghbfu.dll
Echec de la désinfection
C:\_OTMoveIt\MovedFiles\Windows\system32\nntghbfu.dll
Supprimé
rapport de hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:17:51, on 2007-12-22
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\vVX3000.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.capitaledumetal.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\KEM.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
C:\Windows\system32\fhhhk.bak1 moved successfully.
C:\Windows\system32\fhhhk.bak2 moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\nntghbfu.dll
C:\Windows\system32\nntghbfu.dll NOT unregistered.
C:\Windows\system32\nntghbfu.dll moved successfully.
Created on 12-22-2007 11:26:52
Rapport de vundofix: ( Pas Sur que sa soit sa :S)
C:\windows\System32\anwagmco.dll
C:\windows\System32\anwagmco.dllbox
C:\Windows\System32\apjtudul.dll
C:\Windows\System32\btaxwtdg.dll
C:\Windows\System32\byyxoupw.dll
C:\Windows\System32\eeqmwfmm.dll
C:\Windows\System32\errqecie.dll
C:\Windows\System32\eubbgmmj.dll
C:\Windows\System32\fhhhk.ini
C:\Windows\System32\flmyiweq.dll
C:\Windows\System32\fwcarpgt.dll
C:\Windows\System32\hsngvqsx.dll
C:\windows\System32\igrsxwpa.dll
C:\windows\System32\igrsxwpa.dllbox
C:\Windows\System32\jmmgbbue.ini
C:\Windows\System32\khhhf.dll
C:\Windows\System32\ljjjhhh.dll
C:\Windows\System32\nolpsive.dll
C:\Windows\System32\nyunnseu.exe
C:\Windows\System32\oknposqa.dll
C:\Windows\System32\pdhlnyuc.dll
C:\Windows\System32\pljdoxrr.dll
C:\Windows\System32\pmnopnk.dll
C:\Windows\System32\qtlfbmxd.dll
C:\Windows\System32\rjfpmssh.dll
C:\Windows\System32\rpxbexxc.dll
C:\Windows\System32\scouxcna.dll
C:\Windows\System32\ssqqrsq.dll
C:\Windows\System32\tgpracwf.ini
C:\Windows\System32\tutxwiop.dll
C:\Windows\System32\uskthkld.dll
C:\Windows\System32\wvutrqr.dll
C:\Windows\System32\xebnhdem.dll
C:\Windows\System32\yduwefxv.dll
Rapport de Combofix:
ComboFix 07-12-21.4 - Chantale Gagnon 2007-12-22 12:33:34.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.359 [GMT -5:00]
Running from: C:\Users\Chantale Gagnon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1MXQ5PJH\ComboFix[1].exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\System32\dlkhtksu.ini
C:\Windows\System32\fhhhk.bak1
C:\Windows\System32\fhhhk.ini
C:\Windows\system32\khhhf.dll
C:\Windows\System32\poiwxtut.ini
C:\Windows\system32\ssqqrsq.dll
C:\Windows\system32\tutxwiop.dll
C:\Windows\system32\uskthkld.dll
C:\Windows\system32\wvutrqr.dll
C:\Windows\system32\x64
C:\Windows\system32\xebnhdem.dll
C:\Windows\system32\yduwefxv.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-22 to 2007-12-22 ))))))))))))))))))))))))))))))))))))
.
2007-12-22 12:05 . 2007-12-22 12:05 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe
2007-12-22 11:44 . 2007-12-22 11:44 7,168 --a------ C:\Windows\System32\windows
2007-12-22 11:24 . 2007-12-22 11:24 14,033 --a------ C:\pos5AB7.tmp
2007-12-22 08:58 . 2007-12-22 08:58 165,472 --a------ C:\Windows\System32\vtlvaleu.dll
2007-12-21 20:26 . 2007-12-21 21:33 190 --a------ C:\Windows\wininit.ini
2007-12-21 19:56 . 2007-12-22 11:25 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2007-12-21 19:56 . 2007-12-22 11:25 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2007-12-21 13:31 . 2007-12-21 13:31 <REP> d-------- C:\Program Files\Trend Micro
2007-12-21 10:03 . 2007-12-22 12:06 <REP> d-------- C:\VundoFix Backups
2007-12-20 21:00 . 2007-12-20 21:15 987,910 ---hs---- C:\Windows\System32\ufbhgtnn.ini
2007-12-20 20:57 . 2007-12-20 20:57 165,472 --a------ C:\Windows\System32\eqospdrp.dll
2007-12-18 17:20 . 2007-12-21 15:31 <REP> d-------- C:\Program Files\Navilog1
2007-12-17 20:47 . 2007-12-19 16:32 971,465 ---hs---- C:\Windows\System32\cxxebxpr.ini
2007-12-16 08:53 . 2007-12-17 18:13 971,405 ---hs---- C:\Windows\System32\aqsopnko.ini
2007-12-14 19:44 . 2007-12-15 17:38 952,487 ---hs---- C:\Windows\System32\tgpracwf.ini
2007-12-13 19:17 . 2007-12-13 19:17 143 --a------ C:\Windows\System32\mcrh.tmp
2007-12-11 16:27 . 2007-12-11 16:27 1,327,104 --a------ C:\Windows\System32\quartz.dll
2007-12-11 16:27 . 2007-12-11 16:27 223,232 --a------ C:\Windows\System32\WMASF.DLL
2007-12-11 16:27 . 2007-12-11 16:27 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2007-12-11 16:27 . 2007-12-11 16:27 2,048 --a------ C:\Windows\System32\asferror.dll
2007-12-11 16:25 . 2007-12-11 16:25 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2007-12-11 16:25 . 2007-12-11 16:25 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2007-12-11 16:25 . 2007-12-11 16:25 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2007-12-11 16:25 . 2007-12-11 16:25 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2007-12-11 16:24 . 2007-12-11 16:24 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe
2007-12-11 16:24 . 2007-12-11 16:24 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe
2007-12-11 16:23 . 2007-12-11 16:23 2,048 --a------ C:\Windows\System32\tzres.dll
2007-12-10 20:45 . 2007-12-11 17:00 859,280 ---hs---- C:\Windows\System32\hssmpfjr.ini
2007-12-09 08:48 . 2007-12-09 14:03 834,384 ---hs---- C:\Windows\System32\dxmbfltq.ini
2007-12-06 16:45 . 2007-12-06 16:45 <REP> d-------- C:\Users\All Users\Lavasoft
2007-12-06 16:45 . 2007-12-06 16:45 <REP> d-------- C:\ProgramData\Lavasoft
2007-12-06 16:45 . 2007-12-06 16:45 <REP> d-------- C:\Program Files\Lavasoft
2007-12-06 16:44 . 2007-12-06 16:44 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-06 16:25 . 2007-12-06 16:36 831,701 ---hs---- C:\Windows\System32\ancxuocs.ini
2007-12-04 22:28 . 2007-12-04 22:28 <REP> d-------- C:\Users\All Users\Grisoft
2007-12-04 22:28 . 2007-12-04 22:28 <REP> d-------- C:\ProgramData\Grisoft
2007-12-04 22:08 . 2007-12-04 22:11 <REP> d-------- C:\Program Files\MenaceControle
2007-12-04 22:08 . 2007-12-04 22:11 <REP> d-------- C:\Program Files\Common Files\MenaceControle
2007-12-04 22:08 . 2004-10-07 13:39 89,088 --a------ C:\Windows\System32\atl71.dll
2007-12-04 21:40 . 2007-12-04 21:40 <REP> d-------- C:\Program Files\Alwil Software
2007-12-04 21:40 . 2003-03-18 16:20 1,060,864 --a------ C:\Windows\System32\MFC71.dll
2007-12-04 21:40 . 2007-12-04 08:04 837,496 --a------ C:\Windows\System32\aswBoot.exe
2007-12-04 21:40 . 2004-01-09 04:13 380,928 --a------ C:\Windows\System32\actskin4.ocx
2007-12-04 21:40 . 2007-12-04 07:54 95,608 --a------ C:\Windows\System32\AvastSS.scr
2007-12-04 21:40 . 2007-12-04 09:52 45,648 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2007-12-04 21:40 . 2007-12-04 09:51 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys
2007-12-04 21:40 . 2007-12-04 09:53 23,152 --a------ C:\Windows\System32\drivers\aswRdr.sys
2007-12-04 13:42 . 2007-12-04 20:44 <REP> d----c--- C:\Windows\System32\DRVSTORE
2007-12-04 13:24 . 2005-09-23 08:29 626,688 --a------ C:\Windows\System32\msvcr80.dll
2007-12-04 09:37 . 2007-12-04 09:43 802,258 ---hs---- C:\Windows\System32\hjqxhwhu.ini
2007-12-04 08:30 . 2007-12-04 08:30 <REP> d-------- C:\Users\Chantale Gagnon\AbiSuite
2007-12-04 08:30 . 2007-12-04 08:30 <REP> d-------- C:\Program Files\AbiSuite2
2007-12-02 20:08 . 2007-12-03 13:42 794,120 ---hs---- C:\Windows\System32\qvdhksyc.ini
2007-11-22 18:32 . 2007-11-22 18:32 <REP> d-------- C:\Program Files\CCleaner
2007-11-22 15:48 . 2006-11-29 13:06 3,426,072 --a------ C:\Windows\System32\d3dx9_32.dll
2007-11-22 15:46 . 2007-11-22 15:46 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-11-22 15:45 . 2007-11-22 15:45 <REP> d-------- C:\Windows\PCHEALTH
2007-11-22 15:39 . 2007-12-09 14:08 <REP> d-------- C:\Users\All Users\WLInstaller
2007-11-22 15:39 . 2007-12-09 14:08 <REP> d-------- C:\ProgramData\WLInstaller
2007-11-22 15:39 . 2007-11-22 15:42 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-20 14:00 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-16 20:28 --------- d-----w C:\Program Files\WarRock
2007-12-15 01:10 --------- d-----w C:\Users\Chantale Gagnon\AppData\Roaming\uTorrent
2007-12-11 21:26 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-09 19:11 --------- d-----w C:\Program Files\Windows Live
2007-12-06 21:49 9,344 ----a-w C:\Windows\system32\drivers\NSDriver.sys
2007-12-06 21:49 8,320 ----a-w C:\Windows\system32\drivers\AWRTRD.sys
2007-11-17 01:33 --------- d-----w C:\Program Files\SystemRequirementsLab
2007-11-16 02:30 --------- d-----w C:\Program Files\uTorrent
2007-11-16 02:27 --------- d-----w C:\Program Files\BitTorrent
2007-11-14 22:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-14 22:25 --------- d-----w C:\Program Files\Silkroad
2007-11-14 08:01 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2007-11-14 08:01 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-11-14 08:01 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2007-11-14 08:01 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-14 08:01 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2007-11-14 08:00 --------- d-----w C:\Program Files\Windows Mail
2007-11-11 05:06 --------- d-----w C:\Program Files\EA GAMES
2007-11-11 04:09 --------- d-----w C:\Users\Chantale Gagnon\AppData\Roaming\BitTorrent
2007-10-23 22:49 586,752 ----a-w C:\Windows\WLXPGSS.SCR
2007-10-07 14:11 22,328 ----a-w C:\Users\Chantale Gagnon\AppData\Roaming\PnkBstrK.sys
2007-08-30 03:07 174 --sha-w C:\Program Files\desktop.ini
2007-07-30 23:57 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-07-30 23:57 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-07-30 23:57 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 12:49]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 07:35]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-07-20 14:08]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 06:24]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 17:53]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-01-12 16:48]
"VX3000"="C:\Windows\vVX3000.exe" [2006-12-05 14:39]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 15:01 C:\Windows\RtHDVCpl.exe]
"SetPoint"="C:\Program Files\Logitech\SetPoint\KEM.EXE" [2004-10-28 08:29]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-09-13 14:38]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-09-13 14:38]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-09-13 14:38]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 08:00]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-07-20 14:08:31]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2007-07-20 14:07:58]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\Windows\system32\khhhf.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders credssp.dll
R0 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2media.sys [2006-11-20 15:14]
R0 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sd.sys [2005-12-19 16:15]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 09:52]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-01-04 13:13]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-09-13 14:23]
R3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 02:30]
R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-12-08 15:02]
R3 VX3000;VX-3000;C:\Windows\system32\DRIVERS\VX3000.sys [2006-12-05 14:39]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 14:18]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84b49655-54b0-11dc-b392-0019db3963a9}]
\shell\AutoRun\command - E:\AUTORUN.EXE
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-22 18:10:00 C:\Windows\Tasks\User_Feed_Synchronization-{663C7FD4-CAC6-47E9-BB4F-BF770036F346}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-22 13:08:44
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-22 13:11:03
.
2007-12-19 21:36:36 --- E O F ---
Rapport de Bitdefender:
Fichier analysé
Statut
C:\qoobox\Quarantine\C\Windows\System32\khhhf.dll.vir
Infecté par: Trojan.Vundo.DRM
C:\qoobox\Quarantine\C\Windows\System32\khhhf.dll.vir
Echec de la désinfection
C:\qoobox\Quarantine\C\Windows\System32\khhhf.dll.vir
Supprimé
C:\qoobox\Quarantine\C\Windows\System32\ssqqrsq.dll.vir
Infecté par: Trojan.Vundo.DQU
C:\qoobox\Quarantine\C\Windows\System32\ssqqrsq.dll.vir
Echec de la désinfection
C:\qoobox\Quarantine\C\Windows\System32\ssqqrsq.dll.vir
Supprimé
C:\qoobox\Quarantine\C\Windows\System32\tutxwiop.dll.vir
Infecté par: Trojan.Vundo.DRT
C:\qoobox\Quarantine\C\Windows\System32\tutxwiop.dll.vir
Echec de la désinfection
C:\qoobox\Quarantine\C\Windows\System32\tutxwiop.dll.vir
Supprimé
C:\qoobox\Quarantine\C\Windows\System32\wvutrqr.dll.vir
Infecté par: Trojan.Vundo.DQU
C:\qoobox\Quarantine\C\Windows\System32\wvutrqr.dll.vir
Echec de la désinfection
C:\qoobox\Quarantine\C\Windows\System32\wvutrqr.dll.vir
Supprimé
C:\qoobox\Quarantine\C\Windows\System32\yduwefxv.dll.vir
Infecté par: Trojan.Vundo.DSJ
C:\qoobox\Quarantine\C\Windows\System32\yduwefxv.dll.vir
Echec de la désinfection
C:\qoobox\Quarantine\C\Windows\System32\yduwefxv.dll.vir
Supprimé
C:\qoobox\Quarantine\catchme2007-12-22_130837.00.zip=>khhhf.dll
Infecté par: Trojan.Vundo.DRM
C:\qoobox\Quarantine\catchme2007-12-22_130837.00.zip=>khhhf.dll
Echec de la désinfection
C:\qoobox\Quarantine\catchme2007-12-22_130837.00.zip=>khhhf.dll
Supprimé
C:\qoobox\Quarantine\catchme2007-12-22_130837.00.zip
Mis à jour
C:\VundoFix Backups\btaxwtdg.dll.bad
Infecté par: Trojan.Vundo.DSJ
C:\VundoFix Backups\btaxwtdg.dll.bad
Echec de la désinfection
C:\VundoFix Backups\btaxwtdg.dll.bad
Supprimé
C:\VundoFix Backups\byyxoupw.dll.bad
Infecté par: Trojan.Vundo.DSJ
C:\VundoFix Backups\byyxoupw.dll.bad
Echec de la désinfection
C:\VundoFix Backups\byyxoupw.dll.bad
Supprimé
C:\VundoFix Backups\eeqmwfmm.dll.bad
Infecté par: Trojan.Vundo.DSJ
C:\VundoFix Backups\eeqmwfmm.dll.bad
Echec de la désinfection
C:\VundoFix Backups\eeqmwfmm.dll.bad
Supprimé
C:\VundoFix Backups\errqecie.dll.bad
Infecté par: Trojan.Vundo.DSJ
C:\VundoFix Backups\errqecie.dll.bad
Echec de la désinfection
C:\VundoFix Backups\errqecie.dll.bad
Supprimé
C:\VundoFix Backups\eubbgmmj.dll.bad
Infecté par: Trojan.Vundo.DRT
C:\VundoFix Backups\eubbgmmj.dll.bad
Echec de la désinfection
C:\VundoFix Backups\eubbgmmj.dll.bad
Supprimé
C:\VundoFix Backups\flmyiweq.dll.bad
Infecté par: Trojan.Vundo.DSJ
C:\VundoFix Backups\flmyiweq.dll.bad
Echec de la désinfection
C:\VundoFix Backups\flmyiweq.dll.bad
Supprimé
C:\VundoFix Backups\fwcarpgt.dll.bad
Infecté par: Trojan.Vundo.DRT
C:\VundoFix Backups\fwcarpgt.dll.bad
Echec de la désinfection
C:\VundoFix Backups\fwcarpgt.dll.bad
Supprimé
C:\VundoFix Backups\hsngvqsx.dll.bad
Infecté par: Trojan.Vundo.DSJ
C:\VundoFix Backups\hsngvqsx.dll.bad
Echec de la désinfection
C:\VundoFix Backups\hsngvqsx.dll.bad
Supprimé
C:\VundoFix Backups\khhhf.dll.bad
Infecté par: Trojan.Vundo.DRM
C:\VundoFix Backups\khhhf.dll.bad
Echec de la désinfection
C:\VundoFix Backups\khhhf.dll.bad
Supprimé
C:\VundoFix Backups\ljjjhhh.dll.bad
Infecté par: Trojan.Vundo.DQU
C:\VundoFix Backups\ljjjhhh.dll.bad
Echec de la désinfection
C:\VundoFix Backups\ljjjhhh.dll.bad
Supprimé
C:\VundoFix Backups\nolpsive.dll.bad
Infecté par: Trojan.Vundo.DSJ
C:\VundoFix Backups\nolpsive.dll.bad
Echec de la désinfection
C:\VundoFix Backups\nolpsive.dll.bad
Supprimé
C:\VundoFix Backups\nyunnseu.exe.bad
Infecté par: Trojan.Fotomoto.H
C:\VundoFix Backups\nyunnseu.exe.bad
Echec de la désinfection
C:\VundoFix Backups\nyunnseu.exe.bad
Supprimé
C:\VundoFix Backups\oknposqa.dll.bad
Infecté par: Trojan.Vundo.DRT
C:\VundoFix Backups\oknposqa.dll.bad
Echec de la désinfection
C:\VundoFix Backups\oknposqa.dll.bad
Supprimé
C:\VundoFix Backups\pdhlnyuc.dll.bad
Infecté par: Trojan.Vundo.DRV
C:\VundoFix Backups\pdhlnyuc.dll.bad
Echec de la désinfection
C:\VundoFix Backups\pdhlnyuc.dll.bad
Supprimé
C:\VundoFix Backups\pljdoxrr.dll.bad
Infecté par: Trojan.Vundo.DSJ
C:\VundoFix Backups\pljdoxrr.dll.bad
Echec de la désinfection
C:\VundoFix Backups\pljdoxrr.dll.bad
Supprimé
C:\VundoFix Backups\pmnopnk.dll.bad
Infecté par: Trojan.Vundo.DQU
C:\VundoFix Backups\pmnopnk.dll.bad
Echec de la désinfection
C:\VundoFix Backups\pmnopnk.dll.bad
Supprimé
C:\VundoFix Backups\qtlfbmxd.dll.bad
Infecté par: Trojan.Vundo.DRT
C:\VundoFix Backups\qtlfbmxd.dll.bad
Echec de la désinfection
C:\VundoFix Backups\qtlfbmxd.dll.bad
Supprimé
C:\VundoFix Backups\rjfpmssh.dll.bad
Infecté par: Trojan.Vundo.DRT
C:\VundoFix Backups\rjfpmssh.dll.bad
Echec de la désinfection
C:\VundoFix Backups\rjfpmssh.dll.bad
Supprimé
C:\VundoFix Backups\rpxbexxc.dll.bad
Infecté par: Trojan.Vundo.DRT
C:\VundoFix Backups\rpxbexxc.dll.bad
Echec de la désinfection
C:\VundoFix Backups\rpxbexxc.dll.bad
Supprimé
C:\VundoFix Backups\scouxcna.dll.bad
Infecté par: Trojan.Vundo.DRT
C:\VundoFix Backups\scouxcna.dll.bad
Echec de la désinfection
C:\VundoFix Backups\scouxcna.dll.bad
Supprimé
C:\_OTMoveIt\MovedFiles\Windows\system32\nntghbfu.dll
Infecté par: Trojan.Vundo.DRT
C:\_OTMoveIt\MovedFiles\Windows\system32\nntghbfu.dll
Echec de la désinfection
C:\_OTMoveIt\MovedFiles\Windows\system32\nntghbfu.dll
Supprimé
rapport de hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:17:51, on 2007-12-22
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\vVX3000.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.capitaledumetal.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\KEM.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ok
il y a encore du boulot meme si hijackthis est ok!
______________________
analyse ces fichiers sur virus total: https://www.virustotal.com/gui/
C:\pos5AB7.tmp
C:\Windows\System32\vtlvaleu.dll
C:\Windows\wininit.ini
C:\Windows\System32\ufbhgtnn.ini
C:\Windows\System32\eqospdrp.dll
C:\Windows\System32\cxxebxpr.ini
C:\Windows\System32\aqsopnko.ini
C:\Windows\System32\tgpracwf.ini
C:\Windows\System32\mcrh.tmp
C:\Windows\System32\drivers\mrxsmb.sys
C:\Windows\System32\drivers\srvnet.sys
C:\Windows\System32\drivers\mrxsmb20.sys
C:\Windows\System32\ntkrnlpa.exe
C:\Windows\System32\ntoskrnl.exe
C:\Windows\System32\tzres.dll
C:\Windows\System32\dxmbfltq.ini
C:\Windows\System32\hssmpfjr.ini
C:\Windows\System32\hjqxhwhu.ini
C:\Windows\System32\qvdhksyc.ini
C:\Windows\System32\d3dx9_32.dll
les fichiers qui sont inféctés tu les mets dans la citation otmovit:
télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
_________________________
vire ce qui est dans les dossiers : quarantine puis VundoFix Backups\ puis MovedFiles\ (en allant dans poste de travail puis C)
C:\qoobox\quarantine
C:\VundoFix Backups\
C:\_OTMoveIt\MovedFiles\
______________________________
installe spywareblaster qui previent contre vundo que tu avais:
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/28872.html
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...
______________________________
remplace avast par antivir et colle un rapport:
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
il y a encore du boulot meme si hijackthis est ok!
______________________
analyse ces fichiers sur virus total: https://www.virustotal.com/gui/
C:\pos5AB7.tmp
C:\Windows\System32\vtlvaleu.dll
C:\Windows\wininit.ini
C:\Windows\System32\ufbhgtnn.ini
C:\Windows\System32\eqospdrp.dll
C:\Windows\System32\cxxebxpr.ini
C:\Windows\System32\aqsopnko.ini
C:\Windows\System32\tgpracwf.ini
C:\Windows\System32\mcrh.tmp
C:\Windows\System32\drivers\mrxsmb.sys
C:\Windows\System32\drivers\srvnet.sys
C:\Windows\System32\drivers\mrxsmb20.sys
C:\Windows\System32\ntkrnlpa.exe
C:\Windows\System32\ntoskrnl.exe
C:\Windows\System32\tzres.dll
C:\Windows\System32\dxmbfltq.ini
C:\Windows\System32\hssmpfjr.ini
C:\Windows\System32\hjqxhwhu.ini
C:\Windows\System32\qvdhksyc.ini
C:\Windows\System32\d3dx9_32.dll
les fichiers qui sont inféctés tu les mets dans la citation otmovit:
télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
_________________________
vire ce qui est dans les dossiers : quarantine puis VundoFix Backups\ puis MovedFiles\ (en allant dans poste de travail puis C)
C:\qoobox\quarantine
C:\VundoFix Backups\
C:\_OTMoveIt\MovedFiles\
______________________________
installe spywareblaster qui previent contre vundo que tu avais:
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/28872.html
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...
______________________________
remplace avast par antivir et colle un rapport:
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
Certaines citations si dessus n'étais pas dans mon système..mais bon le reste que j'ai fais analyser, on été bel et bien supprimer..
Voici le rapport de scan de Antivir.
AntiVir PersonalEdition Classic
Report file date: 23 décembre 2007 15:38
Scanning for 988313 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Username: SYSTEM
Computer name: PC-KIM
Version information:
BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 19:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 18:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 21:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 18:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 20:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 2007-12-14 20:28:12
ANTIVIR2.VDF : 7.0.1.96 2048 Bytes 2007-12-14 20:28:12
ANTIVIR3.VDF : 7.0.1.144 227328 Bytes 2007-12-23 20:28:12
AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 2007-12-23 20:28:12
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 16:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 13:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 19:16:24
AVPACK32.DLL : 7.6.0.2 360488 Bytes 2007-12-23 20:28:12
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 13:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 18:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 13:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 17:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 18:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 18:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 15:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: 23 décembre 2007 15:38
Starting search for hidden objects.
'68153' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'TrustedInstaller.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'WMIADAP.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrB.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'MSCamS32.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'agrsmsvc.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'backWeb-8876480.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'KEM.exe' - '1' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
Scan process 'vVX3000.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
59 processes with 59 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '14' files ).
Starting the file scan:
Begin scan in 'C:\' <Vista>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\Common Files\MenaceControle\stmon.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agen.593920
[INFO] The file was moved to '47dbc9d4.qua'!
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondeddc.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '47e0cbf0.qua'!
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondeddc1.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '47e0cbf6.qua'!
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondeddc2.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '47e0cbfc.qua'!
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondeddc3.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '47e0cbff.qua'!
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondeddc4.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '47e0cc04.qua'!
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondeddc5.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '47e0cc0c.qua'!
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondeddc6.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '47e0cc10.qua'!
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondeddc7.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '47e0cc14.qua'!
C:\Windows\System32\anwagmco.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47e5d07f.qua'!
C:\Windows\System32\drivers\sptd.sys
[WARNING] The file could not be opened!
End of the scan: 23 décembre 2007 16:28
Used time: 50:35 min
The scan has been done completely.
12248 Scanning directories
279132 Files were scanned
2 viruses and/or unwanted programs were found
8 Files were classified as suspicious:
0 files were deleted
0 files were repaired
10 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
279130 Files not concerned
2868 Archives were scanned
3 Warnings
32 Notes
68153 Objects were scanned with rootkit scan
0 Hidden objects were found
Voici le rapport de scan de Antivir.
AntiVir PersonalEdition Classic
Report file date: 23 décembre 2007 15:38
Scanning for 988313 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Username: SYSTEM
Computer name: PC-KIM
Version information:
BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 19:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 18:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 21:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 18:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 20:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 2007-12-14 20:28:12
ANTIVIR2.VDF : 7.0.1.96 2048 Bytes 2007-12-14 20:28:12
ANTIVIR3.VDF : 7.0.1.144 227328 Bytes 2007-12-23 20:28:12
AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 2007-12-23 20:28:12
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 16:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 13:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 19:16:24
AVPACK32.DLL : 7.6.0.2 360488 Bytes 2007-12-23 20:28:12
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 13:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 18:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 13:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 17:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 18:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 18:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 15:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: 23 décembre 2007 15:38
Starting search for hidden objects.
'68153' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'TrustedInstaller.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'WMIADAP.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrB.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'MSCamS32.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'agrsmsvc.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'backWeb-8876480.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'KEM.exe' - '1' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
Scan process 'vVX3000.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
59 processes with 59 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '14' files ).
Starting the file scan:
Begin scan in 'C:\' <Vista>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\Common Files\MenaceControle\stmon.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agen.593920
[INFO] The file was moved to '47dbc9d4.qua'!
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondeddc.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '47e0cbf0.qua'!
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondeddc1.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '47e0cbf6.qua'!
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondeddc2.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '47e0cbfc.qua'!
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondeddc3.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '47e0cbff.qua'!
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondeddc4.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '47e0cc04.qua'!
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondeddc5.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '47e0cc0c.qua'!
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondeddc6.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '47e0cc10.qua'!
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondeddc7.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '47e0cc14.qua'!
C:\Windows\System32\anwagmco.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47e5d07f.qua'!
C:\Windows\System32\drivers\sptd.sys
[WARNING] The file could not be opened!
End of the scan: 23 décembre 2007 16:28
Used time: 50:35 min
The scan has been done completely.
12248 Scanning directories
279132 Files were scanned
2 viruses and/or unwanted programs were found
8 Files were classified as suspicious:
0 files were deleted
0 files were repaired
10 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
279130 Files not concerned
2868 Archives were scanned
3 Warnings
32 Notes
68153 Objects were scanned with rootkit scan
0 Hidden objects were found
vire ce qui est en quarantaine (sauvegarde ) de spybot et antivir
___________________
analyse ce fichier sur virus total: https://www.virustotal.com/gui/ et colle moi le rapport
C:\Windows\System32\drivers\sptd.sys
_________________
refais un rapport antivir , hijackhtis et combofix et colle les moi et surtout dis moi tes problemes actuels
___________________
analyse ce fichier sur virus total: https://www.virustotal.com/gui/ et colle moi le rapport
C:\Windows\System32\drivers\sptd.sys
_________________
refais un rapport antivir , hijackhtis et combofix et colle les moi et surtout dis moi tes problemes actuels
C:\Windows\System32\drivers\sptd.sys n'est pas analysable par virustotal, parce qu'il est en cours d'exécution..
Rapport de Antivir:
AntiVir PersonalEdition Classic
Report file date: 24 décembre 2007 08:15
Scanning for 988313 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Username: SYSTEM
Computer name: PC-KIM
Version information:
BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 19:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 18:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 21:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 18:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 20:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 2007-12-14 20:28:12
ANTIVIR2.VDF : 7.0.1.96 2048 Bytes 2007-12-14 20:28:12
ANTIVIR3.VDF : 7.0.1.144 227328 Bytes 2007-12-23 20:28:12
AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 2007-12-23 20:28:12
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 16:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 13:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 19:16:24
AVPACK32.DLL : 7.6.0.2 360488 Bytes 2007-12-23 20:28:12
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 13:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 18:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 13:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 17:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 18:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 18:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 15:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: 24 décembre 2007 08:15
Starting search for hidden objects.
An ARK instance is already running.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
Scan process 'msfeedssync.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrB.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'MSCamS32.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'agrsmsvc.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'backWeb-8876480.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'KEM.exe' - '1' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
Scan process 'vVX3000.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
60 processes with 60 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Rapport de hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:09:52, on 2007-12-25
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\vVX3000.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.capitaledumetal.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\KEM.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
Rapport de Antivir:
AntiVir PersonalEdition Classic
Report file date: 24 décembre 2007 08:15
Scanning for 988313 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Username: SYSTEM
Computer name: PC-KIM
Version information:
BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 19:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 18:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 21:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 18:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 20:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 2007-12-14 20:28:12
ANTIVIR2.VDF : 7.0.1.96 2048 Bytes 2007-12-14 20:28:12
ANTIVIR3.VDF : 7.0.1.144 227328 Bytes 2007-12-23 20:28:12
AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 2007-12-23 20:28:12
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 16:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 13:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 19:16:24
AVPACK32.DLL : 7.6.0.2 360488 Bytes 2007-12-23 20:28:12
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 13:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 18:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 13:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 17:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 18:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 18:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 15:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: 24 décembre 2007 08:15
Starting search for hidden objects.
An ARK instance is already running.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
Scan process 'msfeedssync.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrB.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'MSCamS32.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'agrsmsvc.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'backWeb-8876480.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'KEM.exe' - '1' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
Scan process 'vVX3000.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
60 processes with 60 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Rapport de hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:09:52, on 2007-12-25
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\vVX3000.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.capitaledumetal.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\KEM.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
lance
AVG antispyware
https://www.01net.com/telecharger/
Tuto :
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html
->Relance AVG AS -> "Analyse" ->"Paramètres"
Sous la question "Comment réagir ?" :
-> clique sur "Actions recommandées" et choisis "Quarantaines"
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"
Si un fichier est infecté en fin d'analyse
->Clique sur "Appliquer toutes les actions "
->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".
->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici
__________________
Colle le rapport :
Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente.
Téléchargez clean.zip, décompressez-le sur votre bureau (clic droit / extraire tout), vous obtenez alors un dossier clean
Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec
Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laissez la ouverte jusqu'à ce qu'elle se ferme.
Manuel de clean :
http://kerio.probb.fr/tuto-Clean-h37.html
AVG antispyware
https://www.01net.com/telecharger/
Tuto :
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html
->Relance AVG AS -> "Analyse" ->"Paramètres"
Sous la question "Comment réagir ?" :
-> clique sur "Actions recommandées" et choisis "Quarantaines"
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"
Si un fichier est infecté en fin d'analyse
->Clique sur "Appliquer toutes les actions "
->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".
->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici
__________________
Colle le rapport :
Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente.
Téléchargez clean.zip, décompressez-le sur votre bureau (clic droit / extraire tout), vous obtenez alors un dossier clean
Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec
Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laissez la ouverte jusqu'à ce qu'elle se ferme.
Manuel de clean :
http://kerio.probb.fr/tuto-Clean-h37.html
