Aller au contenu

MCFIVE

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    464

  • Inscription

  • Dernière visite

  • Jours gagnés

    1

 Type de contenu 

Tout ce qui a été posté par MCFIVE

  1. MCFIVE
    BONJOUR, la page bloc-notes est vide ! ...je ne peux rien copier/coller..normal ou pas normal? merci
  2. MCFIVE
    bonjour, es espérant que j'ai pas zapper quelque chose ; GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-02-16 18:10:09 Windows 5.1.2600 Service Pack 3 Running: ub2le2qy.exe; Driver: C:\DOCUME~1\Michel\LOCALS~1\Temp\fwncrpod.sys ---- System - GMER 1.0.15 ---- SSDT 865548A0 ZwAssignProcessToJobObject SSDT spfy.sys ZwCreateKey [0xF73900E0] SSDT spfy.sys ZwEnumerateKey [0xF73AECA2] SSDT spfy.sys ZwEnumerateValueKey [0xF73AF030] SSDT spfy.sys ZwOpenKey [0xF73900C0] SSDT 86553CB0 ZwOpenProcess SSDT 865540D0 ZwOpenThread SSDT spfy.sys ZwQueryKey [0xF73AF108] SSDT spfy.sys ZwQueryValueKey [0xF73AEF88] SSDT spfy.sys ZwSetValueKey [0xF73AF19A] SSDT 865546D0 ZwSuspendProcess SSDT 865544F0 ZwSuspendThread SSDT 86553EE0 ZwTerminateProcess SSDT 86554310 ZwTerminateThread INT 0x62 ? 86F67BF8 INT 0x63 ? 86F67BF8 INT 0x63 ? 86F67BF8 INT 0x63 ? 86B41F00 INT 0x74 ? 86B41F00 INT 0x82 ? 86F67BF8 INT 0x84 ? 86B41F00 ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7391040] spfy.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F739113C] spfy.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73910BE] spfy.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73917FC] spfy.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73916D2] spfy.sys IAT \SystemRoot\System32\Drivers\ayorc6tf.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B IAT \SystemRoot\System32\Drivers\ayorc6tf.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304 IAT \SystemRoot\System32\Drivers\ayorc6tf.SYS[HAL.dll!KeGetCurrentIrql] CB033043 IAT \SystemRoot\System32\Drivers\ayorc6tf.SYS[HAL.dll!KfRaiseIrql] 0673C13B IAT \SystemRoot\System32\Drivers\ayorc6tf.SYS[HAL.dll!KfLowerIrql] C13B0003 IAT \SystemRoot\System32\Drivers\ayorc6tf.SYS[HAL.dll!HalGetInterruptVector] 8366FA72 IAT \SystemRoot\System32\Drivers\ayorc6tf.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B IAT \SystemRoot\System32\Drivers\ayorc6tf.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3 IAT \SystemRoot\System32\Drivers\ayorc6tf.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00 IAT \SystemRoot\System32\Drivers\ayorc6tf.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F IAT \SystemRoot\System32\Drivers\ayorc6tf.SYS[HAL.dll!READ_PORT_USHORT] 83660000 IAT \SystemRoot\System32\Drivers\ayorc6tf.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A IAT \SystemRoot\System32\Drivers\ayorc6tf.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400 IAT \SystemRoot\System32\Drivers\ayorc6tf.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200 IAT \SystemRoot\System32\Drivers\ayorc6tf.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140 IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F73A1048] spfy.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [630290C4] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!ExitThread] [63029083] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [63028FF7] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [63028F8E] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [6302915C] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [63028F8E] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [63028FF7] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [6302915C] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [630290C4] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [63028F8E] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [63028FF7] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [6302915C] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!DeleteObject] [6305C5B6] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63029021] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63028FF7] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [630290C4] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!ExitThread] [63029083] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63028F8E] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6302915C] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!DefWindowProcA] [03DA1850] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!DefWindowProcW] [03DA1890] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetWindowLongA] [03DA15B0] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetWindowLongW] [03DA15E0] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetSysColor] [6305C532] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TrackPopupMenu] [6302910F] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TrackPopupMenuEx] [63029137] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!SetWindowLongA] [03DA1530] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!SetWindowLongW] [03DA1570] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!CreateWindowExA] [63029296] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!CreateWindowExW] [630292D3] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!DeferWindowPos] [03DA14A0] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!CallWindowProcW] [63058149] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!CallWindowProcA] [630571AF] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [6302915C] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [63028F8E] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ExitThread] [63029083] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] [630290C4] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [GDI32.dll!DeleteObject] [6305C5B6] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryA] [63028F8E] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryW] [63028FF7] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!GetProcAddress] [6302915C] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!CreateThread] [630290C4] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryExA] [63029021] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!TrackPopupMenuEx] [63029137] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!CreateWindowExW] [630292D3] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!DefWindowProcA] [03DA1850] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!SetWindowLongW] [03DA1570] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetWindowLongW] [03DA15E0] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!DeferWindowPos] [03DA14A0] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetSysColor] [6305C532] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!DefWindowProcW] [03DA1890] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetSysColorBrush] [6305C5E9] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!FillRect] [63028DEF] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!DrawFrameControl] [6301DF7F] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!TrackPopupMenu] [6302910F] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!CallWindowProcW] [63058149] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!SetScrollInfo] [03DA1750] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetWindowLongA] [03DA15B0] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ole32.dll [GDI32.dll!DeleteObject] [6305C5B6] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [6302915C] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [63028F8E] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [63028FF7] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [630290C4] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [63029021] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetSysColor] [6305C532] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!CallWindowProcW] [63058149] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!CreateWindowExA] [63029296] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!DefWindowProcW] [03DA1890] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!CreateWindowExW] [630292D3] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetWindowLongW] [03DA15E0] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!SetWindowLongW] [03DA1570] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 86F661F8 AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) Device \Driver\NetBT \Device\NetBT_Tcpip_{165C0591-6FD4-4111-BF17-C9020B6885C1} 86A7F500 Device \Driver\usbuhci \Device\USBPDO-0 86B53500 Device \Driver\dmio \Device\DmControl\DmIoDaemon 86FD91F8 Device \Driver\dmio \Device\DmControl\DmConfig 86FD91F8 Device \Driver\dmio \Device\DmControl\DmPnP 86FD91F8 Device \Driver\dmio \Device\DmControl\DmInfo 86FD91F8 Device \Driver\usbuhci \Device\USBPDO-1 86B53500 Device \Driver\usbuhci \Device\USBPDO-2 86B53500 Device \Driver\usbuhci \Device\USBPDO-3 86B53500 AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET) AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation) Device \Driver\Ftdisk \Device\HarddiskVolume1 86F681F8 Device \Driver\Cdrom \Device\CdRom0 86B54500 Device \Driver\NetBT \Device\NetBT_Tcpip_{E6A3A1B3-8463-4240-A41B-E37446C03EEE} 86A7F500 Device \Driver\Cdrom \Device\CdRom1 86B54500 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F72E3B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort0 [F72E3B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [F72E3B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort2 [F72E3B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort3 [F72E3B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 [F72E3B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\NetBT \Device\NetBt_Wins_Export 86A7F500 Device \Driver\usbstor \Device\00000083 86ABF500 Device \Driver\usbstor \Device\00000084 86ABF500 Device \Driver\NetBT \Device\NetbiosSmb 86A7F500 Device \Driver\usbstor \Device\00000085 86ABF500 Device \Driver\usbstor \Device\00000086 86ABF500 Device \Driver\usbstor \Device\00000087 86ABF500 Device \Driver\PCI_PNP5740 \Device\0000004f spfy.sys Device \Driver\sptd \Device\4097846990 spfy.sys Device \Driver\usbuhci \Device\USBFDO-0 86B53500 Device \Driver\usbuhci \Device\USBFDO-1 86B53500 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86ACF500 Device \Driver\usbuhci \Device\USBFDO-2 86B53500 Device \FileSystem\MRxSmb \Device\LanmanRedirector 86ACF500 Device \Driver\usbuhci \Device\USBFDO-3 86B53500 Device \Driver\Ftdisk \Device\FtControl 86F681F8 Device \Driver\ayorc6tf \Device\Scsi\ayorc6tf1 86B0F500 Device \Driver\ayorc6tf \Device\Scsi\ayorc6tf1Port4Path0Target0Lun0 86B0F500 Device \FileSystem\Cdfs \Cdfs 86B67500 ---- Threads - GMER 1.0.15 ---- Thread System [4:464] 86552930 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFF 0x2A 0x88 0x4E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x9B 0x37 0x59 0xC3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x34 0xD1 0x19 0x2D ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFF 0x2A 0x88 0x4E ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x9B 0x37 0x59 0xC3 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x34 0xD1 0x19 0x2D ... ---- EOF - GMER 1.0.15 ----
  3. MCFIVE
    bonjour, Ca y est , je suis sur place . Alors voici : ComboFix 10-02-12.01 - Michel 15/02/2010 12:20:40.1.2 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1022.664 [GMT 1:00] Lancé depuis: c:\documents and settings\Michel\Bureau\ComboFix.exe AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Un antivirus résident est actif . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Michel\Application Data\inst.exe c:\program files\Winsudate c:\program files\Winsudate\gibcom.dll c:\program files\Winsudate\gibidl.dll c:\program files\Winsudate\gibsvc.exe c:\program files\Winsudate\gibupt.exe c:\program files\Winsudate\gibusr.exe c:\windows\system\msvbvm60.dll c:\windows\system32\itiimg3.dll . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_WINSVC -------\Service_WinSvc ((((((((((((((((((((((((((((( Fichiers créés du 2010-01-15 au 2010-02-15 )))))))))))))))))))))))))))))))))))) . 2010-02-14 13:10 . 2010-02-14 13:10 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET 2010-02-12 11:00 . 2010-02-13 14:08 -------- d-----w- c:\documents and settings\Michel\Local Settings\Application Data\anaqak 2010-02-02 16:42 . 2010-02-02 16:42 -------- d-----w- C:\FreudUsers 2010-02-02 16:41 . 1999-05-28 09:15 86016 ----a-w- c:\windows\unvise32qt.exe 2010-02-02 16:41 . 2010-02-02 16:41 -------- d-----w- c:\windows\system32\QuickTime 2010-02-02 16:41 . 2010-02-02 16:41 -------- d-----w- c:\program files\QuickTime 2010-01-25 14:24 . 2010-01-25 14:24 -------- d-----w- c:\program files\ESET . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-15 11:27 . 2009-12-15 14:58 -------- d-----w- c:\documents and settings\Michel\Application Data\uTorrent 2010-02-15 11:26 . 2009-04-06 13:07 -------- d-----w- c:\program files\DNA 2010-02-15 11:26 . 2009-04-06 13:07 -------- d-----w- c:\documents and settings\Michel\Application Data\DNA 2010-02-14 19:03 . 2009-03-17 12:13 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater 2010-02-13 20:59 . 2009-03-02 11:18 -------- d-----w- c:\program files\adslTV 2010-02-13 12:09 . 2009-02-07 16:32 -------- d-----w- c:\program files\dl_Cats 2010-02-10 18:39 . 2009-01-28 19:55 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help 2010-01-23 02:16 . 2009-09-13 11:51 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-13 02:18 . 2009-12-15 12:41 -------- d-----w- c:\program files\Download Direct 2010-01-11 20:53 . 2009-03-31 17:31 -------- d-----w- c:\documents and settings\Michel\Application Data\dvdcss 2010-01-08 16:06 . 2010-01-08 16:06 45880 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-01-08 16:06 . 2010-01-08 16:06 -------- d-----w- c:\documents and settings\LocalService\Application Data\ATI 2010-01-08 16:03 . 2010-01-08 16:03 -------- d-----w- c:\documents and settings\Michel\Application Data\Icones 2010-01-05 09:56 . 2009-01-27 21:00 832512 ----a-w- c:\windows\system32\wininet.dll 2010-01-05 09:56 . 2009-01-27 21:14 78336 ------w- c:\windows\system32\ieencode.dll 2010-01-05 09:56 . 2009-01-27 17:43 17408 ----a-w- c:\windows\system32\corpol.dll 2009-12-31 16:50 . 2009-01-27 20:11 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-21 14:11 . 2009-12-21 14:11 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\ESET 2009-12-21 13:50 . 2009-01-27 17:46 81974 ----a-w- c:\windows\system32\perfc00C.dat 2009-12-21 13:50 . 2009-01-27 17:46 503988 ----a-w- c:\windows\system32\perfh00C.dat 2009-12-21 13:49 . 2009-03-02 18:36 -------- d-----w- c:\documents and settings\Michel\Application Data\BitTorrent 2009-12-17 07:41 . 2009-01-27 21:00 347648 ----a-w- c:\windows\system32\mspaint.exe 2009-12-16 13:42 . 2009-12-22 10:10 872960 ----a-w- c:\documents and settings\Michel\Application Data\Mozilla\Firefox\Profiles\d11qro8l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2009-12-16 13:42 . 2009-12-22 10:10 43008 ----a-w- c:\documents and settings\Michel\Application Data\Mozilla\Firefox\Profiles\d11qro8l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2009-12-16 13:42 . 2009-12-22 10:10 340480 ----a-w- c:\documents and settings\Michel\Application Data\Mozilla\Firefox\Profiles\d11qro8l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2009-12-16 13:41 . 2009-12-22 10:10 346624 ----a-w- c:\documents and settings\Michel\Application Data\Mozilla\Firefox\Profiles\d11qro8l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2009-12-14 07:09 . 2009-01-27 17:43 33280 ----a-w- c:\windows\system32\csrsrv.dll 2009-12-10 16:23 . 2009-11-19 14:27 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-12-09 10:08 . 2001-08-23 17:12 2147328 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-12-09 10:08 . 2001-08-23 17:12 2025984 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-12-04 18:22 . 2009-01-27 17:45 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2009-11-27 17:13 . 2009-01-27 21:00 1297920 ----a-w- c:\windows\system32\quartz.dll 2009-11-27 17:13 . 2001-08-23 17:47 17920 ----a-w- c:\windows\system32\msyuv.dll 2009-11-27 16:08 . 2009-01-27 21:01 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-11-27 16:08 . 2009-01-27 21:00 11264 ----a-w- c:\windows\system32\msrle32.dll 2009-11-27 16:08 . 2009-01-27 17:45 28672 ----a-w- c:\windows\system32\msvidc32.dll 2009-11-27 16:08 . 2001-08-23 17:47 8704 ----a-w- c:\windows\system32\tsbyuv.dll 2009-11-27 16:08 . 2001-08-23 17:47 48128 ----a-w- c:\windows\system32\iyuv_32.dll 2009-11-21 15:58 . 2009-01-27 21:01 471552 ----a-w- c:\windows\AppPatch\aclayers.dll 2009-01-27 06:53 . 2009-01-27 06:53 22115 ---ha-w- c:\program files\folder.htt 2008-04-13 18:33 . 2009-01-27 17:45 1384479 --sh--r- c:\windows\system32\msvbvm60.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-17 39408] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-08 323392] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-15 289584] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464] "ActivBoard"="c:\program files\ActivBoard\ABoard.exe" [2003-05-02 24576] "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-04-13 69632] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440] "DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2006-02-24 73728] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-11-09 198160] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WUAppSetup"="c:\program files\Fichiers communs\logishrd\WUApp32.exe" [2007-02-03 430080] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\WINDOWS\\system32\\dlcccoms.exe"= "c:\\Program Files\\adslTV\\adsltv.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Opera\\opera.exe"= R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28/01/2009 20:34 717296] R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [27/01/2009 22:21 11264] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29/09/2009 13:02 108792] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [29/09/2009 13:05 96408] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [29/09/2009 13:03 735960] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [13/09/2009 12:50 54752] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [03/05/2005 11:25 710144] R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [02/10/2002 09:57 13532] R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [27/01/2009 22:33 7040] S2 gupdate1c9a6f9ee0a74e0;Service Google Update (gupdate1c9a6f9ee0a74e0);c:\program files\Google\Update\GoogleUpdate.exe [17/03/2009 13:14 133104] S3 cmudau32;C-Media USB UDA Sound Interface;c:\windows\system32\drivers\cmudaxu.sys [16/03/2009 16:03 1414528] S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21:48 704864] S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [02/02/2009 23:27 14336] S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [02/02/2009 23:27 18432] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [29/05/2009 16:13 234864] . Contenu du dossier 'Tâches planifiées' 2010-02-15 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-17 12:44] 2010-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-17 12:14] 2010-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-17 12:14] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.wibeez.com/meteo IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} - hxxp://support.packardbell.com/files/activex/InfosFinder2.CAB FF - ProfilePath - c:\documents and settings\Michel\Application Data\Mozilla\Firefox\Profiles\d11qro8l.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Wibeez FF - prefs.js: browser.startup.homepage - hxxp://www.wibeez.com/meteo FF - prefs.js: keyword.URL - hxxp://www.wibeez.com/meteo?search&q= FF - component: c:\documents and settings\Michel\Application Data\Mozilla\Firefox\Profiles\d11qro8l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- FF - user.js: yahoo.homepage.dontask - true. - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-WinUsr - c:\program files\Winsudate\gibusr.exe HKLM-Run-CmUsbSound - cmcnfgu.cpl ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-15 12:26 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys xfilt.sys ACPI.sys hal.dll atapi.sys spxg.sys >>UNKNOWN [0x86F88938]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf762ef28 \Driver\ACPI -> ACPI.sys @ 0xf7388cb8 \Driver\atapi -> atapi.sys @ 0xf731db40 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 NDIS: Carte Fast Ethernet compatible VIA -> SendCompleteHandler -> NDIS.sys @ 0xf7226bb0 PacketIndicateHandler -> NDIS.sys @ 0xf7233a21 SendHandler -> NDIS.sys @ 0xf721187b user & kernel MBR OK ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(924) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(4032) c:\windows\system32\eappprxy.dll c:\program files\WinRAR\rarext.dll c:\program files\Malwarebytes' Anti-Malware\mbamext.dll c:\program files\ESET\ESET NOD32 Antivirus\shellExt.dll c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\dlcccoms.exe c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\RTHDCPL.EXE c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\ActivBoard\AOSD.exe c:\windows\system32\RunDll32.exe c:\program files\LG Soft India\forteManager\bin\Monitor.exe c:\program files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe c:\progra~1\COMMON~1\X10\Common\x10nets.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Heure de fin: 2010-02-15 12:30:07 - La machine a redémarré ComboFix-quarantined-files.txt 2010-02-15 11:30 Avant-CF: 133 434 990 592 octets libres Après-CF: 135 368 458 240 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn - - End Of File - - 3E1D681B528CFB3B1EA42E18456D80FA
  4. MCFIVE
    bonsoir apollo, je ne t'avais pas oublié mais certaines difficultés par ailleurs m'ont retenues. Je voulais te remercier de ton aide et de ton temps que tu m'as consacré. je t'en remercie sincèrement très cordialement à toi Mcfive
  5. MCFIVE
    BONJOUR FALKRA, j' ai lu le message adressé àWifi2, que je suppose m'être adressé aussi , en ce qui me concerne, ça ne fait pas de mal de lire mais sache qu'il n'y a rien de volontaire . J ai quelqu"un ignare comme moi en informatique à ma librairie que j ai appelé pour qu'il clique sur TFC et le virus (je suppose) empêche d'exécuter le fichier comme les autres (MBAM, Hijackthis, ccleaner, le gestionnaire de tâche , mon pare feu est désactivé etc..) donc , le probleme demeure Que faire ?
  6. MCFIVE
    TFC est téléchargé mais ne s'ouvre pas de la même façon que le reste
  7. MCFIVE
    mERCI WIFI2, je suis parti de la librairie je ne pourrais reprendre que la semaine prochaine j'espère te retrouver, habitant loin bonsoir
  8. MCFIVE
    BONSOIR, merci de me répondre j'ai essaye avant de venir sur zebulon de le lancer....impossible!aisi que des fonctions de ma souris ...qui ne se produisent plus, ni word , ni le gestionnaire de gestion etc.... Mais j ai essayé impossible car ce "winsudate\gibusr " empêche "Malwarebytes" de s'exécuter; J ai ainsi plusieurs programmes dans cette problématique comment faire pour le lancer ?
  9. MCFIVE
    BONJOUR, et merci à toutes et à tous du temps que je vais vous demander pour essayer de m'aider ceci est mon pc sous XP à mon travail et je ne suis pas le seul à l'utiliser ::: 2 minutes après que le PC se soit mis en route ce truc m a désactivé mon pare feu, avec des fenêtres d'alertes ... - MBAM - hIJACKTHIS - cleaneret et peut être d'autre chosesse fait passe pour 1 antivirus peut être sous le nom de "antivirus soft" et ouvre 1 fenêtre de viagra , porno.com. Donc, j 'ai éteint et rallumer le PC et juste avant que tout soit mis en route j' essayé de lancer Hijackthis et j'ai pu obtenir 1 analyse j'espère suffisante ... et après impossible Merci Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:32:54, on 12/02/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16981) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\dlcccoms.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Winsudate\gibsvc.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ActivBoard\ABoard.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ActivBoard\AOSD.exe C:\Documents and Settings\Michel\Local Settings\Application Data\anaqak\sdxqsftav.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Winsudate\gibusr.exe C:\Documents and Settings\Michel\Local Settings\Application Data\anaqak\sdxqsftav.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Documents and Settings\Michel\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wibeez.com/meteo R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: Shell=explorer.exe, "C:\Documents and Settings\Michel\Modèles\O28302Z\TuxO28302Z.exe" F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe , "C:\WINDOWS\M81484\Ja634507bLay.com", O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ActivBoard] C:\Program Files\ActivBoard\ABoard.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [cdxcnaid] C:\Documents and Settings\Michel\Local Settings\Application Data\anaqak\sdxqsftav.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [WinUsr] C:\Program Files\Winsudate\gibusr.exe O4 - HKCU\..\Run: [cdxcnaid] C:\Documents and Settings\Michel\Local Settings\Application Data\anaqak\sdxqsftav.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1233080746444 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1233173146250 O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://config.zebulon.fr/plugins/MaConfig_3_5_1_0.cab O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activ...nfosFinder2.CAB O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Service Google Update (gupdate1c9a6f9ee0a74e0) (gupdate1c9a6f9ee0a74e0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Gestionnaire de mise à jour Winsudate (WinSvc) - Winsudate - C:\Program Files\Winsudate\gibsvc.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 9634 bytes
  10. MCFIVE
    OK! re-voici les choes.. : mbam : Malwarebytes' Anti-Malware 1.44 Version de la base de données: 3662 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 31/01/2010 01:18:03 mbam-log-2010-01-31 (01-18-03).txt Type de recherche: Examen complet (C:\|F:\|V:\|) Eléments examinés: 201002 Temps écoulé: 49 minute(s), 13 second(s) Processus mémoire infecté(s): 1 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 3 Processus mémoire infecté(s): C:\Program Files\Winsudate\gibsvc.exe (Adware.édité) -> Unloaded process successfully. Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winsvc (Adware.édité) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\start page (Trojan.Startpage) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Program Files\Winsudate (Adware.édité) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Program Files\Winsudate\gibsvc.exe (Adware.édité) -> Quarantined and deleted successfully. C:\Program Files\Winamp\Plugins\enc_wma.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Program Files\Winsudate\gibupt.exe (Adware.édité) -> Quarantined and deleted successfully. hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:25:09, on 31/01/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16981) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\WINDOWS\vVX3000.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\vVX6000.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HomePlayer\HomePlayer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [HomePlayer] C:\Program Files\HomePlayer\HomePlayer.exe -autostart O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.canalplay.com (HKLM) O15 - Trusted Zone: *.canalplusactive.com (HKLM) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://storex.webex.com/client/T26L/support/ieatgpc.cab O18 - Protocol: fluxhttp - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Fichiers communs\fluxDVD\Lib\XEB\xebnavigation.ax O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: GuiHook - Unknown owner - C:\PROGRA~1\NETSUP~1\guihook.exe (file missing) O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 10339 bytes c'est fait;
  11. MCFIVE
    BONSOIR et merci, donc voici : Malwarebytes' Anti-Malware 1.44 Version de la base de données: 3662 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 30/01/2010 19:43:46 mbam-log-2010-01-30 (19-43-10).txt Type de recherche: Examen rapide Eléments examinés: 115059 Temps écoulé: 6 minute(s), 11 second(s) Processus mémoire infecté(s): 1 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 2 Processus mémoire infecté(s): C:\Program Files\Winsudate\gibsvc.exe (Adware.édité) -> No action taken. Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winsvc (Adware.édité) -> No action taken. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\start page (Trojan.Startpage) -> No action taken. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Program Files\Winsudate (Adware.édité) -> No action taken. Fichier(s) infecté(s): C:\Program Files\Winsudate\gibsvc.exe (Adware.édité) -> No action taken. C:\Program Files\Winsudate\gibupt.exe (Adware.édité) -> No action taken.
  12. MCFIVE
    bonjour à tous ! depuis peu, j'ai le message "gibupt.exe composant introuvable" à l'ouverture de windows; voici ce qui est écrit dans la fenêtre : "Cette application n'a pas pu démarrer car gibidll.dll est introuvable. la réinstallation de cette application peut corriger ce problème." qui peut me dire ce que c'est ? d'où cela vient ? ce que ça fait ? et comment on le fait disparaître ? merci d'avanve
  13. MCFIVE
    falfra, je te remercie vivement
  14. MCFIVE
  15. MCFIVE
    BONSOIR FALKRA, nom de zeus! on peut dire que tu as cartonné, mais j aimerais bien comprendre pourquoi je n'ai rien remarquer + tôt , car je dois dois être infecté depuis 1 temps certain ....quels dégats ai je pu subir ?? ce qui m a fait réagir c'est l'apparition du P Security indécrotable de ces derniers jours.. voici le rapport : Malwarebytes' Anti-Malware 1.42 Version de la base de données: 3383 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 18/12/2009 23:59:08 mbam-log-2009-12-18 (23-59-08).txt Type de recherche: Examen complet (C:\|F:\|) Eléments examinés: 207809 Temps écoulé: 12 hour(s), 55 minute(s), 38 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 2 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 14 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servises (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Documents and Settings\All Users\Menu Démarrer\PSecurity (Rogue.PSecurity) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Program Files\eoRezo\EoEngine.exe (Rogue.Eorezo) -> Quarantined and deleted successfully. C:\Program Files\eoRezo\EoAdv\EoAdv.dll (Rogue.Eorezo) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\MSIVXqjirxduyqbabuwriivkyxwqtqsnkndpu.sys.vir (Rootkit.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3A6B117D-5968-40B2-8270-3C2E8FF1856C}\RP229\A0062966.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\_OTM\MovedFiles\12112009_001807\c_program files\PSecurity\psecurity.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Démarrer\PSecurity\Computer Scan.lnk (Rogue.PSecurity) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Démarrer\PSecurity\Help.lnk (Rogue.PSecurity) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Démarrer\PSecurity\Personal Security.lnk (Rogue.PSecurity) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Démarrer\PSecurity\Registration.lnk (Rogue.PSecurity) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Démarrer\PSecurity\Security Center.lnk (Rogue.PSecurity) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Démarrer\PSecurity\Settings.lnk (Rogue.PSecurity) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Démarrer\PSecurity\Update.lnk (Rogue.PSecurity) -> Quarantined and deleted successfully. C:\Documents and Settings\LIBRAIRIE\Bureau\Personal Security.lnk (Rogue.PSecurity) -> Quarantined and deleted successfully. C:\Documents and Settings\LIBRAIRIE\Application Data\Microsoft\Internet Explorer\Quick Launch\PSecurity.lnk (Rogue.PSecurity) -> Quarantined and deleted successfully.
  16. MCFIVE
    bonsoir, alors, voici, ComboFix 09-12-16.05 - LIBRAIRIE 17/12/2009 22:10:44.1.1 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.511.248 [GMT 1:00] Lancé depuis: c:\documents and settings\LIBRAIRIE\Mes documents\Téléchargements\KittyFix.exe AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\windows\system32\404Fix.exe c:\windows\system32\Agent.OMZ.Fix.exe c:\windows\system32\drivers\MSIVXqjirxduyqbabuwriivkyxwqtqsnkndpu.sys c:\windows\system32\dumphive.exe c:\windows\system32\IEDFix.C.exe c:\windows\system32\IEDFix.exe c:\windows\system32\MSIVXcount c:\windows\system32\MSIVXlqjpoedolvyxetqmkjabvbrffemmxwkr.dll c:\windows\system32\MSIVXpypykfefqxfatfcmhsmprrpnkrqlhdfd.dll c:\windows\system32\o4Patch.exe c:\windows\system32\Process.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\tmp.reg c:\windows\system32\VACFix.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\WS2Fix.exe c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_MSIVXserv.sys -------\Legacy_MSIVXserv.sys ((((((((((((((((((((((((((((( Fichiers créés du 2009-11-17 au 2009-12-17 )))))))))))))))))))))))))))))))))))) . 2009-12-16 16:15 . 2009-12-16 16:15 -------- d-----w- c:\windows\system32\XPSViewer 2009-12-16 16:15 . 2009-12-16 16:15 -------- d-----w- c:\program files\MSBuild 2009-12-16 16:15 . 2009-12-16 16:15 -------- d-----w- c:\program files\Reference Assemblies 2009-12-16 16:15 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2009-12-16 16:14 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-12-16 16:14 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-12-16 16:14 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-12-16 16:14 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-12-16 16:14 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-12-16 16:14 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-12-16 16:14 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-12-16 16:14 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2009-12-15 10:25 . 2009-12-15 10:25 -------- d-----w- c:\documents and settings\LIBRAIRIE\Local Settings\Application Data\Kayenko 2009-12-15 10:25 . 2009-12-15 10:25 -------- d-----w- c:\program files\kayenko 2009-12-13 23:54 . 2009-12-13 23:54 -------- d-----w- c:\program files\Gadwin Systems 2009-12-13 11:28 . 2009-12-13 11:28 -------- d-----w- c:\program files\NirSoft 2009-12-12 02:01 . 2009-12-12 02:01 -------- d-----w- c:\windows\ie8updates 2009-12-12 02:00 . 2009-12-12 02:00 -------- d-----w- c:\program files\MSXML 4.0 2009-12-11 23:53 . 2009-10-29 07:42 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2009-12-11 23:53 . 2009-10-29 07:42 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-12-11 23:53 . 2009-10-29 07:42 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-12-11 23:53 . 2009-10-29 07:42 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-12-11 23:53 . 2009-10-29 07:42 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-12-11 23:53 . 2009-10-29 07:42 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-12-11 23:49 . 2009-06-21 21:47 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2009-12-11 23:48 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-12-10 22:22 . 2009-12-10 22:22 -------- d-----w- C:\_OTM 2009-12-09 14:59 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-09 14:58 . 2009-12-09 14:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-12-09 14:58 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-09 14:58 . 2009-12-09 14:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-08 08:46 . 2009-12-08 08:46 -------- d-----r- c:\documents and settings\LocalService\Favoris 2009-12-08 08:46 . 2009-12-08 08:46 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-11-29 16:32 . 2009-11-19 10:48 43008 ----a-w- c:\documents and settings\LIBRAIRIE\Application Data\Mozilla\Firefox\Profiles\6ri7nb6m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2009-11-29 16:32 . 2009-11-19 10:48 872960 ----a-w- c:\documents and settings\LIBRAIRIE\Application Data\Mozilla\Firefox\Profiles\6ri7nb6m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2009-11-29 16:32 . 2009-11-19 10:48 340480 ----a-w- c:\documents and settings\LIBRAIRIE\Application Data\Mozilla\Firefox\Profiles\6ri7nb6m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2009-11-29 16:32 . 2009-11-19 10:48 346624 ----a-w- c:\documents and settings\LIBRAIRIE\Application Data\Mozilla\Firefox\Profiles\6ri7nb6m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-17 20:34 . 2003-04-24 12:00 81626 ----a-w- c:\windows\system32\perfc00C.dat 2009-12-17 20:34 . 2003-04-24 12:00 503656 ----a-w- c:\windows\system32\perfh00C.dat 2009-12-17 20:28 . 2007-05-26 20:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-12-16 21:30 . 2007-05-30 08:42 24448 ----a-w- c:\documents and settings\LIBRAIRIE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-16 00:10 . 2007-06-01 22:17 -------- d-----w- c:\documents and settings\LIBRAIRIE\Application Data\EoRezo 2009-12-14 22:16 . 2007-05-29 22:11 -------- d-----w- c:\program files\adslTV 2009-12-10 22:05 . 2009-07-24 14:24 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-11-29 19:41 . 2009-10-15 13:40 1 ----a-w- c:\documents and settings\LIBRAIRIE\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-11-14 17:23 . 2007-05-26 20:56 -------- d-----w- c:\program files\Google 2009-11-14 17:06 . 2007-09-06 19:53 -------- d-----w- c:\program files\Opera 2009-10-29 07:42 . 2006-06-23 11:28 916480 ----a-w- c:\windows\system32\wininet.dll 2009-10-21 05:39 . 2008-10-31 09:30 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-21 05:39 . 2008-10-31 09:30 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-20 16:20 . 2008-10-31 09:27 265728 ------w- c:\windows\system32\drivers\http.sys 2009-10-18 10:00 . 2007-05-18 12:53 499712 ----a-w- c:\windows\system32\msvcp71.dll 2009-10-15 13:36 . 2009-10-15 13:36 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-13 10:33 . 2006-05-14 09:24 271360 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 13:39 . 2003-04-24 12:00 79872 ----a-w- c:\windows\system32\raschap.dll 2009-10-12 13:39 . 2003-04-24 12:00 150528 ----a-w- c:\windows\system32\rastls.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-26 68856] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VX6000"="c:\windows\vVX6000.exe" [2006-06-29 994096] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-15 149280] "Launch LCDMon"="c:\program files\Fichiers communs\Logitech\LCD Manager\lcdmon.exe" [2006-07-19 549376] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-03 68592] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-10-18 198160] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WUAppSetup"="c:\program files\Fichiers communs\logishrd\WUApp32.exe" [2007-02-03 430080] c:\documents and settings\LIBRAIRIE\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Scroll-In-Mouse V2.0.lnk - c:\program files\A.C\Scroll-In-Mouse V2.0\Scroll.exe [2008-8-2 459264] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer] 2002-10-15 16:00 1818624 ----a-w- c:\windows\mixer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-13 18:34 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PROMon.exe] 2002-04-18 16:32 73728 ----a-w- c:\windows\system32\PROMon.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\adslTV\\adsltv.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Avira\\AntiVir Desktop\\avcenter.exe"= "c:\\Program Files\\adslTV\\adsltv-r.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 fasttrak;fasttrak;c:\windows\system32\drivers\Fasttrak.sys [22/11/2001 14:08 70528] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [24/07/2009 15:24 108289] S2 gupdate1ca4fd9b60c03fe;Service Google Update (gupdate1ca4fd9b60c03fe);c:\program files\Google\Update\GoogleUpdate.exe [18/10/2009 10:59 133104] S3 HwIOctl;HwIOctl;\??\c:\program files\Setup Files\MS-6704 v1.30\HwIOctl.sys --> c:\program files\Setup Files\MS-6704 v1.30\HwIOctl.sys [?] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [29/05/2009 16:13 234864] S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [30/06/2006 00:56 2383152] . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.jeuxvideo-flash.com/ uDefault_Search_URL = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html FF - ProfilePath - c:\documents and settings\LIBRAIRIE\Application Data\Mozilla\Firefox\Profiles\6ri7nb6m.default\ FF - prefs.js: browser.startup.homepage - hotmail.com FF - component: c:\documents and settings\LIBRAIRIE\Application Data\Mozilla\Firefox\Profiles\6ri7nb6m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - plugin: c:\program files\Picasa2\npPicasa2.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHELINS SUPPRIMES - - - - URLSearchHooks-{06663B56-0D73-4f9f-BCC5-4AA941470AFD} - (no file) HKLM-Run-AA_SecuHDD - (no file) Notify-WgaLogon - (no file) MSConfigStartUp-PSecurity - c:\program files\PSecurity\psecurity.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-17 22:21 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(992) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(1248) c:\program files\A.C\Scroll-In-Mouse V2.0\MouseSrv.dll c:\program files\Google\Quick Search Box\bin\1.2.1150.162\qsb.dll c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA . ------------------------ Autres processus actifs ------------------------ . c:\windows\System32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Fichiers communs\Logitech\LCD Manager\Applets\LCDPOP3.exe c:\program files\Fichiers communs\Logitech\LCD Manager\Applets\LCDCountdown.exe c:\program files\Fichiers communs\Logitech\LCD Manager\Applets\LCDClock.exe c:\program files\Microsoft ActiveSync\wcescomm.exe c:\program files\Fichiers communs\Logitech\LCD Manager\Applets\LCDMedia.exe c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe c:\program files\Java\jre6\bin\jqs.exe c:\progra~1\MI3AA1~1\rapimgr.exe c:\program files\OpenOffice.org 3\program\soffice.exe c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\OpenOffice.org 3\program\soffice.bin c:\program files\Microsoft LifeCam\MSCamSvc.exe c:\windows\System32\NMSSvc.exe c:\windows\System32\wdfmgr.exe c:\windows\System32\wbem\wmiapsrv.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Heure de fin: 2009-12-17 22:24:33 - La machine a redémarré ComboFix-quarantined-files.txt 2009-12-17 21:24 Avant-CF: 30 472 675 328 octets libres Après-CF: 30 849 306 624 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn - - End Of File - - AD4D4A3A7E3287854B7A737C07638A54
  17. MCFIVE
    BONJOUR FALKRA, voici : GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2009-12-16 19:24:23 Windows 5.1.2600 Service Pack 3 Running: p10wcrnt.exe; Driver: C:\DOCUME~1\LIBRAI~1\LOCALS~1\Temp\fwkirkod.sys ---- System - GMER 1.0.15 ---- SSDT F8C3AF5E ZwCreateKey SSDT F8C3AF54 ZwCreateThread SSDT F8C3AF63 ZwDeleteKey SSDT F8C3AF6D ZwDeleteValueKey SSDT F8C3AF72 ZwLoadKey SSDT F8C3AF40 ZwOpenProcess SSDT F8C3AF45 ZwOpenThread SSDT F8C3AF7C ZwReplaceKey SSDT F8C3AF77 ZwRestoreKey SSDT F8C3AF68 ZwSetValueKey SSDT F8C3AF4F ZwTerminateProcess Code 82CA39D8 ZwEnumerateKey Code 82C0D3F8 ZwFlushInstructionCache Code 82CA139E IofCallDriver Code 82CA00EE IofCompleteRequest ---- Services - GMER 1.0.15 ---- Service C:\WINDOWS\system32\drivers\MSIVXqjirxduyqbabuwriivkyxwqtqsnkndpu.sys (*** hidden *** ) [sYSTEM] MSIVXserv.sys <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys@start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys@type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys@imagepath \systemroot\system32\drivers\MSIVXqjirxduyqbabuwriivkyxwqtqsnkndpu.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys@group file system Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys\modules Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys\modules@MSIVXserv \\?\globalroot\systemroot\system32\drivers\MSIVXqjirxduyqbabuwriivkyxwqtqsnkndpu.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys\modules@MSIVXl \\?\globalroot\systemroot\system32\MSIVXlqjpoedolvyxetqmkjabvbrffemmxwkr.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys\modules@MSIVXclk \\?\globalroot\systemroot\system32\MSIVXpypykfefqxfatfcmhsmprrpnkrqlhdfd.dll Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys@start 1 Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys@type 1 Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys@imagepath \systemroot\system32\drivers\MSIVXqjirxduyqbabuwriivkyxwqtqsnkndpu.sys Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys@group file system Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys\modules@MSIVXserv \\?\globalroot\systemroot\system32\drivers\MSIVXqjirxduyqbabuwriivkyxwqtqsnkndpu.sys Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys\modules@MSIVXl \\?\globalroot\systemroot\system32\MSIVXlqjpoedolvyxetqmkjabvbrffemmxwkr.dll Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys\modules@MSIVXclk \\?\globalroot\systemroot\system32\MSIVXpypykfefqxfatfcmhsmprrpnkrqlhdfd.dll ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\system32\MSIVXcount 4 bytes File C:\WINDOWS\system32\MSIVXlqjpoedolvyxetqmkjabvbrffemmxwkr.dll 22528 bytes executable File C:\WINDOWS\system32\MSIVXpypykfefqxfatfcmhsmprrpnkrqlhdfd.dll 52224 bytes executable File C:\WINDOWS\system32\drivers\MSIVXqjirxduyqbabuwriivkyxwqtqsnkndpu.sys 74240 bytes executable <-- ROOTKIT !!! ---- EOF - GMER 1.0.15 ----
  18. MCFIVE
    bonjour, j ai été acheter 1 clée, Mais dis moi pourquoi ce PC n a pas pu ouvrir le lien chez Dylav là, je vais essayer : http://img33.imageshack.us/img33/5796/scre...t005moyenne.jpg http://img268.imageshack.us/img268/5554/sc...t001moyenne.jpg http://img687.imageshack.us/img687/9706/sc...t002moyenne.jpg http://img200.imageshack.us/img200/5821/sc...t003moyenne.jpg http://img268.imageshack.us/img268/6319/sc...t004moyenne.jpg JESP7RE QUE CELA IRA .
  19. MCFIVE
    1 idée m'est venue d'essayer sur 1 autre PC , et là j obtiens l ouverture du lien "#Comment participer à un forum,: # Mettre en forme un message.". donc c'est sur le PC sur lequel j'ai c"comme 1 souci" qui n'arrive pas à ouvrir ?? qu'en penses - tu ?
  20. MCFIVE
    bobsoir, je suis désolé, mais lorsque je clique ,re-clique et encore : rien ne s'ouvre ..; sauf, une nouvelle page avec le même contenu #Comment participer à un forum,: # Mettre en forme un message.
  21. MCFIVE
    je vais essayer : j ai fait 1 saisie d'écran avec " screenshot001"( car j ai 1 clavier où je n ai pas impresssion ecran) mais je ne parviens pas à le coller ici ...??
  22. MCFIVE
    JE NE SUIS PAS TRES SUR DE MOI vu que tt à l'heure je ne t'avais pas compris, j ai cliqué sur connexion réseau local, puis sur protocol internet TCP/IP et la fenêtre qui s'affiche diffère qque peu de ton modèle . voici ce que j'ai : est coché : utiliser l afdresse IP suivante : 0.0.0.0 Masque sous réseau : 255.0.0.0 puis plus bas: utiliser l'adresse servEUR DNS SUIVANTE : est cochée mais aucun chiffre n'apparait
  23. MCFIVE
    ok! voici le résultat : HKLM\SYSTEM\ControlSet001\Services\Dhcp\Parameters\Options\44 RegLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_?\DhcpNameServerList;SYSTEM\CurrentControlSet\Services\NetBT\Adapters\?\DhcpNameServer;; 31/10/2008 10:33:46 156 HKLM\SYSTEM\ControlSet001\Services\Dhcp\Parameters\Options\6 RegLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpNameServer;SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer;; 31/10/2008 10:33:46 146 HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters NameServerPort REG_DWORD 0x00000089 (137) 31/10/2008 10:33:46 4 HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\Tcpip_{61C90031-F09A-4748-A4CB-05B7B452AD91} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\Tcpip_{6690AE63-C50B-4383-B9EF-7BACC2C62574} NameServerList REG_MULTI_SZ ; 11/12/2009 23:40:53 1 HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\Tcpip_{7F9F4CE0-D6BE-4C7D-BA86-53537FB18D22} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\Tcpip_{B6C37C39-455B-45F1-92DA-288A50B065AD} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\Tcpip_{E26A5152-84E6-4FCC-B8AB-C9A1528BAB61} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\Tcpip_{EA0707EB-3A9A-4996-BE19-E626D7D95803} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\Tcpip_{F049327E-3F6E-4692-ABC7-EE1D7CE07F7E} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\Tcpip_{F424822D-3A3D-4879-9781-59C68EB08012} NameServerList REG_MULTI_SZ ; 13/03/2009 13:00:08 1 HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters NameServer REG_SZ 13/12/2009 14:52:51 1 HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters DhcpNameServer REG_SZ 212.27.40.240 212.27.40.241 13/12/2009 14:52:51 28 HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{61C90031-F09A-4748-A4CB-05B7B452AD91} NameServer REG_SZ 13/12/2009 14:51:37 0 HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{61C90031-F09A-4748-A4CB-05B7B452AD91} DhcpNameServer REG_SZ 13/12/2009 14:51:37 0 HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6690AE63-C50B-4383-B9EF-7BACC2C62574} NameServer REG_SZ 13/12/2009 14:52:51 0 HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6690AE63-C50B-4383-B9EF-7BACC2C62574} DhcpNameServer REG_SZ 212.27.40.240 212.27.40.241 13/12/2009 14:52:51 28 HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7F9F4CE0-D6BE-4C7D-BA86-53537FB18D22} NameServer REG_SZ 13/12/2009 14:51:38 0 HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7F9F4CE0-D6BE-4C7D-BA86-53537FB18D22} DhcpNameServer REG_SZ 13/12/2009 14:51:38 0 HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B6C37C39-455B-45F1-92DA-288A50B065AD} NameServer REG_SZ 13/12/2009 14:51:38 0 HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B6C37C39-455B-45F1-92DA-288A50B065AD} DhcpNameServer REG_SZ 13/12/2009 14:51:38 0 HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E26A5152-84E6-4FCC-B8AB-C9A1528BAB61} NameServer REG_SZ 13/12/2009 14:51:38 0 HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E26A5152-84E6-4FCC-B8AB-C9A1528BAB61} DhcpNameServer REG_SZ 13/12/2009 14:51:38 0 HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{EA0707EB-3A9A-4996-BE19-E626D7D95803} NameServer REG_SZ 13/12/2009 14:51:38 0 HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{EA0707EB-3A9A-4996-BE19-E626D7D95803} DhcpNameServer REG_SZ 13/12/2009 14:51:38 0 HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F049327E-3F6E-4692-ABC7-EE1D7CE07F7E} NameServer REG_SZ 13/12/2009 14:51:38 0 HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F049327E-3F6E-4692-ABC7-EE1D7CE07F7E} DhcpNameServer REG_SZ 13/12/2009 14:51:38 0 HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F424822D-3A3D-4879-9781-59C68EB08012} NameServer REG_SZ 13/12/2009 14:51:38 0 HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F424822D-3A3D-4879-9781-59C68EB08012} DhcpNameServer REG_SZ 13/12/2009 14:51:38 0 HKLM\SYSTEM\ControlSet003\Services\Dhcp\Parameters\Options\44 RegLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_?\DhcpNameServerList;SYSTEM\CurrentControlSet\Services\NetBT\Adapters\?\DhcpNameServer;; 31/10/2008 10:33:46 156 HKLM\SYSTEM\ControlSet003\Services\Dhcp\Parameters\Options\6 RegLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpNameServer;SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer;; 31/10/2008 10:33:46 146 HKLM\SYSTEM\ControlSet003\Services\NetBT\Parameters NameServerPort REG_DWORD 0x00000089 (137) 31/10/2008 10:33:46 4 HKLM\SYSTEM\ControlSet003\Services\NetBT\Parameters\Interfaces\Tcpip_{61C90031-F09A-4748-A4CB-05B7B452AD91} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\ControlSet003\Services\NetBT\Parameters\Interfaces\Tcpip_{6690AE63-C50B-4383-B9EF-7BACC2C62574} NameServerList REG_MULTI_SZ ; 11/12/2009 23:40:53 1 HKLM\SYSTEM\ControlSet003\Services\NetBT\Parameters\Interfaces\Tcpip_{7F9F4CE0-D6BE-4C7D-BA86-53537FB18D22} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\ControlSet003\Services\NetBT\Parameters\Interfaces\Tcpip_{B6C37C39-455B-45F1-92DA-288A50B065AD} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\ControlSet003\Services\NetBT\Parameters\Interfaces\Tcpip_{E26A5152-84E6-4FCC-B8AB-C9A1528BAB61} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\ControlSet003\Services\NetBT\Parameters\Interfaces\Tcpip_{EA0707EB-3A9A-4996-BE19-E626D7D95803} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\ControlSet003\Services\NetBT\Parameters\Interfaces\Tcpip_{F049327E-3F6E-4692-ABC7-EE1D7CE07F7E} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\ControlSet003\Services\NetBT\Parameters\Interfaces\Tcpip_{F424822D-3A3D-4879-9781-59C68EB08012} NameServerList REG_MULTI_SZ ; 13/03/2009 13:00:08 1 HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters NameServer REG_SZ 13/12/2009 14:19:33 1 HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters DhcpNameServer REG_SZ 212.27.40.240 212.27.40.241 13/12/2009 14:19:33 28 HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{61C90031-F09A-4748-A4CB-05B7B452AD91} NameServer REG_SZ 11/12/2009 23:40:54 1 HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{6690AE63-C50B-4383-B9EF-7BACC2C62574} NameServer REG_SZ 13/12/2009 14:19:33 0 HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{6690AE63-C50B-4383-B9EF-7BACC2C62574} DhcpNameServer REG_SZ 212.27.40.240 212.27.40.241 13/12/2009 14:19:33 28 HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7F9F4CE0-D6BE-4C7D-BA86-53537FB18D22} NameServer REG_SZ 11/12/2009 23:40:54 1 HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{E26A5152-84E6-4FCC-B8AB-C9A1528BAB61} NameServer REG_SZ 31/10/2008 10:33:46 1 HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{EA0707EB-3A9A-4996-BE19-E626D7D95803} NameServer REG_SZ 31/10/2008 10:33:46 1 HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{F424822D-3A3D-4879-9781-59C68EB08012} NameServer REG_SZ 02/09/2009 23:53:11 1 HKLM\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\44 RegLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_?\DhcpNameServerList;SYSTEM\CurrentControlSet\Services\NetBT\Adapters\?\DhcpNameServer;; 31/10/2008 10:33:46 156 HKLM\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\6 RegLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpNameServer;SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer;; 31/10/2008 10:33:46 146 HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters NameServerPort REG_DWORD 0x00000089 (137) 31/10/2008 10:33:46 4 HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{61C90031-F09A-4748-A4CB-05B7B452AD91} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{6690AE63-C50B-4383-B9EF-7BACC2C62574} NameServerList REG_MULTI_SZ ; 11/12/2009 23:40:53 1 HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{7F9F4CE0-D6BE-4C7D-BA86-53537FB18D22} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{B6C37C39-455B-45F1-92DA-288A50B065AD} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{E26A5152-84E6-4FCC-B8AB-C9A1528BAB61} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{EA0707EB-3A9A-4996-BE19-E626D7D95803} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{F049327E-3F6E-4692-ABC7-EE1D7CE07F7E} NameServerList REG_MULTI_SZ ; 31/10/2008 10:33:46 1 HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{F424822D-3A3D-4879-9781-59C68EB08012} NameServerList REG_MULTI_SZ ; 13/03/2009 13:00:08 1 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters NameServer REG_SZ 13/12/2009 14:52:51 1 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters DhcpNameServer REG_SZ 212.27.40.240 212.27.40.241 13/12/2009 14:52:51 28 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{61C90031-F09A-4748-A4CB-05B7B452AD91} NameServer REG_SZ 13/12/2009 14:51:37 0 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{61C90031-F09A-4748-A4CB-05B7B452AD91} DhcpNameServer REG_SZ 13/12/2009 14:51:37 0 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6690AE63-C50B-4383-B9EF-7BACC2C62574} NameServer REG_SZ 13/12/2009 14:52:51 0 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6690AE63-C50B-4383-B9EF-7BACC2C62574} DhcpNameServer REG_SZ 212.27.40.240 212.27.40.241 13/12/2009 14:52:51 28 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7F9F4CE0-D6BE-4C7D-BA86-53537FB18D22} NameServer REG_SZ 13/12/2009 14:51:38 0 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7F9F4CE0-D6BE-4C7D-BA86-53537FB18D22} DhcpNameServer REG_SZ 13/12/2009 14:51:38 0 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B6C37C39-455B-45F1-92DA-288A50B065AD} NameServer REG_SZ 13/12/2009 14:51:38 0 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B6C37C39-455B-45F1-92DA-288A50B065AD} DhcpNameServer REG_SZ 13/12/2009 14:51:38 0 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E26A5152-84E6-4FCC-B8AB-C9A1528BAB61} NameServer REG_SZ 13/12/2009 14:51:38 0 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E26A5152-84E6-4FCC-B8AB-C9A1528BAB61} DhcpNameServer REG_SZ 13/12/2009 14:51:38 0 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EA0707EB-3A9A-4996-BE19-E626D7D95803} NameServer REG_SZ 13/12/2009 14:51:38 0 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EA0707EB-3A9A-4996-BE19-E626D7D95803} DhcpNameServer REG_SZ 13/12/2009 14:51:38 0 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F049327E-3F6E-4692-ABC7-EE1D7CE07F7E} NameServer REG_SZ 13/12/2009 14:51:38 0 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F049327E-3F6E-4692-ABC7-EE1D7CE07F7E} DhcpNameServer REG_SZ 13/12/2009 14:51:38 0 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F424822D-3A3D-4879-9781-59C68EB08012} NameServer REG_SZ 13/12/2009 14:51:38 0 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F424822D-3A3D-4879-9781-59C68EB08012} DhcpNameServer REG_SZ 13/12/2009 14:51:38 0
  24. MCFIVE
    .....et je crois que c'est lié a Personal Security qui ressurgit sous 1 forme différente et qui me pose problème
  25. MCFIVE
    j ai tout simplement copier/coller ds la barre d'adresse la série de chiffre que tu m'as indiqué :"85.255.112.116" et j'ai abouti sur le site :" http://www.trusted-dns.com/index.php?page=setup" et sont apparues ces 2 fenetres de dialogues
×
×
  • Créer...