PROBLEME AFFICHAGE ANTIVIRUS 2009
Fermé
boxersolo
-
19 oct. 2008 à 22:40
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 21 oct. 2008 à 11:37
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 21 oct. 2008 à 11:37
A voir également:
- PROBLEME AFFICHAGE ANTIVIRUS 2009
- Comodo antivirus - Télécharger - Sécurité
- Panda antivirus - Télécharger - Antivirus & Antimalwares
- Avast antivirus gratuit - Télécharger - Antivirus & Antimalwares
- Desactiver antivirus windows 10 - Guide
- Bitdefender antivirus free - Télécharger - Antivirus & Antimalwares
11 réponses
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
19 oct. 2008 à 22:42
19 oct. 2008 à 22:42
slt
tu as quel antivirus ???
_________________
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
_________________________
remets ensuite un nouveau rapport hijakhcits pour verifier
tu as quel antivirus ???
_________________
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
_________________________
remets ensuite un nouveau rapport hijakhcits pour verifier
Bonsoir
Merci de me répondre aussi vite!!!
J'ai téléchargé combofix et voici le rapport (pour répondre à votre question, je n'ai pas d'antivirus!! J'ai presque honte...) :
ComboFix 08-10-19.01 - SAMUEL 2008-10-19 22:56:42.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.318 [GMT 2:00]
Lancé depuis: C:\Users\SAMUEL\Desktop\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\SAMUEL\AppData\Local\Temp\kgygfohi.dll
C:\Users\SAMUEL\AppData\Local\Temp\lJAtRhGW.dll
C:\Windows\system32\hGvUnool.dll
C:\Windows\system32\rQhFvVmM.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-19 au 2008-10-19 ))))))))))))))))))))))))))))))))))))
.
2008-10-19 22:31 . 2008-10-19 22:31 <REP> d-------- C:\Program Files\Trend Micro
2008-10-19 14:17 . 2007-05-30 14:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-10-19 13:57 . 2008-10-19 13:57 <REP> d-------- C:\Users\All Users\Avg8
2008-10-19 13:57 . 2008-10-19 13:57 <REP> d-------- C:\ProgramData\Avg8
2008-10-19 00:41 . 2008-10-19 00:41 <REP> d-------- C:\Users\SAMUEL\AppData\Roaming\Grisoft
2008-10-19 00:41 . 2008-10-19 00:41 <REP> d-------- C:\Users\All Users\Grisoft
2008-10-19 00:41 . 2008-10-19 00:41 <REP> d-------- C:\ProgramData\Grisoft
2008-10-18 15:48 . 2008-10-18 15:48 <REP> d-------- C:\Program Files\AxBx
2008-10-18 15:42 . 2008-10-19 00:36 <REP> d-------- C:\Program Files\Panda Security
2008-10-08 02:05 . 2008-10-08 02:05 <REP> d-------- C:\Program Files\BitTorrent
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-19 20:59 --------- d-----w C:\Users\SAMUEL\AppData\Roaming\DNA
2008-10-18 22:35 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-10-18 18:47 --------- d-----w C:\Program Files\Google
2008-10-18 18:43 --------- d-----w C:\Program Files\AviSynth 2.5
2008-10-18 18:10 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-10-18 18:01 --------- d-----w C:\Program Files\Intel
2008-10-18 18:00 --------- d-----w C:\Users\SAMUEL\AppData\Roaming\EoRezo
2008-10-18 18:00 --------- d-----w C:\Program Files\eoRezo
2008-10-18 17:59 --------- d-----w C:\Program Files\SweetIM
2008-10-18 17:57 --------- d-----w C:\Program Files\Visicom Media
2008-10-17 18:31 --------- d-----w C:\Users\SAMUEL\AppData\Roaming\BitTorrent
2008-10-01 11:12 1,532 ----a-w C:\Users\SAMUEL\AppData\Roaming\wklnhst.dat
2008-09-19 23:38 --------- d-----w C:\Users\SAMUEL\AppData\Roaming\OpenOffice.org2
2008-09-11 01:02 --------- d-----w C:\Program Files\Microsoft Works
2008-08-27 01:06 288,768 ----a-w C:\Windows\system32\drivers\srv.sys
2008-08-20 01:01 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-06-28 06:34 174 --sha-w C:\Program Files\desktop.ini
2008-03-13 01:02 22,328 ----a-w C:\Users\SAMUEL\AppData\Roaming\PnkBstrK.sys
2007-11-16 16:17 32 ----a-w C:\Users\All Users\ezsid.dat
2007-11-16 16:17 32 ----a-w C:\ProgramData\ezsid.dat
2008-03-02 01:54 22 --sha-w C:\Windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"BitTorrent DNA"="C:\Users\SAMUEL\Program Files\DNA\btdna.exe" [2008-10-08 289088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2006-11-24 44136]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codec"= l3codecp.acm
"VIDC.IV41"= ir41_32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E77CF33D-6C07-4636-827B-E4A2A139A82D}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{0CA4CCB7-952B-4723-B7B4-C7B9853E7EEB}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{BEA96267-04DD-44FA-BAD3-B069F3F7243B}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{82183388-A487-4BCB-BAF2-CE5133326DAA}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{F22D71E8-C211-4975-8F5D-3C9DE1676D53}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{F3AD6A74-9AE2-47DF-BFAA-D54272845B0F}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{8551BBB6-387A-41FD-B396-D4A9396BB088}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{5A4E1C30-017A-4EC2-84A2-FEA429A44A63}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{E87AB97D-0391-4598-B675-3CEA4DEE8E60}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{7B0779EF-F37D-4AB9-BC55-98BA0BC73B94}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{CADDDD88-2354-4D5F-B1A7-27C63801A55D}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{A19755D1-E620-4D01-8D6D-00E0188208FD}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{35A7BBBB-65C1-4B7A-9A5D-0BFB7CE432C9}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{755E7865-9BDC-4D67-90AB-76F20A713E62}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{DC5E15EF-35B4-44BD-A324-8A6E2594C779}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{3CA10E22-3AF8-4829-9D54-359255838A77}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{15342104-14CC-4685-BB8F-1FF309D2E807}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IMApp.exe:IncrediMail
"{49393A97-8AC1-48F5-BE53-F1E6F70E6FBD}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IMApp.exe:IncrediMail
"{E8F55AD7-30FF-4222-8A6E-D7DAC9432AC2}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{C377CA4A-2094-42E7-89B7-EABE0A331F21}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{B060AA45-0A1D-47AF-A592-65E251D95349}"= TCP:3658:pes6
"TCP Query User{A1C5079A-EB09-4C0A-BDA4-DA1AFAA429E9}C:\\program files\\videolan\\vlc\\vlc.exe"= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{BE7DB87E-F9A6-46CE-A1D2-9FD9510EE405}C:\\program files\\videolan\\vlc\\vlc.exe"= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"TCP Query User{865E3890-B870-4956-867A-8C3C357A9932}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{A565BF66-EE35-4AD3-A4A0-5CDF93741CC4}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{1DA838FE-8323-4EB3-A105-99FDDC6C3524}C:\\program files\\freeplayer\\vlc\\vlc.exe"= UDP:C:\program files\freeplayer\vlc\vlc.exe:VLC media player
"UDP Query User{4C72242C-BC8C-4219-B372-518F5CCD4823}C:\\program files\\freeplayer\\vlc\\vlc.exe"= TCP:C:\program files\freeplayer\vlc\vlc.exe:VLC media player
"TCP Query User{0E0D04F1-00F9-406D-8B7C-2676457CA122}C:\\program files\\freebrowser\\freebrowser\\freebrowser.exe"= UDP:C:\program files\freebrowser\freebrowser\freebrowser.exe:FreeBrowser
"UDP Query User{64AE7CD6-6A3A-4DC1-A9B7-E0AE6C758CA2}C:\\program files\\freebrowser\\freebrowser\\freebrowser.exe"= TCP:C:\program files\freebrowser\freebrowser\freebrowser.exe:FreeBrowser
"TCP Query User{1A814341-6960-4147-9AB7-589A2F68458F}C:\\program files\\freebrowser\\vlc\\vlc.exe"= UDP:C:\program files\freebrowser\vlc\vlc.exe:VLC media player
"UDP Query User{6AE5B871-F9B8-469E-B690-7D625E1C17E7}C:\\program files\\freebrowser\\vlc\\vlc.exe"= TCP:C:\program files\freebrowser\vlc\vlc.exe:VLC media player
"TCP Query User{1F06A004-4E1B-48F2-872C-AC0181D53AA1}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{09B36E12-3FF6-4BA3-B827-DDB38F358144}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{2B68A264-EB30-48A3-8F9A-116BA9DC792D}"= UDP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
"{A79E802B-6D71-4A0A-89B1-8570662CEE1A}"= TCP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
"{6102D894-D6C9-47F4-ADFC-21E40D9AF9F8}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{E0FC3FFD-8B37-4986-B202-B9458307B068}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{5BC412AF-3C27-47A7-8740-F832B223EBCD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{67BCF0A9-13B9-4A2C-8945-64800D7FD4E1}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{AAD37F98-6F8E-4D5C-977A-1AE04F9F92E8}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{1C27B352-F4F0-47A3-B844-61629268EBA6}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{D7325789-401F-4790-81B5-4FECDC045ABA}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{468AF3E6-90B3-4A74-9061-13F14B34C6FE}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{50B1915F-3DE6-42EA-9A75-B4D97D34708C}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{7D11D87E-F31F-401E-92F2-48B056661707}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{787BE248-57AB-45F0-8413-8975C9A3AD79}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{D2BD129A-B45F-4846-AAC7-3E0BD2369DB6}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{9955A49D-4D27-4654-8632-6761F499D9F8}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{94B500A6-59A4-4D98-A36A-E4ACE32F6E7A}C:\\users\\samuel\\videos\\age of empires 2\\empires2.exe"= UDP:C:\users\samuel\videos\age of empires 2\empires2.exe:empires2.exe
"UDP Query User{E9297C62-7264-422A-B930-7EB723263809}C:\\users\\samuel\\videos\\age of empires 2\\empires2.exe"= TCP:C:\users\samuel\videos\age of empires 2\empires2.exe:empires2.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
R3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\Windows\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]
S2 IntelDHSvcConf;Intel DH Service;C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2947a4f7-e105-11db-9891-0007cb0000ff}]
\shell\AutoRun\command - J:\setup\rsrc\Autorun.exe
\shell\dinstall\command - J:\Directx\dxsetup.exe
.
Contenu du dossier 'Tâches planifiées'
2008-10-17 C:\Windows\Tasks\Maintenance en 1 clic.job
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe []
2008-10-19 C:\Windows\Tasks\User_Feed_Synchronization-{14CCBB2B-9155-463B-8D27-C738EBE05B06}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]
2008-10-19 C:\Windows\Tasks\User_Feed_Synchronization-{5F54985D-C7E7-4B4E-A526-7EFC85E3BF74}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]
.
- - - - ORPHELINS SUPPRIMES - - - -
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKLM-Run-MSServer - C:\Windows\system32\hGvUnool.dll
HKU-Default-Run-swg - C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
MSConfigStartUp-Skype - C:\Program Files\Skype\Phone\Skype.exe
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
R0 -: HKLM-Main,Start Page = hxxp://ads.eorezo.com/cgi-bin/advert/getads.cgi?x_dp_id=18&x_format=redirect
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
C:\Windows\Downloaded Program Files\oscan8.inf
C:\Windows\Downloaded Program Files\oscan81.ocx_x
C:\Windows\bdoscandellang.ini
C:\Windows\bdoscandel.exe
C:\Windows\Downloaded Program Files\live.ini
C:\Windows\Downloaded Program Files\scanoptions.tsi
C:\Windows\Downloaded Program Files\lang.ini
C:\Windows\Downloaded Program Files\ipsupd.dll
C:\Windows\Downloaded Program Files\bdupd.dll
C:\Windows\Downloaded Program Files\libfn.dll
C:\Windows\Downloaded Program Files\bdcore.dll
C:\Windows\Downloaded Program Files\oscan8.ocx
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-19 23:01:17
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\PnkBstrA.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\conime.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Heure de fin: 2008-10-19 23:06:33 - La machine a redémarré [SAMUEL]
ComboFix-quarantined-files.txt 2008-10-19 21:06:00
Avant-CF: 64,961,835,008 octets libres
Après-CF: 64,619,864,064 octets libres
200 --- E O F --- 2008-10-18 19:33:17
dans l'attente d'une réponse merci beaucoup
Merci de me répondre aussi vite!!!
J'ai téléchargé combofix et voici le rapport (pour répondre à votre question, je n'ai pas d'antivirus!! J'ai presque honte...) :
ComboFix 08-10-19.01 - SAMUEL 2008-10-19 22:56:42.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.318 [GMT 2:00]
Lancé depuis: C:\Users\SAMUEL\Desktop\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\SAMUEL\AppData\Local\Temp\kgygfohi.dll
C:\Users\SAMUEL\AppData\Local\Temp\lJAtRhGW.dll
C:\Windows\system32\hGvUnool.dll
C:\Windows\system32\rQhFvVmM.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-19 au 2008-10-19 ))))))))))))))))))))))))))))))))))))
.
2008-10-19 22:31 . 2008-10-19 22:31 <REP> d-------- C:\Program Files\Trend Micro
2008-10-19 14:17 . 2007-05-30 14:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-10-19 13:57 . 2008-10-19 13:57 <REP> d-------- C:\Users\All Users\Avg8
2008-10-19 13:57 . 2008-10-19 13:57 <REP> d-------- C:\ProgramData\Avg8
2008-10-19 00:41 . 2008-10-19 00:41 <REP> d-------- C:\Users\SAMUEL\AppData\Roaming\Grisoft
2008-10-19 00:41 . 2008-10-19 00:41 <REP> d-------- C:\Users\All Users\Grisoft
2008-10-19 00:41 . 2008-10-19 00:41 <REP> d-------- C:\ProgramData\Grisoft
2008-10-18 15:48 . 2008-10-18 15:48 <REP> d-------- C:\Program Files\AxBx
2008-10-18 15:42 . 2008-10-19 00:36 <REP> d-------- C:\Program Files\Panda Security
2008-10-08 02:05 . 2008-10-08 02:05 <REP> d-------- C:\Program Files\BitTorrent
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-19 20:59 --------- d-----w C:\Users\SAMUEL\AppData\Roaming\DNA
2008-10-18 22:35 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-10-18 18:47 --------- d-----w C:\Program Files\Google
2008-10-18 18:43 --------- d-----w C:\Program Files\AviSynth 2.5
2008-10-18 18:10 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-10-18 18:01 --------- d-----w C:\Program Files\Intel
2008-10-18 18:00 --------- d-----w C:\Users\SAMUEL\AppData\Roaming\EoRezo
2008-10-18 18:00 --------- d-----w C:\Program Files\eoRezo
2008-10-18 17:59 --------- d-----w C:\Program Files\SweetIM
2008-10-18 17:57 --------- d-----w C:\Program Files\Visicom Media
2008-10-17 18:31 --------- d-----w C:\Users\SAMUEL\AppData\Roaming\BitTorrent
2008-10-01 11:12 1,532 ----a-w C:\Users\SAMUEL\AppData\Roaming\wklnhst.dat
2008-09-19 23:38 --------- d-----w C:\Users\SAMUEL\AppData\Roaming\OpenOffice.org2
2008-09-11 01:02 --------- d-----w C:\Program Files\Microsoft Works
2008-08-27 01:06 288,768 ----a-w C:\Windows\system32\drivers\srv.sys
2008-08-20 01:01 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-06-28 06:34 174 --sha-w C:\Program Files\desktop.ini
2008-03-13 01:02 22,328 ----a-w C:\Users\SAMUEL\AppData\Roaming\PnkBstrK.sys
2007-11-16 16:17 32 ----a-w C:\Users\All Users\ezsid.dat
2007-11-16 16:17 32 ----a-w C:\ProgramData\ezsid.dat
2008-03-02 01:54 22 --sha-w C:\Windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"BitTorrent DNA"="C:\Users\SAMUEL\Program Files\DNA\btdna.exe" [2008-10-08 289088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2006-11-24 44136]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codec"= l3codecp.acm
"VIDC.IV41"= ir41_32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E77CF33D-6C07-4636-827B-E4A2A139A82D}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{0CA4CCB7-952B-4723-B7B4-C7B9853E7EEB}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{BEA96267-04DD-44FA-BAD3-B069F3F7243B}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{82183388-A487-4BCB-BAF2-CE5133326DAA}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{F22D71E8-C211-4975-8F5D-3C9DE1676D53}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{F3AD6A74-9AE2-47DF-BFAA-D54272845B0F}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{8551BBB6-387A-41FD-B396-D4A9396BB088}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{5A4E1C30-017A-4EC2-84A2-FEA429A44A63}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{E87AB97D-0391-4598-B675-3CEA4DEE8E60}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{7B0779EF-F37D-4AB9-BC55-98BA0BC73B94}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{CADDDD88-2354-4D5F-B1A7-27C63801A55D}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{A19755D1-E620-4D01-8D6D-00E0188208FD}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{35A7BBBB-65C1-4B7A-9A5D-0BFB7CE432C9}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{755E7865-9BDC-4D67-90AB-76F20A713E62}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{DC5E15EF-35B4-44BD-A324-8A6E2594C779}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{3CA10E22-3AF8-4829-9D54-359255838A77}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{15342104-14CC-4685-BB8F-1FF309D2E807}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IMApp.exe:IncrediMail
"{49393A97-8AC1-48F5-BE53-F1E6F70E6FBD}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IMApp.exe:IncrediMail
"{E8F55AD7-30FF-4222-8A6E-D7DAC9432AC2}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{C377CA4A-2094-42E7-89B7-EABE0A331F21}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{B060AA45-0A1D-47AF-A592-65E251D95349}"= TCP:3658:pes6
"TCP Query User{A1C5079A-EB09-4C0A-BDA4-DA1AFAA429E9}C:\\program files\\videolan\\vlc\\vlc.exe"= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{BE7DB87E-F9A6-46CE-A1D2-9FD9510EE405}C:\\program files\\videolan\\vlc\\vlc.exe"= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"TCP Query User{865E3890-B870-4956-867A-8C3C357A9932}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{A565BF66-EE35-4AD3-A4A0-5CDF93741CC4}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{1DA838FE-8323-4EB3-A105-99FDDC6C3524}C:\\program files\\freeplayer\\vlc\\vlc.exe"= UDP:C:\program files\freeplayer\vlc\vlc.exe:VLC media player
"UDP Query User{4C72242C-BC8C-4219-B372-518F5CCD4823}C:\\program files\\freeplayer\\vlc\\vlc.exe"= TCP:C:\program files\freeplayer\vlc\vlc.exe:VLC media player
"TCP Query User{0E0D04F1-00F9-406D-8B7C-2676457CA122}C:\\program files\\freebrowser\\freebrowser\\freebrowser.exe"= UDP:C:\program files\freebrowser\freebrowser\freebrowser.exe:FreeBrowser
"UDP Query User{64AE7CD6-6A3A-4DC1-A9B7-E0AE6C758CA2}C:\\program files\\freebrowser\\freebrowser\\freebrowser.exe"= TCP:C:\program files\freebrowser\freebrowser\freebrowser.exe:FreeBrowser
"TCP Query User{1A814341-6960-4147-9AB7-589A2F68458F}C:\\program files\\freebrowser\\vlc\\vlc.exe"= UDP:C:\program files\freebrowser\vlc\vlc.exe:VLC media player
"UDP Query User{6AE5B871-F9B8-469E-B690-7D625E1C17E7}C:\\program files\\freebrowser\\vlc\\vlc.exe"= TCP:C:\program files\freebrowser\vlc\vlc.exe:VLC media player
"TCP Query User{1F06A004-4E1B-48F2-872C-AC0181D53AA1}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{09B36E12-3FF6-4BA3-B827-DDB38F358144}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{2B68A264-EB30-48A3-8F9A-116BA9DC792D}"= UDP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
"{A79E802B-6D71-4A0A-89B1-8570662CEE1A}"= TCP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
"{6102D894-D6C9-47F4-ADFC-21E40D9AF9F8}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{E0FC3FFD-8B37-4986-B202-B9458307B068}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{5BC412AF-3C27-47A7-8740-F832B223EBCD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{67BCF0A9-13B9-4A2C-8945-64800D7FD4E1}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{AAD37F98-6F8E-4D5C-977A-1AE04F9F92E8}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{1C27B352-F4F0-47A3-B844-61629268EBA6}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{D7325789-401F-4790-81B5-4FECDC045ABA}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{468AF3E6-90B3-4A74-9061-13F14B34C6FE}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{50B1915F-3DE6-42EA-9A75-B4D97D34708C}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{7D11D87E-F31F-401E-92F2-48B056661707}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{787BE248-57AB-45F0-8413-8975C9A3AD79}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{D2BD129A-B45F-4846-AAC7-3E0BD2369DB6}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{9955A49D-4D27-4654-8632-6761F499D9F8}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{94B500A6-59A4-4D98-A36A-E4ACE32F6E7A}C:\\users\\samuel\\videos\\age of empires 2\\empires2.exe"= UDP:C:\users\samuel\videos\age of empires 2\empires2.exe:empires2.exe
"UDP Query User{E9297C62-7264-422A-B930-7EB723263809}C:\\users\\samuel\\videos\\age of empires 2\\empires2.exe"= TCP:C:\users\samuel\videos\age of empires 2\empires2.exe:empires2.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
R3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\Windows\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]
S2 IntelDHSvcConf;Intel DH Service;C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2947a4f7-e105-11db-9891-0007cb0000ff}]
\shell\AutoRun\command - J:\setup\rsrc\Autorun.exe
\shell\dinstall\command - J:\Directx\dxsetup.exe
.
Contenu du dossier 'Tâches planifiées'
2008-10-17 C:\Windows\Tasks\Maintenance en 1 clic.job
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe []
2008-10-19 C:\Windows\Tasks\User_Feed_Synchronization-{14CCBB2B-9155-463B-8D27-C738EBE05B06}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]
2008-10-19 C:\Windows\Tasks\User_Feed_Synchronization-{5F54985D-C7E7-4B4E-A526-7EFC85E3BF74}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]
.
- - - - ORPHELINS SUPPRIMES - - - -
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKLM-Run-MSServer - C:\Windows\system32\hGvUnool.dll
HKU-Default-Run-swg - C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
MSConfigStartUp-Skype - C:\Program Files\Skype\Phone\Skype.exe
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
R0 -: HKLM-Main,Start Page = hxxp://ads.eorezo.com/cgi-bin/advert/getads.cgi?x_dp_id=18&x_format=redirect
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
C:\Windows\Downloaded Program Files\oscan8.inf
C:\Windows\Downloaded Program Files\oscan81.ocx_x
C:\Windows\bdoscandellang.ini
C:\Windows\bdoscandel.exe
C:\Windows\Downloaded Program Files\live.ini
C:\Windows\Downloaded Program Files\scanoptions.tsi
C:\Windows\Downloaded Program Files\lang.ini
C:\Windows\Downloaded Program Files\ipsupd.dll
C:\Windows\Downloaded Program Files\bdupd.dll
C:\Windows\Downloaded Program Files\libfn.dll
C:\Windows\Downloaded Program Files\bdcore.dll
C:\Windows\Downloaded Program Files\oscan8.ocx
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-19 23:01:17
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\PnkBstrA.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\conime.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Heure de fin: 2008-10-19 23:06:33 - La machine a redémarré [SAMUEL]
ComboFix-quarantined-files.txt 2008-10-19 21:06:00
Avant-CF: 64,961,835,008 octets libres
Après-CF: 64,619,864,064 octets libres
200 --- E O F --- 2008-10-18 19:33:17
dans l'attente d'une réponse merci beaucoup
re
j'ai oublié de faire un deuxième test avec hijackthis. Le voici :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:34:24, on 19/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\SAMUEL\Program Files\DNA\btdna.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\explorer.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww17.ads.eorezo.com/cgi-bin/advert/getads.cgi?x_dp_id=18&x_format=redirect
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\hGvUnool.dll,#1
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\SAMUEL\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\SAMUEL\AppData\Local\Temp\lJAtRhGW.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\SAMUEL\AppData\Local\Temp\fccCsqNF.dll,#1
O4 - HKCU\..\Run: [6288646b] rundll32.exe "C:\Users\SAMUEL\AppData\Local\Temp\kgygfohi.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
j'ai oublié de faire un deuxième test avec hijackthis. Le voici :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:34:24, on 19/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\SAMUEL\Program Files\DNA\btdna.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\explorer.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww17.ads.eorezo.com/cgi-bin/advert/getads.cgi?x_dp_id=18&x_format=redirect
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\hGvUnool.dll,#1
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\SAMUEL\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\SAMUEL\AppData\Local\Temp\lJAtRhGW.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\SAMUEL\AppData\Local\Temp\fccCsqNF.dll,#1
O4 - HKCU\..\Run: [6288646b] rundll32.exe "C:\Users\SAMUEL\AppData\Local\Temp\kgygfohi.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
SLT
SNIF plus de réponse..Je croise les doigts..Je sais il faut savoir être patient..mais j'ai tellement besoin de mon ordinateur.
Merci ..
SNIF plus de réponse..Je croise les doigts..Je sais il faut savoir être patient..mais j'ai tellement besoin de mon ordinateur.
Merci ..
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
20 oct. 2008 à 13:18
20 oct. 2008 à 13:18
relance hijakchits, fais DO A SYSTEM SCAN ONLY Et fix ces lignes 5FIX CHEKED°
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ads.eorezo.com/cgi-bin/advert/getads.cgi?x_dp_id=18&x_format=redirect
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\hGvUnool.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\SAMUEL\AppData\Local\Temp\lJAtRhGW.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\SAMUEL\AppData\Local\Temp\fccCsqNF.dll,#1
O4 - HKCU\..\Run: [6288646b] rundll32.exe "C:\Users\SAMUEL\AppData\Local\Temp\kgygfohi.dll",b
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
_____________
télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\Windows\system32\hGvUnool.dll
C:\Users\SAMUEL\AppData\Local\Temp\lJAtRhGW.dll
C:\Users\SAMUEL\AppData\Local\Temp\fccCsqNF.dll
C:\Users\SAMUEL\AppData\Local\Temp\kgygfohi.dll
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
________________________
si tu n'as aucune protection:
installe antivir et malwarebyte et colle nous les rapports:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
https://www.malekal.com/avira-free-security-antivirus-gratuit/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ads.eorezo.com/cgi-bin/advert/getads.cgi?x_dp_id=18&x_format=redirect
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\hGvUnool.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\SAMUEL\AppData\Local\Temp\lJAtRhGW.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\SAMUEL\AppData\Local\Temp\fccCsqNF.dll,#1
O4 - HKCU\..\Run: [6288646b] rundll32.exe "C:\Users\SAMUEL\AppData\Local\Temp\kgygfohi.dll",b
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
_____________
télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\Windows\system32\hGvUnool.dll
C:\Users\SAMUEL\AppData\Local\Temp\lJAtRhGW.dll
C:\Users\SAMUEL\AppData\Local\Temp\fccCsqNF.dll
C:\Users\SAMUEL\AppData\Local\Temp\kgygfohi.dll
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
________________________
si tu n'as aucune protection:
installe antivir et malwarebyte et colle nous les rapports:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
https://www.malekal.com/avira-free-security-antivirus-gratuit/
Bonsoir
merci pour votre réponse JLPJLP
voici le rapport :
File/Folder C:\Windows\system32\hGvUnool.dll not found.
File/Folder C:\Users\SAMUEL\AppData\Local\Temp\lJAtRhGW.dll not found.
File/Folder C:\Users\SAMUEL\AppData\Local\Temp\fccCsqNF.dll not found.
File/Folder C:\Users\SAMUEL\AppData\Local\Temp\kgygfohi.dll not found.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10202008_193956
Que me rest il à faire maintenant?
merci beaucoup...
Au fait à quoi sert antivir et malwarebyte ?
merci
merci pour votre réponse JLPJLP
voici le rapport :
File/Folder C:\Windows\system32\hGvUnool.dll not found.
File/Folder C:\Users\SAMUEL\AppData\Local\Temp\lJAtRhGW.dll not found.
File/Folder C:\Users\SAMUEL\AppData\Local\Temp\fccCsqNF.dll not found.
File/Folder C:\Users\SAMUEL\AppData\Local\Temp\kgygfohi.dll not found.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10202008_193956
Que me rest il à faire maintenant?
merci beaucoup...
Au fait à quoi sert antivir et malwarebyte ?
merci
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
20 oct. 2008 à 19:57
20 oct. 2008 à 19:57
antivir est un antivirus gratuit et malwarebyte un antiespion gratuit
tu as les manuels et les explications dans les liens
tu as les manuels et les explications dans les liens
Re
Ok merci pour vos réponses claires et précises.
je vais intaller de suite antivir et malwarebyte
je dois installer les rapports?
Ok merci pour vos réponses claires et précises.
je vais intaller de suite antivir et malwarebyte
je dois installer les rapports?
RE
Voici les rapports :
1/ malwarebyte :
Malwarebytes' Anti-Malware 1.29
Version de la base de données: 1298
Windows 6.0.6001 Service Pack 1
20/10/2008 20:21:47
mbam-log-2008-10-20 (20-21-28).txt
Type de recherche: Examen rapide
Eléments examinés: 42459
Temps écoulé: 2 minute(s), 53 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
2/ rapport antivir :
Avira AntiVir Personal
Report file date: lundi 20 octobre 2008 20:43
Scanning for 1369550 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (Service Pack 1) [6.0.6001]
Boot mode: Save mode
Username: SAMUEL
Computer name: PC-DE-SAMUEL
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 30/06/2008 05:20:53
ANTIVIR3.VDF : 7.0.5.23 17408 Bytes 30/06/2008 09:24:47
Engineversion : 8.1.1.19
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.63 311673 Bytes 06/08/2008 13:13:47
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/2008 12:37:48
AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
AEOFFICE.DLL : 8.1.0.21 192891 Bytes 18/07/2008 06:35:21
AEHEUR.DLL : 8.1.0.47 1368437 Bytes 06/08/2008 13:13:47
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.35 315764 Bytes 06/08/2008 14:38:47
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/2008 08:33:21
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 7.0.0.1 155688 Bytes 30/06/2008 14:35:20
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: lundi 20 octobre 2008 20:43
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
18 processes with 18 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD5
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '36' files ).
Starting the file scan:
Begin scan in 'C:\' <HP>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Users\SAMUEL\AppData\Local\VirtualStore\Program Files\eMule\Temp\007.part
[0] Archive type: ACE
--> Telephone - Best Of\Telephone_-_Best_Of-back.jpg
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Users\SAMUEL\AppData\Local\VirtualStore\Program Files\eMule\Temp\015.part
[WARNING] An exception has been identified!
[WARNING] In the module 'aecore.dll' an exception occured.
Calling the function AVEPROC_TestFile in file: \\?\C:\Users\SAMUEL\AppData\Local\VirtualStore\Program Files\eMule\Temp\015.part
Error description:ACCESS_VIOLATION
EAX = 000198AC EBX = 0002590A
ECX = 00000000 EDX = 03820024
ESI = 0004DE14 EDI = 0004e5a8
EIP = 02157EE9 EBP = 000FFFFF
ESP = 02A5AFB4 Flg = 00010206
CS = 00000023 SS = 0000001B
C:\Users\SAMUEL\Documents\Downloads\(HOODLUM ) patch pes 2008 ps3 _better version_.zip
[0] Archive type: ZIP
--> Setup.exe
[1] Archive type: RSRC
--> Object
[DETECTION] Contains recognition pattern of the DR/Dldr.Agent.fwr.1 dropper
--> Object
[DETECTION] Is the TR/Dldr.IstBar.32000 Trojan
[NOTE] The file was moved to '494be93c.qua'!
C:\Users\SAMUEL\Downloads\RUNME.bat
[DETECTION] Contains recognition pattern of the BAT/ConHook.Z batch virus
[NOTE] The file was moved to '494ae993.qua'!
C:\Users\SAMUEL\Downloads\Setup_FreeConverter.exe
[DETECTION] Is the TR/Agent.6952238 Trojan
[NOTE] The file was moved to '4970e9a3.qua'!
C:\Windows\System32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <Recovery>
End of the scan: lundi 20 octobre 2008 23:01
Used time: 2:18:17 Hour(s)
The scan has been done completely.
16863 Scanning directories
399910 Files were scanned
4 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
3 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
399904 Files not concerned
3706 Archives were scanned
8 Warnings
3 Notes
Voilà, qu'en est il?
Merci..
(désolé d'avoir été aussi long, mais antivir à mis 2 h)
Voici les rapports :
1/ malwarebyte :
Malwarebytes' Anti-Malware 1.29
Version de la base de données: 1298
Windows 6.0.6001 Service Pack 1
20/10/2008 20:21:47
mbam-log-2008-10-20 (20-21-28).txt
Type de recherche: Examen rapide
Eléments examinés: 42459
Temps écoulé: 2 minute(s), 53 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
2/ rapport antivir :
Avira AntiVir Personal
Report file date: lundi 20 octobre 2008 20:43
Scanning for 1369550 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (Service Pack 1) [6.0.6001]
Boot mode: Save mode
Username: SAMUEL
Computer name: PC-DE-SAMUEL
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 30/06/2008 05:20:53
ANTIVIR3.VDF : 7.0.5.23 17408 Bytes 30/06/2008 09:24:47
Engineversion : 8.1.1.19
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.63 311673 Bytes 06/08/2008 13:13:47
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/2008 12:37:48
AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
AEOFFICE.DLL : 8.1.0.21 192891 Bytes 18/07/2008 06:35:21
AEHEUR.DLL : 8.1.0.47 1368437 Bytes 06/08/2008 13:13:47
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.35 315764 Bytes 06/08/2008 14:38:47
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/2008 08:33:21
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 7.0.0.1 155688 Bytes 30/06/2008 14:35:20
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: lundi 20 octobre 2008 20:43
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
18 processes with 18 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD5
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '36' files ).
Starting the file scan:
Begin scan in 'C:\' <HP>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Users\SAMUEL\AppData\Local\VirtualStore\Program Files\eMule\Temp\007.part
[0] Archive type: ACE
--> Telephone - Best Of\Telephone_-_Best_Of-back.jpg
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Users\SAMUEL\AppData\Local\VirtualStore\Program Files\eMule\Temp\015.part
[WARNING] An exception has been identified!
[WARNING] In the module 'aecore.dll' an exception occured.
Calling the function AVEPROC_TestFile in file: \\?\C:\Users\SAMUEL\AppData\Local\VirtualStore\Program Files\eMule\Temp\015.part
Error description:ACCESS_VIOLATION
EAX = 000198AC EBX = 0002590A
ECX = 00000000 EDX = 03820024
ESI = 0004DE14 EDI = 0004e5a8
EIP = 02157EE9 EBP = 000FFFFF
ESP = 02A5AFB4 Flg = 00010206
CS = 00000023 SS = 0000001B
C:\Users\SAMUEL\Documents\Downloads\(HOODLUM ) patch pes 2008 ps3 _better version_.zip
[0] Archive type: ZIP
--> Setup.exe
[1] Archive type: RSRC
--> Object
[DETECTION] Contains recognition pattern of the DR/Dldr.Agent.fwr.1 dropper
--> Object
[DETECTION] Is the TR/Dldr.IstBar.32000 Trojan
[NOTE] The file was moved to '494be93c.qua'!
C:\Users\SAMUEL\Downloads\RUNME.bat
[DETECTION] Contains recognition pattern of the BAT/ConHook.Z batch virus
[NOTE] The file was moved to '494ae993.qua'!
C:\Users\SAMUEL\Downloads\Setup_FreeConverter.exe
[DETECTION] Is the TR/Agent.6952238 Trojan
[NOTE] The file was moved to '4970e9a3.qua'!
C:\Windows\System32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <Recovery>
End of the scan: lundi 20 octobre 2008 23:01
Used time: 2:18:17 Hour(s)
The scan has been done completely.
16863 Scanning directories
399910 Files were scanned
4 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
3 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
399904 Files not concerned
3706 Archives were scanned
8 Warnings
3 Notes
Voilà, qu'en est il?
Merci..
(désolé d'avoir été aussi long, mais antivir à mis 2 h)
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
21 oct. 2008 à 11:37
21 oct. 2008 à 11:37
il faut faire gaffe avec emule ....
____________
scan avec ceci:
https://www.broadcom.com/support/security-center
____________
vire ce qui est en quarantaine dans antivir
_____________
il faut virer ce qui a été trouvé dans malwarebyte
______________
télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
:\Users\SAMUEL\AppData\Local\VirtualStore\Program Files\eMule\Temp\007.part
C:\Users\SAMUEL\AppData\Local\VirtualStore\Program Files\eMule\Temp\015.part
C:\Users\SAMUEL\Documents\Downloads\(HOODLUM ) patch pes 2008 ps3 _better version_.zip
C:\Users\SAMUEL\Downloads\RUNME.bat
C:\Users\SAMUEL\Downloads\Setup_FreeConverter.exe
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
____________
scan avec ceci:
https://www.broadcom.com/support/security-center
____________
vire ce qui est en quarantaine dans antivir
_____________
il faut virer ce qui a été trouvé dans malwarebyte
______________
télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
:\Users\SAMUEL\AppData\Local\VirtualStore\Program Files\eMule\Temp\007.part
C:\Users\SAMUEL\AppData\Local\VirtualStore\Program Files\eMule\Temp\015.part
C:\Users\SAMUEL\Documents\Downloads\(HOODLUM ) patch pes 2008 ps3 _better version_.zip
C:\Users\SAMUEL\Downloads\RUNME.bat
C:\Users\SAMUEL\Downloads\Setup_FreeConverter.exe
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
