Infection de mon PC G!rly aide moi

papasiam Messages postés 13 Date d'inscription   Statut Membre -  
g!rly Messages postés 18462 Statut Contributeur -
Bonjour, mon PC est infecté par plusieurs virus un ver nommé allaple et un autre BAT/Fake.Privdanger
ma config c windows XP avec avira et kerio pour la défense mais bon apparement ca passe
que faire G!rly aide moi ou quelqu'un d'autre
merci d'avance
Configuration: Windows XP
Firefox 2.0.0.11

21 réponses

  • 1
  • 2
  1. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    c´est mieux ;-)

    ta version de acrobat reader n´est pas a jour, tu veux la version 8.1 derniere en date alors desinstale ta version par le panneau de configuration / ajoue et suppression de programme

    et instale la derniere :

    https://get2.adobe.com/reader/otherversions/

    ou foxit plus léger :

    https://www.clubic.com/telecharger-fiche13808-foxit-reader.html

    puis

    tu surf avec internet explorer 6.0 = failles de securitées importantes

    alors fais les mises a jour windows : tu veux la version 7.0

    et pourquoi ne pas surfer avec firefox? = plus sur, tout en gardant ie 7.0 pour les mises a jour windows car impossible a effectuer sous firefox

    http://www.firefox.fr/

    puis

    j´aimerais que tu effectue un scan complet de ta machine avec antivir et quye tu posdt le rapport ici

    @+
    1
  2. g!rly Messages postés 18462 Statut Contributeur 407
     
    bonsoir a vous deux...

    pour suivre...

    @+
    0
    1. Pi_Xi Messages postés 2274 Statut Membre 149
       
      Bonsoir g!rly !

      Non non, ce sujet s'adresse à toi, c'est moi qui suit :o)

      ++
      0
  3. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut pi_xi,

    ok on fait comme ca alors, tu regarde ;-) mais tu peux aussi intervenir, on fais comme ca?! oui !

    papasiam bonsoir,

    post un rapport hijack this comme te l´as demandé pi_xi stp

    et post aussi le rapport que va générer smitfraudfix :

    télécharges smitfraudfix :

    En image :
    http://siri.urz.free.fr/Fix/SmitfraudFix.php

    tu doubles cliques sur smitfraudfix.cmd et tu choisi l option 1
    cela vas générer un rapport.

    Copie/colle le rapport sur le forum stp.

    @+
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. papasiam Messages postés 13 Date d'inscription   Statut Membre
     
    et voila
    hijack

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:52:13, on 17/01/2008
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\logonui.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\System32\sstray.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\hijackthis\HijackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: The enqvwkp - {CC4B2067-D903-427A-854B-632735A570D9} - C:\DOCUME~1\ZITUN~1\LOCALS~1\Temp\ac8zt2\enqvwkp.dll (file missing)
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: SATARaid.lnk = ?
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\c_1tat.dll (file missing)
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\c_1tat.dll (file missing)
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O21 - SSODL: agrlmvp - {4141128B-10DF-49B0-9553-F6E7DAEC7174} - C:\WINDOWS\agrlmvp.dll
    O21 - SSODL: bmlvqkn - {C816A9F0-F9D8-47AB-8CEA-C29103575CC8} - C:\WINDOWS\bmlvqkn.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
    0
  6. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    meilleurs voeux ;-)

    l´infection a été détécté par smitfraudfix.

    la suite :

    Redémarre le PC en mode sans échec : tu tapotes sur la touche F8 de ton clavier (ou F5 ) dès le démarrage et tu choisis le mode sans échec)

    - Ouvre le dossier "SmitfraudFix" et double clique sur "Smitfraudfix.cmd", choisit l 'option 2 et tu réponds oui à tout.

    Enregistre le rapport puis Copie/colle le rapport sur le forum stp.

    et post aussi un nouveau hijack this

    @+
    0
  7. papasiam Messages postés 13 Date d'inscription   Statut Membre
     
    et voila tes demandes sont des ordres

    SmitFraudFix v2.240

    Rapport fait à 9:30:04,06, 17/01/2008
    Executé à partir de C:\Documents and Settings\Zit”uN\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    C:\DOCUME~1\ZITUN~1\Bureau\Error Cleaner.url supprimé
    C:\DOCUME~1\ZITUN~1\Bureau\Privacy Protector.url supprimé
    C:\DOCUME~1\ZITUN~1\Bureau\Spyware?Malware Protection.url supprimé
    C:\DOCUME~1\ZITUN~1\Favoris\Error Cleaner.url supprimé
    C:\DOCUME~1\ZITUN~1\Favoris\Privacy Protector.url supprimé

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{F6F54D28-7516-4FAD-A1FC-61212F6DF7E8}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{F6F54D28-7516-4FAD-A1FC-61212F6DF7E8}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{F6F54D28-7516-4FAD-A1FC-61212F6DF7E8}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    merci
    0
  8. g!rly Messages postés 18462 Statut Contributeur 407
     
    papasiam,

    bien joué, tu peux supprimer smitfraudfix.

    peux tu poster un nouveau hijack this stp

    @+
    0
  9. papasiam Messages postés 13 Date d'inscription   Statut Membre
     
    et voila

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:33:21, on 17/01/2008
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\System32\sstray.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\update.exe
    C:\hijackthis\HijackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: The enqvwkp - {CC4B2067-D903-427A-854B-632735A570D9} - C:\DOCUME~1\ZITUN~1\LOCALS~1\Temp\ac8zt2\enqvwkp.dll (file missing)
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: SATARaid.lnk = ?
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\c_1tat.dll (file missing)
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\c_1tat.dll (file missing)
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O21 - SSODL: agrlmvp - {4141128B-10DF-49B0-9553-F6E7DAEC7174} - C:\WINDOWS\agrlmvp.dll
    O21 - SSODL: bmlvqkn - {C816A9F0-F9D8-47AB-8CEA-C29103575CC8} - C:\WINDOWS\bmlvqkn.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    0
  10. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    on continue :

    Télécharge combofix.exe (par sUBs) sur ton Bureau.

    -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    @+
    0
  11. papasiam Messages postés 13 Date d'inscription   Statut Membre
     
    et voilou

    ComboFix 08-01-17.5 - ZitöuN 2008-01-17 19:48:52.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.731 [GMT 1:00]
    Running from: C:\ComboFix.exe
    * Created a new restore point

    [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
    C:\Documents and Settings\ZitöuN\Bureau\Live Safety Center.lnk
    C:\Documents and Settings\ZitöuN\Bureau\Online Security Guide.lnk
    C:\Documents and Settings\ZitöuN\Bureau\Spyware&Malware Protection.url
    C:\Documents and Settings\ZitöuN\Favoris\Error Cleaner.url
    C:\Documents and Settings\ZitöuN\Favoris\Online Security Guide.lnk
    C:\Documents and Settings\ZitöuN\Favoris\Privacy Protector.url
    C:\Documents and Settings\ZitöuN\Favoris\Spyware&Malware Protection.url
    C:\Documents and Settings\Zit”uN\Bureau\Error Cleaner.url
    C:\Documents and Settings\Zit”uN\Bureau\Privacy Protector.url
    C:\Program Files\Hammer.dll
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\enqvwkp.dll
    C:\WINDOWS\system32\idqbtedn.exe
    C:\WINDOWS\system32\iikemcij.dllbox
    C:\WINDOWS\system32\iymtmrdm.dllbox
    C:\WINDOWS\system32\pqtss.bak1
    C:\WINDOWS\system32\pqtss.bak2
    C:\WINDOWS\system32\pqtss.ini

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\poof

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-17 to 2008-01-17 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-17 19:47 . 2008-01-17 19:46 1,552,034 --a------ C:\ComboFix.exe
    2008-01-17 09:29 . 2008-01-17 09:29 165 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
    2008-01-17 00:54 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-01-17 00:54 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-01-17 00:54 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-01-17 00:54 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-01-17 00:54 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-01-15 14:10 . 2008-01-15 10:55 229,376 --a------ C:\WINDOWS\bmlvqkn.dll
    2008-01-15 14:10 . 2008-01-15 10:55 217,088 --a------ C:\WINDOWS\agrlmvp.dll
    2008-01-15 14:10 . 2008-01-15 10:55 81,920 --a------ C:\WINDOWS\fxtqdrl.exe
    2008-01-15 13:38 . 2008-01-15 13:39 <REP> d-------- C:\Program Files\MediaStarCodec
    2008-01-11 18:04 . 2008-01-11 19:27 <REP> d-------- C:\Program Files\Nouveau dossier
    2007-12-30 17:03 . 2007-12-30 17:03 <REP> d-------- C:\Program Files\iTunes
    2007-12-30 17:03 . 2007-12-30 17:03 <REP> d-------- C:\Program Files\iPod
    2007-12-30 17:02 . 2007-12-30 17:02 <REP> d-------- C:\Program Files\Apple Software Update
    2007-12-30 17:02 . 2007-12-30 17:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2007-12-22 14:38 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
    2007-12-22 14:38 . 2001-08-17 21:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-16 13:58 --------- d-----w C:\Program Files\PokerStars
    2008-01-15 09:08 --------- d-----w C:\Program Files\mIRC
    2007-12-30 16:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-12-30 16:02 --------- d-----w C:\Program Files\QuickTime
    2007-12-12 15:01 --------- d-----w C:\Program Files\bwin
    2007-12-06 22:34 --------- d-----w C:\Program Files\DivX
    2007-12-01 14:39 --------- d-----w C:\Program Files\PKR
    2007-11-26 20:58 --------- d-----w C:\Program Files\BitComet
    2007-11-25 21:04 --------- d-----w C:\Program Files\MaxTV
    2007-11-25 21:03 --------- d-----w C:\Program Files\MaxSoftware
    2007-10-28 20:25 192,240 ----a-w C:\WINDOWS\system32\wins.exe
    2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2007-10-18 19:43 8,674,195 ----a-w C:\Program Files\dxnt.cab
    2007-10-17 18:52 50,688 ----a-w C:\ATF-Cleaner.exe
    2007-07-19 23:19 855,886 ----a-w C:\Program Files\AUG2007_d3dx10_35_x64.cab
    2007-07-19 23:19 800,467 ----a-w C:\Program Files\AUG2007_d3dx10_35_x86.cab
    2007-07-19 23:19 1,803,760 ----a-w C:\Program Files\AUG2007_d3dx9_35_x64.cab
    2007-07-19 23:18 44,684 ----a-w C:\Program Files\dxdllreg_x86.cab
    2007-07-19 23:18 201,696 ----a-w C:\Program Files\AUG2007_XACT_x64.cab
    2007-07-19 23:18 156,612 ----a-w C:\Program Files\AUG2007_XACT_x86.cab
    2007-07-19 23:18 1,711,752 ----a-w C:\Program Files\AUG2007_d3dx9_35_x86.cab
    2007-07-19 22:48 976,020 ------w C:\Program Files\BDAXP.cab
    2007-07-19 22:48 917,318 ------w C:\Program Files\Apr2006_MDX1_x86.cab
    2007-07-19 22:48 88,102 ------w C:\Program Files\AUG2006_xinput_x64.cab
    2007-07-19 22:48 87,989 ------w C:\Program Files\Apr2006_xinput_x64.cab
    2007-07-19 22:48 77,160 ----a-w C:\Program Files\DSETUP.dll
    2007-07-19 22:48 702,212 ------w C:\Program Files\APR2007_d3dx10_33_x64.cab
    2007-07-19 22:48 699,465 ------w C:\Program Files\APR2007_d3dx10_33_x86.cab
    2007-07-19 22:48 56,902 ------w C:\Program Files\APR2007_xinput_x86.cab
    2007-07-19 22:48 47,018 ------w C:\Program Files\AUG2006_xinput_x86.cab
    2007-07-19 22:48 46,898 ------w C:\Program Files\Apr2006_xinput_x86.cab
    2007-07-19 22:48 4,163,518 ------w C:\Program Files\Apr2006_MDX1_x86_Archive.cab
    2007-07-19 22:48 213,767 ------w C:\Program Files\DEC2006_d3dx10_00_x64.cab
    2007-07-19 22:48 199,366 ------w C:\Program Files\APR2007_XACT_x64.cab
    2007-07-19 22:48 193,435 ------w C:\Program Files\DEC2006_XACT_x64.cab
    2007-07-19 22:48 192,680 ------w C:\Program Files\DEC2006_d3dx10_00_x86.cab
    2007-07-19 22:48 183,863 ------w C:\Program Files\AUG2006_XACT_x64.cab
    2007-07-19 22:48 180,021 ------w C:\Program Files\Apr2006_XACT_x64.cab
    2007-07-19 22:48 154,825 ------w C:\Program Files\APR2007_XACT_x86.cab
    2007-07-19 22:48 146,559 ------w C:\Program Files\DEC2006_XACT_x86.cab
    2007-07-19 22:48 138,195 ------w C:\Program Files\AUG2006_XACT_x86.cab
    2007-07-19 22:48 133,991 ------w C:\Program Files\Apr2006_XACT_x86.cab
    2007-07-19 22:48 100,417 ------w C:\Program Files\APR2007_xinput_x64.cab
    2007-07-19 22:48 1,673,576 ----a-w C:\Program Files\dsetup32.dll
    2007-07-19 22:48 1,610,958 ------w C:\Program Files\APR2007_d3dx9_33_x64.cab
    2007-07-19 22:48 1,609,639 ------w C:\Program Files\APR2007_d3dx9_33_x86.cab
    2007-07-19 22:48 1,575,336 ------w C:\Program Files\DEC2006_d3dx9_32_x86.cab
    2007-07-19 22:48 1,572,114 ------w C:\Program Files\DEC2006_d3dx9_32_x64.cab
    2007-07-19 22:48 1,398,718 ------w C:\Program Files\Apr2006_d3dx9_30_x64.cab
    2007-07-19 22:48 1,358,864 ------w C:\Program Files\Dec2005_d3dx9_28_x64.cab
    2007-07-19 22:48 1,351,430 ------w C:\Program Files\Aug2005_d3dx9_27_x64.cab
    2007-07-19 22:48 1,348,242 ------w C:\Program Files\Apr2005_d3dx9_25_x64.cab
    2007-07-19 22:48 1,156,363 ------w C:\Program Files\BDANT.cab
    2007-07-19 22:48 1,116,109 ------w C:\Program Files\Apr2006_d3dx9_30_x86.cab
    2007-07-19 22:48 1,080,344 ------w C:\Program Files\Dec2005_d3dx9_28_x86.cab
    2007-07-19 22:48 1,079,850 ------w C:\Program Files\Apr2005_d3dx9_25_x86.cab
    2007-07-19 22:48 1,078,532 ------w C:\Program Files\Aug2005_d3dx9_27_x86.cab
    2005-03-18 16:31 7,479 ----a-w C:\Program Files\d3dx9_25_x64.cat
    2005-03-18 16:25 806 ----a-w C:\Program Files\apr2005_d3dx9_25_x64.inf
    2005-03-18 16:25 667 ----a-w C:\Program Files\d3dx9_25_x64.inf
    2005-03-18 16:19 3,823,312 ----a-w C:\Program Files\d3dx9_25.dll
    2005-03-18 16:18 58,064 ----a-w C:\Program Files\infinst.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-28 13:00 13312]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 06:14 1077277]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-19 20:31 68856]
    "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-05 11:35 335872]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-17 20:13 249896]
    "nForce Tray Options"="sstray.exe" [2003-08-13 05:25 73728 C:\WINDOWS\system32\sstray.exe]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 13:00 13312]
    "HOT FIX"="Gothic.exe" []
    "Windows Insecure"="ccwd.exe" []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "agrlmvp"= {4141128B-10DF-49B0-9553-F6E7DAEC7174} - C:\WINDOWS\agrlmvp.dll [2008-01-15 10:55 217088]
    "bmlvqkn"= {C816A9F0-F9D8-47AB-8CEA-C29103575CC8} - C:\WINDOWS\bmlvqkn.dll [2008-01-15 10:55 229376]

    R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2007-07-18 13:22]
    R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\System32\drivers\si3112r.sys [2003-05-30 11:05]
    R0 SiWinAcc;SiWinAcc;C:\WINDOWS\System32\drivers\SiWinAcc.sys [2003-02-12 07:37]
    R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2007-08-09 12:04]
    R1 fwdrv;Firewall Driver;C:\WINDOWS\System32\drivers\fwdrv.sys [2005-09-26 10:05]
    R1 khips;Kerio HIPS Driver;C:\WINDOWS\System32\drivers\khips.sys [2005-09-26 10:05]
    S4 NOTEPAD;NOTEPAD;"C:\WINDOWS\system\NOTEPAD.exe" []
    S4 windowsys;system32 master;"C:\WINDOWS\windowsys.com" []

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2007-12-30 16:02:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-17 19:54:31
    Windows 5.1.2600 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2600.0000]
    -> C:\WINDOWS\bmlvqkn.dll
    .
    Completion time: 2008-01-17 19:55:59 - machine was rebooted [Zit”uN]
    ComboFix-quarantined-files.txt 2008-01-17 18:55:53
    ComboFix2.txt 2007-10-14 19:11:00

    thanks you
    0
  12. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    post un rapport hijack this tout frais stp

    @+
    0
  13. papasiam Messages postés 13 Date d'inscription   Statut Membre
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:11:42, on 17/01/2008
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\logonui.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\System32\sstray.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\hijackthis\HijackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: SATARaid.lnk = ?
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O21 - SSODL: agrlmvp - {4141128B-10DF-49B0-9553-F6E7DAEC7174} - C:\WINDOWS\agrlmvp.dll
    O21 - SSODL: bmlvqkn - {C816A9F0-F9D8-47AB-8CEA-C29103575CC8} - C:\WINDOWS\bmlvqkn.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    0
  14. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    a l´aide de hijack this coche les lignes suivantes :
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    O21 - SSODL: agrlmvp - {4141128B-10DF-49B0-9553-F6E7DAEC7174} - C:\WINDOWS\agrlmvp.dll
    O21 - SSODL: bmlvqkn - {C816A9F0-F9D8-47AB-8CEA-C29103575CC8} - C:\WINDOWS\bmlvqkn.dll

    comment fixer :

    Tutoriel d´utilisation (video) :

    -> http://pageperso.aol.fr/balltrap34/demohijack.htm

    puis

    Copie le texte ci-dessous :

    File::
    C:\WINDOWS\agrlmvp.dll
    C:\WINDOWS\bmlvqkn.dll

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "agrlmvp"=-
    "bmlvqkn"=-

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    @+
    0
  15. papasiam Messages postés 13 Date d'inscription   Statut Membre
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:19:47, on 17/01/2008
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\System32\sstray.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\hijackthis\HijackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: SATARaid.lnk = ?
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    0
  16. papasiam Messages postés 13 Date d'inscription   Statut Membre
     
    AntiVir PersonalEdition Classic
    Report file date: jeudi 17 janvier 2008 21:44

    Scanning for 1033339 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (plain) [5.1.2600]
    Username: ZitöuN
    Computer name: HOMESWEETHOME

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
    ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 00:29:23
    ANTIVIR2.VDF : 7.0.1.205 620544 Bytes 08/01/2008 01:20:42
    ANTIVIR3.VDF : 7.0.1.237 235008 Bytes 15/01/2008 08:22:43
    AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 19/12/2007 22:56:15
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
    AVPACK32.DLL : 7.6.0.2 360488 Bytes 19/12/2007 22:56:15
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

    Configuration settings for the scan:
    Jobname..........................: Local Drives
    Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: F:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: jeudi 17 janvier 2008 21:44

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
    Scan process 'iPodService.exe' - '1' Module(s) have been scanned
    Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
    Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'SATARaid.exe' - '1' Module(s) have been scanned
    Scan process 'SuperCopier2.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
    Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
    Scan process 'QTTask.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'sstray.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    33 processes with 33 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!
    Boot sector 'G:\'
    [NOTE] No virus was found!
    Boot sector 'A:\'
    [NOTE] In the drive 'A:\' no data medium is inserted!

    Starting to scan the registry.
    The registry was scanned ( '34' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\'
    Begin scan in 'G:\' <zitoun>
    G:\xavier\Larousse.De.Cuisine.-.rip.Fr.par.eMule-Paradise.com.ace
    [0] Archive type: ACE
    --> Larousse de cuisine\system\Livres de Cuisine\D‚licieuses Confitures.mc2
    [WARNING] Error creating the file
    --> Larousse de cuisine\system\Livres de Cuisine\D‚licieuses Compotes.mc2
    [WARNING] No further files can be extracted from this archive. The archive will be closed
    [WARNING] No further files can be extracted from this archive. The archive will be closed
    Begin scan in 'A:\'
    Search path A:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'E:\'
    Search path E:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'F:\'
    Search path F:\ could not be opened!
    Fonction incorrecte.

    End of the scan: jeudi 17 janvier 2008 22:16
    Used time: 31:38 min

    The scan has been done completely.

    3368 Scanning directories
    198430 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    198430 Files not concerned
    1587 Archives were scanned
    4 Warnings
    129 Notes

    j' utilise deja firefox pour le reste j'ai fais les MAJ

    merci
    0
  17. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    antivir n´arrive pas a scanner le fichier :

    G:\xavier\Larousse.De.Cuisine.-.rip.Fr.par.eMule-Paradise.com.ace

    peux tu essayer de l´analyser ici :

    https://www.virustotal.com/gui/

    ou ici :

    http://virusscan.jotti.org/de/

    et poste le resultat ici stp

    @+
    0
  18. papasiam
     
    j' arrive pas a scamé le fichier larousse pour le premier lien le fichier est rop gros et pour le second le serveur est toujours trop occupé
    sinon je le fous a la corbeille ce n'est pas un fichier primordial ???????????????????
    merci
    0
  19. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut xavier,

    oui s´epare toi de ce fichier, ca serait ingénieux...

    non ce n´est pas un fichier primordial, loin de la...

    c´est des recettes de cuisine ;-)

    @´+
    0
  20. papasiam
     
    a yè supprimé le fichier mais je savais ce que c'etait des recettes
    j entendais primordiale si le fichier en question avit un rapport avec les virus

    merci pour tout est surtout ta disponibilité
    0
  • 1
  • 2