Mon rapport hijackthis

[Falkra]

Hum, soit il résiste, soit il n'est plus là.

En tout cas ça occuper (c'est bon signe).

 

Je te donne un nouveau script, même topo pour le script, et le rapport qui suivra.

 

 

Rootkit::

c:\Users\GaWeL\AppData\Roaming\m\flec006.exe

 

File::

C:\QooBox.zip

 

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{873325f9-71be-11dc-95f5-001bb982436e}]

 

Dirlook::

c:\Users\GaWeL\AppData\Roaming\m

 

Si ça ne suffit pas j'ai d'autres choses en stock.

[gawel]

Voici le rapport mais toujours aucune traces des 2 fichiers:

 

 

 

ComboFix 08-05-12.1 - GaWeL 2008-05-16 23:45:43.4 - NTFSx86

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1282 [GMT 2:00]

Endroit: C:\Users\GaWeL\Desktop\combo-fix.exe

Command switches used :: C:\Users\GaWeL\Desktop\CFScript.txt

* Création d'un nouveau point de restauration

 

FILE ::

C:\QooBox.zip

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\QooBox.zip

c:\Users\GaWeL\AppData\Roaming\m\flec006.exe

 

.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-16 to 2008-05-16 ))))))))))))))))))))))))))))))))))))

.

 

Pas de nouveau fichier cr‚‚ dans cet espace de temps

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-15 22:51 --------- d-----w C:\ProgramData\Avira

2008-05-15 22:51 --------- d-----w C:\Program Files\Avira

2008-05-15 06:50 --------- d-----w C:\ProgramData\Microsoft Help

2008-05-13 22:51 --------- d-----w C:\Program Files\Alwil Software

2008-05-13 22:01 --------- d-----w C:\ProgramData\Spybot - Search & Destroy

2008-05-13 22:01 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-05-13 21:27 --------- d-----w C:\Program Files\CCleaner

2008-05-11 20:05 --------- d-----w C:\ProgramData\pixelStorm

2008-05-11 14:27 --------- d-----w C:\Program Files\PpStream Fr

2008-05-11 14:25 --------- d-----w C:\Users\GaWeL\AppData\Roaming\ppStream

2008-05-05 17:20 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys

2008-05-05 17:20 22,328 ----a-w C:\Users\GaWeL\AppData\Roaming\PnkBstrK.sys

2008-05-05 17:20 103,736 ----a-w C:\Users\GaWeL\AppData\Roaming\PnkBstrB.exe

2008-05-05 17:18 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-05 16:59 --------- d-----w C:\Program Files\Activision

2008-05-01 13:25 --------- d-----w C:\ProgramData\Kaspersky Lab Setup Files

2008-05-01 10:42 --------- d-----w C:\Program Files\Apple Software Update

2008-04-20 20:49 --------- d-----w C:\Program Files\pspvideo9

2008-04-20 20:41 319,456 ----a-w C:\Windows\DIFxAPI.dll

2008-04-20 20:41 --------- d-----w C:\Program Files\Realtek

2008-04-14 20:11 --------- d-----w C:\Program Files\AviSynth 2.5

2008-04-03 23:00 --------- d--h--r C:\Users\GaWeL\AppData\Roaming\SecuROM

2008-04-03 22:44 --------- d-----w C:\Users\GaWeL\AppData\Roaming\Sports Interactive

2008-04-03 22:39 --------- d--h--w C:\Program Files\Zero G Registry

2008-04-03 22:33 --------- d-----w C:\Program Files\Sports Interactive

2008-04-03 16:04 --------- d-----w C:\Program Files\iTunes

2008-04-03 16:04 --------- d-----w C:\Program Files\iPod

2008-04-03 16:03 --------- d-----w C:\Program Files\QuickTime

2008-03-21 18:43 --------- d-----w C:\Users\GaWeL\AppData\Roaming\Apple Computer

2008-03-20 17:53 --------- d-----w C:\Program Files\Safari

2008-03-16 18:15 --------- d-----w C:\ProgramData\NVIDIA

2008-03-16 04:57 --------- d-----w C:\Users\GaWeL\AppData\Roaming\WinBatch

2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-02-04 19:26 82 ----a-w C:\Users\GaWeL\AppData\Roaming\wklnhst.dat

2008-02-04 19:25 47,360 ----a-w C:\Users\GaWeL\AppData\Roaming\pcouffin.sys

2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini

.

 

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

---- Directory of c:\Users\GaWeL\AppData\Roaming\m ----

 

c:\Users\GaWeL\AppData\Roaming\m\

 

 

------- Sigcheck -------

 

.

((((((((((((((((((((((((((((( snapshot_2008-05-16_23.21.22,85 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-05-16 21:13:26 67,584 --s-a-w C:\Windows\bootstat.dat

+ 2008-05-16 21:48:16 67,584 --s-a-w C:\Windows\bootstat.dat

- 2008-05-16 21:15:02 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-05-16 21:48:43 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-05-16 21:48:43 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2008-05-16 21:14:57 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-05-16 21:48:43 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-05-16 21:48:43 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2008-05-16 21:08:48 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-05-16 21:33:47 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-05-16 21:08:48 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-05-16 21:33:47 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-05-16 21:08:48 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-05-16 21:33:47 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 04:01 1232896]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35 202024]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-05-14 00:01 2097488]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-06-19 00:28 1006264]

"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 18:16 65536]

"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 12:59 118784]

"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 11:26 4874240 C:\Windows\RtHDVCpl.exe]

"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"VX6000"="C:\Windows\vVX6000.exe" [2007-04-10 14:46 996712]

"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]

"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]

"HPAIO_PrintFolderMgr"="C:\Windows\system32\spool\DRIVERS\W32X86\hpoopm07.exe" [ ]

"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 09:23 132624]

"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-08-27 18:59 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-08-27 18:59 8473120]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-08-27 18:59 81920]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

 

C:\Users\GaWeL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 17:51 192512]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3072763064-2446227072-4167713054-1000]

"EnableNotificationsRef"=dword:00000004

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{6D627958-CCBC-4F0D-86EA-814307131E64}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{540C4478-A48C-4271-81C8-B312B78F5CD9}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"TCP Query User{48ED27BD-4D5C-4483-A8AD-C9C463E81AF8}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus

"UDP Query User{F941FE5E-E53C-412C-A2D8-0339ACB9EB76}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus

"{73E54759-DADF-4B25-9ADE-FC0CEC637531}"= Disabled:UDP:C:\Program Files\devolo\informer\devinf.exe:devolo Informer

"{89C5A30E-BA8B-4A1F-A260-6172F1C8EE2C}"= Disabled:TCP:C:\Program Files\devolo\informer\devinf.exe:devolo Informer

"{23BF2E3B-7760-4D96-B3F8-59E6955F4804}"= Disabled:UDP:C:\Program Files\devolo\easyshare\easyshare.exe:devolo EasyShare

"{D66CA116-176E-453F-B9FD-F1F41B96189D}"= Disabled:TCP:C:\Program Files\devolo\easyshare\easyshare.exe:devolo EasyShare

"{98DE3049-F1BB-4828-8A84-6411E529D14B}"= UDP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe

"{8FBFFE59-6FDE-4598-A05F-1E5CEC5E7443}"= TCP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe

"{2C10C3AB-CE1C-4515-96FA-A57BCED63DF5}"= UDP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe

"{94C8C4C4-8632-4B6C-998D-C1ECFBC63523}"= TCP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe

"TCP Query User{932CA54F-49E3-4D4A-A864-CCAA54BD20CA}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule

"UDP Query User{F4F8E69B-40BA-405C-BD82-2237C2AE3463}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule

"{77DF3217-5272-47CC-8DBA-1101B32A5D27}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{1F84B188-BFE2-4FD0-9250-88F6BEC8BBEF}"= UDP:C:\Windows\System32\muzapp.exe:MUZ AOD APP player

"{6E30E2E8-F8F9-4295-BF15-28B63DFEDC74}"= TCP:C:\Windows\System32\muzapp.exe:MUZ AOD APP player

"{C9581EA9-5CE7-419C-9E74-8C62834DE3D6}"= UDP:C:\Program Files\Microsoft ActiveSync\rapimgr.exe:ActiveSync RAPI Manager

"{C9A552AD-84B9-42F6-AC47-437E898F82B6}"= TCP:C:\Program Files\Microsoft ActiveSync\rapimgr.exe:ActiveSync RAPI Manager

"{4D69BB7C-0995-4A56-B788-EDE78F5EDEAF}"= UDP:C:\Program Files\Microsoft ActiveSync\wcescomm.exe:ActiveSync Connection Manager

"{4B4A249E-4B06-4E73-9D04-B9D0E9E48B68}"= TCP:C:\Program Files\Microsoft ActiveSync\wcescomm.exe:ActiveSync Connection Manager

"{0C8D9FB4-BE31-4A0D-832A-D2E570934E1A}"= UDP:C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:ActiveSync Application

"{1FC82F46-9F77-4191-A7E5-D4B98ACA6646}"= TCP:C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:ActiveSync Application

"{B9622CB5-EB26-4DEF-9F3E-150EB96C78E1}"= UDP:26675:169.254.2.0/255.255.255.0:ActiveSync Service

"{61D1E7E4-CE5A-427A-8F94-CC1A104C87B7}"= UDP:C:\Program Files\Microsoft ActiveSync\rapimgr.exe:ActiveSync RAPI Manager

"{C269D18D-2E5C-4592-8C30-358FEED71359}"= TCP:C:\Program Files\Microsoft ActiveSync\rapimgr.exe:ActiveSync RAPI Manager

"{4B1F9833-512C-4D7E-8F61-50B975A705E0}"= UDP:C:\Program Files\Microsoft ActiveSync\wcescomm.exe:ActiveSync Connection Manager

"{4B64E45C-5802-40D1-95D5-1F539FB9137E}"= TCP:C:\Program Files\Microsoft ActiveSync\wcescomm.exe:ActiveSync Connection Manager

"{D6DD97F8-43B4-43CF-AE3C-A8D541181EA1}"= UDP:C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:ActiveSync Application

"{48307B80-3264-46FB-B078-3366468C8810}"= TCP:C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:ActiveSync Application

"{3B963C37-3149-41CC-8450-F84F0D87B63F}"= UDP:26675:169.254.2.0/255.255.255.0:ActiveSync Service

"{38B24799-AD50-4759-ACDA-A799790B7EA3}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"TCP Query User{78BF92EF-58C0-475F-B36A-C5CB0B0A5E1D}C:\\users\\gawel\\desktop\\viviplay.exe"= UDP:C:\users\gawel\desktop\viviplay.exe:viviplay.exe

"UDP Query User{DB60AA64-5A66-4A56-9503-278736AB17F1}C:\\users\\gawel\\desktop\\viviplay.exe"= TCP:C:\users\gawel\desktop\viviplay.exe:viviplay.exe

"{85107586-3806-4B67-BBC3-C0F9C52DD8A0}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{BF23537A-2CAB-4E9F-AA99-698848A1CDB3}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{D266B7DB-B012-4802-8B20-F9145C464865}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008

"{0595A42E-1164-4B80-A380-1DCD8B3FA3B4}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

 

R2 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;C:\Windows\system32\plcndis5.sys [2004-05-17 11:21]

R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 11:45]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]

R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 11:45]

S3 VX6000;Microsoft LifeCam VX-6000;C:\Windows\system32\DRIVERS\VX6000Xp.sys [2007-04-10 14:46]

S4 usbprint;Microsoft USB PRINTER Class;C:\Windows\system32\drivers\usbprint.sys [2006-11-02 11:14]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

 

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-16 23:48:49

Windows 6.0.6000 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Windows\System32\audiodg.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Windows\System32\PnkBstrA.exe

C:\Windows\System32\PnkBstrB.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\System32\wbem\unsecapp.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\hp\KBD\kbd.exe

C:\Windows\System32\conime.exe

C:\Windows\System32\dllhost.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-05-16 23:55:04 - machine was rebooted

ComboFix-quarantined-files.txt 2008-05-16 21:54:56

ComboFix2.txt 2008-05-16 21:22:25

ComboFix3.txt 2008-05-15 21:41:34

ComboFix4.txt 2008-05-14 22:38:55

 

Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.

Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.

 

225 --- E O F --- 2008-05-15 06:50:23

[Falkra]

si si, ça a l'air bon ce coup ci.

 

Si tu as un fichier

C:\QooBox\Quarantine\C\Users\GaWeL\AppData\Roaming\m\flec006.exe.vir

Je suis intéressé par un zip de ce fichier, que tu dois pouvoir faire à la main là. Pour m'envoyer le zip, même procédure, si le zip peut se créer (il devrait.

 

Le cas semble moins grave que prévu (tant mieux !).

[gawel]

Toujours impossible a ziper... par contre je vais a lendroit ou est le placer et il n'y figure pas c'est bizzard mais quand je fait rechercher je le trouve.

Bon je suis rassuré si c'est moin grave!

On finiras demain si sa te derange pas car demain boulot.

Bye et merci encore!

[Falkra]

Ok on voit ça demain, je lis dans le rapport que le fichier a été éliminé de toute façon.

On reprendra tranquillement, à tête reposée.

 

Bonne nuit, @ demain.

[Falkra]

Re. Des nouvelles ?

 

Le fichier flec006.exe devrait être dans qoobox maintenant sous la forme

C:\QooBox\Quarantine\C\Users\GaWeL\AppData\Roaming\m\flec006.exe.vir

 

Non ?

[gawel]

Re.

Non toujours pas, j'ai l'ancer une recherche pour le trouver et l'ordi ne le trouve plus.

Il s'est peut etre suprimer quand j'ai suprimer les ficher en quarantaine de l'anti virus?

[Falkra]

Possible qu'il y ait eu un télescopage, c'est le plus probable (j'ai un autre cas même infection ailleurs).

 

Essaie de désinstaller puis réinstaller ton antivirus et dis moi si ça marche.

Ne réactive pas TeaTimer.

[Falkra]

Up. Des nouvelles ?