Sujet Précédent Sujet Suivant

VirusWin32/Ursnif

Fermé
didou - 8 févr. 2008 à 21:10
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 12 févr. 2008 à 16:44
Bonjour,
je viens de m'apercevoir que j'ai un virus Win32/Ursnif
Trojan-Downloader.Win32.Bagle.cu
W32.Beagle.GM
Troj/BagleDl-DB
Troj/Bagle-TH

Je suis nul en informatique,je n'arrive meme pas à installer Windows OneCare, si une personne peux m'aider merci d'avance

45 réponses

Précédent
Réponse 21 / 45
didou
9 févr. 2008 à 10:59
File move failed. C:\WINDOWS\SYSTEM32\WINTEMS.EXE scheduled to be moved on reboot.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT moved successfully.
File move failed. C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS scheduled to be moved on reboot.
File move failed. C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE scheduled to be moved on reboot.

OTMoveIt2 v1.0.19 log created on 02092008_104703

Et je comprends pas, car lorsque je rallume l'ordi,j'ai toujours Elibag qui se mets en route,avant le bureau et lorque le bureau s'ouvre j'ai la fenetre SELECT FILE TO CRACK qui s'ouvre, c'est de pire en pire. Merci
0
Réponse 22 / 45
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
9 févr. 2008 à 11:44
colle un rapport hijackthis et dis tes soucis actuels


http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :

https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."

_______________



cette fois fais en mode sans echec surtout: http://service1.symantec.com/support/inter/tsgeninfointl.nsf/fr_docid/20020905112131924


DEMARRER puis EXECUTER et tape mrt puis clique sur ok et suis la procedure

___________

essaye de refaire elibaga en mode sans echec car il ne les a pas tous supprimés (Acceso Denegado.)

__________
en mode sans echec : stinger

http://download.nai.com/products/mcafee-avert/stng380.exe
__________




télécharges et installes :

kill box
https://www.bleepingcomputer.com/download/linux/


aide kill box
http://perso.wanadoo.fr/jesses/Docs/Logiciels/KillBox.htm


- Redémarre en mode sans échec, si tu sais pas comment on fait lis ceci

- Double-clic sur fix.reg

Ouvres killbox
- Sélectionne "delete on reboot"
- Clique sur le dossier jaune à droite et sélectionne les fichiers :



C:\WINDOWS\SYSTEM32\WINTEMS.EXE
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE

- Clique sur la croix rouge et et blanche
- Répond yes et laisse redémarrer ton pc.
N'hésite pas à consulter l'Aide killbox

____________
colle le rapport d'un scan en ligne
avec un des suivants:


bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

secuser en ligne :
http://www.secuser.com/outils/antivirus.htm

___________________
0
Réponse 23 / 45
didou
9 févr. 2008 à 12:01
Virus identifiés
2

Fichiers infectés
4

Fichiers suspects
0

Avertissements
0

Désinfectés
0

Fichiers effacés
2




Info sur les moteurs

Définition virus
896232

Version des moteurs
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Analyse des plugins
14

Archive des plugins
38

Unpack des plugins
6

E-mail plugins
6

Système plugins
1




Paramètres d'analyse

Première action
Désinfecté

Seconde Action
Supprimé

Heuristique
Oui

Acceptez les avertissements
Oui

Extensions analysées
*;

Excludez les extensions


Analyse d'emails
Oui

Analyse des Archives
Oui

Analyser paquets programmes
Oui

Analyse des fichiers
Oui

Analyse de boot
Oui




Fichier analysé
Statut

C:\hp\KBD\KbdStub.exe
Infecté par: Trojan.Downloader.Bagle.FD

C:\hp\KBD\KbdStub.exe
Supprimé

C:\hp\support\hpsysdrv.exe
Infecté par: Trojan.Downloader.Bagle.FD

C:\hp\support\hpsysdrv.exe
Echec de la désinfection

C:\hp\support\hpsysdrv.exe
Echec de la suppression

C:\Users\David\AppData\Local\VirtualStore\Windows\System32\FactoryMode
Infecté par: Trojan.Downloader.Bagle.FD

C:\Users\David\AppData\Local\VirtualStore\Windows\System32\FactoryMode
Supprimé

C:\Windows\System32\mdelk.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\Windows\System32\mdelk.exe
Echec de la désinfection

C:\Windows\System32\mdelk.exe
Echec de la suppression

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_2BDB882D5EF14DA6985BB7714DB320DD=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_2BDB882D5EF14DA6985BB7714DB320DD=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_2BDB882D5EF14DA6985BB7714DB320DD=>(JAVASCRIPT 4)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_2BDB882D5EF14DA6985BB7714DB320DD=>(JAVASCRIPT 5)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_2BDB882D5EF14DA6985BB7714DB320DD=>(JAVASCRIPT 6)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_2BDB882D5EF14DA6985BB7714DB320DD=>(JAVASCRIPT 7)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_2BDB882D5EF14DA6985BB7714DB320DD=>(JAVASCRIPT 8)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_2EC244A039F24FA39A8BDC4A6167CDC5
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_2EC244A039F24FA39A8BDC4A6167CDC5=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_2EC244A039F24FA39A8BDC4A6167CDC5=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_0D1928CFEC9E4006857651B324475E6A
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_0D1928CFEC9E4006857651B324475E6A=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_0D1928CFEC9E4006857651B324475E6A=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_0D1928CFEC9E4006857651B324475E6A=>(JAVASCRIPT 4)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_0D1928CFEC9E4006857651B324475E6A=>(JAVASCRIPT 5)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_9855B702655144FD890F6E64E6814AB0
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_9855B702655144FD890F6E64E6814AB0=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_9855B702655144FD890F6E64E6814AB0=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_8F76ADA71AD64D35B209C0E9E68D99C1
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_8F76ADA71AD64D35B209C0E9E68D99C1=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_8F76ADA71AD64D35B209C0E9E68D99C1=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_C3A86C5D41A7496EA2DC67C3B18FDAC7
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_C3A86C5D41A7496EA2DC67C3B18FDAC7=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_C3A86C5D41A7496EA2DC67C3B18FDAC7=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_FAE92D97C8674BC3B40D67A34D6EA673
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_FAE92D97C8674BC3B40D67A34D6EA673=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_FAE92D97C8674BC3B40D67A34D6EA673=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_266C475A87F64A3C9C6BCCB8B168CA01
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_266C475A87F64A3C9C6BCCB8B168CA01=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_266C475A87F64A3C9C6BCCB8B168CA01=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_266C475A87F64A3C9C6BCCB8B168CA01=>(JAVASCRIPT 4)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_266C475A87F64A3C9C6BCCB8B168CA01=>(JAVASCRIPT 5)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_D43F1E7F633946D0B3E448CC4902FB94
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_D43F1E7F633946D0B3E448CC4902FB94=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_D43F1E7F633946D0B3E448CC4902FB94=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_CC4ECBF946744FFA9867A2CE190112F8
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_CC4ECBF946744FFA9867A2CE190112F8=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_CC4ECBF946744FFA9867A2CE190112F8=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_CC4ECBF946744FFA9867A2CE190112F8=>(JAVASCRIPT 4)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_CC4ECBF946744FFA9867A2CE190112F8=>(JAVASCRIPT 5)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_CC4ECBF946744FFA9867A2CE190112F8=>(JAVASCRIPT 6)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_CC4ECBF946744FFA9867A2CE190112F8=>(JAVASCRIPT 7)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_4B4550DA745B4A4D8C0CD7582888E9FD
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_4B4550DA745B4A4D8C0CD7582888E9FD=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_4B4550DA745B4A4D8C0CD7582888E9FD=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_4055A8961D884777A6E09991A01743FF
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_4055A8961D884777A6E09991A01743FF=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_4055A8961D884777A6E09991A01743FF=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_740EAA6A058C439A853302D77D7F9BD6
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_740EAA6A058C439A853302D77D7F9BD6=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_740EAA6A058C439A853302D77D7F9BD6=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_740EAA6A058C439A853302D77D7F9BD6=>(JAVASCRIPT 4)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_740EAA6A058C439A853302D77D7F9BD6=>(JAVASCRIPT 5)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_7282C26F72224AA290B58105F37ED261
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_7282C26F72224AA290B58105F37ED261=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_7282C26F72224AA290B58105F37ED261=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_4674649DEC3F4B1EB98A52DDD1EA999E
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_4674649DEC3F4B1EB98A52DDD1EA999E=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_4674649DEC3F4B1EB98A52DDD1EA999E=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_4674649DEC3F4B1EB98A52DDD1EA999E=>(JAVASCRIPT 4)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_4674649DEC3F4B1EB98A52DDD1EA999E=>(JAVASCRIPT 5)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_101A6C7E002947B3B7B883B4D74666A3
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_101A6C7E002947B3B7B883B4D74666A3=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_101A6C7E002947B3B7B883B4D74666A3=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_1947B70FBAB24F69844DFB826DF0605F
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_1947B70FBAB24F69844DFB826DF0605F=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_1947B70FBAB24F69844DFB826DF0605F=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_BA0F57B68D7F4052B96EBB8B008E85FC
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_BA0F57B68D7F4052B96EBB8B008E85FC=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_BA0F57B68D7F4052B96EBB8B008E85FC=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_7F0CEDD61B554C3492A549839B86254E
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_7F0CEDD61B554C3492A549839B86254E=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_7F0CEDD61B554C3492A549839B86254E=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_0B729FA60B0D448E99905C19C84AC50F
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_0B729FA60B0D448E99905C19C84AC50F=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_0B729FA60B0D448E99905C19C84AC50F=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_BAD726C7F71A4CEF90B8CA61EB218850
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_BAD726C7F71A4CEF90B8CA61EB218850=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_BAD726C7F71A4CEF90B8CA61EB218850=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_78BE53E793E04424B44FD75C70BE5A24
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_78BE53E793E04424B44FD75C70BE5A24=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_78BE53E793E04424B44FD75C70BE5A24=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_B52820F262874A3DABCF3E5D6A23564B
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_B52820F262874A3DABCF3E5D6A23564B=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_B52820F262874A3DABCF3E5D6A23564B=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_BBC63C5A387648068EFE48DBC89EFB08
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_BBC63C5A387648068EFE48DBC89EFB08=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_BBC63C5A387648068EFE48DBC89EFB08=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_B55795490CD345F68046731DDF8D9D78
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_B55795490CD345F68046731DDF8D9D78=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_B55795490CD345F68046731DDF8D9D78=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_FAEDEE31B1B24C9D9AF8845A1853685C
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_FAEDEE31B1B24C9D9AF8845A1853685C=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_FAEDEE31B1B24C9D9AF8845A1853685C=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_908D760520D54E2A96F3E037F82AF432
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_908D760520D54E2A96F3E037F82AF432=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_908D760520D54E2A96F3E037F82AF432=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_869FB7E5B1064E7C9A01DCC244D36383
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_869FB7E5B1064E7C9A01DCC244D36383=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_869FB7E5B1064E7C9A01DCC244D36383=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_DC111D42DCF745E5AB4EBEC0EF0A6284
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_DC111D42DCF745E5AB4EBEC0EF0A6284=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_DC111D42DCF745E5AB4EBEC0EF0A6284=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_0F01F7C7910D49DB9FD3B969F9F26295
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_0F01F7C7910D49DB9FD3B969F9F26295=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_0F01F7C7910D49DB9FD3B969F9F26295=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_152A918E63EF424A99BA94CC10980282
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_152A918E63EF424A99BA94CC10980282=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_152A918E63EF424A99BA94CC10980282=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_3EB9F5C564B74A7CB7D57B0A2941DDFB
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_3EB9F5C564B74A7CB7D57B0A2941DDFB=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_3EB9F5C564B74A7CB7D57B0A2941DDFB=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_A89DFBA894854BAD9F55D561858B26B7
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_A89DFBA894854BAD9F55D561858B26B7=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_A89DFBA894854BAD9F55D561858B26B7=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_62AE4097F4E1475C87AC0FDE2E613E50
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_62AE4097F4E1475C87AC0FDE2E613E50=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_62AE4097F4E1475C87AC0FDE2E613E50=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_62AE4097F4E1475C87AC0FDE2E613E50=>(JAVASCRIPT 4)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_62AE4097F4E1475C87AC0FDE2E613E50=>(JAVASCRIPT 5)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_62AE4097F4E1475C87AC0FDE2E613E50=>(JAVASCRIPT 6)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_62AE4097F4E1475C87AC0FDE2E613E50=>(JAVASCRIPT 7)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_E8AE002223754DCC89263D0DCC9D1087
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_E8AE002223754DCC89263D0DCC9D1087=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_E8AE002223754DCC89263D0DCC9D1087=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_67D3537931024EC3A323042300C2287C
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_67D3537931024EC3A323042300C2287C=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_67D3537931024EC3A323042300C2287C=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_1FFF08A34CD340A9B60E7AD639E0A131
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_1FFF08A34CD340A9B60E7AD639E0A131=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_1FFF08A34CD340A9B60E7AD639E0A131=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_DEE5AFFB70974E05847D11A78DFEA793
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_DEE5AFFB70974E05847D11A78DFEA793=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_DEE5AFFB70974E05847D11A78DFEA793=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_19E8BFCC807948CAB59B4E981CC3FCBD
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_19E8BFCC807948CAB59B4E981CC3FCBD=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_19E8BFCC807948CAB59B4E981CC3FCBD=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_B41CE08A7C47412BB4B910C8D1E12CA4
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_B41CE08A7C47412BB4B910C8D1E12CA4=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_B41CE08A7C47412BB4B910C8D1E12CA4=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_55006213997043F99DEE0761FA3E605A
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_55006213997043F99DEE0761FA3E605A=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_55006213997043F99DEE0761FA3E605A=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_792B2C4E0D784C51881AF4309E61CA55
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_792B2C4E0D784C51881AF4309E61CA55=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_792B2C4E0D784C51881AF4309E61CA55=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_76E0CAC0B7784B1EBA8E1AAD13E20AB4
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_76E0CAC0B7784B1EBA8E1AAD13E20AB4=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_76E0CAC0B7784B1EBA8E1AAD13E20AB4=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_FDCD9369845A4033B105CADCC08B69F9
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_FDCD9369845A4033B105CADCC08B69F9=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_FDCD9369845A4033B105CADCC08B69F9=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_FDCD9369845A4033B105CADCC08B69F9=>(JAVASCRIPT 4)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_F4C69AB3F1B54CA6B31D859E8963023F
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_F4C69AB3F1B54CA6B31D859E8963023F=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_F4C69AB3F1B54CA6B31D859E8963023F=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_4D47905F9A7643D2A57B667AC3C27345
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_4D47905F9A7643D2A57B667AC3C27345=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_4D47905F9A7643D2A57B667AC3C27345=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_7F0582C145E542318CB72AF53416C1E1
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_7F0582C145E542318CB72AF53416C1E1=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_7F0582C145E542318CB72AF53416C1E1=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_B32C8C42B20041D1A8667D584CFE0F2B
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_B32C8C42B20041D1A8667D584CFE0F2B=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_B32C8C42B20041D1A8667D584CFE0F2B=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_B4AAC88DF3614619A4B5F2A396AA288F
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_B4AAC88DF3614619A4B5F2A396AA288F=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_B4AAC88DF3614619A4B5F2A396AA288F=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_0CE64EF2A6A344688CE41F508078F5E9
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_0CE64EF2A6A344688CE41F508078F5E9=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_0CE64EF2A6A344688CE41F508078F5E9=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_CE07D99A7F0B4622BD5A366667CBDD51
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_CE07D99A7F0B4622BD5A366667CBDD51=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_CE07D99A7F0B4622BD5A366667CBDD51=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_1346C195648D4B1EA07C7F4832D97F25
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_1346C195648D4B1EA07C7F4832D97F25=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_1346C195648D4B1EA07C7F4832D97F25=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_2C997A2B1B304FD8834B81988EC2E468
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_2C997A2B1B304FD8834B81988EC2E468=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_2C997A2B1B304FD8834B81988EC2E468=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_05E9FB4248A545E883433EB9BED58617
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_05E9FB4248A545E883433EB9BED58617=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_05E9FB4248A545E883433EB9BED58617=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_5F852A1175654EC3BB6489865D4CCAE5
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_5F852A1175654EC3BB6489865D4CCAE5=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_5F852A1175654EC3BB6489865D4CCAE5=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_DDAAF697CE59456EA288E223E9EB727F
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_DDAAF697CE59456EA288E223E9EB727F=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_DDAAF697CE59456EA288E223E9EB727F=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_DDAAF697CE59456EA288E223E9EB727F=>(JAVASCRIPT 4)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_6A6F1BC87CA3451992E3A408121F906E
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_6A6F1BC87CA3451992E3A408121F906E=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_6A6F1BC87CA3451992E3A408121F906E=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_5DF0974393D8488AA82FF15ABF89E46F
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_5DF0974393D8488AA82FF15ABF89E46F=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_5DF0974393D8488AA82FF15ABF89E46F=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_5DF0974393D8488AA82FF15ABF89E46F=>(JAVASCRIPT 4)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_5DF0974393D8488AA82FF15ABF89E46F=>(JAVASCRIPT 5)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_5DF0974393D8488AA82FF15ABF89E46F=>(JAVASCRIPT 6)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_D74BF11E12F749E38CB613254DC69CEB
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_D74BF11E12F749E38CB613254DC69CEB=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_D74BF11E12F749E38CB613254DC69CEB=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_0ACFF497517F40929AAEF864D40A8BCD
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_0ACFF497517F40929AAEF864D40A8BCD=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_0ACFF497517F40929AAEF864D40A8BCD=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_9C91D85F81D24545A5ED0C13D6F74C7D
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_9C91D85F81D24545A5ED0C13D6F74C7D=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_9C91D85F81D24545A5ED0C13D6F74C7D=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_B954DF7F28504A1A8BD472A34BE139C6
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_B954DF7F28504A1A8BD472A34BE139C6=>(JAVASCRIPT 2)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_B954DF7F28504A1A8BD472A34BE139C6=>(JAVASCRIPT 3)
Nettoyé

D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab=>_460931E70DFD4F6FA396D0E421694272
0
Réponse 24 / 45
didou
9 févr. 2008 à 12:09
imposible ,j'ai le raccourci sur le bureau mais lorsque je clic dessus ca me marque
c:\program files\trend micro\hijack this\hijack this.exe.n'est pas une application win32 valide
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 45
didou
9 févr. 2008 à 12:13
J'aimerai pas passer mon week-end à essayer d'enlever ce sacré virus, un anti virus c'est pas plus simple,pour le moment les magasins sont ouverts, et prendre lequel pour enlever ce VIRUS
0
Réponse 26 / 45
didou
9 févr. 2008 à 12:32
impossible de renomer hijack.exe
0
Réponse 27 / 45
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
9 févr. 2008 à 12:42
slt
bagle malheureusement empeche l'installation des antivirus....... il faut donc arrivé a en virer le maximum

fais tout

courage


________________


cette fois fais en mode sans echec surtout: http://service1.symantec.com/


DEMARRER puis EXECUTER et tape mrt puis clique sur ok et suis la procedure

___________

essaye de refaire elibaga en mode sans echec car il ne les a pas tous supprimés (Acceso Denegado.)

__________
en mode sans echec : stinger

http://download.nai.com/products/mcafee-avert/stng380.exe
__________




télécharges et installes :

kill box
https://www.bleepingcomputer.com/download/linux/


aide kill box
http://perso.wanadoo.fr/jesses/Docs/Logiciels/KillBox.htm


- Redémarre en mode sans échec, si tu sais pas comment on fait lis ceci

- Double-clic sur fix.reg

Ouvres killbox
- Sélectionne "delete on reboot"
- Clique sur le dossier jaune à droite et sélectionne les fichiers :



C:\hp\KBD\KbdStub.exe
C:\hp\support\hpsysdrv.exe
C:\Users\David\AppData\Local\VirtualStore\Windows\System32\FactoryMode
C:\Windows\System32\mdelk.exe
D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab
C:\WINDOWS\SYSTEM32\WINTEMS.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE

- Clique sur la croix rouge et et blanche
- Répond yes et laisse redémarrer ton pc.
N'hésite pas à consulter l'Aide killbox

____________


essaye maintenant si tu n'as aucun antivirus de mettre antivir qui est tres efficace et gratuit

https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)

___________________
0
Réponse 28 / 45
didou
9 févr. 2008 à 13:28
impossible d'aller sur cette page
http://service1.symantec.com/
0
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
9 févr. 2008 à 13:51
http://service1.symantec.com/support/inter/tsgeninfointl.nsf/fr_docid/20020905112131924

ou

https://www.informatruc.com
0
Réponse 29 / 45
didou
9 févr. 2008 à 13:38
McAfee® Stinger Version 3.8.0 built on Sep 10 2007

Copyright © 2007 McAfee, Inc. All Rights Reserved.

Virus data file v1000 created on Sep 10 2007.

Ready to scan for 191 viruses, trojans and variants.



Scan initiated on Sat Feb 09 13:06:49 2008

Number of clean files: 266836
0
Réponse 30 / 45
didou
9 févr. 2008 à 14:21
voici le dernier rapport, on dirait que ca va mieux et maintenant?


Fri Feb 08 21:24:21 2008
EliBagle v10.98 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.

Fri Feb 08 21:24:57 2008
EliBagle v10.98 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.

Fri Feb 08 21:29:08 2008
EliBagle v10.98 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\hp\support\HPSYSDRV.EXE --> Eliminado Bagle.dldr

Nº Total de Directorios: 13053
Nº Total de Ficheros: 106140
Nº de Ficheros Analizados: 13328
Nº de Ficheros Infectados: 2
Nº de Ficheros Limpiados: 1

Fri Feb 08 22:54:58 2008
EliBagle v10.98 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.

Fri Feb 08 22:55:16 2008
EliBagle v10.98 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 13055
Nº Total de Ficheros: 107006
Nº de Ficheros Analizados: 13338
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 0

Sat Feb 09 07:55:55 2008
EliBagle v10.98 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.

Sat Feb 09 09:14:03 2008
EliBagle v10.98 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.

Sat Feb 09 09:14:19 2008
EliBagle v10.98 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 13059
Nº Total de Ficheros: 105148
Nº de Ficheros Analizados: 13312
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 0

Sat Feb 09 10:01:06 2008
EliBagle v10.98 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.

Sat Feb 09 10:01:44 2008
EliBagle v10.98 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 13063
Nº Total de Ficheros: 105231
Nº de Ficheros Analizados: 13312
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 0

Sat Feb 09 10:50:10 2008
EliBagle v10.98 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.

Sat Feb 09 14:01:54 2008
EliBagle v10.98 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Eliminado Bagle.dldr

Sat Feb 09 14:02:28 2008
EliBagle v10.98 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\hp\support\HPSYSDRV.EXE --> Eliminado Bagle.dldr
C:\Windows\System32\MDELK.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\down\107297.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\down\14656668.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\down\14667510.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\down\14673454.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\down\14674717.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\down\29312806.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\down\29379808.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\down\43915950.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\down\53243.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\down\55349.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\down\58999.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\down\59389.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\down\62509.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\down\65972.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\down\66768.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\down\68094.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\down\70574.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\down\71620.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\down\88655.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\down\90230.EXE --> Eliminado Bagle

Nº Total de Directorios: 13154
Nº Total de Ficheros: 107469
Nº de Ficheros Analizados: 13381
Nº de Ficheros Infectados: 22
Nº de Ficheros Limpiados: 22
0
Réponse 31 / 45
didou
9 févr. 2008 à 14:31
il ne veux pas s'ouvrir.
https://www.bleepingcomputer.com/download/linux/
0
Réponse 32 / 45
didou
9 févr. 2008 à 14:36
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:33:21, on 09.02.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\conime.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/de-ch?cobrand=hp.msn.com&ocid=HPDHP&pc=HPDTDF&checklang=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/de-ch?cobrand=hp.msn.com&ocid=HPDHP&pc=HPDTDF&checklang=1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Radio France Toolbar - {1a2cd84f-2175-4ae8-bd60-ce0d04442b4f} - C:\Program Files\Radio_France\tbRadi.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Radio France Toolbar - {1a2cd84f-2175-4ae8-bd60-ce0d04442b4f} - C:\Program Files\Radio_France\tbRadi.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Radio France Toolbar - {1a2cd84f-2175-4ae8-bd60-ce0d04442b4f} - C:\Program Files\Radio_France\tbRadi.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\Windows\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
0
Réponse 33 / 45
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
9 févr. 2008 à 16:54
télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\hp\KBD\KbdStub.exe
C:\hp\support\hpsysdrv.exe
C:\Users\David\AppData\Local\VirtualStore\Windows\System32\FactoryMode
C:\Windows\System32\mdelk.exe
D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab
C:\WINDOWS\SYSTEM32\WINTEMS.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.




____________
installe antivir: et scan avec

https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
0
Réponse 34 / 45
didou
9 févr. 2008 à 17:48
File/Folder C:\WINDOWS\SYSTEM32\WINTEMS.EXE not found.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT moved successfully.
File/Folder C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS not found.
File/Folder C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE not found.

OTMoveIt2 v1.0.19 log created on 02092008_144921
File move failed. C:\WINDOWS\SYSTEM32\WINTEMS.EXE scheduled to be moved on reboot.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT moved successfully.
File move failed. C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS scheduled to be moved on reboot.
File move failed. C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE scheduled to be moved on reboot.

OTMoveIt2 v1.0.19 log created on 02092008_104703
File/Folder C:\hp\KBD\KbdStub.exe not found.
File/Folder C:\hp\support\hpsysdrv.exe not found.
File/Folder C:\Users\David\AppData\Local\VirtualStore\Windows\System32\FactoryMode not found.
File/Folder C:\Windows\System32\mdelk.exe not found.
D:\HP\apps\APP30602\src\OUTPUTDIR_zh_CN\Data1.cab moved successfully.
File/Folder C:\WINDOWS\SYSTEM32\WINTEMS.EXE not found.
File/Folder C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS not found.
File/Folder C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE not found.

OTMoveIt2 v1.0.19 log created on 02092008_174101
0
Réponse 35 / 45
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
9 févr. 2008 à 17:53
____________
installe antivir: et scan avec et colle le rapport

https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
0
Réponse 36 / 45
didou
9 févr. 2008 à 18:04
AntiVir PersonalEdition Classic
Report file date: samedi 9 février 2008 16:20

Scanning for 1096761 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Username: David
Computer name: DAVID

Version information:
BUILD.DAT : 270 15603 Bytes 19.09.2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23.08.2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16.08.2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14.08.2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21.08.2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18.07.2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14.12.2007 14:22:33
ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 08.02.2008 14:22:33
ANTIVIR3.VDF : 7.0.2.114 2048 Bytes 08.02.2008 14:22:33
AVEWIN32.DLL : 7.6.0.62 3240448 Bytes 09.02.2008 14:22:33
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26.02.2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18.07.2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16.04.2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 09.02.2008 14:22:33
AVREG.DLL : 7.0.1.6 30760 Bytes 18.07.2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28.08.2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18.07.2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08.03.2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07.08.2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21.08.2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23.07.2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: F:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: samedi 9 février 2008 16:20

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
16 processes with 16 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'L:\'
[NOTE] No virus was found!
Boot sector 'G:\'
[NOTE] In the drive 'G:\' no data medium is inserted!
Boot sector 'H:\'
[NOTE] In the drive 'H:\' no data medium is inserted!
Boot sector 'I:\'
[NOTE] In the drive 'I:\' no data medium is inserted!
Boot sector 'J:\'
[NOTE] In the drive 'J:\' no data medium is inserted!
Boot sector 'K:\'
[NOTE] In the drive 'K:\' no data medium is inserted!

Starting to scan the registry.
The registry was scanned ( '17' files ).


Starting the file scan:

Begin scan in 'C:\' <HP>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Windows\System32\drivers\down\14630397.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '47e3c8ce.qua'!
C:\Windows\System32\drivers\down\14660209.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '47e3c8d1.qua'!
C:\Windows\System32\drivers\down\14670131.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '47e3c8d5.qua'!
C:\Windows\System32\drivers\down\14670770.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '47e3c8d7.qua'!
C:\Windows\System32\drivers\down\166874.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '47e3c8e0.qua'!
C:\Windows\System32\drivers\down\29306878.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '47e0c8ea.qua'!
C:\Windows\System32\drivers\down\29363818.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '47e0c8ec.qua'!
C:\Windows\System32\drivers\down\43904078.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '47e6c8ea.qua'!
C:\Windows\System32\drivers\down\49265.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '47dfc8f3.qua'!
C:\Windows\System32\drivers\down\51355.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '47e0c8ed.qua'!
C:\Windows\System32\drivers\down\56909.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '47e6c8f4.qua'!
C:\Windows\System32\drivers\down\61745.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '47e4c8f1.qua'!
C:\Windows\System32\drivers\down\64958.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '47e6c8f6.qua'!
C:\Windows\System32\drivers\down\73726.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '47e4c8f8.qua'!
C:\Windows\System32\drivers\down\75223.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '47dfc8fc.qua'!
C:\Windows\System32\drivers\down\88686.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '47e3c902.qua'!
C:\Windows\System32\drivers\down\91338.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '47e0c8fd.qua'!
Begin scan in 'D:\' <Recovery>
Begin scan in 'L:\' <Sauvegard David>
Begin scan in 'G:\'
Search path G:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'H:\'
Search path H:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'I:\'
Search path I:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'J:\'
Search path J:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'K:\'
Search path K:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'E:\' <OC V2 RTM>
Begin scan in 'F:\'
Search path F:\ could not be opened!
Le périphérique n'est pas prêt.



End of the scan: samedi 9 février 2008 17:30
Used time: 1:09:51 min

The scan has been done completely.

13896 Scanning directories
522428 Files were scanned
17 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
17 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
522411 Files not concerned
5803 Archives were scanned
1 Warnings
21 Notes
0
Réponse 37 / 45
didou
9 févr. 2008 à 18:09
ON M'A PROPOSER COMME ANTI VIRUS nod 32
MAINTENANT J'AI UN AUTRE PROBLEME AVEC LES CONTROLES ACTIVEX car je voulais scanner avec ce anti virus et j'ai un probleme avec les controles activeX, je ne compremds plus rien
0
Réponse 38 / 45
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
9 févr. 2008 à 18:13
vire ce qui est en quarantaine dans antivir et recolle un rapport antivir et dis tes soucis

colle aussi un nouveau rapport hijakchits
0
Réponse 39 / 45
didou
9 févr. 2008 à 18:24
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:33:21, on 09.02.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\conime.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Radio France Toolbar - {1a2cd84f-2175-4ae8-bd60-ce0d04442b4f} - C:\Program Files\Radio_France\tbRadi.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Radio France Toolbar - {1a2cd84f-2175-4ae8-bd60-ce0d04442b4f} - C:\Program Files\Radio_France\tbRadi.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Radio France Toolbar - {1a2cd84f-2175-4ae8-bd60-ce0d04442b4f} - C:\Program Files\Radio_France\tbRadi.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\Windows\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
0
Réponse 40 / 45
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
9 févr. 2008 à 22:02
relabnce hiajkchtis et fix ces lignes:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"


__________

pourquoi avoir enlevé antivir???



remets le et colle un nouveau rapport apres avoir viré ce qui est en quarantaine









pour protéger gratos ton ordi

http://www.commentcamarche.net/telecharger/logiciel 4 securite

mettre un antivirus

ANTIVIR (en anglais mais très efficace)
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
AD AWARE + SPYBOT +/- si tea timer non active de spybot: WINDOWS DEFENDER
+/-
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

Rq : spybot et ad-aware on sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
--------
un pare feu :
celui de Windows ou mieux KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm

-----------

CCLEANER pour effacer les traces de surf
0