Sujet Précédent Sujet Suivant

Enlevé virus backdoor.hupigon.arlg

Fermé
kakashi - 16 mars 2008 à 18:20
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 17 mars 2008 à 16:38
Bonjour,


aimerai savoir comment enlevait se virus backdoor.hupigon.arlg

j ai tous essayé mais tout les antivirus que j ai utilisé ne le fond pas partir et même certain ne le détecte même pas

donc si vous avez une solution
A voir également:

19 réponses

Réponse 1 / 19
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
16 mars 2008 à 18:20
slt,


colle un rapport hijackthis


http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :

https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
0
Réponse 2 / 19
Utilisateur anonyme
16 mars 2008 à 18:21
salut

télécharge hijackthis fait un scan et colle moi le log ici
0
kakashi
16 mars 2008 à 18:51
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:50:18, on 16/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Windows\system32\wbem\unsecapp.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files\BitLord\BitLord.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\GUILD WARS\Gw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
R3 - URLSearchHook: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnli.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnli.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O3 - Toolbar: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnli.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: NCProTray.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
0
Réponse 3 / 19
Utilisateur anonyme
16 mars 2008 à 19:04
telecharge spybot et a-squared mes les a jours puis fait un scan et supprime touzs se qu'ils trouvent puis reposte moi un log hijackthis
0
kakashi
16 mars 2008 à 20:15
c est un peut long jai fait un scan complet

une question si je réinstalle ton mon pc sa le suprimera??
0
Réponse 4 / 19
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
16 mars 2008 à 19:17
desinstalle via ton panneau de configuration:

Multi_Media toolbar

__________


Télécharge BTFix de Bibi26
http://cluster1.easy-hebergement.net/
Dézippe l'archive sur ton Bureau.
Ouvre le dossier BTFix.
Double clique sur BTFix.exe.
Clique sur Rechercher.
Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 19
Utilisateur anonyme
16 mars 2008 à 20:16
je te conseille de ne pas tous reformater parce que une fois ton ordi connecter sans antivirus ça recommence
0
Réponse 6 / 19
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
16 mars 2008 à 20:16
si tu fais ce qui moi je t'ai indiqué a savoir btfix on virera l'infection ( Ask Toolbar BHO) que tu as
0
Réponse 7 / 19
kakashi
16 mars 2008 à 20:46
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:44:26, on 16/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Windows\system32\wbem\unsecapp.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files\BitLord\BitLord.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\conime.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
R3 - URLSearchHook: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnli.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnli.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O3 - Toolbar: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnli.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: NCProTray.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
0
Réponse 8 / 19
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
16 mars 2008 à 20:52
tu as fais btfix??????????????????????


on y arrivera pas si tu ne fais pas!
_____________


desinstalle via ton panneau de configuration:
Multi_Media toolbar

__________

Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".



R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL

______________


télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
C:\Program Files\AskTBar
C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL



clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

_______________

vire ce qui est dans moved file en allant dans poste de travail puic c puis otmovit

_______________

recolle un rapport hijakhcits et dis tes soucis
0
Réponse 9 / 19
kakashi
16 mars 2008 à 21:35
poste le rapport situé dans C:\_OTMoveIt\MovedFiles


tu le trouve ou sa ?

au fait BTFix je le prend pas vu que mon pare feux dit qui a un virus dedans
0
Réponse 10 / 19
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
16 mars 2008 à 21:41
ok

mais btfix est considéré a tort comme un virus

pas grave

___________



vire ce qui est dans moved file en allant dans poste de travail puic c puis otmovit

____________

puis colle moi un nouveau hijakchtis je verifirai si encore des infections
dis moi si encore des alertes de tes protections?
0
kakashi
16 mars 2008 à 21:46
je peut rien virée il me demende une autorisation alors que je suis le seul utilisateur sur le pc
0
Réponse 11 / 19
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
16 mars 2008 à 21:49
vire ce qui est dans moved fiels en mode sans echec

http://service1.symantec.com/support/inter/tsgeninfointl.nsf/fr_docid/20020905112131924

________

recolle un hijakhcits et dis tes soucis actuels
0
kakashi
16 mars 2008 à 21:53
dsl (je précise je débute en informatique) sur le lien que tu ma fait il a pas le mode sans échec de vista
0
Réponse 12 / 19
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
16 mars 2008 à 21:57
http://www.forum-vista.net/forum/
0
kakashi
16 mars 2008 à 22:17
j ai fais se que tue a dit mais j ai toujours le virus d après AVG



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:13:43, on 16/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnli.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnli.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: NCProTray.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
0
Réponse 13 / 19
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
16 mars 2008 à 22:27
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)

O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)

____________

colle moi le rapport avg antispyware pour voir les fichiers inféctés
0
kakashi
16 mars 2008 à 22:33
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 22:33:19 16/03/2008

+ Résultat de l'analyse:



[1588] C:\Program Files\Intel\Intell.DLL -> Backdoor.Hupigon.arlg : Nettoyé et sauvegardé (mise en quarantaine).
[1876] C:\Program Files\Intel\Intell.DLL -> Backdoor.Hupigon.arlg : Nettoyé et sauvegardé (mise en quarantaine).
[2268] C:\Program Files\Intel\Intell.DLL -> Backdoor.Hupigon.arlg : Nettoyé et sauvegardé (mise en quarantaine).
[2892] C:\Program Files\Intel\Intell.DLL -> Backdoor.Hupigon.arlg : Nettoyé et sauvegardé (mise en quarantaine).
[3276] C:\Program Files\Intel\Intell.DLL -> Backdoor.Hupigon.arlg : Nettoyé et sauvegardé (mise en quarantaine).


Fin du rapport
0
Réponse 14 / 19
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
16 mars 2008 à 22:36
colle moi bien le rapport otmovit

télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :


C:\Program Files\Intel\Intell.DLL


clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

_______________

vire ce qui est dans moved files en allant dans poste de travail puis c puis otmovit
0
kakashi
16 mars 2008 à 22:39
File/Folder C:\Program Files\Intel\Intell.DLL not found.

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03162008_223849
0
Réponse 15 / 19
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
16 mars 2008 à 22:42
ok

donc avg l'a viré!



encore des soucis?

si oui:


Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
0
Réponse 16 / 19
kakashi
16 mars 2008 à 22:55
le virus et toujours la


voila le rapport





ComboFix 08-03-14.4 - kakashi 2008-03-16 22:49:33.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1303 [GMT 1:00]
Endroit: C:\Users\kakashi\Desktop\KillBagle.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\VideoAccessCodec
C:\Program Files\VideoAccessCodec\install.ico
C:\Program Files\VideoAccessCodec\Uninstall.exe
C:\Windows\dat.txt
C:\Windows\main_uninstaller.exe
C:\Windows\rs.txt

.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-16 to 2008-03-16 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-16 21:38 --------- d---a-w C:\ProgramData\TEMP
2008-03-16 21:38 --------- d-----w C:\Program Files\Intel
2008-03-16 20:24 --------- d-----w C:\Program Files\Multi_Media
2008-03-16 19:57 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-16 19:56 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-03-16 19:54 --------- d-----w C:\Program Files\a-squared Free
2008-03-16 17:49 --------- d-----w C:\Program Files\Trend Micro
2008-03-16 16:10 --------- d-----w C:\ProgramData\Grisoft
2008-03-16 08:56 --------- d-----w C:\Users\kakashi\AppData\Roaming\DAEMON Tools
2008-03-16 08:56 --------- d-----w C:\Program Files\GUILD WARS
2008-03-16 00:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-16 00:56 --------- d-----w C:\Program Files\Common Files\Microsoft Games
2008-03-15 22:56 --------- d-----w C:\Program Files\Microsoft Games
2008-03-15 22:46 --------- d-----w C:\Users\kakashi\AppData\Roaming\Grisoft
2008-03-12 20:50 --------- d-----w C:\Program Files\Windows Mail
2008-03-08 00:26 --------- d-----w C:\Program Files\DivX
2008-03-05 10:35 --------- d-----w C:\Program Files\iTunes
2008-03-05 10:35 --------- d-----w C:\Program Files\iPod
2008-02-27 10:39 --------- d-----w C:\Program Files\QuickTime
2008-02-25 21:54 --------- d-----w C:\Users\kakashi\AppData\Roaming\teamspeak2
2008-02-25 21:54 --------- d-----w C:\Program Files\WinAVI MP4 Converter
2008-02-25 21:54 --------- d-----w C:\Program Files\AviSynth 2.5
2008-02-25 15:12 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-02-25 15:12 --------- d-----w C:\Program Files\AVSMedia
2008-02-21 02:05 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-02-21 02:05 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-02-14 08:17 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 08:17 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 08:13 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 08:11 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 08:11 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 08:11 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 08:11 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-12 19:32 --------- d-----w C:\Program Files\pspvideo9
2008-02-12 18:55 994 ----a-w C:\Users\kakashi\AppData\Roaming\filterclsid.dat
2008-02-11 18:48 --------- d-----w C:\Program Files\NCH Software
2008-02-11 18:25 --------- d-----w C:\Program Files\eRightSoft
2008-02-11 17:26 --------- d-----w C:\ProgramData\NCH Software
2008-02-10 21:25 --------- d-----w C:\Program Files\Magicbit
2008-02-10 21:18 --------- d-----w C:\Program Files\MediaCoder
2008-02-10 17:49 --------- d-----w C:\Program Files\Common Files\EasyInfo
2008-02-10 13:21 --------- d-----w C:\Program Files\BitLord
2008-02-10 12:42 --------- d-----w C:\Users\kakashi\AppData\Roaming\Samsung
2008-02-09 21:39 --------- d-----w C:\Users\kakashi\AppData\Roaming\Command & Conquer 3 Les guerres du Tiberium
2008-02-09 18:27 --------- d-----w C:\Program Files\Samsung
2008-02-08 18:48 --------- d-----w C:\Program Files\Electronic Arts
2008-02-04 21:43 --------- d-----w C:\Program Files\PENDULO Studios
2008-02-04 21:20 --------- d-----w C:\Program Files\Activision
2008-01-26 22:11 --------- d-----w C:\Program Files\EA GAMES
2008-01-26 22:08 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-01-26 22:08 --------- d--h--r C:\Users\kakashi\AppData\Roaming\SecuROM
2008-01-26 22:02 --------- d-----w C:\Program Files\Warcraft III
2008-01-26 21:56 --------- d-----w C:\ProgramData\WLInstaller
2008-01-26 21:54 --------- d-----w C:\Program Files\Windows Live
2008-01-26 21:53 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-26 21:50 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-26 16:10 --------- d-----w C:\Program Files\Steam
2008-01-26 15:30 --------- d-----w C:\Program Files\Alcohol Soft
2008-01-26 15:08 --------- d-----w C:\ProgramData\Media Center Programs
2008-01-26 14:45 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-01-26 14:42 715,248 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-01-20 00:41 --------- d-----w C:\Program Files\DMV
2008-01-18 18:25 --------- d-----w C:\Program Files\Common Files\LogiShrd
2008-01-18 18:22 --------- d-----w C:\ProgramData\LogiShrd
2008-01-18 18:22 --------- d-----w C:\Program Files\Logitech
2008-01-13 02:02 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-12-26 21:12 36,864 ----a-w C:\Windows\System32\wmdmps.dll
2007-12-26 21:12 311,296 ----a-w C:\Windows\System32\mswmdm.dll
2007-12-26 21:12 31,744 ----a-w C:\Windows\System32\wmdmlog.dll
2007-08-29 22:15 174 --sha-w C:\Program Files\desktop.ini
2007-08-25 14:26 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-08-25 14:26 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-08-25 14:26 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-07-05 17:25 22 --sha-w C:\Windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-13 03:02 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:34 2159104 C:\Windows\System32\oobefldr.dll]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 17:15 221184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-21 14:04 1006264]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 14:42 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2006-11-20 12:34 155648]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 15:46 4349952 C:\Windows\RtHDVCpl.exe]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 20:43 331776]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-08-28 01:59 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-08-28 01:59 8473120]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-08-28 01:59 81920]
"Windows Mobile-based device management"="%windir%\WindowsMobile\wmdc.exe" [ ]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 17:15 81920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-23 08:56 185896]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe [2007-08-21 17:10:10 49220]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\Windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^kakashi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MaxTV.lnk]
path=C:\Users\kakashi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MaxTV.lnk
backup=C:\Windows\pss\MaxTV.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2007-12-15 11:02 482760 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-10-25 16:33 563984 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-10-25 16:37 2178832 C:\Program Files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Philips Intelligent Agent]
C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSPVideo9]
--a------ 2005-10-30 01:56 606208 C:\Program Files\pspvideo9\pspVideo9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2007-11-30 09:22 1266936 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-03-23 08:56 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearch]
C:\Program Files\DAEMON Tools SearchBar\Search.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearchWHSE]
C:\Program Files\DAEMON Tools SearchBar\whse.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{060BAA23-8CCF-402F-A841-8E1A851D1A51}"= UDP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR
"{F8E40DBA-C6E6-4C7B-A719-AE107AFA18D0}"= TCP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR
"{958540E3-1932-47DD-A4FC-06F1B4156F8B}"= UDP:C:\Program Files\Sierra\FEAR\FEARMP.exe:FEARMP
"{552BC57B-8954-4367-B77E-40393045048B}"= TCP:C:\Program Files\Sierra\FEAR\FEARMP.exe:FEARMP
"{9280A0B1-7BAD-4AE9-A2E4-939926956DB7}"= UDP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{CA8C97B8-B58C-4284-BBB3-264D14E1A1D7}"= TCP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"TCP Query User{63942220-1E19-45A6-811B-16859790DEB9}C:\\wamp\\apache2\\bin\\httpd.exe"= UDP:C:\wamp\apache2\bin\httpd.exe:Apache HTTP Server
"UDP Query User{41ADD48F-E769-404E-8534-64FCDEC9165E}C:\\wamp\\apache2\\bin\\httpd.exe"= TCP:C:\wamp\apache2\bin\httpd.exe:Apache HTTP Server
"TCP Query User{DBD85DF9-1AC8-4A00-811F-39AB4992BBE8}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{AF2E18EF-0D7F-4037-B5C8-F85EB7517B9F}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{F9431FEC-9D28-4077-A49A-FC447C043916}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{59072841-1FB2-42B3-B4C3-DAE9D92FC144}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{4837452A-4080-459E-8600-F26F7BF8A93F}C:\\program files\\steam\\steamapps\\teddysoria\\half-life 2 deathmatch\\hl2.exe"= UDP:C:\program files\steam\steamapps\teddysoria\half-life 2 deathmatch\hl2.exe:hl2
"UDP Query User{D531CCFF-9194-4539-88B6-65AD4CF09459}C:\\program files\\steam\\steamapps\\teddysoria\\half-life 2 deathmatch\\hl2.exe"= TCP:C:\program files\steam\steamapps\teddysoria\half-life 2 deathmatch\hl2.exe:hl2
"TCP Query User{FC4848EF-89BD-4324-A4A7-FB90EDAD3625}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{CAF1288D-3337-40E6-96B6-46E5D2AD16D4}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{25EEAB83-4096-4B4E-9540-A35DB35F67B1}C:\\program files\\bitlord\\bitlord.exe"= UDP:C:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{215ABB8C-E7F7-4F82-BA84-CF9148D41C6B}C:\\program files\\bitlord\\bitlord.exe"= TCP:C:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{2DDC5AEE-9A3F-4E9F-87B4-57DC0EF3C684}C:\\program files\\steam\\steamapps\\teddysoria\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\teddysoria\counter-strike source\hl2.exe:hl2
"UDP Query User{31B25DC4-6C9C-462E-9BA1-1072F90D452F}C:\\program files\\steam\\steamapps\\teddysoria\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\teddysoria\counter-strike source\hl2.exe:hl2
"TCP Query User{99683E6B-A1FA-4588-91EE-5F1D025D965F}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{BD446C50-1B44-42E8-939A-F88C48F618E4}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{84C653DE-DF89-4F0C-AF03-F6496B8128C3}C:\\program files\\bitlord\\bitlord.exe"= UDP:C:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{EE1C0C5C-EE6C-434A-AC84-C5C224E005E6}C:\\program files\\bitlord\\bitlord.exe"= TCP:C:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{C3D38AD8-F440-455A-B23F-3334DC1829A7}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{AA39D7E7-B4EA-45CE-BA4B-9F766206B7C8}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{1D8AF3B2-F16A-438E-962A-67DFB7DA1473}C:\\program files\\lemoncast\\lemoncast.exe"= UDP:C:\program files\lemoncast\lemoncast.exe:OneClick
"UDP Query User{5C96904B-D6B7-480E-941A-CB07F83C61E0}C:\\program files\\lemoncast\\lemoncast.exe"= TCP:C:\program files\lemoncast\lemoncast.exe:OneClick
"{CCEF98BE-5433-4658-A775-106FAE00C745}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires 3
"{3F25A196-BC38-44D5-A69E-C9956895053F}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires 3
"TCP Query User{F9976E13-D569-4C28-B254-9EF984363318}C:\\program files\\microsoft games\\age of empires iii\\age3.exe"= UDP:C:\program files\microsoft games\age of empires iii\age3.exe:Age of Empires 3
"UDP Query User{CA981C4E-2FA7-4977-825A-DF945FDB1AAC}C:\\program files\\microsoft games\\age of empires iii\\age3.exe"= TCP:C:\program files\microsoft games\age of empires iii\age3.exe:Age of Empires 3
"TCP Query User{4164DD86-D179-4C1A-A3BB-57D4F7300252}C:\\program files\\ubisoft\\ghost recon advanced warfighter\\graw.exe"= UDP:C:\program files\ubisoft\ghost recon advanced warfighter\graw.exe:GRAW
"UDP Query User{24A2FF76-3F7C-4481-A4B0-38BDDF82A3FB}C:\\program files\\ubisoft\\ghost recon advanced warfighter\\graw.exe"= TCP:C:\program files\ubisoft\ghost recon advanced warfighter\graw.exe:GRAW
"TCP Query User{38304655-9A90-457B-9BF4-66FB1268261C}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{893E15F3-CDC8-4554-AC5F-D9A1E9E9DB2A}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"TCP Query User{F85D6C93-9299-45A5-AB80-6808E1A41C36}C:\\program files\\ubisoft\\ghost recon advanced warfighter\\graw.exe"= UDP:C:\program files\ubisoft\ghost recon advanced warfighter\graw.exe:GRAW
"UDP Query User{B93987F2-751F-45D0-A673-8D05F4903B39}C:\\program files\\ubisoft\\ghost recon advanced warfighter\\graw.exe"= TCP:C:\program files\ubisoft\ghost recon advanced warfighter\graw.exe:GRAW
"{14287241-F6E0-43D6-882B-BAF95A7AE09B}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{B0678249-23AA-482A-98C7-DFF3B5E22334}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{5786F643-D016-4A55-8758-4D4E1E213155}C:\\program files\\steam\\steam.exe"= UDP:C:\program files\steam\steam.exe:Steam
"UDP Query User{E74A995B-DD39-4CFA-B000-AA58929BC8BF}C:\\program files\\steam\\steam.exe"= TCP:C:\program files\steam\steam.exe:Steam
"TCP Query User{96E9B1F1-19E5-4C2B-96B5-D694D5631009}C:\\program files\\steam\\steam.exe"= UDP:C:\program files\steam\steam.exe:Steam
"UDP Query User{F6E09A76-F401-402D-99E8-F338DDA7A57D}C:\\program files\\steam\\steam.exe"= TCP:C:\program files\steam\steam.exe:Steam
"TCP Query User{BFD9A0CC-C6B4-4F42-AF18-5484B7948031}C:\\users\\kakashi\\appdata\\local\\temp\\rar$ex00.853\\packmatronic 1.0 crystalxp.exe"= UDP:C:\users\kakashi\appdata\local\temp\rar$ex00.853\packmatronic 1.0 crystalxp.exe:packmatronic 1.0 crystalxp.exe
"UDP Query User{D316CF98-ED49-4FA0-A824-EA1883A5D8E2}C:\\users\\kakashi\\appdata\\local\\temp\\rar$ex00.853\\packmatronic 1.0 crystalxp.exe"= TCP:C:\users\kakashi\appdata\local\temp\rar$ex00.853\packmatronic 1.0 crystalxp.exe:packmatronic 1.0 crystalxp.exe
"{631EB0ED-EEFA-4EB0-A856-07B8796A4728}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{1C7ABD74-A55E-4BBD-8B2B-EF4309615B62}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{8643DC14-7A37-4349-8CCA-7469BCC8B61A}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{9A3703CC-596D-465B-9B6B-02DAABA81A2B}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"TCP Query User{0E22DC8B-C7BC-426A-9DE2-AC06615CCF47}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= UDP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"UDP Query User{F33FE47A-76CC-4BF6-871F-D867357CA620}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= TCP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"TCP Query User{977501ED-8115-4E71-8A2B-A3849C1E2DCB}C:\\users\\kakashi\\desktop\\emule.exe"= UDP:C:\users\kakashi\desktop\emule.exe:emule.exe
"UDP Query User{FA5FAAF2-0532-4475-9776-AE1B73C8D108}C:\\users\\kakashi\\desktop\\emule.exe"= TCP:C:\users\kakashi\desktop\emule.exe:emule.exe
"{9BDC1931-1785-4AD6-9862-0B592AD0614D}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{1E0693DD-9EF9-4718-9601-55DB70437F70}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{5D3A7A2D-BDD2-46F1-BB87-CE409B14B8D9}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{7E238C8A-902F-4F46-962E-7BF1A201DA8E}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{A8E40698-5285-4934-BE61-5CA366AD3897}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3CD7BE4F-9F81-4F5E-BF72-E8B26E8612BC}"= C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat:Command & Conquer 3 Les guerres du Tiberium™
"TCP Query User{20CAD4AA-CCDD-42B2-8324-55B40FAD0CBF}C:\\users\\kakashi\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= UDP:C:\users\kakashi\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
"UDP Query User{F65FDD23-5909-4244-880D-BFBC3C5FB63E}C:\\users\\kakashi\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= TCP:C:\users\kakashi\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
"TCP Query User{DA482D5B-B9AD-47AC-B7BA-3E74AEFA69D8}C:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.9\\cnc3game.dat"= UDP:C:\program files\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat:Command and Conquer 3 Tiberium Wars™
"UDP Query User{32759932-DDFF-4BF0-BE62-E99434540F1F}C:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.9\\cnc3game.dat"= TCP:C:\program files\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat:Command and Conquer 3 Tiberium Wars™
"TCP Query User{E98CA3A3-6A20-468D-AD75-EF7EEA3B7E58}C:\\program files\\dmv\\maxtv\\maxtv.exe"= Disabled:UDP:C:\program files\dmv\maxtv\maxtv.exe:MaxTV
"UDP Query User{C739729F-673A-4A6D-B5EC-6636AC90CCD6}C:\\program files\\dmv\\maxtv\\maxtv.exe"= Disabled:TCP:C:\program files\dmv\maxtv\maxtv.exe:MaxTV
"{975EC0BB-7307-4F64-B2E1-544CDF903350}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{4139895E-F9B8-4E52-B9C7-25A7D082EBE4}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 15:52]
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
R2 RPCHED;Remote Procedure CallD (RPCE);C:\Program Files\Intel\Intell.exe [2002-01-26 17:44]
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
R3 3xHybrid;ASUSTek SAA713x PCI Card;C:\Windows\system32\DRIVERS\3xHybrid.sys [2006-12-28 01:11]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-11-13 12:09]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-01-13 08:51]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-16 09:05:32 C:\Windows\Tasks\User_Feed_Synchronization-{C7C526DD-5835-4BC3-BB3D-62FB9A28A721}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-16 22:52:09
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-16 22:53:12
ComboFix-quarantined-files.txt 2008-03-16 21:53:09
.
2008-03-16 09:06:48 --- E O F ---
0
Réponse 17 / 19
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
17 mars 2008 à 10:47
smit fraud fix (colle le rapport)

1/ telecharger :

http://siri.urz.free.fr/Fix/SmitfraudFix.php




2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes.


attends avant de faire la 3 eme partie

3/ redémarre en mode sans échec (en appuyant sur F8 ou suppr, ou F5 au démarrage en général) puis refaire comme en 2/ mais sélectionne l'option 2 et appuyer sur entrée pour commencer la désinfection. lorsque le programme demande si tu veut nettoyer le registre mets oui en tapant 0 et entrée
0
kakashi
17 mars 2008 à 14:39
je desespere sa marche pas le virus et toujours la . mon fond d ecran a disparu est mon pc rame maintenant
0
Réponse 18 / 19
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
17 mars 2008 à 14:46
tu as les rapports smitfraudfix? Recolle un rapport hijackthis
0
kakashi
17 mars 2008 à 14:48
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:48:18, on 17/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitLord\BitLord.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Astonsoft\DeepBurner\DeepBurner.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnli.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnli.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: NCProTray.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
0
Réponse 19 / 19
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
17 mars 2008 à 16:38
remplace avast par antivir et colle le rapport d'un scan avec:

https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
Comment savoir si j'ai attrapé un virus sur mon téléphone ?
Infolock -
bell -

66 réponses
Virus Altruistic
Mael03250 -
MisteryBean -

11 réponses
Supprimer notifications myavids.com sous Android.
Guy72 -
Liline -

7 réponses