Sujet Précédent Sujet Suivant

Infecté par plusieurs virus

Fermé
stainless - 21 juil. 2006 à 12:01
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 - 24 juil. 2006 à 11:09
Bonjour,

Voila j'ai un probleme de virus je pense, car ANTIvir Guard m'a en voyé plusieurs fenetres popup me disant qu'il à détecté des virus (environ 6) j'ai chois "delete" à chaque fois sauf qui me demandé de relancer le PC.

bref j'ai fait un scan avec ANTIvir voici le rapport :

Nota: mon pc est tres lent et je n'arrive plus à ouvrir Outlook,

MERCI DE VOTRE AIDE !

AntiVir PersonalEdition Classic
Report file date: jeudi 20 juillet 2006 09:31

Scanning for 459347 virus strains and unwanted programs.

Licensed to: AntiVir PersonalEdition Classic
Serial number: 0000149996-WURGE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: JOBIN
Computer name: NOM-9JIIGECIGHD

Version informations:
AVSCAN.EXE : 7.0.0.42 557096 04/07/2006 08:45:04
AVSCAN.DLL : 7.0.0.42 53288 04/07/2006 08:45:04
LUKE.DLL : 7.0.0.42 118824 04/07/2006 08:45:05
LUKERES.DLL : 7.0.0.42 25640 04/07/2006 08:45:05
ANTIVIR0.VDF : 6.35.0.1 7371264 04/07/2006 08:45:04
ANTIVIR1.VDF : 6.35.0.168 730112 04/07/2006 08:45:04
ANTIVIR2.VDF : 6.35.0.214 147968 04/07/2006 08:45:04
ANTIVIR3.VDF : 6.35.0.229 48640 04/07/2006 08:45:04
AVEWIN32.DLL : 7.1.0.21 1552896 04/07/2006 08:45:04
AVPREF.DLL : 7.0.0.1 49192 04/07/2006 08:45:04
AVREP.DLL : 6.35.0.222 725032 04/07/2006 08:45:04
AVRPBASE.DLL : 7.0.0.0 2162728 04/07/2006 08:45:04
AVPACK32.DLL : 7.1.0.1 335912 04/07/2006 08:45:04
AVREG.DLL : 6.31.0.90 27688 04/07/2006 08:45:04
NETNT.DLL : 6.32.0.0 6696 04/07/2006 08:45:05
NETNW.DLL : 6.32.0.0 9768 04/07/2006 08:45:05
RCIMAGE.DLL : 7.0.0.71 1642536 04/07/2006 08:45:07
RCTEXT.DLL : 7.0.0.75 77864 04/07/2006 08:45:07

Configuration settings for the scan:
Jobname: '%s'.................: Local Drives
Configuration file............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp
Boot sectors..................: C,D,A,E,F,G,H
Scan memory...................: 1
Process scan..................: 1
Scan all files................: 2
Scan archives.................: 1
Recursion depth...............: 20
Smart extensions..............: 1
Macro heuristic...............: 1
File heuristic................: -1
Primary action................: 1
Secondary action..............: 0

Start of the scan: jeudi 20 juillet 2006 09:31


The scan over running processes will be started
54 Processes was scanned

Start scanning boot sectors:

Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'A:\'
[NOTE] In the drive 'A:\' no data medium is inserted!
Boot sector 'E:\'
[NOTE] In the drive 'E:\' no data medium is inserted!

Starting to scan the registry.
The registry was scanned ( 28 files ).


Starting the file scan:

C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\JOBIN\ntuser.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\JOBIN\NTUSER.DAT.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\JOBIN\Application Data\Microsoft\Outlook\outcmd.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\JOBIN\Local Settings\Application Data\Microsoft\Outlook\outlook.pst
[WARNING] The file could not be read!
C:\Documents and Settings\JOBIN\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\JOBIN\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\JOBIN\Local Settings\Temp\mst8C0.tmp
[DETECTION] Is the Trojan horse TR/PCK.Klone.G.14
[INFO] The file was deleted!
C:\Documents and Settings\JOBIN\Local Settings\Temp\tmp20.tmp
[WARNING] The file could not be opened!
C:\Documents and Settings\JOBIN\Local Settings\Temp\win8C7.tmp.exe
[DETECTION] Is the Trojan horse TR/Dldr.VB.abm.7
[INFO] The file was deleted!
C:\Documents and Settings\JOBIN\Local Settings\Temp\~DF293.tmp
[WARNING] The file could not be opened!
C:\Documents and Settings\JOBIN\Local Settings\Temp\~DF66C.tmp
[WARNING] The file could not be opened!
C:\Documents and Settings\JOBIN\Local Settings\Temp\~DF76D1.tmp
[WARNING] The file could not be opened!
C:\Documents and Settings\JOBIN\Local Settings\Temporary Internet Files\Content.IE5\C9KPYR8L\wind32[1].exe
[DETECTION] Is the Trojan horse TR/Dldr.VB.abm.7
[INFO] The file was deleted!
C:\Documents and Settings\JOBIN\Local Settings\Temporary Internet Files\Content.IE5\QZURIXMJ\l11[1].exe
[DETECTION] Is the Trojan horse TR/Drop.Zlob.VY.11
[INFO] The file was deleted!
C:\Documents and Settings\LocalService\NTUSER.DAT
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\ntuser.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\NTUSER.DAT
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB824141$\user32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\newdev.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\ntkrnlpa.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\ntoskrnl.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\ole32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\rpcrt4.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\rpcss.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\shell32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\srv.sys
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallQ828026$\wmp.dll
[WARNING] The file could not be opened!
C:\WINDOWS\Downloaded Program Files\PackageHtml.dll
[DETECTION] Is the Trojan horse TR/Dialer.QJ
[INFO] Vom Virus TR/Dialer.QJ veränderte Registry- oder WIN.INI-Einträge wurden entfernt.(HKEY_CLASSES_ROOT\CLSID\{2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA}\InprocServer32\)
[INFO] Vom Virus TR/Dialer.QJ veränderte Registry- oder WIN.INI-Einträge wurden entfernt.(HKEY_CLASSES_ROOT\TypeLib\{592484A7-208C-4613-AC97-337D5D204BFB}\1.0\0\win32\)
[INFO] The file was deleted!
C:\WINDOWS\system32\ismon.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.ZK
[INFO] The file was deleted!
C:\WINDOWS\system32\winsmr32.dll
[DETECTION] Is the Trojan horse TR/PCK.Klone.G.14
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\config\default
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\DEFAULT.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SAM
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SAM.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SECURITY
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SECURITY.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\software
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SOFTWARE.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\system
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SYSTEM.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\dtscsi.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd8349.sys
[WARNING] The file could not be opened!
C:\WINDOWS\Temp\JETE186.tmp
[WARNING] The file could not be opened!
C:\WINDOWS\Temp\JETF184.tmp
[WARNING] The file could not be opened!
C:\WINDOWS\Temp\win18.tmp
[WARNING] The file could not be opened!
C:\WINDOWS\Temp\win19.tmp
[WARNING] The file could not be opened!
C:\WINDOWS\Temp\win25.tmp
[WARNING] The file could not be opened!
C:\WINDOWS\Temp\win26.tmp
[WARNING] The file could not be opened!
C:\WINDOWS\Temp\win2F.tmp
[WARNING] The file could not be opened!
C:\WINDOWS\Temp\win30.tmp
[WARNING] The file could not be opened!
The path A:\ could not be found!
Le périphérique n'est pas prêt.

The path E:\ could not be found!
Le périphérique n'est pas prêt.

The path G:\ could not be found!
Le périphérique n'est pas prêt.

The path H:\ could not be found!
Le périphérique n'est pas prêt.



End of the scan: jeudi 20 juillet 2006 11:11
Used time: 1:40:10 min

The scan has been done completely.

7130 Scanning directories
219034 Files were scanned
7 viruses and/or unwanted programs was found
6 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
7074 Archives were scanned
58 Warnings
2 Notes

9 réponses

Réponse 1 / 9
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
21 juil. 2006 à 13:27
Salut;

Télécharge ceci: (merci a S!RI pour ce programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapport
Copie/colle le sur le poste stp.

A+
0
Réponse 2 / 9
stainless
21 juil. 2006 à 13:42
Salut regis 59, et merci de t'occuper de mon cas :
voici le rapport :

SmitFraudFix v2.74

Rapport fait à 13:38:55.22, 21/07/2006
Executé à partir de C:\Documents and Settings\JOBIN\Bureau\Nouveau dossier
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\JOBIN\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JOBIN\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin


j'attends tes news !

@+
0
Réponse 3 / 9
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
21 juil. 2006 à 14:42
Re,

Le rapport est bon.

télécharge HijackThis ici:
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html

Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/Hijenr.gif

Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum

Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm

Bon courage

A+
0
Réponse 4 / 9
stainless
21 juil. 2006 à 15:21
RE

Merci encore c grace à des types comme toi que l'on se sent moins seul en informatique ....!!!!

tiens voila le rapport :

Logfile of HijackThis v1.99.1
Scan saved at 15:11:12, on 21/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\SONY\vaio media music server\SSSvr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Apoint\Apntex.exe
D:\Documents and Settings\JOBIN\Mes documents\OpwareSE2.exe
C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Express ClickYes\ClickYes.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe
C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe
C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe
C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\PROGRA~1\MICROS~3\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\busoff\B@VENTE.exe
C:\Documents and Settings\JOBIN\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.seekerbar.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekerbar.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [pdfw] C:\Program Files\Amic Utilities\PDF Writer Pro\pdfwload.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [OpwareSE2] "D:\Documents and Settings\JOBIN\Mes documents\OpwareSE2.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOCUME~1\JOBIN\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Express ClickYes] C:\Program Files\Express ClickYes\ClickYes.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Eree] "C:\DOCUME~1\JOBIN\APPLIC~1\YSTEM~1\fast.exe" -vt yazr
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O16 - DPF: Interface Chat Wanadoo - http://chat7.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potg_x.cab
O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} (PackageHTML) - http://acces.blonde.com/package/PackageHtmlCab.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://jeuxvideo.wanadoo.fr/components/Metaboli.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\SONY\vaio media music server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe


@+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 9
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
21 juil. 2006 à 17:41
Salut,

Je ne suis pas le seul tu sais mais ca fait plaisir a entendre ;-)

Rend toi sur ce site :
http://www.virustotal.com/xhtml/virustotal_en.html
Clik sur parcourir
Recherche ceci :
C:\DOCUME~1\JOBIN\APPLIC~1\YSTEM~1\fast.exe
Clik send et colle le rapport stp

A+
0
Réponse 6 / 9
stainless
21 juil. 2006 à 23:38
Bon ben figure toi que je sentais que ce fichier été vérolé (YSTEM~1\fast.exe ) et donc par peur j'ai tout supprimé, du coup dans l'arborescence je ne peux plus l'envoyer à virus total.

alors ...?

que dois je faire ?
0
Réponse 7 / 9
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
22 juil. 2006 à 00:13
Mdr; Bhe reste zen !! lol
Supprime pas a tout va, sinon tu vas avoir de mauvaises surprises !

Comment l as tu supprimé?

a+
0
Réponse 8 / 9
stainless
24 juil. 2006 à 09:11
Salut regis 59,

je ne répond que maintenant WE oblige.

Alors j'ai tout simplement cliqué droit supprimé le fichier système qui ne comportait que le Fast.exe.

et apres vidé la corbeille

voila que dois je faire ?

@+
0
Réponse 9 / 9
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
24 juil. 2006 à 11:09
Salut

lol, bha si tu n as pas de soucis, c est bon llol

Remet un hijack this

a+
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Virus détecté
Koony -
MisteryBean -

6 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
infecté par des virus
Lisy59120 -
Lisy59120 -

5 réponses