Infecté par plusieurs virus

stainless -  
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour,

Voila j'ai un probleme de virus je pense, car ANTIvir Guard m'a en voyé plusieurs fenetres popup me disant qu'il à détecté des virus (environ 6) j'ai chois "delete" à chaque fois sauf qui me demandé de relancer le PC.

bref j'ai fait un scan avec ANTIvir voici le rapport :

Nota: mon pc est tres lent et je n'arrive plus à ouvrir Outlook,

MERCI DE VOTRE AIDE !

AntiVir PersonalEdition Classic
Report file date: jeudi 20 juillet 2006 09:31

Scanning for 459347 virus strains and unwanted programs.

Licensed to: AntiVir PersonalEdition Classic
Serial number: 0000149996-WURGE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: JOBIN
Computer name: NOM-9JIIGECIGHD

Version informations:
AVSCAN.EXE : 7.0.0.42 557096 04/07/2006 08:45:04
AVSCAN.DLL : 7.0.0.42 53288 04/07/2006 08:45:04
LUKE.DLL : 7.0.0.42 118824 04/07/2006 08:45:05
LUKERES.DLL : 7.0.0.42 25640 04/07/2006 08:45:05
ANTIVIR0.VDF : 6.35.0.1 7371264 04/07/2006 08:45:04
ANTIVIR1.VDF : 6.35.0.168 730112 04/07/2006 08:45:04
ANTIVIR2.VDF : 6.35.0.214 147968 04/07/2006 08:45:04
ANTIVIR3.VDF : 6.35.0.229 48640 04/07/2006 08:45:04
AVEWIN32.DLL : 7.1.0.21 1552896 04/07/2006 08:45:04
AVPREF.DLL : 7.0.0.1 49192 04/07/2006 08:45:04
AVREP.DLL : 6.35.0.222 725032 04/07/2006 08:45:04
AVRPBASE.DLL : 7.0.0.0 2162728 04/07/2006 08:45:04
AVPACK32.DLL : 7.1.0.1 335912 04/07/2006 08:45:04
AVREG.DLL : 6.31.0.90 27688 04/07/2006 08:45:04
NETNT.DLL : 6.32.0.0 6696 04/07/2006 08:45:05
NETNW.DLL : 6.32.0.0 9768 04/07/2006 08:45:05
RCIMAGE.DLL : 7.0.0.71 1642536 04/07/2006 08:45:07
RCTEXT.DLL : 7.0.0.75 77864 04/07/2006 08:45:07

Configuration settings for the scan:
Jobname: '%s'.................: Local Drives
Configuration file............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp
Boot sectors..................: C,D,A,E,F,G,H
Scan memory...................: 1
Process scan..................: 1
Scan all files................: 2
Scan archives.................: 1
Recursion depth...............: 20
Smart extensions..............: 1
Macro heuristic...............: 1
File heuristic................: -1
Primary action................: 1
Secondary action..............: 0

Start of the scan: jeudi 20 juillet 2006 09:31

The scan over running processes will be started
54 Processes was scanned

Start scanning boot sectors:

Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'A:\'
[NOTE] In the drive 'A:\' no data medium is inserted!
Boot sector 'E:\'
[NOTE] In the drive 'E:\' no data medium is inserted!

Starting to scan the registry.
The registry was scanned ( 28 files ).

Starting the file scan:

C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\JOBIN\ntuser.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\JOBIN\NTUSER.DAT.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\JOBIN\Application Data\Microsoft\Outlook\outcmd.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\JOBIN\Local Settings\Application Data\Microsoft\Outlook\outlook.pst
[WARNING] The file could not be read!
C:\Documents and Settings\JOBIN\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\JOBIN\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\JOBIN\Local Settings\Temp\mst8C0.tmp
[DETECTION] Is the Trojan horse TR/PCK.Klone.G.14
[INFO] The file was deleted!
C:\Documents and Settings\JOBIN\Local Settings\Temp\tmp20.tmp
[WARNING] The file could not be opened!
C:\Documents and Settings\JOBIN\Local Settings\Temp\win8C7.tmp.exe
[DETECTION] Is the Trojan horse TR/Dldr.VB.abm.7
[INFO] The file was deleted!
C:\Documents and Settings\JOBIN\Local Settings\Temp\~DF293.tmp
[WARNING] The file could not be opened!
C:\Documents and Settings\JOBIN\Local Settings\Temp\~DF66C.tmp
[WARNING] The file could not be opened!
C:\Documents and Settings\JOBIN\Local Settings\Temp\~DF76D1.tmp
[WARNING] The file could not be opened!
C:\Documents and Settings\JOBIN\Local Settings\Temporary Internet Files\Content.IE5\C9KPYR8L\wind32[1].exe
[DETECTION] Is the Trojan horse TR/Dldr.VB.abm.7
[INFO] The file was deleted!
C:\Documents and Settings\JOBIN\Local Settings\Temporary Internet Files\Content.IE5\QZURIXMJ\l11[1].exe
[DETECTION] Is the Trojan horse TR/Drop.Zlob.VY.11
[INFO] The file was deleted!
C:\Documents and Settings\LocalService\NTUSER.DAT
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\ntuser.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\NTUSER.DAT
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB824141$\user32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\newdev.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\ntkrnlpa.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\ntoskrnl.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\ole32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\rpcrt4.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\rpcss.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\shell32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\srv.sys
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallQ828026$\wmp.dll
[WARNING] The file could not be opened!
C:\WINDOWS\Downloaded Program Files\PackageHtml.dll
[DETECTION] Is the Trojan horse TR/Dialer.QJ
[INFO] Vom Virus TR/Dialer.QJ veränderte Registry- oder WIN.INI-Einträge wurden entfernt.(HKEY_CLASSES_ROOT\CLSID\{2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA}\InprocServer32\)
[INFO] Vom Virus TR/Dialer.QJ veränderte Registry- oder WIN.INI-Einträge wurden entfernt.(HKEY_CLASSES_ROOT\TypeLib\{592484A7-208C-4613-AC97-337D5D204BFB}\1.0\0\win32\)
[INFO] The file was deleted!
C:\WINDOWS\system32\ismon.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.ZK
[INFO] The file was deleted!
C:\WINDOWS\system32\winsmr32.dll
[DETECTION] Is the Trojan horse TR/PCK.Klone.G.14
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\config\default
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\DEFAULT.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SAM
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SAM.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SECURITY
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SECURITY.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\software
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SOFTWARE.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\system
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SYSTEM.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\dtscsi.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd8349.sys
[WARNING] The file could not be opened!
C:\WINDOWS\Temp\JETE186.tmp
[WARNING] The file could not be opened!
C:\WINDOWS\Temp\JETF184.tmp
[WARNING] The file could not be opened!
C:\WINDOWS\Temp\win18.tmp
[WARNING] The file could not be opened!
C:\WINDOWS\Temp\win19.tmp
[WARNING] The file could not be opened!
C:\WINDOWS\Temp\win25.tmp
[WARNING] The file could not be opened!
C:\WINDOWS\Temp\win26.tmp
[WARNING] The file could not be opened!
C:\WINDOWS\Temp\win2F.tmp
[WARNING] The file could not be opened!
C:\WINDOWS\Temp\win30.tmp
[WARNING] The file could not be opened!
The path A:\ could not be found!
Le périphérique n'est pas prêt.

The path E:\ could not be found!
Le périphérique n'est pas prêt.

The path G:\ could not be found!
Le périphérique n'est pas prêt.

The path H:\ could not be found!
Le périphérique n'est pas prêt.

End of the scan: jeudi 20 juillet 2006 11:11
Used time: 1:40:10 min

The scan has been done completely.

7130 Scanning directories
219034 Files were scanned
7 viruses and/or unwanted programs was found
6 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
7074 Archives were scanned
58 Warnings
2 Notes

9 réponses

  1. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut;

    Télécharge ceci: (merci a S!RI pour ce programme).
    http://siri.urz.free.fr/Fix/SmitfraudFix.zip
    Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapport
    Copie/colle le sur le poste stp.

    A+
    0
  2. stainless
     
    Salut regis 59, et merci de t'occuper de mon cas :
    voici le rapport :

    SmitFraudFix v2.74

    Rapport fait à 13:38:55.22, 21/07/2006
    Executé à partir de C:\Documents and Settings\JOBIN\Bureau\Nouveau dossier
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\JOBIN\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JOBIN\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    j'attends tes news !

    @+
    0
  3. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Re,

    Le rapport est bon.

    télécharge HijackThis ici:
    https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html

    Dézippe le dans un dossier prévu à cet effet.
    Par exemple C:\hijackthis < Enregistre le bien dans c : !
    Démo : (Merci a Balltrap34 pour cette réalisation)
    http://pageperso.aol.fr/balltrap34/Hijenr.gif

    Lance le puis:
    clique sur "do a system scan and save logfile" (cf démo)
    faire un copier coller du log entier sur le forum

    Démo : (Merci a Balltrap34 pour cette réalisation)
    http://pageperso.aol.fr/balltrap34/demohijack.htm

    Bon courage

    A+
    0
  4. stainless
     
    RE

    Merci encore c grace à des types comme toi que l'on se sent moins seul en informatique ....!!!!

    tiens voila le rapport :

    Logfile of HijackThis v1.99.1
    Scan saved at 15:11:12, on 21/07/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\ICO.EXE
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\Program Files\Sony\HotKey Utility\HKserv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\SONY\vaio media music server\SSSvr.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Apoint\Apntex.exe
    D:\Documents and Settings\JOBIN\Mes documents\OpwareSE2.exe
    C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Sony\HotKey Utility\HKWnd.exe
    C:\Program Files\Express ClickYes\ClickYes.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe
    C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe
    C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe
    C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe
    C:\Program Files\Microsoft Office\Office\WINWORD.EXE
    C:\PROGRA~1\MICROS~3\Office\OUTLOOK.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\busoff\B@VENTE.exe
    C:\Documents and Settings\JOBIN\Bureau\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.seekerbar.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/?p=us
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekerbar.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/?p=us
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
    O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [pdfw] C:\Program Files\Amic Utilities\PDF Writer Pro\pdfwload.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [OpwareSE2] "D:\Documents and Settings\JOBIN\Mes documents\OpwareSE2.exe"
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOCUME~1\JOBIN\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Express ClickYes] C:\Program Files\Express ClickYes\ClickYes.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [Eree] "C:\DOCUME~1\JOBIN\APPLIC~1\YSTEM~1\fast.exe" -vt yazr
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
    O16 - DPF: Interface Chat Wanadoo - http://chat7.x-echo.com/version6/Applet/wchatsign.cab
    O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
    O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
    O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x.cab
    O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potg_x.cab
    O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} (PackageHTML) - http://acces.blonde.com/package/PackageHtmlCab.CAB
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://jeuxvideo.wanadoo.fr/components/Metaboli.ocx
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
    O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\SONY\vaio media music server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
    O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
    O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe
    O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
    O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
    O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe

    @+
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut,

    Je ne suis pas le seul tu sais mais ca fait plaisir a entendre ;-)

    Rend toi sur ce site :
    http://www.virustotal.com/xhtml/virustotal_en.html
    Clik sur parcourir
    Recherche ceci :
    C:\DOCUME~1\JOBIN\APPLIC~1\YSTEM~1\fast.exe
    Clik send et colle le rapport stp

    A+
    0
  7. stainless
     
    Bon ben figure toi que je sentais que ce fichier été vérolé (YSTEM~1\fast.exe ) et donc par peur j'ai tout supprimé, du coup dans l'arborescence je ne peux plus l'envoyer à virus total.

    alors ...?

    que dois je faire ?
    0
  8. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Mdr; Bhe reste zen !! lol
    Supprime pas a tout va, sinon tu vas avoir de mauvaises surprises !

    Comment l as tu supprimé?

    a+
    0
  9. stainless
     
    Salut regis 59,

    je ne répond que maintenant WE oblige.

    Alors j'ai tout simplement cliqué droit supprimé le fichier système qui ne comportait que le Fast.exe.

    et apres vidé la corbeille

    voila que dois je faire ?

    @+
    0
  10. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    lol, bha si tu n as pas de soucis, c est bon llol

    Remet un hijack this

    a+
    0