Infecté par plusieurs virus
stainless
-
Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention -
Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention -
Bonjour,
Voila j'ai un probleme de virus je pense, car ANTIvir Guard m'a en voyé plusieurs fenetres popup me disant qu'il à détecté des virus (environ 6) j'ai chois "delete" à chaque fois sauf qui me demandé de relancer le PC.
bref j'ai fait un scan avec ANTIvir voici le rapport :
Nota: mon pc est tres lent et je n'arrive plus à ouvrir Outlook,
MERCI DE VOTRE AIDE !
AntiVir PersonalEdition Classic
Report file date: jeudi 20 juillet 2006 09:31
Scanning for 459347 virus strains and unwanted programs.
Licensed to: AntiVir PersonalEdition Classic
Serial number: 0000149996-WURGE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: JOBIN
Computer name: NOM-9JIIGECIGHD
Version informations:
AVSCAN.EXE : 7.0.0.42 557096 04/07/2006 08:45:04
AVSCAN.DLL : 7.0.0.42 53288 04/07/2006 08:45:04
LUKE.DLL : 7.0.0.42 118824 04/07/2006 08:45:05
LUKERES.DLL : 7.0.0.42 25640 04/07/2006 08:45:05
ANTIVIR0.VDF : 6.35.0.1 7371264 04/07/2006 08:45:04
ANTIVIR1.VDF : 6.35.0.168 730112 04/07/2006 08:45:04
ANTIVIR2.VDF : 6.35.0.214 147968 04/07/2006 08:45:04
ANTIVIR3.VDF : 6.35.0.229 48640 04/07/2006 08:45:04
AVEWIN32.DLL : 7.1.0.21 1552896 04/07/2006 08:45:04
AVPREF.DLL : 7.0.0.1 49192 04/07/2006 08:45:04
AVREP.DLL : 6.35.0.222 725032 04/07/2006 08:45:04
AVRPBASE.DLL : 7.0.0.0 2162728 04/07/2006 08:45:04
AVPACK32.DLL : 7.1.0.1 335912 04/07/2006 08:45:04
AVREG.DLL : 6.31.0.90 27688 04/07/2006 08:45:04
NETNT.DLL : 6.32.0.0 6696 04/07/2006 08:45:05
NETNW.DLL : 6.32.0.0 9768 04/07/2006 08:45:05
RCIMAGE.DLL : 7.0.0.71 1642536 04/07/2006 08:45:07
RCTEXT.DLL : 7.0.0.75 77864 04/07/2006 08:45:07
Configuration settings for the scan:
Jobname: '%s'.................: Local Drives
Configuration file............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp
Boot sectors..................: C,D,A,E,F,G,H
Scan memory...................: 1
Process scan..................: 1
Scan all files................: 2
Scan archives.................: 1
Recursion depth...............: 20
Smart extensions..............: 1
Macro heuristic...............: 1
File heuristic................: -1
Primary action................: 1
Secondary action..............: 0
Start of the scan: jeudi 20 juillet 2006 09:31
The scan over running processes will be started
54 Processes was scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'A:\'
[NOTE] In the drive 'A:\' no data medium is inserted!
Boot sector 'E:\'
[NOTE] In the drive 'E:\' no data medium is inserted!
Starting to scan the registry.
The registry was scanned ( 28 files ).
Starting the file scan:
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\JOBIN\ntuser.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\JOBIN\NTUSER.DAT.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\JOBIN\Application Data\Microsoft\Outlook\outcmd.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\JOBIN\Local Settings\Application Data\Microsoft\Outlook\outlook.pst
[WARNING] The file could not be read!
C:\Documents and Settings\JOBIN\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\JOBIN\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\JOBIN\Local Settings\Temp\mst8C0.tmp
[DETECTION] Is the Trojan horse TR/PCK.Klone.G.14
[INFO] The file was deleted!
C:\Documents and Settings\JOBIN\Local Settings\Temp\tmp20.tmp
[WARNING] The file could not be opened!
C:\Documents and Settings\JOBIN\Local Settings\Temp\win8C7.tmp.exe
[DETECTION] Is the Trojan horse TR/Dldr.VB.abm.7
[INFO] The file was deleted!
C:\Documents and Settings\JOBIN\Local Settings\Temp\~DF293.tmp
[WARNING] The file could not be opened!
C:\Documents and Settings\JOBIN\Local Settings\Temp\~DF66C.tmp
[WARNING] The file could not be opened!
C:\Documents and Settings\JOBIN\Local Settings\Temp\~DF76D1.tmp
[WARNING] The file could not be opened!
C:\Documents and Settings\JOBIN\Local Settings\Temporary Internet Files\Content.IE5\C9KPYR8L\wind32[1].exe
[DETECTION] Is the Trojan horse TR/Dldr.VB.abm.7
[INFO] The file was deleted!
C:\Documents and Settings\JOBIN\Local Settings\Temporary Internet Files\Content.IE5\QZURIXMJ\l11[1].exe
[DETECTION] Is the Trojan horse TR/Drop.Zlob.VY.11
[INFO] The file was deleted!
C:\Documents and Settings\LocalService\NTUSER.DAT
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\ntuser.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\NTUSER.DAT
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB824141$\user32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\newdev.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\ntkrnlpa.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\ntoskrnl.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\ole32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\rpcrt4.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\rpcss.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\shell32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\srv.sys
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallQ828026$\wmp.dll
[WARNING] The file could not be opened!
C:\WINDOWS\Downloaded Program Files\PackageHtml.dll
[DETECTION] Is the Trojan horse TR/Dialer.QJ
[INFO] Vom Virus TR/Dialer.QJ veränderte Registry- oder WIN.INI-Einträge wurden entfernt.(HKEY_CLASSES_ROOT\CLSID\{2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA}\InprocServer32\)
[INFO] Vom Virus TR/Dialer.QJ veränderte Registry- oder WIN.INI-Einträge wurden entfernt.(HKEY_CLASSES_ROOT\TypeLib\{592484A7-208C-4613-AC97-337D5D204BFB}\1.0\0\win32\)
[INFO] The file was deleted!
C:\WINDOWS\system32\ismon.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.ZK
[INFO] The file was deleted!
C:\WINDOWS\system32\winsmr32.dll
[DETECTION] Is the Trojan horse TR/PCK.Klone.G.14
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\config\default
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\DEFAULT.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SAM
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SAM.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SECURITY
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SECURITY.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\software
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SOFTWARE.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\system
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SYSTEM.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\dtscsi.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd8349.sys
[WARNING] The file could not be opened!
C:\WINDOWS\Temp\JETE186.tmp
[WARNING] The file could not be opened!
C:\WINDOWS\Temp\JETF184.tmp
[WARNING] The file could not be opened!
C:\WINDOWS\Temp\win18.tmp
[WARNING] The file could not be opened!
C:\WINDOWS\Temp\win19.tmp
[WARNING] The file could not be opened!
C:\WINDOWS\Temp\win25.tmp
[WARNING] The file could not be opened!
C:\WINDOWS\Temp\win26.tmp
[WARNING] The file could not be opened!
C:\WINDOWS\Temp\win2F.tmp
[WARNING] The file could not be opened!
C:\WINDOWS\Temp\win30.tmp
[WARNING] The file could not be opened!
The path A:\ could not be found!
Le périphérique n'est pas prêt.
The path E:\ could not be found!
Le périphérique n'est pas prêt.
The path G:\ could not be found!
Le périphérique n'est pas prêt.
The path H:\ could not be found!
Le périphérique n'est pas prêt.
End of the scan: jeudi 20 juillet 2006 11:11
Used time: 1:40:10 min
The scan has been done completely.
7130 Scanning directories
219034 Files were scanned
7 viruses and/or unwanted programs was found
6 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
7074 Archives were scanned
58 Warnings
2 Notes
Voila j'ai un probleme de virus je pense, car ANTIvir Guard m'a en voyé plusieurs fenetres popup me disant qu'il à détecté des virus (environ 6) j'ai chois "delete" à chaque fois sauf qui me demandé de relancer le PC.
bref j'ai fait un scan avec ANTIvir voici le rapport :
Nota: mon pc est tres lent et je n'arrive plus à ouvrir Outlook,
MERCI DE VOTRE AIDE !
AntiVir PersonalEdition Classic
Report file date: jeudi 20 juillet 2006 09:31
Scanning for 459347 virus strains and unwanted programs.
Licensed to: AntiVir PersonalEdition Classic
Serial number: 0000149996-WURGE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: JOBIN
Computer name: NOM-9JIIGECIGHD
Version informations:
AVSCAN.EXE : 7.0.0.42 557096 04/07/2006 08:45:04
AVSCAN.DLL : 7.0.0.42 53288 04/07/2006 08:45:04
LUKE.DLL : 7.0.0.42 118824 04/07/2006 08:45:05
LUKERES.DLL : 7.0.0.42 25640 04/07/2006 08:45:05
ANTIVIR0.VDF : 6.35.0.1 7371264 04/07/2006 08:45:04
ANTIVIR1.VDF : 6.35.0.168 730112 04/07/2006 08:45:04
ANTIVIR2.VDF : 6.35.0.214 147968 04/07/2006 08:45:04
ANTIVIR3.VDF : 6.35.0.229 48640 04/07/2006 08:45:04
AVEWIN32.DLL : 7.1.0.21 1552896 04/07/2006 08:45:04
AVPREF.DLL : 7.0.0.1 49192 04/07/2006 08:45:04
AVREP.DLL : 6.35.0.222 725032 04/07/2006 08:45:04
AVRPBASE.DLL : 7.0.0.0 2162728 04/07/2006 08:45:04
AVPACK32.DLL : 7.1.0.1 335912 04/07/2006 08:45:04
AVREG.DLL : 6.31.0.90 27688 04/07/2006 08:45:04
NETNT.DLL : 6.32.0.0 6696 04/07/2006 08:45:05
NETNW.DLL : 6.32.0.0 9768 04/07/2006 08:45:05
RCIMAGE.DLL : 7.0.0.71 1642536 04/07/2006 08:45:07
RCTEXT.DLL : 7.0.0.75 77864 04/07/2006 08:45:07
Configuration settings for the scan:
Jobname: '%s'.................: Local Drives
Configuration file............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp
Boot sectors..................: C,D,A,E,F,G,H
Scan memory...................: 1
Process scan..................: 1
Scan all files................: 2
Scan archives.................: 1
Recursion depth...............: 20
Smart extensions..............: 1
Macro heuristic...............: 1
File heuristic................: -1
Primary action................: 1
Secondary action..............: 0
Start of the scan: jeudi 20 juillet 2006 09:31
The scan over running processes will be started
54 Processes was scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'A:\'
[NOTE] In the drive 'A:\' no data medium is inserted!
Boot sector 'E:\'
[NOTE] In the drive 'E:\' no data medium is inserted!
Starting to scan the registry.
The registry was scanned ( 28 files ).
Starting the file scan:
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\JOBIN\ntuser.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\JOBIN\NTUSER.DAT.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\JOBIN\Application Data\Microsoft\Outlook\outcmd.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\JOBIN\Local Settings\Application Data\Microsoft\Outlook\outlook.pst
[WARNING] The file could not be read!
C:\Documents and Settings\JOBIN\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\JOBIN\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\JOBIN\Local Settings\Temp\mst8C0.tmp
[DETECTION] Is the Trojan horse TR/PCK.Klone.G.14
[INFO] The file was deleted!
C:\Documents and Settings\JOBIN\Local Settings\Temp\tmp20.tmp
[WARNING] The file could not be opened!
C:\Documents and Settings\JOBIN\Local Settings\Temp\win8C7.tmp.exe
[DETECTION] Is the Trojan horse TR/Dldr.VB.abm.7
[INFO] The file was deleted!
C:\Documents and Settings\JOBIN\Local Settings\Temp\~DF293.tmp
[WARNING] The file could not be opened!
C:\Documents and Settings\JOBIN\Local Settings\Temp\~DF66C.tmp
[WARNING] The file could not be opened!
C:\Documents and Settings\JOBIN\Local Settings\Temp\~DF76D1.tmp
[WARNING] The file could not be opened!
C:\Documents and Settings\JOBIN\Local Settings\Temporary Internet Files\Content.IE5\C9KPYR8L\wind32[1].exe
[DETECTION] Is the Trojan horse TR/Dldr.VB.abm.7
[INFO] The file was deleted!
C:\Documents and Settings\JOBIN\Local Settings\Temporary Internet Files\Content.IE5\QZURIXMJ\l11[1].exe
[DETECTION] Is the Trojan horse TR/Drop.Zlob.VY.11
[INFO] The file was deleted!
C:\Documents and Settings\LocalService\NTUSER.DAT
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\ntuser.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\NTUSER.DAT
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB824141$\user32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\newdev.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\ntkrnlpa.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\ntoskrnl.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\ole32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\rpcrt4.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\rpcss.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\shell32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB826939$\srv.sys
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallQ828026$\wmp.dll
[WARNING] The file could not be opened!
C:\WINDOWS\Downloaded Program Files\PackageHtml.dll
[DETECTION] Is the Trojan horse TR/Dialer.QJ
[INFO] Vom Virus TR/Dialer.QJ veränderte Registry- oder WIN.INI-Einträge wurden entfernt.(HKEY_CLASSES_ROOT\CLSID\{2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA}\InprocServer32\)
[INFO] Vom Virus TR/Dialer.QJ veränderte Registry- oder WIN.INI-Einträge wurden entfernt.(HKEY_CLASSES_ROOT\TypeLib\{592484A7-208C-4613-AC97-337D5D204BFB}\1.0\0\win32\)
[INFO] The file was deleted!
C:\WINDOWS\system32\ismon.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.ZK
[INFO] The file was deleted!
C:\WINDOWS\system32\winsmr32.dll
[DETECTION] Is the Trojan horse TR/PCK.Klone.G.14
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\config\default
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\DEFAULT.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SAM
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SAM.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SECURITY
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SECURITY.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\software
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SOFTWARE.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\system
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SYSTEM.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\dtscsi.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd8349.sys
[WARNING] The file could not be opened!
C:\WINDOWS\Temp\JETE186.tmp
[WARNING] The file could not be opened!
C:\WINDOWS\Temp\JETF184.tmp
[WARNING] The file could not be opened!
C:\WINDOWS\Temp\win18.tmp
[WARNING] The file could not be opened!
C:\WINDOWS\Temp\win19.tmp
[WARNING] The file could not be opened!
C:\WINDOWS\Temp\win25.tmp
[WARNING] The file could not be opened!
C:\WINDOWS\Temp\win26.tmp
[WARNING] The file could not be opened!
C:\WINDOWS\Temp\win2F.tmp
[WARNING] The file could not be opened!
C:\WINDOWS\Temp\win30.tmp
[WARNING] The file could not be opened!
The path A:\ could not be found!
Le périphérique n'est pas prêt.
The path E:\ could not be found!
Le périphérique n'est pas prêt.
The path G:\ could not be found!
Le périphérique n'est pas prêt.
The path H:\ could not be found!
Le périphérique n'est pas prêt.
End of the scan: jeudi 20 juillet 2006 11:11
Used time: 1:40:10 min
The scan has been done completely.
7130 Scanning directories
219034 Files were scanned
7 viruses and/or unwanted programs was found
6 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
7074 Archives were scanned
58 Warnings
2 Notes
A voir également:
- Infecté par plusieurs virus
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
9 réponses
Salut;
Télécharge ceci: (merci a S!RI pour ce programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapport
Copie/colle le sur le poste stp.
A+
Télécharge ceci: (merci a S!RI pour ce programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapport
Copie/colle le sur le poste stp.
A+
Salut regis 59, et merci de t'occuper de mon cas :
voici le rapport :
SmitFraudFix v2.74
Rapport fait à 13:38:55.22, 21/07/2006
Executé à partir de C:\Documents and Settings\JOBIN\Bureau\Nouveau dossier
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\JOBIN\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JOBIN\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
j'attends tes news !
@+
voici le rapport :
SmitFraudFix v2.74
Rapport fait à 13:38:55.22, 21/07/2006
Executé à partir de C:\Documents and Settings\JOBIN\Bureau\Nouveau dossier
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\JOBIN\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JOBIN\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
j'attends tes news !
@+
Re,
Le rapport est bon.
télécharge HijackThis ici:
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html
Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/Hijenr.gif
Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm
Bon courage
A+
Le rapport est bon.
télécharge HijackThis ici:
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html
Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/Hijenr.gif
Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm
Bon courage
A+
RE
Merci encore c grace à des types comme toi que l'on se sent moins seul en informatique ....!!!!
tiens voila le rapport :
Logfile of HijackThis v1.99.1
Scan saved at 15:11:12, on 21/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\SONY\vaio media music server\SSSvr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Apoint\Apntex.exe
D:\Documents and Settings\JOBIN\Mes documents\OpwareSE2.exe
C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Express ClickYes\ClickYes.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe
C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe
C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe
C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\PROGRA~1\MICROS~3\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\busoff\B@VENTE.exe
C:\Documents and Settings\JOBIN\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.seekerbar.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekerbar.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [pdfw] C:\Program Files\Amic Utilities\PDF Writer Pro\pdfwload.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [OpwareSE2] "D:\Documents and Settings\JOBIN\Mes documents\OpwareSE2.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOCUME~1\JOBIN\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Express ClickYes] C:\Program Files\Express ClickYes\ClickYes.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Eree] "C:\DOCUME~1\JOBIN\APPLIC~1\YSTEM~1\fast.exe" -vt yazr
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O16 - DPF: Interface Chat Wanadoo - http://chat7.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potg_x.cab
O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} (PackageHTML) - http://acces.blonde.com/package/PackageHtmlCab.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://jeuxvideo.wanadoo.fr/components/Metaboli.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\SONY\vaio media music server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe
@+
Merci encore c grace à des types comme toi que l'on se sent moins seul en informatique ....!!!!
tiens voila le rapport :
Logfile of HijackThis v1.99.1
Scan saved at 15:11:12, on 21/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\SONY\vaio media music server\SSSvr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Apoint\Apntex.exe
D:\Documents and Settings\JOBIN\Mes documents\OpwareSE2.exe
C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Express ClickYes\ClickYes.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe
C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe
C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe
C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\PROGRA~1\MICROS~3\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\busoff\B@VENTE.exe
C:\Documents and Settings\JOBIN\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.seekerbar.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekerbar.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [pdfw] C:\Program Files\Amic Utilities\PDF Writer Pro\pdfwload.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [OpwareSE2] "D:\Documents and Settings\JOBIN\Mes documents\OpwareSE2.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOCUME~1\JOBIN\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Express ClickYes] C:\Program Files\Express ClickYes\ClickYes.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Eree] "C:\DOCUME~1\JOBIN\APPLIC~1\YSTEM~1\fast.exe" -vt yazr
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O16 - DPF: Interface Chat Wanadoo - http://chat7.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potg_x.cab
O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} (PackageHTML) - http://acces.blonde.com/package/PackageHtmlCab.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://jeuxvideo.wanadoo.fr/components/Metaboli.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\SONY\vaio media music server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe
@+
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Salut,
Je ne suis pas le seul tu sais mais ca fait plaisir a entendre ;-)
Rend toi sur ce site :
http://www.virustotal.com/xhtml/virustotal_en.html
Clik sur parcourir
Recherche ceci :
C:\DOCUME~1\JOBIN\APPLIC~1\YSTEM~1\fast.exe
Clik send et colle le rapport stp
A+
Je ne suis pas le seul tu sais mais ca fait plaisir a entendre ;-)
Rend toi sur ce site :
http://www.virustotal.com/xhtml/virustotal_en.html
Clik sur parcourir
Recherche ceci :
C:\DOCUME~1\JOBIN\APPLIC~1\YSTEM~1\fast.exe
Clik send et colle le rapport stp
A+
Bon ben figure toi que je sentais que ce fichier été vérolé (YSTEM~1\fast.exe ) et donc par peur j'ai tout supprimé, du coup dans l'arborescence je ne peux plus l'envoyer à virus total.
alors ...?
que dois je faire ?
alors ...?
que dois je faire ?
Mdr; Bhe reste zen !! lol
Supprime pas a tout va, sinon tu vas avoir de mauvaises surprises !
Comment l as tu supprimé?
a+
Supprime pas a tout va, sinon tu vas avoir de mauvaises surprises !
Comment l as tu supprimé?
a+
