pc infecté par Win32:Winfixer-F [Trj]"

[biman]

mon pc est un VAIO SONY INTEl GORE 2DUO PROCESSOR T5500 120GO

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:45:15, on 20/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe

C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE

C:\Program Files\Pack Securite\backweb\361343\program\fsbwsys.exe

C:\Program Files\Pack Securite\Common\FSMA32.EXE

C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe

C:\Program Files\Pack Securite\Common\FSMB32.EXE

C:\Program Files\Pack Securite\Common\FCH32.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Program Files\Pack Securite\Common\FAMEH32.EXE

C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe

C:\Program Files\Pack Securite\FSPC\fspc.exe

C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Neuf\Kit\WiFi\9wifi.exe

C:\Program Files\Pack Securite\Common\FSM32.EXE

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Pack Securite\FSGUI\fsguidll.exe

C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe

C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe

C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Pack Securite\FSAUA\program\fsus.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securite.neuf.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com/fr/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Program Files\Babylon\Babylon-Pro\Babylon Toolbar\BabylonIEToolBar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Ajouter un site de support RSS à VAIO Information FLOW - C:\Program Files\Sony\VAIO Information FLOW\aiesc.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Transfert par Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll

O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/

O15 - Trusted Zone: *.sony-europe.com

O15 - Trusted Zone: *.sonystyle-europe.com

O15 - Trusted Zone: *.vaio-link.com

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/instal...llMgr_v01_5.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://securite.neuf.fr/Ols/fscax.cab

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Pack Securite\backweb\361343\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe

O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe

O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe

O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe

O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

O24 - Desktop Component 0: (no name) - http://img.youtube.com/vi/VZUmUC2McyE/2.jpg

 

--

End of file - 12765 bytes

[Apollo]

Bonjour et bienvenue sur les forums Zébulon.

 

Winfixer? Si tu le dis...

 

Spybot bien à jour et vacciné nettoie très bien Winfixer.

 

Fais quand-même un scan en ligne ici: copie le rapport après avoir éliminé tout ce qu'il trouve et poste-le stp.

 

 

Scan en ligne avec l'excellent outil de nettoyage de malwares.

 

Analyser en ligne avec Ewido Anti-Spyware

 

A l'invite, installer l'Active x (uniquement avec le navigateur Explorer 5.5 ou supérieur.

 

Installer le logiciel qui apparait dans une petite fenêtre.

 

 

Cliquer sur Start Scan; le logiciel va d'abord télécharger les dernières mises à jour de ses bases.

 

Lorqu'il est indiqué Download and processing finished.Ready to scan, cliquer sur Start Scan

 

 

Laisser le scan aller jusqu'au bout sans fermer la fenêtre.

 

A la fin de celui-ci, cliquer sur Remove all infections

 

Copie/colle le rapport et poste-le stp.

 

Fermer la fenêtre.

[biman]

VOICI LE RAPPORT

__________________________________________________

ewido anti-spyware online scanner

http://www.ewido.net

__________________________________________________

 

 

Name: TrackingCookie.Yieldmanager

Path: C:\Documents and Settings\BEUD\Cookies\beud@ad.yieldmanager[1].txt

Risk: Medium

 

Name: TrackingCookie.Advertising

Path: C:\Documents and Settings\BEUD\Cookies\beud@advertising[2].txt

Risk: Medium

 

Name: TrackingCookie.Adviva

Path: C:\Documents and Settings\BEUD\Cookies\beud@adviva[2].txt

Risk: Medium

 

Name: TrackingCookie.2o7

Path: C:\Documents and Settings\BEUD\Cookies\beud@aolfr.122.2o7[1].txt

Risk: Medium

 

Name: TrackingCookie.Atdmt

Path: C:\Documents and Settings\BEUD\Cookies\beud@atdmt[2].txt

Risk: Medium

 

Name: TrackingCookie.Bluestreak

Path: C:\Documents and Settings\BEUD\Cookies\beud@bluestreak[2].txt

Risk: Medium

 

Name: TrackingCookie.Serving-sys

Path: C:\Documents and Settings\BEUD\Cookies\beud@bs.serving-sys[1].txt

Risk: Medium

 

Name: TrackingCookie.2o7

Path: C:\Documents and Settings\BEUD\Cookies\beud@CA6Z8523.txt

Risk: Medium

 

Name: TrackingCookie.Doubleclick

Path: C:\Documents and Settings\BEUD\Cookies\beud@doubleclick[2].txt

Risk: Medium

 

Name: TrackingCookie.Hitbox

Path: C:\Documents and Settings\BEUD\Cookies\beud@ehg-neuftelecom.hitbox[1].txt

Risk: Medium

 

Name: TrackingCookie.Hitbox

Path: C:\Documents and Settings\BEUD\Cookies\beud@hitbox[2].txt

Risk: Medium

 

Name: TrackingCookie.Webtrends

Path: C:\Documents and Settings\BEUD\Cookies\beud@m.webtrends[2].txt

Risk: Medium

 

Name: TrackingCookie.Mediaplex

Path: C:\Documents and Settings\BEUD\Cookies\beud@mediaplex[1].txt

Risk: Medium

 

Name: TrackingCookie.Serving-sys

Path: C:\Documents and Settings\BEUD\Cookies\beud@serving-sys[2].txt

Risk: Medium

 

Name: TrackingCookie.Smartadserver

Path: C:\Documents and Settings\BEUD\Cookies\beud@smartadserver[1].txt

Risk: Medium

 

Name: TrackingCookie.Netflame

Path: C:\Documents and Settings\BEUD\Cookies\beud@ssl-hints.netflame[2].txt

Risk: Medium

 

Name: TrackingCookie.Statcounter

Path: C:\Documents and Settings\BEUD\Cookies\beud@statcounter[2].txt

Risk: Medium

 

Name: TrackingCookie.Tradedoubler

Path: C:\Documents and Settings\BEUD\Cookies\beud@tradedoubler[2].txt

Risk: Medium

 

Name: TrackingCookie.Weborama

Path: C:\Documents and Settings\BEUD\Cookies\beud@weborama[2].txt

Risk: Medium

 

Name: TrackingCookie.Zedo

Path: C:\Documents and Settings\BEUD\Cookies\beud@zedo[1].txt

Risk: Medium

 

Name: Backdoor.SdBot.cgz

Path: C:\Documents and Settings\BEUD\Mes documents\Mes fichiers reçus\Dance_dec_jpg(1).zip/www.Dance_dec_jpg_Msn.com

Risk: High

 

Name: TrackingCookie.Tacoda

Path: C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA46.tmp

Risk: Medium

 

Name: TrackingCookie.Skype

Path: C:\WINDOWS\system32\config\systemprofile\Cookies\system@skype[1].txt

Risk: Medium

 

 

 

 

 

 

 

 

Bonjour et bienvenue sur les forums Zébulon.

 

Winfixer? Si tu le dis...

 

Spybot bien à jour et vacciné nettoie très bien Winfixer.

 

Fais quand-même un scan en ligne ici: copie le rapport après avoir éliminé tout ce qu'il trouve et poste-le stp.

Scan en ligne avec l'excellent outil de nettoyage de malwares.

 

Analyser en ligne avec Ewido Anti-Spyware

 

A l'invite, installer l'Active x (uniquement avec le navigateur Explorer 5.5 ou supérieur.

 

Installer le logiciel qui apparait dans une petite fenêtre.

 

 

Cliquer sur Start Scan; le logiciel va d'abord télécharger les dernières mises à jour de ses bases.

 

Lorqu'il est indiqué Download and processing finished.Ready to scan, cliquer sur Start Scan

 

 

Laisser le scan aller jusqu'au bout sans fermer la fenêtre.

 

A la fin de celui-ci, cliquer sur Remove all infections

 

Copie/colle le rapport et poste-le stp.

 

Fermer la fenêtre.

[biman]

y a vraimment personne pour m aider a me debarrassé de ce virus!!!!!!

[Zonk]

y a vraimment personne pour m aider a me debarrassé de ce virus!!!!!!

Allô Biman....

Et Apollo.01 ?? que penses tu qu'il fait avec toi ?????

....tout les gens ici sont bénévole...et on une autre vie en dehors du forum.....

soit patient un petit peu s'il te plaît.....

qui sait ,peut être que quelqu'un pourra continuer...

@+

[biman]

salut a tous,

 

ok désolé, je suis novice en informatique je panique un peu, voila que antivir a decouvert ça '' W95/Blumblebee.1738 '' est un virus?

Merci

[biman]

salut a tous,

 

ok désolé, je suis novice en informatique je panique un peu, voila que antivir a decouvert ça '' W95/Blumblebee.1738 '' est un virus?

Merci

VOICI LE RAPPORT ANTIVIR

 

AntiVir PersonalEdition Classic

Report file date: mercredi 21 novembre 2007 13:11

 

Scanning for 938518 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username: SYSTEM

Computer name: XXXX

 

Version information:

BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00

AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29

AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51

LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47

LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15

ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55

ANTIVIR2.VDF : 7.0.0.198 1206272 Bytes 11/11/2007 12:10:21

ANTIVIR3.VDF : 7.0.0.242 183296 Bytes 21/11/2007 12:10:21

AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 21/11/2007 12:10:22

AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26

AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24

AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00

AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06

AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33

AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18

NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42

RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13

RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37

SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: off

Scan boot sector.................: on

Boot sectors.....................: D:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: mercredi 21 novembre 2007 13:11

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'wuauclt.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'tnbutil.exe' - '1' Module(s) have been scanned

Scan process 'FSM32.EXE' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'dllhost.exe' - '1' Module(s) have been scanned

Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'sqlservr.exe' - '1' Module(s) have been scanned

Scan process 'ehSched.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

31 processes with 31 modules were scanned

 

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

Boot sector 'D:\'

[NOTE] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '17' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\' <VAIO>

C:\hiberfil.sys

[WARNING] The file could not be opened!

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\BEUD\Application Data\Sun\Java\Deployment\cache\6.0\23\1d19b497-6d199acd

[0] Archive type: ZIP

--> BaaaaBaa.class

[DETECTION] Is the Trojan horse TR/Java.Downloader.Gen

--> VaaaaaaaBaa.class

[DETECTION] Contains detection pattern of the Java virus JAVA/ClassLoader.FA

--> Dvnny.class

[DETECTION] Contains detection pattern of the Java virus JAVA/Exploit.By.A.2

--> Baaaaa.class

[DETECTION] Contains detection pattern of the Java virus JAVA/Exploit.By.A.1

--> Dex.class

[DETECTION] Contains detection pattern of the Java virus JAVA/ClassLoader.GC

--> Dix.class

[DETECTION] Contains detection pattern of the Java virus JAVA/ClassLoader.GD

--> Dux.class

[DETECTION] Contains detection pattern of the Java virus JAVA/ClassLoader.GE

[iNFO] The file was moved to '4775213b.qua'!

C:\Documents and Settings\BEUD\Local Settings\Temp\tem276.tmp.exe

[DETECTION] Contains detection pattern of the dropper DR/Agent.646584

[iNFO] The file was moved to '47b121a1.qua'!

C:\Documents and Settings\BEUD\Local Settings\Temp\upd27E.tmp.exe

[DETECTION] Contains detection pattern of the dropper DR/Agent.646584

[iNFO] The file was moved to '47a821b2.qua'!

C:\WINDOWS\system32\ActiveScan\pskavs.dll

[DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738

[iNFO] The file was moved to '47af2c2a.qua'!

Begin scan in 'D:\' <VAIO>

 

 

End of the scan: mercredi 21 novembre 2007 14:00

Used time: 49:28 min

 

The scan has been done completely.

 

11768 Scanning directories

275924 Files were scanned

9 viruses and/or unwanted programs were found

1 Files were classified as suspicious:

0 files were deleted

0 files were repaired

4 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

275915 Files not concerned

8588 Archives were scanned

2 Warnings

10 Notes

[Apollo]

Bonsoir,

 

Désolé mais comme l'a bien compris et dit Zonk, il arrive qu'on ne puisse pas être là pour des raisons privées.

 

 

Bonsoir,

 

Télécharge MSNFix.zip (de !aur3n7) sur le bureau:

Aide en images: http://www.malekal.com/tutorial_MSNFix.php

 

http://sosvirus.changelog.fr/MSNFix.zip

Décompresse-le (clic droit : Extraire ici).

 

Ouvre-le et double clique sur le fichier MSNFix.bat

.

- Exécutez l'option R.

- Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage.

- Sauvegarde ce rapport puis fais-en un copier/coller sur le forum, ainsi qu'un scan HijackThis fait en mode normal.

- Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt

 

NB:

Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal

Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.

 

Poste le rapport stp.

 

Il est conseillé de prévenir tous tes contacts afin qu'ils procédent à la même opération car cette infection s'envoie toute seule avec ton adresse à tout ton carnet d'adresses et ainsi de suite par eux vers des autres internautes.

 

Poste un nouveau log Hijackthis après celui de MSNFix stp.

@+

[biman]

MSNFix 1.588

 

C:\Documents and Settings\BEUD\Bureau\MSNFix\MSNFix

Fix exécuté le 21/11/2007 - 20:18:35,92 By BEUD

mode normal

 

************************ Recherche les fichiers présents

 

Aucun Fichier trouvé

 

************************ Recherche les dossiers présents

 

... C:\Temp\

 

 

 

 

************************ Suppression des fichiers

 

 

 

************************ Suppression des dossiers

 

.. OK ... C:\Temp\

 

 

************************ Nettoyage du registre

 

 

 

************************ Fichiers suspects

 

Aucun Fichier trouvé

 

 

Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 21112007_20192529.zip

 

 

------------------------------------------------------------------------

Auteur : !aur3n7 Contact: http://changelog.fr

------------------------------------------------------------------------

 

--------------------------------------------- END ---------------------------------------------

[Apollo]

Re,

 

Ok reposte un nouveau log Hijackthis stp, Ewido a bien liquidé le virus.