[virus] Trojan Crypt.CFI.Gen [Fermé]

Signaler
Messages postés
1
Date d'inscription
dimanche 11 février 2007
Statut
Membre
Dernière intervention
9 mars 2007
-
 adam262007 -
Bonjour,

AviraAntivir trouvé plusieurs instances du trojan Crypt.CFI.Gen dans mon ordinateur mais je n'ai trouvé aucun site internet parlant de ce virus.
J'ai fait des scans avec Spysweeper et Adaware mais ils n'ont rien trouvé.
Est-ce que vous pourriez me dire si j'ai bien réussi à enlever le virus ou s'il est encore quelque part dans mon ordinateur?

Voici le log de Avira Antivir:

AntiVir PersonalEdition Classic
Report file date: jeudi 8 mars 2007 17:39

Scanning for 698603 virus strains and unwanted programs.
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]

Version information:
BUILD.DAT : 217 12749 Bytes 05/12/2006 17:00:00
AVSCAN.EXE : 7.0.3.5 208936 Bytes 10/02/2007 02:59:04
AVSCAN.DLL : 7.0.3.1 35880 Bytes 05/12/2006 23:00:24
LUKE.DLL : 7.0.3.2 143400 Bytes 31/10/2006 23:07:48
LUKERES.DLL : 7.0.2.0 9256 Bytes 05/12/2006 23:00:24
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 22:30:08
ANTIVIR1.VDF : 6.37.1.151 4303360 Bytes 23/02/2007 23:17:34
ANTIVIR2.VDF : 6.38.0.5 143360 Bytes 06/03/2007 22:28:08
ANTIVIR3.VDF : 6.38.0.22 101376 Bytes 08/03/2007 22:27:30
AVEWIN32.DLL : 7.3.1.41 2355712 Bytes 07/03/2007 22:29:04
AVPREF.DLL : 7.0.2.0 23592 Bytes 03/11/2006 17:53:46
AVREP.DLL : 6.38.0.6 1179688 Bytes 06/03/2007 22:28:08
AVRPBASE.DLL : 7.0.0.0 2162728 Bytes 30/03/2006 15:43:32
AVPACK32.DLL : 7.2.1.6 368680 Bytes 06/03/2007 22:28:08
AVREG.DLL : 7.0.1.2 30760 Bytes 10/02/2007 02:59:04
NETNT.DLL : No Information!
RCIMAGE.DLL : 7.0.1.3 2097192 Bytes 08/11/2006 19:26:28
RCTEXT.DLL : 7.0.12.1 77864 Bytes 05/12/2006 23:00:22

Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: jeudi 8 mars 2007 17:39

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Modules have been scanned
Scan process 'avcenter.exe' - '1' Modules have been scanned
Scan process 'SSU.EXE' - '1' Modules have been scanned
Scan process 'wmplayer.exe' - '1' Modules have been scanned
Scan process 'avgnt.exe' - '1' Modules have been scanned
Scan process 'MSNMSGR.EXE' - '1' Modules have been scanned
Scan process 'emule.exe' - '1' Modules have been scanned
Scan process 'lxcccoms.exe' - '1' Modules have been scanned
Scan process 'Webshots.scr' - '1' Modules have been scanned
Scan process 'alg.exe' - '1' Modules have been scanned
Scan process 'ooneclockv65.exe' - '1' Modules have been scanned
Scan process 'ctfmon.exe' - '1' Modules have been scanned
Scan process 'Cld2000.exe' - '1' Modules have been scanned
Scan process 'SpySweeperUI.exe' - '1' Modules have been scanned
Scan process 'qttask.exe' - '1' Modules have been scanned
Scan process 'jusched.exe' - '1' Modules have been scanned
Scan process 'Monitor.exe' - '1' Modules have been scanned
Scan process 'LVCOMSX.EXE' - '1' Modules have been scanned
Scan process 'ATKOSD.exe' - '1' Modules have been scanned
Scan process 'SynTPEnh.exe' - '1' Modules have been scanned
Scan process 'wcourier.exe' - '1' Modules have been scanned
Scan process 'RTHDCPL.EXE' - '1' Modules have been scanned
Scan process 'SynTPLpr.exe' - '1' Modules have been scanned
Scan process 'lxccmon.exe' - '1' Modules have been scanned
Scan process 'HControl.exe' - '1' Modules have been scanned
Scan process 'iFrmewrk.exe' - '1' Modules have been scanned
Scan process 'EOUWiz.exe' - '1' Modules have been scanned
Scan process '1XConfig.exe' - '1' Modules have been scanned
Scan process 'SpySweeper.exe' - '1' Modules have been scanned
Scan process 'SVCHOST.EXE' - '1' Modules have been scanned
Scan process 'StarWindService.exe' - '1' Modules have been scanned
Scan process 'RegSrvc.exe' - '1' Modules have been scanned
Scan process 'OProtSvc.exe' - '1' Modules have been scanned
Scan process 'NVSVC32.EXE' - '1' Modules have been scanned
Scan process 'MSIEXEC.EXE' - '1' Modules have been scanned
Scan process 'LSSrvc.exe' - '1' Modules have been scanned
Scan process 'INSTAL~1.EXE' - '1' Modules have been scanned
Scan process 'AVGUARD.EXE' - '1' Modules have been scanned
Scan process 'SCHED.EXE' - '1' Modules have been scanned
Scan process 'SPOOLSV.EXE' - '1' Modules have been scanned
Scan process 'SVCHOST.EXE' - '1' Modules have been scanned
Scan process 'EXPLORER.EXE' - '1' Modules have been scanned
Scan process 'SVCHOST.EXE' - '1' Modules have been scanned
Scan process 'S24EvMon.exe' - '1' Modules have been scanned
Scan process 'ZCfgSvc.exe' - '1' Modules have been scanned
Scan process 'EvtEng.exe' - '1' Modules have been scanned
Scan process 'InCDsrv.exe' - '1' Modules have been scanned
Scan process 'SVCHOST.EXE' - '1' Modules have been scanned
Scan process 'SVCHOST.EXE' - '1' Modules have been scanned
Scan process 'SVCHOST.EXE' - '1' Modules have been scanned
Scan process 'LSASS.EXE' - '1' Modules have been scanned
Scan process 'SERVICES.EXE' - '1' Modules have been scanned
Scan process 'WINLOGON.EXE' - '1' Modules have been scanned
Scan process 'CSRSS.EXE' - '1' Modules have been scanned
Scan process 'SMSS.EXE' - '1' Modules have been scanned
55 processes with 55 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( 28 files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd3693.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\vaxscsi.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{B5FE3342-DE3A-4428-969D-7C390CE58E17}\RP478\A0194804.exe
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[INFO] The file was moved to '4621b06f.qua'!
C:\System Volume Information\_restore{B5FE3342-DE3A-4428-969D-7C390CE58E17}\RP478\A0194966.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '4621b085.qua'!
C:\System Volume Information\_restore{B5FE3342-DE3A-4428-969D-7C390CE58E17}\RP481\A0196470.EXE
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[INFO] The file was moved to '4621b153.qua'!
C:\System Volume Information\_restore{B5FE3342-DE3A-4428-969D-7C390CE58E17}\RP483\A0197301.exe
[DETECTION] Contains signature of the worm WORM/Bagle.HT
[INFO] The file was moved to '4621b191.qua'!
C:\System Volume Information\_restore{B5FE3342-DE3A-4428-969D-7C390CE58E17}\RP483\A0197303.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '4621b198.qua'!
C:\System Volume Information\_restore{B5FE3342-DE3A-4428-969D-7C390CE58E17}\RP483\A0197304.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '4621b19d.qua'!
C:\System Volume Information\_restore{B5FE3342-DE3A-4428-969D-7C390CE58E17}\RP483\A0197305.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '4621b1a6.qua'!
C:\System Volume Information\_restore{B5FE3342-DE3A-4428-969D-7C390CE58E17}\RP483\A0197306.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '4621b1aa.qua'!
C:\System Volume Information\_restore{B5FE3342-DE3A-4428-969D-7C390CE58E17}\RP483\A0197307.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '4621b1ae.qua'!
C:\System Volume Information\_restore{B5FE3342-DE3A-4428-969D-7C390CE58E17}\RP483\A0197308.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '4621b1b1.qua'!
C:\System Volume Information\_restore{B5FE3342-DE3A-4428-969D-7C390CE58E17}\RP483\A0197310.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '4621b1b5.qua'!
C:\System Volume Information\_restore{B5FE3342-DE3A-4428-969D-7C390CE58E17}\RP483\A0197311.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '4621b1b8.qua'!
C:\System Volume Information\_restore{B5FE3342-DE3A-4428-969D-7C390CE58E17}\RP483\A0197312.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '4621b1bb.qua'!
C:\System Volume Information\_restore{B5FE3342-DE3A-4428-969D-7C390CE58E17}\RP485\A0197400.exe
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[INFO] The file was moved to '4621b1c5.qua'!
C:\System Volume Information\_restore{B5FE3342-DE3A-4428-969D-7C390CE58E17}\RP487\A0197436.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4621b1ca.qua'!
Begin scan in 'D:\'
D:\System Volume Information\_restore{B5FE3342-DE3A-4428-969D-7C390CE58E17}\RP487\A0197437.exe
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[INFO] The file was moved to '4621bb8c.qua'!


End of the scan: jeudi 8 mars 2007 19:46
Used time: 2:06:34 min

The scan has been done completely.

6094 Scanning directories
383260 Files were scanned
16 viruses and/or unwanted programs were found
0 files were deleted
0 files were repaired
16 files were moved to quarantine
0 files were renamed
5 Files cannot be scanned
383244 Files not concerned
7381 Archives were scanned
5 Warnings
0 Notes

Et voici un rapport de Hijackthis que j'ai lancé après avoir scanné avec Avira Antivir:

Logfile of HijackThis v1.99.1
Scan saved at 20:24:41, on 08/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\DOCUME~1\HÉLÈNE\LOCALS~1\TEMP\WZSE1.TMP\VPNCLI~1\INSTAL~1.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Wireless Console\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Calendrier\Cld2000.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
C:\PROGRA~1\Webshots\WEBSHOTS.SCR
C:\WINDOWS\system32\lxcccoms.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
D:\downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: (no name) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [Power_Gear] "C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" 1
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Wireless Console] "C:\Program Files\ASUS\Wireless Console\wcourier.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Ulead AutoDetector] "C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Wallpachange] "C:\Program Files\Wallpachange\REGLAGES.exe" /DEM
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Cld2000.exe] "C:\Program Files\Calendrier\Cld2000.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: OFFICE One Clock v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE (file missing)
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE (file missing)
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE (file missing)
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://hwbookworm.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586-jc.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.arcadetown.com/swf/deliciousdeluxe/zylomplayer.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://msnfr.oberon-media.com/...
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://msnfr.oberon-media.com/...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: 52.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Cisco Systems, Inc. Installer service (CiscoVpnInstallService) - Unknown owner - C:\DOCUME~1\HÉLÈNE\LOCALS~1\TEMP\WZSE1.TMP\VPNCLI~1\INSTAL~1.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


Merci beaucoup pour votre aide!

8 réponses

Messages postés
2330
Date d'inscription
jeudi 8 mars 2007
Statut
Contributeur
Dernière intervention
26 juin 2009
67
Salut,

Crée chacun votre propre sujet !
Merci d'avance !
3
Merci

Quelques mots de remerciements seront grandement appréciés. Ajouter un commentaire

CCM 79737 internautes nous ont dit merci ce mois-ci

Messages postés
2330
Date d'inscription
jeudi 8 mars 2007
Statut
Contributeur
Dernière intervention
26 juin 2009
67
Bonsoir,

Ton virus ets dans la restauration systeme suis ces procédures a la clé : http://forum.telecharger.01net.com/...
Aidez moi
Virus Heur/crypted;comment faire pour s'en débarasser?
salut:
AviraAntivir trouvé plusieurs instances du trojan Crypt.CFI.Gen dans mon ordinateur mais je n'ai trouvé Est-ce que vous pourriez me dire si j'ai bien réussi à enlever le virus ou s'il est encore quelque part dans mon ordinateur?


Merci beaucoup pour votre aide!
Bonjour,
j'ai avira antivir comme anti virus il m'a detecté "trojan horse", j'ai beau mettre "move to quanrantine" ou "delete" rien a faire il revient toujours la charge.
Je ne comprend pas comment faire pour le detruire.
Depuis que j'ai ce virus mes programmes s'ouvre tout seule tel que msn ou certain de mes dossier sans meme que j'y touche. j'aimerai que vous m'aidiez ça serai sympatique..
Merciii.
Messages postés
2330
Date d'inscription
jeudi 8 mars 2007
Statut
Contributeur
Dernière intervention
26 juin 2009
67
Salut,

scan kaspersky http://webscanner.kaspersky.fr/ 

Clic sur l'image Kaspersky Online Scanner 
Clic sur J'accepte 
Installes le ActiveX 
Tu attends que la mise à jour se termine, une fois terminé, 
clic sur Suivant 
Clic sur Paramètres d'analyse 
Coche la case Étendue >> Ok 
Clic sur Poste de travail pour faire un scan complet 
Une fois le scan fini à 100%, clic sur Enregistrer rapport 
sous... 
Enregistrer le rapport au format .txt (en nom tu mets rapport ou 
ce que tu veux et en type tu choisis fichier texte (*.txt) 
Tu ouvres le fichier que tu viens de sauvegarder, copie et colle 
le rapport ici si tu es infecté 

Bonjour,

j'ai le même petit soucis

voici mon rapport

Statistiques de l'analyse:
Total d'objets analysés: 49989
Nombre de virus trouvés: 6
Nombre d'objets infectés: 10 / 0
Nombre d'objets suspects: 0
Durée de l'analyse: 01:06:13

Nom de l'objet infecté / Nom du virus / Dernière action
C:\Documents and Settings\Admin\Local Settings\Temp\NeroDemo12069\Toolbar.exe Infecté : not-a-virus:AdTool.Win32.MyWebSearch.bm ignoré
C:\Documents and Settings\Aktarus\Application Data\Microsoft\MSNLiveFav\LiveFavorites.xml L'objet est verrouillé ignoré
C:\Documents and Settings\Aktarus\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Aktarus\ie_update3r.exe L'objet est verrouillé ignoré
C:\Documents and Settings\Aktarus\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Aktarus\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\Aktarus\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Aktarus\Local Settings\Historique\History.IE5\MSHist012007112120071122\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Aktarus\Local Settings\Temp\~DF20A.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Aktarus\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Aktarus\Local Settings\Temporary Internet Files\Content.IE5\ONUTSVCH\mymsn[1] L'objet est verrouillé ignoré
C:\Documents and Settings\Aktarus\ntuser.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Aktarus\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\Aktarus\UserData\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService.AUTORITE NT\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService.AUTORITE NT\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService.AUTORITE NT\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService.AUTORITE NT\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService.AUTORITE NT\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\System Volume Information\_restore{4ABF4FD9-294E-4687-B317-62907B2A7856}\RP170\A0123626.exe Infecté : Trojan.Win32.DNSChanger.acs ignoré
C:\System Volume Information\_restore{4ABF4FD9-294E-4687-B317-62907B2A7856}\RP170\A0124649.exe Infecté : Trojan-Downloader.Win32.Small.grl ignoré
C:\System Volume Information\_restore{4ABF4FD9-294E-4687-B317-62907B2A7856}\RP170\A0124650.exe Infecté : Trojan-Downloader.Win32.Small.gro ignoré
C:\System Volume Information\_restore{4ABF4FD9-294E-4687-B317-62907B2A7856}\RP170\change.log L'objet est verrouillé ignoré
C:\upload_moi_AKTARUS.tar.gz/upload_moi.tar/WINDOWS/System32/_svchost.exe Infecté : Trojan-Downloader.Win32.Tiny.abk ignoré
C:\upload_moi_AKTARUS.tar.gz/upload_moi.tar/WINDOWS/System32/isdeidk.dll Infecté : Backdoor.Win32.Agent.adr ignoré
C:\upload_moi_AKTARUS.tar.gz/upload_moi.tar Infecté : Backdoor.Win32.Agent.adr ignoré
C:\upload_moi_AKTARUS.tar.gz GZIP: infecté - 3 ignoré
C:\WINDOWS\Debug\oakley.log L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\isdeidk.dll Infecté : Backdoor.Win32.Agent.adr ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\_svchost.exe Infecté : Trojan-Downloader.Win32.Tiny.abk ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
D:\System Volume Information\_restore{4ABF4FD9-294E-4687-B317-62907B2A7856}\RP170\change.log L'objet est verrouillé ignoré

Analyse terminée.

Merci pour votre aide