Sujet Précédent Sujet Suivant

Infection

Fermé
LeGhe - 14 janv. 2008 à 17:26
 ricou - 15 janv. 2008 à 17:42
Bonjour,

J'ai "chopé" un virus ou un malware quelconque...

Ouverture de popup intempestifs me proposant reparateurdesysteme et autre, à chaque navigation...

Voici mon Hijack, si quelqu'un avait la gentillesse de me donner un coup de main à me désinfecter...

Logfile of HijackThis v1.99.1
Scan saved at 17:21:29, on 14/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Agent\Application Data\Amadeus\Viewer\Showcase.exe
D:\Ace\wancl9-2-999-13.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\HijackThis\Respagence.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.vianeo.com/fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 62.23.82.219 srvaltiris
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {F5FD51CD-DD18-43E7-95BE-8EC9149DED05} - C:\DOCUME~1\Agent\LOCALS~1\Temp\awtst.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\DOCUME~1\Agent\LOCALS~1\Temp\vtsqn.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\DOCUME~1\Agent\LOCALS~1\Temp\awtst.dll,c
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Numérisation PC.lnk = C:\WINDOWS\ScanToPc.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.destino.amadeus.com
O15 - Trusted Zone: *.amadeus.com
O15 - Trusted Zone: *.amadeus.fr
O15 - Trusted Zone: *.amadeus.net
O15 - Trusted Zone: *.amadeuscruise.com
O15 - Trusted Zone: *.amadeusferry.com
O15 - Trusted Zone: *.amadeusproweb.com
O15 - Trusted Zone: http://*.amadeusproweb.com
O15 - Trusted Zone: *.amadeusvista.com
O15 - Trusted Zone: http://*.amadeusvista.com
O15 - Trusted Zone: *.start.de
O15 - Trusted Zone: *.vianeo.com
O15 - Trusted Zone: http://*.amadeusproweb.com (HKLM)
O15 - Trusted Zone: http://*.amadeusvista.com (HKLM)
O16 - DPF: {051FE707-9706-11D5-A836-000102A7C938} - file://E:\html\AutoUpdateATL24P210.CAB
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.virustraq.com/img/scan_virus/webscan.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://froginkiwiland.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B151B524-F451-4036-9663-B3944FA710DF} (ExecuteAgent2p Class) - http://www.vianeo.com/Vianeo/fo/activex/FraClientPro.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E224546-8D03-41A3-95D3-60F476E0C7ED}: NameServer = 10.228.211.10,10.228.211.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6D1A30A-22D1-4DBC-90EA-93EF685FCC36}: NameServer = 10.228.211.10,10.228.211.11
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: AUWinLogon - C:\WINDOWS\SYSTEM32\AUWinLogon.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
O23 - Service: Amadeus Automatic Update - Amadeus - C:\Program Files\Automatic Update\AutoUpdate.exe
O23 - Service: AmadeusProPrinter - Amadeus - C:\Program Files\Amadeus\Pro Printer\Mainsrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

5 réponses

Réponse 1 / 5
madt14 Messages postés 2 Date d'inscription lundi 14 janvier 2008 Statut Membre Dernière intervention 14 janvier 2008
14 janv. 2008 à 18:57
je connais pas grand chose mais deja eu le mème probleme
telecharge avg antispyware
et fais un scan
0
Réponse 2 / 5
LeGhe
15 janv. 2008 à 08:51
Bah, c'est fait, avec Spybot, et Rogueremover aussi, mais ça change rien...
0
Réponse 3 / 5
el tuko
15 janv. 2008 à 17:36
salut j'ai exactement le meme pb depuis hier. si tu as une solution previens moi stp merci
0
Réponse 4 / 5
LeGhe
15 janv. 2008 à 17:42
à peine avancé...

J'ai fait des recherches sur "reparateurdesysteme" dans google, et pas mal de personnes sont infectées, apparemment, mais j'ai pas encore trouvé la solution...

HELPPPP
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 5
ricou
15 janv. 2008 à 17:42
salut moi aussi antivir deborde 10 detection 3warning voila le raport si qq'un pe me donné un coup de pouce merci
AntiVir PersonalEdition Classic
Report file date: mardi 15 janvier 2008 16:39

Scanning for 1038274 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: SNZ123455567896

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 06/09/2007 06:40:08
AVSCAN.DLL : 7.0.6.0 49192 Bytes 06/09/2007 06:40:08
LUKE.DLL : 7.0.5.3 147496 Bytes 06/09/2007 06:40:09
LUKERES.DLL : 7.0.6.1 10280 Bytes 06/09/2007 06:40:09
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 16:55:23
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 16:36:14
ANTIVIR2.VDF : 7.0.1.205 620544 Bytes 08/01/2008 15:37:19
ANTIVIR3.VDF : 7.0.1.241 304128 Bytes 15/01/2008 15:37:40
AVEWIN32.DLL : 7.6.0.48 3080704 Bytes 15/01/2008 15:37:40
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 06/09/2007 06:40:08
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 15/01/2008 15:37:40
AVREG.DLL : 7.0.1.6 30760 Bytes 06/09/2007 06:40:08
AVARKT.DLL : 1.0.0.20 278568 Bytes 06/09/2007 06:40:05
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 06/09/2007 06:40:08
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 06/09/2007 06:40:01
RCTEXT.DLL : 7.0.62.0 86056 Bytes 06/09/2007 06:40:01
SQLITE3.DLL : 3.3.17.1 339968 Bytes 06/09/2007 06:40:09

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 15 janvier 2008 16:39

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
Scan process 'USBDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'cledx.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'AOSD.EXE' - '1' Module(s) have been scanned
Scan process 'ABOARD.EXE' - '1' Module(s) have been scanned
Scan process 'DetectorApp.exe' - '1' Module(s) have been scanned
Scan process 'Vaderetro_oe.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
42 processes with 42 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '39' files ).


Starting the file scan:

Begin scan in 'C:\' <HDD>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\177114A6.exe
[DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1778689F.exe
[DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
[INFO] The file was moved to '47c3d5b0.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\17A5346D.exe
[DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
[INFO] The file was moved to '47cdd5b6.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\17FA7810.exe
[DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
[WARNING] The file was ignored!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6DD22E68.exe
[DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
[INFO] The file was moved to '47d0d5da.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP128\A0027844.exe
[DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP128\A0027845.exe
[DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP128\A0027846.exe
[DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
[INFO] The file was moved to '47bcdc64.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP128\A0027847.exe
[DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
[INFO] The file was moved to '47bcdc66.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP98\A0023096.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '47bcdd15.qua'!


End of the scan: mardi 15 janvier 2008 17:29
Used time: 50:50 min

The scan has been done completely.

8735 Scanning directories
291729 Files were scanned
10 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
3 files were deleted
0 files were repaired
6 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
291719 Files not concerned
11603 Archives were scanned
3 Warnings
207 Notes
0

Discussions similaires

Infection d'une URL.blacklist
marina41 -
Malekal_morte- -

6 réponses
Infection ?
Tomy -
MisteryBean -

10 réponses
Infection ou pas ???
karissia -
helpcenter -

1 réponse
infection ou pas?
jpn1000 -
mcvivien2 -

5 réponses
url:blacklist
jp13013 -
Malekal_morte- -

11 réponses