Bonjour,
je suis infecté par le cheval de Troie "tr/downloader.gen".
j'ai antivir, j'ai mis quelques fichiers en quarantaine quand il a découvert le virus mais après je clique sur "ignorer le fichier" car il revient tout le temps.
Voici un rapport Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:16:22, on 22/01/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\DOCUME~1\ANTOIN~1.ROY\LOCALS~1\APPLIC~1\MICROS~1\comrepl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\DOCUME~1\ANTOIN~1.ROY\LOCALS~1\Temp\clipsrv.exe
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [CmUsbAudio] RunDll32 cmcnfg2.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [ComRepl] C:\DOCUME~1\ANTOIN~1.ROY\LOCALS~1\APPLIC~1\MICROS~1\comrepl.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [SessMgr] C:\DOCUME~1\ANTOIN~1.ROY\LOCALS~1\APPLIC~1\MICROS~1\sessmgr.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Spool] C:\DOCUME~1\ANTOIN~1.ROY\APPLIC~1\spoolsv.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [MstInit] C:\DOCUME~1\ANTOIN~1.ROY\LOCALS~1\APPLIC~1\MICROS~1\mstinit.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [rsvp] C:\DOCUME~1\ANTOIN~1.ROY\LOCALS~1\Temp\rsvp.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Cisvc] C:\DOCUME~1\ANTOIN~1.ROY\LOCALS~1\APPLIC~1\cisvc.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [CmSTP] C:\DOCUME~1\ANTOIN~1.ROY\LOCALS~1\APPLIC~1\cmstp.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Spool] C:\DOCUME~1\ANTOIN~1.ROY\LOCALS~1\APPLIC~1\MICROS~1\spoolsv.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Mstsc] C:\DOCUME~1\ANTOIN~1.ROY\APPLIC~1\MICROS~1\mstsc.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [MqtgSVC] C:\DOCUME~1\ANTOIN~1.ROY\LOCALS~1\Temp\mqtgsvc.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Logman] C:\DOCUME~1\ANTOIN~1.ROY\LOCALS~1\APPLIC~1\MICROS~1\logman.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [IEudinit] C:\DOCUME~1\ANTOIN~1.ROY\LOCALS~1\Temp\ieudinit.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Esent Utl] C:\DOCUME~1\ANTOIN~1.ROY\APPLIC~1\MICROS~1\esentutl.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [DllHst] C:\WINDOWS\dllhst3g.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [DllHst] C:\WINDOWS\dllhst3g.exe /waitservice (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
Afficher la suite