Aller au contenu
  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

infection system32\cbXPIxuT.dll


Messages recommandés

Bonjour,

 

Antivir me détecte un trojan TR/Vundo.gen dans system32\cbXPIxuT.dll

Impossible de m'en débarasser.

 

Voici le rapport HJT :

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:12:52, on 25/05/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE

C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.winlsd.org

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.winlsd.org/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {52AA334A-1FF5-4D26-931B-89CD28840B9F} - C:\WINDOWS\system32\cbXPIxuT.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')

O8 - Extra context menu item: e&xporter vers microsoft excel - res://D:\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Recherche - {92780b25-18cc-41c8-b9be-3c9c571a8263} - D:\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)

O18 - Protocol: bw+0 - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {AF30F215-0705-47A8-8EBA-BD66FB9A0B2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe

O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

 

--

End of file - 17120 bytes

 

 

 

 

 

En plus, j'ai fait un scan antivir en mode sans echec. J'ai du l'annuler parce qu'il me scannait tous mes mp3 et ça prenait un temps fou... Voici le rapport :

 

 

 

 

Avira AntiVir Personal

Report file date: lundi 12 mai 2008 12:00

 

Scanning for 1260844 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Boot mode: Save mode

Username: Mitch

Computer name: JEANMI

 

Version information:

BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00

AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56

AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37

LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23

LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34

ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58

ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 05/05/2008 17:35:23

ANTIVIR3.VDF : 7.0.4.25 125952 Bytes 11/05/2008 17:36:14

Engineversion : 8.1.0.42

AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21

AESCRIPT.DLL : 8.1.0.31 262522 Bytes 10/05/2008 17:35:34

AESCN.DLL : 8.1.0.16 119156 Bytes 10/05/2008 17:35:33

AERDL.DLL : 8.1.0.20 418165 Bytes 10/05/2008 17:35:32

AEPACK.DLL : 8.1.1.4 364918 Bytes 10/05/2008 17:35:31

AEOFFICE.DLL : 8.1.0.18 192890 Bytes 10/05/2008 17:35:30

AEHEUR.DLL : 8.1.0.26 1237366 Bytes 10/05/2008 17:35:29

AEHELP.DLL : 8.1.0.14 115063 Bytes 10/05/2008 17:35:28

AEGEN.DLL : 8.1.0.20 299380 Bytes 10/05/2008 17:35:27

AEEMU.DLL : 8.1.0.6 430451 Bytes 10/05/2008 17:35:26

AECORE.DLL : 8.1.0.28 168310 Bytes 10/05/2008 17:35:25

AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53

AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47

AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49

AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23

AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31

SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02

SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39

NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10

RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25

RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:, D:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: lundi 12 mai 2008 12:00

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

11 processes with 11 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '34' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\Mitch\Bureau\SDFix\backups\backups.zip

[0] Archive type: ZIP

--> backups/Qxf30.sys

[DETECTION] Is the Trojan horse TR/Trash.Gen

[NOTE] A backup was created as '488b1698.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\Documents and Settings\Mitch\Bureau\SDFix\backups_old\WinData.cab

[DETECTION] Is the Trojan horse TR/Spy.Gen

[NOTE] A backup was created as '489616aa.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\Documents and Settings\Mitch\Bureau\SDFix\backups_old\WinNt32.dll

[DETECTION] Is the Trojan horse TR/Spy.Gen

[NOTE] A backup was created as '490fdd9b.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\Program Files\Trend Micro\HijackThis\backups\backup-20080511-022646-292.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[NOTE] A backup was created as '488b198f.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\WINDOWS\system32\cbXPIxuT.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[NOTE] A backup was created as '48801d23.qua' ( QUARANTINE )

[WARNING] The file could not be deleted!

C:\WINDOWS\system32\W,,,),,),W),,W)))W,,,))WWW)))W,,,)WWW.exe

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[NOTE] A backup was created as '4854273d.qua' ( QUARANTINE )

[NOTE] The file was deleted!

C:\WINDOWS\system32\drivers\sptd.sys

[WARNING] The file could not be opened!

Begin scan in 'D:\' <Sensual>

 

 

End of the scan: lundi 12 mai 2008 13:30

Used time: 1:30:39 min

 

The scan has been canceled!

 

5773 Scanning directories

96973 Files were scanned

6 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

5 files were deleted

0 files were repaired

6 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

96967 Files not concerned

620 Archives were scanned

3 Warnings

6 Notes

 

 

 

 

 

Enfin, toujours en mode sans echec, j'ai fait un scan Malware's byte, que j'ai interrompu pour les memes raisons au bout de plus de 6 heures. Voici le rapport :

 

Malwarebytes' Anti-Malware 1.12

Version de la base de données: 738

 

Type de recherche: Examen complet (C:\|D:\|)

Eléments examinés: 88111

Temps écoulé: 6 hour(s), 2 minute(s), 52 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 1

Clé(s) du Registre infectée(s): 2

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 2

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 7

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

C:\WINDOWS\system32\cbXPIxuT.dll (Trojan.Vundo) -> Unloaded module successfully.

 

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4364a48a-e3d7-4f8a-b7d5-c1638babb5e6} (Trojan.Vundo) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{4364a48a-e3d7-4f8a-b7d5-c1638babb5e6} (Trojan.Vundo) -> Delete on reboot.

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\cbxpixut -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\cbxpixut -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\WINDOWS\system32\cbXPIxuT.dll (Trojan.Vundo) -> Delete on reboot.

C:\WINDOWS\system32\TuxIPXbc.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TuxIPXbc.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mitch\Bureau\SDFix\backups_old\cbOCR.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mitch\Bureau\SDFix\backups_old\lssxyqr.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Trend Micro\HijackThis\backups\backup-20080510-200501-213.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Program Files\Trend Micro\HijackThis\backups\backup-20080510-200541-132.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

 

 

 

Et apres ça, toujours contaminé :P

 

Aidez moi! s'il vous plait!

Lien vers le commentaire
Partager sur d’autres sites

Bonsoir,

 

Bienvenue sur Zebulon.fr

 

 

effectue déja ça :

 

Imprimez ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

 

 

Télécharger Malwarebytes' Anti-Malware (MBAM)

 

 

Enregistrez le sur le bureau .

Fermer toutes les fenêtres et programmes.

 

Double-cliquer sur l'icône Download_mbam-setup.exe sur le bureau pour démarrer l'installation.

Suivez les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet).

N'apportez aucune modification aux réglages par défaut et, en fin d'installation,

vérifiez que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.

 

MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse.

Comme il se met automatiquement à jour en fin d'installation, cliquer sur OK pour fermer la boîte de dialogue.

 

Ferme le programme,

 

 

Redémarre ton PC en mode sans échec (important) (touche F8 au démarrage)

 

Lance Malwarebyte

 

La fenêtre principale de MBAM s'affiche :

 

Dans l'onglet analyse, vérifier que "Exécuter une analyse approfondie" est coché et cliquer sur le bouton Rechercher pour démarrer l'analyse.

 

L' analyse prendra un certain temps, soyez patient !

Un message s'affichera, en indiquant la fin .

Cliquer sur OK pour continuer.

 

Si des malwares ont été détectés, leur liste s'affiche.

En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

 

MBAM va ouvrir le bloc-notes et y copier le rapport d'analyse qui peut être retrouvé sous l'onglet Rapports/logs.

Fermer le bloc-note.

Fermer MBAM en cliquant sur Quitter.

Poster le rapport .

 

@+

Lien vers le commentaire
Partager sur d’autres sites

Re,

 

Petite remarque omise, met à jour ta version Internet Explorer ( la 7 est quand même plus sécurisé que la 6) et pour encore aller plus loin, installe et utilise FireFox (www.mozilla.com/firefox/ ) garde IE7 pour les mises à jours Windows Updates (impossible avec Firefox). ton PC ne pourra qu'apprécier.

 

@+

Lien vers le commentaire
Partager sur d’autres sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

 Share

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...