[RB211]

Salut les gars .. Je viens d'ouvrir un e-mail et a été touché par un virus Antivirus XP 2008. Cant get rid of it. Any help much appreciated ..

[evilfantasy]

Démarrer ICI

Publier les journaux, quand il sera achevé.

[RB211]

Désolé je ne comprends mate .. Que voulez-vous que je fasse avec tout cela?

[Hybr! D]

Prenez le temps de le lire, puis exécuter le logiciel et d'après les fichiers de log afin que nous puissions voir ce qui se passe avec votre PC.

[RB211]

Voici les logs:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Généré le 07.05.2008 à 05:20 PM
Application Version: 4.15.1000
Règles de base de base de données Version: 3497
Trace Rules Database Version: 1488
Scan type: Quick Scan
Total Scan Time: 00:10:14
Mémoire objets numérisés: 268
Mémoire menaces détectées: 1
Registry items scanned: 407
Registre des menaces détectées: 26
Fichier articles numérisés: 6977
Dossier de menaces détectées: 175
Rogue.AntiVirus XP 2008
C: \ PROGRAM FILES \ RHCPV6J0EREL \ RHCPV6J0EREL.EXE
C: \ PROGRAM FILES \ RHCPV6J0EREL \ RHCPV6J0EREL.EXE
C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Antivirus XP 2008 \ Antivirus XP 2008.lnk
C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Antivirus XP 2008 \ How to Register Antivirus XP 2008.lnk
C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Antivirus XP 2008 \ License Agreement.lnk
C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Antivirus XP 2008 \ Register Antivirus XP 2008.lnk
C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Antivirus XP 2008 \ Uninstall.lnk
C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Antivirus XP 2008
C: \ AA \ RHCPV6J0EREL \ RHCPV6J0EREL.EXE
Rogue.Dropper / Gen
[lphctv6j0erel] C: \ WINDOWS \ SYSTEM32 \ LPHCTV6J0EREL.EXE
C: \ WINDOWS \ SYSTEM32 \ LPHCTV6J0EREL.EXE
Adware.Tracking Cookie
C: \ Documents and Settings \ Danny \ Cookies \ @ danny siégeant-sys [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ @ danny burstnet [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@media.adrevolver [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ @ danny clickbank [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ @ danny advertpro [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@e-2dj6wjnywnc5eeo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ tribalfusion [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@adserver.mediarun [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ 192 [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ @ danny adviva [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ehg-mgnlimited.hitbox [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ @ danny sex-video [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ @ danny Mediaplex [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@stat.onestat [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ @ danny adrevenue [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ads.videhost [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ads.pugetsoundsoftwar e [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ @ danny publicité [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ @ danny double [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@www.burstnet [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@tracking.summitmedia. co [1]. txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@bs.serving-sys [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ @ danny tacoda [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ s [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ @ danny kontera [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@data.coremetrics [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ questionmarket [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ @ danny roiservice [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ adbrite [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@counter.hitslink [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@adserving.muppetism [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ cgi-bin [4]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@vhost.oddcast [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@rotator.adjuggler [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@s1.trafficmaxx [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@www.stilemedia [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ads.ookla [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ @ danny neocounter2 [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ad1.doublepimp [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@te.kontera [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ @ danny 9167811 [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ @ danny adrevolver [3]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ @ danny indextools [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ @ danny sexyandshocking [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ @ danny yadro [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@w00tpublishers.wootme dia [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@dynamic.media.adrevol ver [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@e-2dj6wfkokkcjcao.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ @ danny atwola [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ @ danny Zedo [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ @ danny adecn [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@mobilefun.112.2o7 [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@m1.webstats.motigo [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ @ danny adrevolver [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ @ danny 1068755026 [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ @ danny specificclick [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ @ danny firstchoice [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ 2o7 [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ @ danny TradeDoubler [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ads.techguy [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ @ danny adultadworld [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ehg-bestbuy.hitbox [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ @ danny firstchoice [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ehg-twi.hitbox [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ad.yieldmanager [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ @ danny revsci [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@statse.webtrendslive [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@exchange.ggmedia [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ @ danny adlegend [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ cgi-bin [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@shopping.112.2o7 [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ehg-iwantoneofthose.hitbox [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ads.digitalrock.co [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ @ danny 63701567 [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ overture [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ad1.clickhype [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ a [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ @ danny Bluestreak [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ @ danny StatCounter [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ atdmt [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ads.pubmatic [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ 247realmedia [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@avgtechnologies.112.2 o7 [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ @ danny Bravenet [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@heavycom.122.2o7 [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@stat.dealtime [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@adopt.euroclick [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@server.iad.liveperson [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ fastclick [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ tripod [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ @ danny ADTech [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ @ danny renforcer [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ehg-systemax.hitbox [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ @ danny stilemedia [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ @ danny gostats [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@network-ca.247realmedia [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ hitbox [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ @ danny AdRotator [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ @ danny 1048893890 [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ cgi-bin [3]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@www.clash-media [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ @ danny indexstats [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@test.coremetrics [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@eas.apm.emediate [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ @ danny ADTech [2]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@ehg-iwantoneofthose.hitbox [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ @ danny sextracker [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@ad.yieldmanager [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@metacafe.122.2o7 [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@stat.onestat [2]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@counter4.sextracker [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ @ danny double [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ atdmt [2]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@as1.falkag [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@hg1.hitbox [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@c1.zedo [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@counter13.sextracker [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@counter15.sextracker [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ hitbox [2]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ @ danny adrevolver [2]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ @ danny adrevolver [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ @ danny Zedo [2]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ @ danny targetnet [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@adopt.hbmediapro [2]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ 2o7 [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ @ danny atwola [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@stats.searchtrack [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ atdmt [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ @ rozzie quinze [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@www.fifteen [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@e-2dj6wflisidjkko.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ @ rozzie ADTech [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@marksandspencer.122 ,2 o7 [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ adrevolver [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@perf.overture [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ @ rozzie windowsmedia [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ @ rozzie StatCounter [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@msnportal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ @ rozzie comptes [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@e-2dj6wflyckcjabo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@ehg-debenhams.hitbox [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@paypal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@tracker.roitesting [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ @ rozzie Bravenet [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@adopt.euroclick [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ indexstats [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@data4.perf.overture [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@bs.serving-sys [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ revsci [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ @ rozzie Mediaplex [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@etype.adbureau [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@112.2o7 [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ hitbox [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@ehg-bskyb.hitbox [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@ads.telegraph.co [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@statse.webtrendsliv e [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ questionmarket [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ @ rozzie siégeant-sys [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ @ rozzie TradeDoubler [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ indextools [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ 2o7 [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ @ rozzie publicité [2]. Txt
Rogue.AntiSpywareExpert
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC # NextInstance
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 # Service
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 # Legacy
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 # ConfigFlags
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 # Class
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 # ClassGUID
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 # DeviceDesc
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 \ Control
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 \ Control # ActiveService
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # Ty pe
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # St art
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # Er rorControl
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # Im agePath
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # Di splayName
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc Ob # jectName
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # t Op
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc \ Se sécurité
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc \ # Se sécurité sécurité
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc \ En um
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc \ En um # 0
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc \ En um # Count
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc \ En um # NextInstance
NotHarmful.Sysinternals BlueScreen Screen Saver
C: \ WINDOWS \ SYSTEM32 \ BLPHCTV6J0EREL.SCR
Trojan.Unclassified / CBEvtSvc
C: \ WINDOWS \ SYSTEM32 \ CBEVTSVC.EXE
C: \ WINDOWS \ Prefetch \ CBEVTSVC.EXE-2F4C36CD.pf
Trojan.Unknown origine
C: \ WINDOWS \ SYSTEM32 \ PHCTV6J0EREL.BMP



Malwarebytes' Anti-Malware 1.19
Database version: 924
Windows 5.1.2600 Service Pack 3
19:22:42 05/07/2008
Mbam-log-7-5-2008 (19-22-42). txt
Scan type: Full Scan (C: \ | D: \ | E: \ |)
Objects scanned: 113635
Temps écoulé: 42 minute (s), 4 seconde (s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Fichiers infectés: 4
Memory Processes Infected:
(Articles n ° malveillants détectés)
Memory Modules Infected:
(Articles n ° malveillants détectés)
Registry Keys Infected:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Software Notifier (Rogue.Multiple) -> en quarantaine et supprimé avec succès.
Registry Values Infected:
(Articles n ° malveillants détectés)
Registry Data Items Infected:
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curré ntVersion \ Policies \ System \ NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> en quarantaine et supprimé avec succès.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curré ntVersion \ Policies \ System \ NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> en quarantaine et supprimé avec succès.
Folders Infected:
(Articles n ° malveillants détectés)
Fichiers infectés:
C: \ System Volume Information \ (_Restore CB12E2D1-8CFA-4FCC-A08D-7A3A985B54E4) \ RP2 \ A0000029.exe (Trojan.Downloader) -> en quarantaine et supprimé avec succès.
C: \ System Volume Information \ (_Restore CB12E2D1-8CFA-4FCC-A08D-7A3A985B54E4) \ RP2 \ A0000047.dll (Rogue.AntivirusXP2008) -> en quarantaine et supprimé avec succès.
C: \ System Volume Information \ (_Restore CB12E2D1-8CFA-4FCC-A08D-7A3A985B54E4) \ RP4 \ A0000262.exe (Trojan.Downloader) -> en quarantaine et supprimé avec succès.
C: \ System Volume Information \ (_Restore CB12E2D1-8CFA-4FCC-A08D-7A3A985B54E4) \ RP4 \ A0000485.dll (Rogue.AntivirusXP2008) -> en quarantaine et supprimé avec succès.

JavaRa 1.08 Removal Log.Report suit, après la ligne .------------------------------------ Le processus de suppression JavaRa a commencé le Sat Jul 05 19:49:54 2008
Trouvé et supprimé: C: \ Program Files \ Java \ jre1.6.0_05Found et enlevé: SOFTWARE \ JavaSoft \ Java Runtime Environment \ 1.4Found et enlevé: SOFTWARE \ Classes \ JavaWebStart.isInstalled.1.5.0.0F ound et enlevé: Software \ JavaSoft \ Java2D \ 1.5.0_02Found et supprimée: Software \ JavaSoft \ Java2D \ 1.5.0_04Found et supprimée: Software \ JavaSoft \ Java2D \ 1.5.0_06Found et supprimée: Software \ JavaSoft \ Java2D \ 1.5.0_09Found et supprimée: Software \ JavaSoft \ Java2D \ 1.5.0_10Found et supprimée: Software \ JavaSoft \ Java2D \ 1.5.0_11Found et enlevé: SOFTWARE \ Classes \ JavaPlugin.150_02Found et enlevé: SOFTWARE \ Classes \ JavaPlugin.150_04Found et enlevé: SOFTWARE \ Classes \ JavaPlugin.150_06Found et supprimées: SOFTWARE \ Classes \ JavaPlugin.150_09Found et supprimée: SOFTWARE \ Classes \ JavaPlugin.150_10--------------------------------- --- Finished reporting.


Merci les gars

[evilfantasy]

Besoin maintenant le journal HijackThis.

[RB211]

Oups désolé. La voici:

Logfile de Trend Micro HijackThis v2.0.2
Scan sauvé à 20:24:21, le 05.07.2008
Plate-forme: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ CA \ eTrust Antivirus \ Inorpc.exe
C: \ Program Files \ CA \ eTrust Antivirus \ InoRT.exe
C: \ Program Files \ CA \ eTrust Antivirus \ InoTask.exe
C: \ Program Files \ SPAMfighter \ sfus.exe
C: \ WINDOWS \ Explorer.EXE
C: \ WINDOWS \ AGRSMMSG.exe
C: \ WINDOWS \ System32 \ OSD.EXE
C: \ WINDOWS \ system32 \ SB.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPLpr.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ PROGRA ~ 1 \ CA \ eTrust ~ 1 \ realmon.exe
C: \ Program Files \ QuickTime \ qttask.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ MUSICMATCH \ MUSICMATCH Jukebox \ mmtask.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ SPAMfighter \ SFAgent.exe
C: \ Program Files \ Fichiers communs \ Real \ Update_OB \ realsched.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ Program Files \ Unies Alertes \ UnitedAlerts.exe
C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Program Files \ DNA \ btdna.exe
C: \ Program Files \ Windows Media Player \ wmpnscfg.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ WINDOWS \ system32 \ sistray.exe
C: \ Program Files \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ fr-fr \ bin \ WindowsSearch.exe
C: \ Program Files \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ fr-fr \ bin \ WindowsSearchIndexer.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ WinZip \ WZQKPICK.EXE
C: \ WINDOWS \ system32 \ Wuauclt.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ fr-fr \ bin \ WindowsSearchFilter.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://news.bbc.co.uk/sport1/hi/football/default.stm
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.toysrus.co.uk/
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://www.toysrus.co.uk/
R3 - URLSearchHook: ICQ Toolbar - (855F3B16-6D32-4fe6-8A56-BBB695989046) - C: \ Program Files \ ICQToolbar \ toolbaru.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 6.0 \ Reader \ ActiveX \ AcroIEHelper.dll
O2 - BHO: RealPlayer Téléchargez et Record Plugin for Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ program files \ google \ googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 3.0.1225.9868 \ s wg.dll
O2 - BHO: MSN Search Toolbar Helper - (BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Program Files \ MSN Toolbar Suite \ TB \ 02.05.0000.1082 \ fr-fr \ msntb.dll
O3 - Toolbar: ICQ Toolbar - (855F3B16-6D32-4fe6-8A56-BBB695989046) - C: \ Program Files \ ICQToolbar \ toolbaru.dll (file missing)
O3 - Toolbar: MSN Search Toolbar - (BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Program Files \ MSN Toolbar Suite \ TB \ 02.05.0000.1082 \ fr-fr \ msntb.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ program files \ google \ googletoolbar3.dll
O4 - HKLM \ .. \ Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM \ .. \ Run: [OSD]% SystemRoot% \ System32 \ OSD.EXE
O4 - HKLM \ .. \ Run: [SB] C: \ WINDOWS \ system32 \ SB.exe
O4 - HKLM \ .. \ Run: [SynTPLpr] C: \ Program Files \ Synaptics \ SynTP \ SynTPLpr.exe
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [SiSUSBRG] C: \ WINDOWS \ SiSUSBrg.exe
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [Realtime Monitor] C: \ PROGRA ~ 1 \ CA \ eTrust ~ 1 \ realmon.exe-s
O4 - HKLM \ .. \ Run: [UserFaultCheck]% systemroot% \ system32 \ dumprep 0-u
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [SiSPower] Rundll32.exe SiSPower.dll, ModeAgent
O4 - HKLM \ .. \ Run: [mmtask] "C: \ Program Files \ MUSICMATCH \ MUSICMATCH Jukebox \ mmtask.exe"
O4 - HKLM \ .. \ Run: [SPAMfighter Agent] "C: \ Program Files \ SPAMfighter \ SFAgent.exe" délai de mise à jour 60
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Fichiers communs \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,, BluetoothAuthenticationAgent
O4 - HKLM \ .. \ Run: [SMrhcpv6j0erel] C: \ Program Files \ rhcpv6j0erel \ rhcpv6j0erel.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [Alerte-Unis] C: \ Program Files \ United Alertes \ UnitedAlerts.exe
O4 - HKCU \ .. \ Run: [swg] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Program Files \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Program Files \ Windows Media Player \ wmpnscfg.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-18 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office10 \ Osa.exe
O4 - Global Startup: Utility Tray.lnk = C: \ WINDOWS \ system32 \ sistray.exe
O4 - Global Startup: Windows Desktop Search.lnk = C: \ Program Files \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ fr-fr \ bin \ WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C: \ Program Files \ WinZip \ WZQKPICK.EXE
O8 - Extra du menu contextuel: & Google Search - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmsearch.html
O8 - Extra du menu contextuel: & ICQ Toolbar Search - res: / / C: \ Program Files \ ICQToolbar \ toolbaru.dll / search.html
O8 - Extra du menu contextuel: & MSN Search - res: / / C: \ Program Files \ MSN Toolbar Suite \ TB \ 02.05.0000.1082 \ fr-fr \ msntb.dll / search.htm
O8 - Extra du menu contextuel: Backward Links - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra du menu contextuel: Cached Snapshot of Page - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmcache.html
O8 - Extra du menu contextuel: E & xporter vers Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MICROS ~ 3 \ Office10 \ EXCEL.EXE/3000
O8 - Extra du menu contextuel: Ouvrir dans un nouvel onglet - res: / / C: \ Program Files \ MSN Toolbar Suite \ TAB \ 02.05.0001.1119 \ fr-fr \ msntabres.dll/229? 4f61d6b2c8414b81896dc6b3a393b615
O8 - Extra du menu contextuel: Ouvrir dans un nouvel onglet premier plan - res: / / C: \ Program Files \ MSN Toolbar Suite \ TAB \ 02.05.0001.1119 \ fr-fr \ msntabres.dll/230? 4f61d6b2c8414b81896dc6b3a393b615
O8 - Extra du menu contextuel: Pages similaires - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmsimilar.html
O8 - Extra du menu contextuel: Traduire en anglais - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra button: Medion et le Royaume-Uni - (CE67CBC2-5CCB-4FC4-BA83-51AE4878170C) -- http://www.medion.co.uk (file missing) (HKCU)
O16 - DPF: RaptisoftGameLoader -- http://www.miniclip.com/hamsterball/...gameloader.cab
O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?Link...04&clcid=0x409
O16 - DPF: (1803B9EF-9905-4F34-AFC4-05D1BAB28801) (RegUserCfgUI Class) -- http://us.dl1.yimg.com/download.yaho...1/yregucfg.cab
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://v5.windowsupdate.microsoft.co...?1106745510172
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://www.update.microsoft.com/micr...?1215253028000
O16 - DPF: (B38870E4-7ECB-40DA-8C6A-595F0A5519FF) (MsnMessengerSetupDownloadControl Class) -- http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: (BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B) (Zylom Games Player) -- http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: (E8F628B5-259-4734-97EE-BA914D7BE941) (Driver Agent ActiveX Control) -- http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc - C: \ Program Files \ CA \ eTrust Antivirus \ Inorpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc - C: \ Program Files \ CA \ eTrust Antivirus \ InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc - C: \ Program Files \ CA \ eTrust Antivirus \ InoTask.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C: \ Program Files \ SPAMfighter \ sfus.exe
--
Fin de fichier - 10,438 octets

[evilfantasy]

Encore du travail à faire.

Télécharger SDFix.exe et de l'enregistrer sur votre bureau.

Double-cliquez sur SDFix.exe et il va extraire les fichiers à% systemdrive%
(Dur qui contient le répertoire Windows, typiquement C: \ SDFix)

Maintenant, redémarrez votre ordinateur en Safe Mode de la manière suivante:

• Redémarrez votre ordinateur
• Après avoir entendu l'ordinateur bip une fois au cours de démarrage, mais avant l'icône de Windows s'affiche, appuyez sur la touche F8 continuellement;
• Au lieu de chargement de Windows comme d'habitude, les options avancées du menu doit apparaître;
• Sélectionnez la première option, pour exécuter Windows en mode sans échec, puis appuyez sur la touche Entrez.
• Choisissez votre compte habituel.
• Ouvrez le dossier extrait SDFix et double-cliquez sur RunThis.bat pour lancer le script.
• Type Y pour commencer le processus de nettoyage.
• Il permet de lever toute Trojan Services et des entrées de registre qu'il trouve ensuite vous invite à vous appuyer sur une touche pour redémarrer.
• Appuyez sur une touche et il redémarre le PC.
• Lorsque l'ordinateur redémarre le Fixtool sera à nouveau et terminer la procédure de suppression d'affichage puis Terminé, Appuyez sur une touche à la fin du script et charger les icônes de votre bureau.
• Une fois les icônes du bureau charge le rapport SDFix s'ouvrira à l'écran et mettre dans le dossier de SDFix Report.txt
  (Report.txt sera également copié dans le Presse-papiers).
• Enfin, copiez et collez le contenu du fichier des résultats Report.txt avec un NOUVEL HijackThis log dans votre prochaine réponse.

Si SDFix ne fonctionne pas ou vous avez des erreurs, suivez le lien pour obtenir des instructions sur l'exécution de SDFix. Comment utiliser SDFix

----------

Next message ajouter
SDFix log
UN NOUVEAU journal HijackThis

[RB211]

OK Suivant logs

SDFix: Version 1.201
Dirigé par Danny le 05.07.2008 à 21:08
Microsoft Windows XP [Version 5.1.2600]
Running From: C: \ Chansons \ SDFix
Checking Services :

Restaurer les valeurs par défaut de sécurité
Restauration de fichier Hosts par défaut
Redémarrage

Vérification des fichiers :
N ° Trojan Files Found



Suppression de fichiers temporaires
ADS Check :


Vérification finale :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit / stealth malware detector par Gmer, http://www.gmer.net
Rootkit scan 2008-07-05 21:21:39
Windows 5.1.2600 Service Pack 3 NTFS
scanning processus cachés ...
scanning hidden services & ruche système ...
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Servic es \ BTHPORT \ Parameters \ Keys \ 000c55050b1d]
[HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet003 \ Services \ THPORT B \ Parameters \ Keys \ 000c55050b1d]
numérisation des entrées de registre cachés ...
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Prefetcher]
"TracesProcessed" = dword: 000000aa
"TracesSuccessful" = dword: 00000005
de balayage des fichiers cachés ...
scan effectué avec succès
processus cachés: 0
hidden services: 0
les fichiers cachés: 0

Remaining Services :


Authorized Application Key Export:
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ servic es \ SharedAccess \ Parameters \ FirewallPolicy \ standard profile \ authorizedapplications \ list]
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ syste m32 \ \ sessmgr.exe: *: enabled: @ xpsp2res.dll, -22019"
"C: \ \ Program Files \ \ CA \ \ eTrust Antivirus \ \ Inorpc.exe" = "C: \ \ Program Files \ \ CA \ \ eTrust Antivirus \ \ Inorpc.exe: *: Enabled: eTrust Antivirus - RPC Server "
"C: \ \ Program Files \ \ CA \ \ eTrust Antivirus \ \ InocIT.exe" = "C: \ \ Program Files \ \ CA \ \ eTrust Antivirus \ \ InocIT.exe: *: Enabled: eTrust Antivirus - Local Scanner "
"C: \ \ Program Files \ \ CA \ \ eTrust Antivirus \ \ realmon.exe" = "C: \ \ Program Files \ \ CA \ \ eTrust Antivirus \ \ realmon.exe: *: Enabled: eTrust Antivirus - suivre en temps réel "
"C: \ \ Program Files \ \ Messenger \ \ msmsgs.exe" = "C: \ \ Program Files \ \ Messenger \ \ msmsgs.exe: *: Enabled: Windows Messenger"
"C: \ \ Program Files \ \ Unies Alertes \ \ UnitedAlerts.exe" = "C: \ \ Program Files \ \ Unies Alertes \ \ UnitedAlerts.exe"
"C: \ \ Program Files \ \ ICQ \ \ Icq.exe" = "C: \ \ Program Files \ \ ICQ \ \ Icq.exe: *: Enabled: ICQ"
"C: \ \ Program Files \ \ CA \ \ eTrust Antivirus \ \ Shellscn.exe" = "C: \ \ Program Files \ \ CA \ \ eTrust Antivirus \ \ Shellscn.exe: *: Enabled: Shellscn"
"C: \ \ Program Files \ \ iTunes \ \ iTunes.exe" = "C: \ \ Program Files \ \ iTunes \ \ iTunes.exe: *: Enabled: iTunes"
"C: \ \ StubInstaller.exe" = "C: \ \ StubInstaller.exe: *: E nabled: LimeWire essaimé d'installation"
"C: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" = "C: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe: *: Enabled: LimeWire"
"C: \ \ Program Files \ \ MSN Messenger \ \ msnmsgr.exe" = "C: \ \ Program Files \ \ MSN Messenger \ \ msnmsgr.exe: *: Enabled: MSN Messenger 7.5"
"C: \ \ Program Files \ \ BitTorrent_DNA \ \ dna.exe" = "C: \ \ Program Files \ \ BitTorrent_DNA \ \ dna.exe: *: Enabled: BitTorren t ADN"
"C: \ \ Program Files \ \ DNA \ \ btdna.exe" = "C: \ \ Program Files \ \ DNA \ \ btdna.exe: *: Enabled: DNA"
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe: *: Enabled: @ xpsp3res.dll, -20000"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ servic es \ SharedAccess \ Parameters \ FirewallPolicy \ domainpr ofil \ authorizedapplications \ list]
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ syste m32 \ \ sessmgr.exe: *: enabled: @ xpsp2res.dll, -22019"
"C: \ \ Program Files \ \ Unies Alertes \ \ UnitedAlerts.exe" = "C: \ \ Program Files \ \ Unies Alertes \ \ UnitedAlerts.exe"
"C: \ \ Program Files \ \ MSN Messenger \ \ msnmsgr.exe" = "C: \ \ Program Files \ \ MSN Messenger \ \ msnmsgr.exe: *: Enabled: MSN Messenger 7.5"
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe: *: Enabled: @ xpsp3res.dll, -20000"
Les fichiers restants :

Les fichiers avec les attributs Caché :
Mercredi 26 janvier 2005 4.704 A.SH. --- "C: \ WINDOWS \ system32 \ KGyGaAvL.sys"
Mercredi 13 juillet 2005 4.348 .. SH. --- "C: \ Documents and Settings \ All Users \ DRM \ DRMv1.bak"
Samedi 5 juillet 2008 0 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ Cache \ Indiv01.tmp"
Lundi 13 juin 2005 7.420 A.. H. --- "C: \ Documents and Settings \ Rozzie \ Local Settings \ Temp \ Mar15.tmp"
Lundi 13 juin 2005 7.420 A.. H. --- "C: \ Documents and Settings \ Rozzie \ Local Settings \ Temp \ Mar9.tmp"
Lundi 13 juin 2005 7.420 A.. H. --- "C: \ Documents and Settings \ Rozzie \ Local Settings \ Temp \ MarA.tmp"
Samedi 5 juillet 2008 96 A.. H. --- "C: \ Documents and Settings \ All Users \ Application Data \ avg8 (2) \ scanlogs \ srmcheck.tmp"
Mercredi 13 juillet 2005 4.348 H. ... --- "C: \ Documents and Settings \ Danny \ Mes documents \ Ma musique \ License Backup \ drmv1key.bak"
Mercredi 25 janvier 2006 20 A.. H. --- "C: \ Documents and Settings \ Danny \ Mes documents \ Ma musique \ License Backup \ drmv1lic.bak"
Mercredi 13 juillet 2005 312 A.SH. --- "C: \ Documents and Settings \ Danny \ Mes documents \ Ma musique \ License Backup \ drmv2key.bak"
C'est fini!


et


Logfile de Trend Micro HijackThis v2.0.2
Scan sauvé à 21:33:52, le 05.07.2008
Plate-forme: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ CA \ eTrust Antivirus \ Inorpc.exe
C: \ Program Files \ CA \ eTrust Antivirus \ InoRT.exe
C: \ Program Files \ CA \ eTrust Antivirus \ InoTask.exe
C: \ Program Files \ SPAMfighter \ sfus.exe
C: \ WINDOWS \ Explorer.EXE
C: \ WINDOWS \ AGRSMMSG.exe
C: \ WINDOWS \ System32 \ OSD.EXE
C: \ WINDOWS \ system32 \ SB.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPLpr.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ PROGRA ~ 1 \ CA \ eTrust ~ 1 \ realmon.exe
C: \ Program Files \ QuickTime \ qttask.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ MUSICMATCH \ MUSICMATCH Jukebox \ mmtask.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ SPAMfighter \ SFAgent.exe
C: \ Program Files \ Fichiers communs \ Real \ Update_OB \ realsched.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ Program Files \ Unies Alertes \ UnitedAlerts.exe
C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Program Files \ DNA \ btdna.exe
C: \ WINDOWS \ system32 \ Wuauclt.exe
C: \ Program Files \ Windows Media Player \ wmpnscfg.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ WINDOWS \ system32 \ sistray.exe
C: \ WINDOWS \ system32 \ msiexec.exe
C: \ Program Files \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ fr-fr \ bin \ WindowsSearch.exe
C: \ Program Files \ WinZip \ WZQKPICK.EXE
C: \ Program Files \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ fr-fr \ bin \ WindowsSearchIndexer.exe
C: \ Program Files \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ fr-fr \ bin \ WindowsSearchFilter.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://news.bbc.co.uk/sport1/hi/football/default.stm
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.toysrus.co.uk/
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://www.toysrus.co.uk/
R3 - URLSearchHook: ICQ Toolbar - (855F3B16-6D32-4fe6-8A56-BBB695989046) - C: \ Program Files \ ICQToolbar \ toolbaru.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 6.0 \ Reader \ ActiveX \ AcroIEHelper.dll
O2 - BHO: RealPlayer Téléchargez et Record Plugin for Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ program files \ google \ googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 3.0.1225.9868 \ s wg.dll
O2 - BHO: MSN Search Toolbar Helper - (BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Program Files \ MSN Toolbar Suite \ TB \ 02.05.0000.1082 \ fr-fr \ msntb.dll
O3 - Toolbar: ICQ Toolbar - (855F3B16-6D32-4fe6-8A56-BBB695989046) - C: \ Program Files \ ICQToolbar \ toolbaru.dll (file missing)
O3 - Toolbar: MSN Search Toolbar - (BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Program Files \ MSN Toolbar Suite \ TB \ 02.05.0000.1082 \ fr-fr \ msntb.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ program files \ google \ googletoolbar3.dll
O4 - HKLM \ .. \ Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM \ .. \ Run: [OSD]% SystemRoot% \ System32 \ OSD.EXE
O4 - HKLM \ .. \ Run: [SB] C: \ WINDOWS \ system32 \ SB.exe
O4 - HKLM \ .. \ Run: [SynTPLpr] C: \ Program Files \ Synaptics \ SynTP \ SynTPLpr.exe
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [SiSUSBRG] C: \ WINDOWS \ SiSUSBrg.exe
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [Realtime Monitor] C: \ PROGRA ~ 1 \ CA \ eTrust ~ 1 \ realmon.exe-s
O4 - HKLM \ .. \ Run: [UserFaultCheck]% systemroot% \ system32 \ dumprep 0-u
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [SiSPower] Rundll32.exe SiSPower.dll, ModeAgent
O4 - HKLM \ .. \ Run: [mmtask] "C: \ Program Files \ MUSICMATCH \ MUSICMATCH Jukebox \ mmtask.exe"
O4 - HKLM \ .. \ Run: [SPAMfighter Agent] "C: \ Program Files \ SPAMfighter \ SFAgent.exe" délai de mise à jour 60
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Fichiers communs \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,, BluetoothAuthenticationAgent
O4 - HKLM \ .. \ Run: [SMrhcpv6j0erel] C: \ Program Files \ rhcpv6j0erel \ rhcpv6j0erel.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [Alerte-Unis] C: \ Program Files \ United Alertes \ UnitedAlerts.exe
O4 - HKCU \ .. \ Run: [swg] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Program Files \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Program Files \ Windows Media Player \ wmpnscfg.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-18 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office10 \ Osa.exe
O4 - Global Startup: Utility Tray.lnk = C: \ WINDOWS \ system32 \ sistray.exe
O4 - Global Startup: Windows Desktop Search.lnk = C: \ Program Files \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ fr-fr \ bin \ WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C: \ Program Files \ WinZip \ WZQKPICK.EXE
O8 - Extra du menu contextuel: & Google Search - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmsearch.html
O8 - Extra du menu contextuel: & ICQ Toolbar Search - res: / / C: \ Program Files \ ICQToolbar \ toolbaru.dll / search.html
O8 - Extra du menu contextuel: & MSN Search - res: / / C: \ Program Files \ MSN Toolbar Suite \ TB \ 02.05.0000.1082 \ fr-fr \ msntb.dll / search.htm
O8 - Extra du menu contextuel: Backward Links - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra du menu contextuel: Cached Snapshot of Page - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmcache.html
O8 - Extra du menu contextuel: E & xporter vers Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MICROS ~ 3 \ Office10 \ EXCEL.EXE/3000
O8 - Extra du menu contextuel: Ouvrir dans un nouvel onglet - res: / / C: \ Program Files \ MSN Toolbar Suite \ TAB \ 02.05.0001.1119 \ fr-fr \ msntabres.dll/229? 4f61d6b2c8414b81896dc6b3a393b615
O8 - Extra du menu contextuel: Ouvrir dans un nouvel onglet premier plan - res: / / C: \ Program Files \ MSN Toolbar Suite \ TAB \ 02.05.0001.1119 \ fr-fr \ msntabres.dll/230? 4f61d6b2c8414b81896dc6b3a393b615
O8 - Extra du menu contextuel: Pages similaires - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmsimilar.html
O8 - Extra du menu contextuel: Traduire en anglais - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra button: Medion et le Royaume-Uni - (CE67CBC2-5CCB-4FC4-BA83-51AE4878170C) -- http://www.medion.co.uk (file missing) (HKCU)
O16 - DPF: RaptisoftGameLoader -- http://www.miniclip.com/hamsterball/...gameloader.cab
O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?Link...04&clcid=0x409
O16 - DPF: (1803B9EF-9905-4F34-AFC4-05D1BAB28801) (RegUserCfgUI Class) -- http://us.dl1.yimg.com/download.yaho...1/yregucfg.cab
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://v5.windowsupdate.microsoft.co...?1106745510172
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://www.update.microsoft.com/micr...?1215253028000
O16 - DPF: (B38870E4-7ECB-40DA-8C6A-595F0A5519FF) (MsnMessengerSetupDownloadControl Class) -- http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: (BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B) (Zylom Games Player) -- http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: (E8F628B5-259-4734-97EE-BA914D7BE941) (Driver Agent ActiveX Control) -- http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc - C: \ Program Files \ CA \ eTrust Antivirus \ Inorpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc - C: \ Program Files \ CA \ eTrust Antivirus \ InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc - C: \ Program Files \ CA \ eTrust Antivirus \ InoTask.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C: \ Program Files \ SPAMfighter \ sfus.exe
--
Fin de fichier - 10,422 octets

[evilfantasy]

J'ai besoin d'avoir plus d'informations sur un couple de fichiers. Poste les liens ici pour les résultats une fois terminé.

Scan Suspicious Fichier (s)

Visite Virustotal
(Si plus d'un fichier scanné besoins, ils doivent être fait séparément et les journaux affichés pour chacun)

• Copier le chemin du fichier dans la zone Code ci-dessous:

Code:

C: \ Program Files \ rhcpv6j0erel \ rhcpv6j0erel.exe

• Au site de téléchargement, cliquez une fois à l'intérieur de la fenêtre à côté de Parcourir.
• Presse Ctrl + V sur le clavier (les deux en même temps) pour coller le chemin du fichier dans la fenêtre.
• Cliquez sur Suivant Envoyer un fichier
  • Votre dossier sera peut-être entrés dans une file d'attente qui prend normalement moins d'une minute pour effacer.
• Cela effectuer une analyse sur plusieurs moteurs de scan de virus différents.
• Important: Attendez que tous les moteurs d'analyse à compléter.
• Copiez puis collez le lien vers les résultats dans la prochaine réponse.

Maintenant, faites la même chose avec ce fichier.

Code:

C: \ Program Files \ Unies Alertes \ UnitedAlerts.exe