HELP ME (trojan downloader.xs et abebot)

SLt jlpjlp et merci pour ton aide j'ai fais ce que tu m'as dit et voila le rapport de combofix:

ComboFix 08-04-02.1 - nataku 2008-04-03 1:12:50.5 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1412 [GMT 2:00]
Endroit: C:\Users\nataku\Desktop\killbagle.exe
* Resident AV is active

.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-02 to 2008-04-02 ))))))))))))))))))))))))))))))))))))
.

2008-04-03 00:59 . 2008-04-03 00:59 114,688 --a------ C:\Windows\System32\yjgpmtoj.exe
2008-04-03 00:40 . 2008-04-03 00:40 114,688 --a------ C:\Windows\System32\ylwzmlsj.exe
2008-04-01 18:18 . 2008-04-01 18:18 <REP> d-------- C:\Program Files\Symantec
2008-04-01 18:18 . 2007-03-21 20:39 1,060,864 --a------ C:\Windows\System32\MFC71.DLL
2008-04-01 18:18 . 2007-03-21 20:33 503,808 --a------ C:\Windows\System32\MSVCP71.DLL
2008-04-01 18:18 . 2007-03-21 20:33 348,160 --a------ C:\Windows\System32\MSVCR71.DLL
2008-04-01 18:11 . 2008-04-01 18:11 <REP> d-------- C:\Users\All Users\eisindhs
2008-04-01 18:11 . 2008-04-01 18:11 <REP> d-------- C:\ProgramData\eisindhs
2008-03-30 17:11 . 2008-04-01 04:19 <REP> d-------- C:\Users\All Users\ytgsepdm
2008-03-30 17:11 . 2008-04-01 04:19 <REP> d-------- C:\ProgramData\ytgsepdm
2008-03-30 16:56 . 2008-03-30 17:00 <REP> d-------- C:\ComboFix
2008-03-30 02:59 . 2008-03-30 02:59 691 --a------ C:\Users\nataku\AppData\Roaming\GetValue.vbs
2008-03-30 02:59 . 2008-03-30 02:59 35 --a------ C:\Users\nataku\AppData\Roaming\SetValue.bat
2008-03-30 02:43 . 2008-03-30 02:59 4,280 --a------ C:\Windows\System32\tmp.reg
2008-03-30 02:32 . 2008-03-30 02:31 512,096 --a------ C:\Windows\System32\drivers\amon.sys
2008-03-30 02:32 . 2008-03-30 02:31 298,104 --a------ C:\Windows\System32\imon.dll
2008-03-30 02:32 . 2008-03-30 02:31 15,424 --a------ C:\Windows\System32\drivers\nod32drv.sys
2008-03-30 02:19 . 2008-03-30 02:19 <REP> d-------- C:\Users\All Users\kwwmspnn
2008-03-30 02:19 . 2008-03-30 02:19 <REP> d-------- C:\ProgramData\kwwmspnn
2008-03-30 01:45 . 2008-03-30 01:45 <REP> d-------- C:\Users\nataku\AppData\Roaming\Malwarebytes
2008-03-30 01:45 . 2008-03-30 01:45 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-03-30 01:45 . 2008-03-30 01:45 <REP> d-------- C:\ProgramData\Malwarebytes
2008-03-30 01:45 . 2008-03-30 01:45 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-30 01:43 . 2008-03-30 01:43 <REP> d-------- C:\Program Files\RogueRemover FREE
2008-03-30 01:40 . 2008-03-30 01:40 <REP> d-------- C:\Users\All Users\gfclvhqo
2008-03-30 01:40 . 2008-03-30 01:40 <REP> d-------- C:\ProgramData\gfclvhqo
2008-03-30 00:59 . 2008-03-30 00:59 <REP> d-------- C:\Program Files\Trend Micro
2008-03-30 00:07 . 2008-03-30 00:07 3,120 --a------ C:\Windows\System32\118290.54
2008-03-30 00:07 . 2008-03-30 00:07 3,120 --a------ C:\Windows\118294.78
2008-03-30 00:06 . 1996-08-20 21:37 15,840 --a------ C:\Windows\System32\Machnm1.exe
2008-03-30 00:06 . 2005-09-25 17:37 5,632 --a------ C:\Windows\System32\Machnm64.sys
2008-03-30 00:06 . 2003-08-13 01:27 2,304 --a------ C:\Windows\System32\Machnm32.sys
2008-03-30 00:01 . 2008-03-30 00:01 <REP> d-------- C:\Users\All Users\ovwgcjgs
2008-03-30 00:01 . 2008-03-30 00:01 <REP> d-------- C:\ProgramData\ovwgcjgs
2008-03-29 21:28 . 2008-03-29 21:28 <REP> d-------- C:\Users\All Users\rsiwakrt
2008-03-29 21:28 . 2008-03-29 21:28 <REP> d-------- C:\ProgramData\rsiwakrt
2008-03-29 20:48 . 2008-04-01 04:25 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-03-29 20:48 . 2008-04-01 04:25 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-03-29 20:48 . 2008-04-01 04:19 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-29 00:41 . 2008-04-03 00:59 <REP> d-------- C:\Users\All Users\kdahorml
2008-03-29 00:41 . 2008-03-30 02:13 <REP> d-------- C:\Users\All Users\alcpusaq
2008-03-29 00:41 . 2008-04-03 00:59 <REP> d-------- C:\ProgramData\kdahorml
2008-03-29 00:41 . 2008-03-30 02:13 <REP> d-------- C:\ProgramData\alcpusaq
2008-03-22 05:01 . 2008-03-22 12:38 <REP> d-------- C:\Program Files\Seagate
2008-03-22 02:55 . 2008-03-22 02:55 <REP> d-------- C:\Users\nataku\AppData\Roaming\Media Player Classic
2008-03-22 02:54 . 2007-09-04 18:56 164,352 --a------ C:\Windows\System32\unrar.dll
2008-03-22 02:53 . 2008-03-22 02:53 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-03-22 02:53 . 2007-07-29 17:51 7,680 --a------ C:\Windows\System32\ff_vfw.dll
2008-03-22 02:53 . 2007-07-10 18:10 547 --a------ C:\Windows\System32\ff_vfw.dll.manifest
2008-03-22 02:51 . 2008-03-22 23:13 <REP> d-------- C:\Users\nataku\AppData\Roaming\EoRezo
2008-03-20 02:51 . 2008-03-20 02:52 <REP> d--h----- C:\Windows\msdownld.tmp
2008-03-20 02:45 . 2008-03-20 03:16 <REP> d-------- C:\Program Files\3000AD
2008-03-17 04:41 . 2008-03-17 04:41 <REP> d-------- C:\Program Files\Codemasters
2008-03-12 14:02 . 2008-04-02 21:48 <REP> d-------- C:\Downloads
2008-03-12 13:52 . 2008-04-03 01:07 <REP> d-------- C:\Users\nataku\AppData\Roaming\Free Download Manager
2008-03-12 13:52 . 2008-03-12 13:52 <REP> d-------- C:\Users\All Users\FreeDownloadManager.ORG
2008-03-12 13:52 . 2008-03-12 13:52 <REP> d-------- C:\ProgramData\FreeDownloadManager.ORG
2008-03-12 13:52 . 2008-03-30 02:43 <REP> d-------- C:\Program Files\Free Download Manager
2008-03-12 13:45 . 2007-12-17 00:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-03-12 13:45 . 2007-12-16 11:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-03-11 19:52 . 2008-03-11 19:52 <REP> d-------- C:\Program Files\Common Files\INCA Shared
2008-03-05 03:55 . 2008-03-05 03:55 <REP> d-------- C:\NVIDIA
2008-03-05 03:53 . 2008-03-05 03:53 <REP> d-------- C:\Program Files\SystemRequirementsLab
2008-03-05 02:25 . 2008-04-03 01:08 <REP> d-------- C:\Program Files\ESET
2008-03-04 23:35 . 2008-03-04 23:35 278,728 --a------ C:\Windows\System32\drivers\atksgt.sys
2008-03-04 23:35 . 2008-03-04 23:35 25,416 --a------ C:\Windows\System32\drivers\lirsgt.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-02 23:00 --------- d-----w C:\Program Files\Steam
2008-04-02 23:00 --------- d-----w C:\Program Files\Common Files\Steam
2008-04-02 15:18 --------- d-----w C:\Program Files\World of Warcraft
2008-04-01 16:18 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-30 02:01 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-03-30 02:01 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-03-30 01:12 --------- d-----w C:\Program Files\Packard Bell
2008-03-30 01:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-29 19:27 --------- d-----w C:\ProgramData\Sonic
2008-03-25 15:39 --------- d-----w C:\Users\nataku\AppData\Roaming\Azureus
2008-03-24 19:57 --------- d-----w C:\Program Files\Azureus
2008-03-22 10:41 --------- d-----w C:\ProgramData\NVIDIA
2008-03-21 03:17 --------- d-----w C:\Program Files\Eidos
2008-03-21 03:13 --------- d-----w C:\ProgramData\WinZip
2008-03-21 03:02 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-03-14 14:36 --------- d-----w C:\Program Files\Java
2008-03-13 04:21 --------- d-----w C:\Program Files\Windows Mail
2008-03-13 02:05 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-09 15:25 --------- d-----w C:\ProgramData\Media Center Programs
2008-03-09 15:25 --------- d-----w C:\Program Files\THQ
2008-03-07 11:52 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-03-05 19:31 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-03-05 15:03 479,752 ----a-w C:\Windows\System32\XAudio2_0.dll
2008-03-05 15:03 238,088 ----a-w C:\Windows\System32\xactengine3_0.dll
2008-03-05 15:00 25,608 ----a-w C:\Windows\System32\X3DAudio1_3.dll
2008-03-05 14:56 3,786,760 ----a-w C:\Windows\System32\D3DX9_37.dll
2008-03-05 14:56 1,420,824 ----a-w C:\Windows\System32\D3DCompiler_37.dll
2008-03-05 01:25 --------- d-----w C:\ProgramData\Symantec
2008-03-05 01:23 --------- d-----w C:\Program Files\Norton 360
2008-02-23 17:47 --------- d--h--r C:\Users\nataku\AppData\Roaming\SecuROM
2008-02-23 17:33 --------- d-----w C:\Program Files\Electronic Arts
2008-02-20 05:39 147,051,896 ----a-w C:\Users\nataku\WoW-2.3.3.7799-to-0.4.0.7897-frFR-patch.exe
2008-02-20 04:37 --------- d-----w C:\Program Files\GameSpy
2008-02-19 06:18 --------- d-----w C:\Program Files\GameShadow
2008-02-17 01:48 --------- d-----w C:\Program Files\Uniblue
2008-02-17 01:32 --------- d-----w C:\Users\nataku\AppData\Roaming\Uniblue
2008-02-17 01:18 716,272 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-02-17 01:17 --------- d-----w C:\Users\nataku\AppData\Roaming\DAEMON Tools
2008-02-17 01:09 --------- d-----w C:\ProgramData\Roxio
2008-02-16 11:56 --------- d-----w C:\Users\all users.Gamepc\AppData\Roaming\VersionTracker Pro
2008-02-16 00:30 --------- d-----w C:\Program Files\Warcraft III
2008-02-15 03:43 --------- d-----w C:\Program Files\AGEIA Technologies
2008-02-15 03:42 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-14 22:55 --------- d-----w C:\Program Files\directx
2008-02-14 13:54 215,144 ----a-w C:\Windows\patchw32.dll
2008-02-14 02:18 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 02:18 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 02:10 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 02:10 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-14 02:10 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 02:10 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 02:10 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 02:10 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 02:10 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 02:10 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-14 02:10 20,024 ----a-w C:\Windows\system32\drivers\viaide.sys
2008-02-14 02:10 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 02:10 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-14 02:10 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-14 02:09 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 02:09 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 02:09 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 02:09 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 02:09 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 02:09 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-14 02:04 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 02:04 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 02:04 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-14 02:03 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-06 03:19 --------- d-----w C:\ProgramData\CyberLink
2008-02-05 22:07 462,864 ----a-w C:\Windows\System32\d3dx10_37.dll
2008-02-05 14:35 --------- d-----w C:\Users\nataku\AppData\Roaming\DivX
2008-02-03 16:43 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-02-03 16:20 --------- d-----w C:\Users\nataku\AppData\Roaming\InstallShield
2008-02-03 16:17 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-02-03 15:52 --------- d-----w C:\Program Files\Realtek
2008-02-02 05:12 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-23 14:10 0 ----a-w C:\Users\all users.Gamepc\AppData\Roaming\wklnhst.dat
2008-01-18 07:02 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-01-18 03:22 174 --sha-w C:\Program Files\desktop.ini
2008-01-18 03:01 8,192 ----a-w C:\Windows\System32\riched32.dll
2008-01-18 02:59 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-01-18 02:58 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-01-18 02:58 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-01-18 02:58 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-01-18 02:58 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-01-18 02:58 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-01-18 02:58 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-01-18 02:58 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-01-18 02:58 2,923,520 ----a-w C:\Windows\explorer.exe
2008-01-18 02:58 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-01-18 02:53 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-01-18 02:53 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-01-18 02:53 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-01-18 02:53 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-01-18 02:48 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-01-18 02:47 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-01-18 02:47 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-01-18 02:45 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-01-18 02:44 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
.

((((((((((((((((((((((((((((( snapshot_2008-04-03_ 0.49.41,70 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-02 22:40:10 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-02 22:58:37 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-04-02 22:42:36 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-02 23:13:45 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-02 22:41:46 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-02 23:00:13 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-04-02 22:43:15 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-02 23:12:56 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-02 22:41:41 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-02 23:00:07 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-02 23:00:07 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-04-02 22:42:33 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-02 23:00:02 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-02 22:42:33 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-02 23:00:02 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-02 22:42:33 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-02 23:00:02 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-02 22:47:08 107,416 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-04-02 23:03:13 107,416 ----a-w C:\Windows\System32\perfc009.dat
- 2008-04-02 22:47:08 121,814 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-04-02 23:03:13 121,814 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-04-02 22:47:08 618,272 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-04-02 23:03:13 618,272 ----a-w C:\Windows\System32\perfh009.dat
- 2008-04-02 22:47:08 699,984 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-04-02 23:03:13 699,984 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-04-01 17:14:35 11,912 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-473692253-1343356130-1243632525-1002_UserData.bin
+ 2008-04-02 23:00:25 12,068 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-473692253-1343356130-1243632525-1002_UserData.bin
- 2008-04-02 22:41:58 64,690 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-02 23:00:25 64,752 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-04-02 22:41:56 46,716 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-04-02 23:00:24 46,788 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 15:32 1120568]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 04:40 218032]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 01:15 1271032]
"Uniblue RegistryBooster 2"="c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe" [ ]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09 486856]
"rsiwakrt"="C:\ProgramData\rsiwakrt\izmbylil.exe" [2008-03-29 21:28 114688]
"ovwgcjgs"="C:\ProgramData\ovwgcjgs\qpqdwtgz.exe" [2008-03-30 00:01 90112]
"eisindhs"="C:\ProgramData\eisindhs\jwlyrcvk.exe" [2008-04-01 18:11 106496]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"OrH4HUiW1L"="C:\ProgramData\kdahorml\szyxuril.exe" [ ]
"ceweewtc"="C:\Windows\system32\ylwzmlsj.exe" [2008-04-03 00:40 114688]
"nzpspzuw"="C:\Windows\system32\yjgpmtoj.exe" [2008-04-03 00:59 114688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 11:40 232184]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-28 13:38 243200]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 03:18 366400]
"toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 18:20 28672]
"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 14:35 176128]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 16:38 4390912 C:\Windows\RtHDVCpl.exe]
"EoEngine"="" []
"EoWeather"="" []
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-11 23:28 81920]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-11 23:28 8497696]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-11 23:28 86016]
"MSPService"="C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe" [2007-06-12 23:36 102400]

C:\Users\nataku\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 05:45:42 101784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"OrH4HUiW1L"= C:\ProgramData\kdahorml\szyxuril.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"= C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{23032023-6D34-4D91-BBF4-02CCC1D50D4D}"= C:\Program Files\CyberLink\MagicSports\MagicSports.exe:CyberLink MagicSports
"{CFB5F5C7-8E96-4CBE-8DAA-5E403A097969}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A05C928C-FDFE-40A5-AEE5-203A8E7ABD76}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{AE2D4037-438E-4E36-AA92-F3C257E656DA}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{F1323BA2-2A8D-46F1-83FC-D9673AEDC439}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{B4A63B20-D357-4DFF-B7BB-1429ACF6E2B6}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{9BF1D760-AD15-4E8F-BDE9-7FFD86CA49D9}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{6BCCEB6D-0710-4061-9A13-3998E1503BC2}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{57722C18-4F90-4C3E-97D5-D7C310C2121A}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{0278D2F2-E264-416C-A1B7-9CEFBF2F477F}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe
"{69239868-18D4-493C-AF38-8139E97B0489}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe
"TCP Query User{0E699FB6-36D3-4F51-B452-D7F20CEB11E5}C:\\program files\\warcraft iii\\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{52FD2554-CBAC-4973-8948-246CEFE3A085}C:\\program files\\warcraft iii\\war3.exe"= TCP:C:\program files\warcraft iii\war3.exe:Warcraft III
"{3249A72C-3294-4790-AA85-A9F2B6028A0D}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars(TM)
"{337F4BC0-B79B-4001-A50F-6703FD210422}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars(TM)
"{0BECF2EB-C1D2-413A-A63C-7ADFD7EE982F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E5797BAC-BA75-43C8-9F4D-6D4FFA9007E5}"= UDP:C:\Program Files\Azureus\Azureus.exe:Azureus Vuze
"{DB7FDD6A-B5A1-4986-8FAA-F2D23545BF93}"= TCP:C:\Program Files\Azureus\Azureus.exe:Azureus Vuze
"TCP Query User{8AAEB151-B87D-4F8D-A370-05EB8B243664}C:\\program files\\maiet\\gunz\\gunzlauncher.exe"= UDP:C:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher
"UDP Query User{02BAE378-1EA1-48E7-A2A7-F42503BDA0F1}C:\\program files\\maiet\\gunz\\gunzlauncher.exe"= TCP:C:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher
"TCP Query User{84C1727C-44A0-43C3-A786-D1C0B2AA6905}C:\\program files\\steam\\steamapps\\natakugm69\\day of defeat\\hl.exe"= UDP:C:\program files\steam\steamapps\natakugm69\day of defeat\hl.exe:Half-Life Launcher
"UDP Query User{541D7C44-0E6B-4E14-B495-EC16AA2B97B2}C:\\program files\\steam\\steamapps\\natakugm69\\day of defeat\\hl.exe"= TCP:C:\program files\steam\steamapps\natakugm69\day of defeat\hl.exe:Half-Life Launcher
"TCP Query User{274DB71E-D3F3-4572-B2CC-8775CC345A3F}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus.exe
"UDP Query User{378FAF82-FBDF-4EDA-8F23-8380A149A5F8}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus.exe
"{9DDC4559-5BC1-4819-A210-A70F6BEC0EF9}"= UDP:C:\Users\nataku\AppData\Local\Apps\2.0\H67GP02X.7DL\CXVHJ3CP.Z23\thef...app_0d221d3645bc6701_0002.0005_8decbbb466c17454\The Filter.exe:The Filter: Windows Media Player plugin
"{D71C5DAA-751A-45EE-B38D-0894F647E0C3}"= TCP:C:\Users\nataku\AppData\Local\Apps\2.0\H67GP02X.7DL\CXVHJ3CP.Z23\thef...app_0d221d3645bc6701_0002.0005_8decbbb466c17454\The Filter.exe:The Filter: Windows Media Player plugin
"{B0B8B17D-543C-453F-A6AA-48959D765035}"= UDP:C:\Program Files\NCSoft\Launcher\NCLauncher.exe:PlayNC Launcher
"{6C2F73B6-FE4F-43D5-9E09-5F61FD3F916A}"= TCP:C:\Program Files\NCSoft\Launcher\NCLauncher.exe:PlayNC Launcher
"TCP Query User{75B7379D-09B8-4DDE-AB89-74BC031B8D6F}C:\\windows\\system32\\dpnsvr.exe"= UDP:C:\windows\system32\dpnsvr.exe:Serveur Microsoft DirectPlay 8
"UDP Query User{D3F8672D-7683-4CB9-A96E-6C0E086C998D}C:\\windows\\system32\\dpnsvr.exe"= TCP:C:\windows\system32\dpnsvr.exe:Serveur Microsoft DirectPlay 8
"TCP Query User{A5B7728F-740C-4E35-AC65-EC22083F2BE3}C:\\program files\\webzen\\soul of the ultimate nation\\vmmodule._ex"= UDP:C:\program files\webzen\soul of the ultimate nation\vmmodule._ex:VMModule._ex
"UDP Query User{850C5BB3-0D00-4162-BB57-F7662E68CD4D}C:\\program files\\webzen\\soul of the ultimate nation\\vmmodule._ex"= TCP:C:\program files\webzen\soul of the ultimate nation\vmmodule._ex:VMModule._ex
"{AC7A68F7-ED51-41B1-B818-D01579F25EB3}"= UDP:C:\Program Files\WEBZEN\Soul of the Ultimate Nation\SUN.exe:Soul of the Ultimate Nation
"{DC7D4195-40AE-40D7-82E4-75D8D0E1F87D}"= TCP:C:\Program Files\WEBZEN\Soul of the Ultimate Nation\SUN.exe:Soul of the Ultimate Nation
"{BA9BA66C-88DD-46DF-BE43-7F7770FB69BA}"= UDP:C:\Program Files\Knight Online\Launcher.exe:Knight OnLine
"{9CA8B0F1-16B0-4AB6-ACDF-2B2EE4205F56}"= TCP:C:\Program Files\Knight Online\Launcher.exe:Knight OnLine
"{9025D7C1-034A-46BE-B734-FDB04A587F0E}"= UDP:C:\Program Files\WinZip\WINZIP32.EXE:WinZip 11.1
"{04327A0F-7708-4213-B23F-DC9468BEEB09}"= TCP:C:\Program Files\WinZip\WINZIP32.EXE:WinZip 11.1
"TCP Query User{726FF681-23C5-40C7-83F0-8950FD94B272}C:\\aeriagames\\12sky\\twelvesky.exe"= UDP:C:\aeriagames\12sky\twelvesky.exe:TwelveSky.exe
"UDP Query User{9ADA62AB-F252-40CA-89C2-DE0C15FDDD19}C:\\aeriagames\\12sky\\twelvesky.exe"= TCP:C:\aeriagames\12sky\twelvesky.exe:TwelveSky.exe
"TCP Query User{2F790898-1F02-4DF7-A0E0-58881206A163}C:\\program files\\steam\\steamapps\\natakugm69\\garrysmod\\hl2.exe"= UDP:C:\program files\steam\steamapps\natakugm69\garrysmod\hl2.exe:hl2.exe
"UDP Query User{79874D7B-FFC2-4F3B-B175-C3D49286A17D}C:\\program files\\steam\\steamapps\\natakugm69\\garrysmod\\hl2.exe"= TCP:C:\program files\steam\steamapps\natakugm69\garrysmod\hl2.exe:hl2.exe
"TCP Query User{C0662D61-D14E-4FE3-9D3C-E3B5CF2B5766}C:\\program files\\steam\\steamapps\\natakugm69\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\natakugm69\counter-strike source\hl2.exe:hl2.exe
"UDP Query User{A7A89274-A6E5-48BD-A8F8-0904BBD9E468}C:\\program files\\steam\\steamapps\\natakugm69\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\natakugm69\counter-strike source\hl2.exe:hl2.exe
"TCP Query User{9330CDFF-A547-4F8B-9A1D-54B5D9A97544}C:\\program files\\warcraft iii\\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{EE822F91-436B-47C3-87E3-756E2BDC39F9}C:\\program files\\warcraft iii\\war3.exe"= TCP:C:\program files\warcraft iii\war3.exe:Warcraft III
"TCP Query User{8C2812D3-E917-4DC2-8787-C9000B8F26CC}C:\\program files\\world of warcraft\\repair.exe"= UDP:C:\program files\world of warcraft\repair.exe:Blizzard Repair Utility
"UDP Query User{4B4DAC8A-73FD-4D92-BBA6-373D0108F161}C:\\program files\\world of warcraft\\repair.exe"= TCP:C:\program files\world of warcraft\repair.exe:Blizzard Repair Utility
"{F24FE47E-7544-4C61-91AB-9ADB8970606B}"= UDP:C:\Program Files\World of Warcraft\Launcher.exe:World of Warcraft
"{12533CA3-7286-4683-B791-59DF6540B0AC}"= TCP:C:\Program Files\World of Warcraft\Launcher.exe:World of Warcraft
"{EB7CB3B5-ADA0-4CDE-8CFA-86BC314C6BD9}"= Disabled:UDP:C:\Users\nataku\Documents\Azureus Downloads\Frontlines Fuel of War - Public Beta\FFOW_BETA_0.3.0.exe:FFOW_BETA_0.3.0.exe
"{C8BA228A-1815-436E-8D9B-7DB23978FF66}"= Disabled:TCP:C:\Users\nataku\Documents\Azureus Downloads\Frontlines Fuel of War - Public Beta\FFOW_BETA_0.3.0.exe:FFOW_BETA_0.3.0.exe
"{087E21CB-BF5A-4BE9-9DEE-9B5FD4617467}"= Disabled:UDP:C:\Users\nataku\Documents\Azureus Downloads\Frontlines Fuel of War - Public Beta\update\FFOW_Patch_030_to_031.exe:FFOW_Patch_030_to_031.exe
"{AC484165-90C5-4D11-9B02-3092FE5ADCC3}"= Disabled:TCP:C:\Users\nataku\Documents\Azureus Downloads\Frontlines Fuel of War - Public Beta\update\FFOW_Patch_030_to_031.exe:FFOW_Patch_030_to_031.exe
"TCP Query User{B7E6F47C-FA97-492D-B3BF-397D5AB1F10B}C:\\program files\\thq\\frontlines-fuel of war beta\\binaries\\ffow-beta.exe"= Disabled:UDP:C:\program files\thq\frontlines-fuel of war beta\binaries\ffow-beta.exe:Frontlines Game
"UDP Query User{AC982320-A3D9-46FB-8675-4385F302A529}C:\\program files\\thq\\frontlines-fuel of war beta\\binaries\\ffow-beta.exe"= Disabled:TCP:C:\program files\thq\frontlines-fuel of war beta\binaries\ffow-beta.exe:Frontlines Game
"TCP Query User{CE83DD67-6A44-41CD-AEF1-2FA372683A75}C:\\users\\nataku\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\h01tseim\\wow-2.3.3.7799-to-0.4.0.7897-frfr-downloader[1].exe"= UDP:C:\users\nataku\appdata\local\microsoft\windows\temporary internet files\content.ie5\h01tseim\wow-2.3.3.7799-to-0.4.0.7897-frfr-downloader[1].exe:wow-2.3.3.7799-to-0.4.0.7897-frfr-downloader[1].exe
"UDP Query User{26A51545-2477-4585-ACA1-5ADE5565F4E6}C:\\users\\nataku\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\h01tseim\\wow-2.3.3.7799-to-0.4.0.7897-frfr-downloader[1].exe"= TCP:C:\users\nataku\appdata\local\microsoft\windows\temporary internet files\content.ie5\h01tseim\wow-2.3.3.7799-to-0.4.0.7897-frfr-downloader[1].exe:wow-2.3.3.7799-to-0.4.0.7897-frfr-downloader[1].exe
"{8B3C294A-F626-4536-A7EB-3328EB09E15D}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{9906B0E3-736E-47EF-8508-4AD8D1B8080C}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{A182B197-1B9D-4674-B066-6D0A7DF612EB}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{C5A2714E-899F-418F-98B0-502FE14722B9}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"TCP Query User{3169638C-744E-4F0E-8A7D-BE1D3260AAE3}C:\\program files\\free download manager\\fdm.exe"= UDP:C:\program files\free download manager\fdm.exe:Free Download Manager
"UDP Query User{91E7727F-428B-455F-96C9-B9031A42BF8C}C:\\program files\\free download manager\\fdm.exe"= TCP:C:\program files\free download manager\fdm.exe:Free Download Manager
"{4A9B2D45-2778-401C-8D43-7873D8440489}"= UDP:C:\Program Files\Electronic Arts\Battlefield 2142 Deluxe Edition\BF2142.exe:Battlefield 2142
"{D7E38E86-D996-4F47-A7C4-0700E938929F}"= TCP:C:\Program Files\Electronic Arts\Battlefield 2142 Deluxe Edition\BF2142.exe:Battlefield 2142

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"= C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-03 00:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\shell\AutoRun\command - D:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23f6e8d9-aa36-11dc-aadc-806e6f6e6963}]
\shell\AutoRun\command - H:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5527e689-acd7-11dc-a03c-001c252d63ad}]
\shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{febc019b-b6fb-11dc-ba34-001c252d63ad}]
\shell\AutoRun\command - J:\LaunchU3.exe -a

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-02 23:00:02 C:\Windows\Tasks\Extension de garantie.job"
- C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
"2008-04-02 23:00:01 C:\Windows\Tasks\Recovery DVD Creator.job"
- C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe
"2008-04-02 18:14:25 C:\Windows\Tasks\User_Feed_Synchronization-{8BB7E93E-40DA-40AE-BB67-D72DEC967818}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-03 01:14:37
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-03 1:15:10
ComboFix-quarantined-files.txt 2008-04-02 23:15:07
ComboFix2.txt 2008-04-02 22:54:00
ComboFix3.txt 2008-04-02 22:49:54
ComboFix4.txt 2008-03-30 15:00:43
ComboFix5.txt 2008-03-30 14:35:10
Pre-Run: 76,638,646,272 octets libres
Post-Run: 76,605,595,648 octets libres
.
2008-03-28 21:06:50 --- E O F ---


Et voila le rapport de OTmoveIT:

File/Folder C:\DOWNLO~1\Software\RFONLI~1.EXE /r not found.
C:\ProgramData\rsiwakrt\izmbylil.exe moved successfully.
C:\ProgramData\ovwgcjgs\qpqdwtgz.exe moved successfully.
C:\ProgramData\eisindhs\jwlyrcvk.exe moved successfully.
File/Folder C:\ProgramData\kdahorml\szyxuril.exe not found.

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 04032008_011721

Slt jlpjlp

J'ai trouve dans l'exploarateur de logiciel de windows defender un software nomme ylzmlsj.exe je me demande ce que c'est et si c'est une bonne idée de l'enlevé voici la description:

Nom du fichier: ylwzmlsj.exe
Nom complet: ylwzmlsj.exe
Description: Non disponible
Éditeur: Non disponible
Signé numériquement par: Non signé
Type de fichier: Application
Valeur de démarrage: C:\Windows\system32\ylwzmlsj.exe
Chemin du fichier: C:\Windows\system32\ylwzmlsj.exe
Taille du fichier: 114688
Version du fichier: Non disponible
Date d'installation: 03/04/2008 00:40:55
Type de démarrage: Registre : utilisateur actuel
Emplacement: Software\Microsoft\Windows\CurrentVersion\Run
Classification: Désactivé
Inclus dans le système d’exploitation: Non
Vote SpyNet: Non disponible

Je l'ai désactivé pour voir si je ne recevais plus d'alerte.

bonjour jlpjlp, j'ai moi aussi un problème avec trojan downloader.xs, j'ai suivi les conseils sur le forum mais lorsque je copie votre citation dans la colonne de gauche de OTMovelt2.exe, sa ne passe pas et une fenêtre apparaît en me signalant le message suivant : Invalid time flag [r] Must be mumérical. Ce message semble être destiné au petir r situé à la fin de la première ligne de la citation. Pourriez-vous m'aider à ce sujet.
En vous remerciant, bien à vous - bleuville

que veux-tu dire par créer mon propre post? lorsque le lance KillBagie, (combofix), il termine les étapes de 1 à 43 puis indique la suppression de fichiers/dossiers ( ces fichiers/dossiers sont dans windows/ système32). Il redémare mon pc et puis sa fenêtre disparaît sans me laisser aucun rapport.
Ensuite je lance OTMevelt2.exe, je copie ta citation qui ne passe pas.
je te remercie de m'avoir répondu et pour ton aide - bleuville

Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKCU\..\Run: [rsiwakrt] C:\ProgramData\rsiwakrt\izmbylil.exe
O4 - HKCU\..\Run: [ovwgcjgs] C:\ProgramData\ovwgcjgs\qpqdwtgz.exe
O4 - HKCU\..\Run: [eisindhs] C:\ProgramData\eisindhs\jwlyrcvk.exe
O4 - HKCU\..\Run: [OrH4HUiW1L] C:\ProgramData\kdahorml\szyxuril.exe
O4 - HKLM\..\Policies\Explorer\Run: [OrH4HUiW1L] C:\ProgramData\kdahorml\szyxuril.exe


________________


télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur http://up.sur-la-toile.com/sadW
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\ProgramData\rsiwakrt\izmbylil.exe
C:\ProgramData\ovwgcjgs\qpqdwtgz.exe
C:\ProgramData\eisindhs\jwlyrcvk.exe
C:\ProgramData\kdahorml\szyxuril.exe
C:\ProgramData\kdahorml\szyxuril.exe


clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
_________


colle le rapport d'un scan en ligne
avec un des suivants:


bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://www.pandasoftware.fr/Activescan/Activescan.html

Kaspersky en ligne
http://webscanner.kaspersky.fr/