Posez votre question Format imprimable Liste des forums Aidez-les Statistiques Rechercher Charte Forum Virus-Sécurité

HELP ME (trojan downloader.xs et abebot)

Dernière réponse le 29 aoû 2009 à 03:41:22 T-T, le 2 avr 2008 à 00:08:08

Signaler ce message aux modérateurs

Bonjour,

Depuis quelque jours j'ai des fenêtres de sécurite qui pop toutes les 30 min concernant abebot et trojan downloader xs j'ai besoin d'un coup de main SVP
VOila le rapport de Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:04:30, on 02/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Eset\nod32kui.exe
C:\ProgramData\ovwgcjgs\qpqdwtgz.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [47ea4d4dc632a050dffc4787d01c78db] C:\DOWNLO~1\Software\RFONLI~1.EXE /r
O4 - HKCU\..\Run: [rsiwakrt] C:\ProgramData\rsiwakrt\izmbylil.exe
O4 - HKCU\..\Run: [ovwgcjgs] C:\ProgramData\ovwgcjgs\qpqdwtgz.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [eisindhs] C:\ProgramData\eisindhs\jwlyrcvk.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [OrH4HUiW1L] C:\ProgramData\kdahorml\szyxuril.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
End of file - 9414 bytes

Configuration: Windows vista
Internet Explorer 7.0

Meilleures réponses pour « HELP ME (trojan downloader.xs et abebot) » dans :

Aide svp (trojan downloader.xs et abebot) (Résolu) Voir

Infection Trojan Downloader.xs (Résolu) Voir

Trojan downloader.xs (Résolu) Voir

ATTAQUE du trojan-downloader-.xs (Résolu) Voir

Trojan downloader.xs Voir

Slt, Télécharge Combofix de sUBs : Renomme le avant toute Lire la suite

Posez votre question Répondre

jlpjlp, le 2 avr 2008 à 22:26:07

Slt,

Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : http://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: http://bibou0007.forumpro.fr/tutos-f45/tutorial-combofix-t121.htm

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

____________

télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur http://up.sur-la-toile.com/sadW
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\DOWNLO~1\Software\RFONLI~1.EXE /r
C:\ProgramData\rsiwakrt\izmbylil.exe
C:\ProgramData\ovwgcjgs\qpqdwtgz.exe
C:\ProgramData\eisindhs\jwlyrcvk.exe
C:\ProgramData\kdahorml\szyxuril.exe

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

Répondre à jlpjlp

T-T, le 3 avr 2008 à 01:27:33

SLt jlpjlp et merci pour ton aide j'ai fais ce que tu m'as dit et voila le rapport de combofix:

ComboFix 08-04-02.1 - nataku 2008-04-03 1:12:50.5 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1412 [GMT 2:00]
Endroit: C:\Users\nataku\Desktop\killbagle.exe
* Resident AV is active

.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-02 to 2008-04-02 ))))))))))))))))))))))))))))))))))))
.

2008-04-03 00:59 . 2008-04-03 00:59 114,688 --a------ C:\Windows\System32\yjgpmtoj.exe
2008-04-03 00:40 . 2008-04-03 00:40 114,688 --a------ C:\Windows\System32\ylwzmlsj.exe
2008-04-01 18:18 . 2008-04-01 18:18 <REP> d-------- C:\Program Files\Symantec
2008-04-01 18:18 . 2007-03-21 20:39 1,060,864 --a------ C:\Windows\System32\MFC71.DLL
2008-04-01 18:18 . 2007-03-21 20:33 503,808 --a------ C:\Windows\System32\MSVCP71.DLL
2008-04-01 18:18 . 2007-03-21 20:33 348,160 --a------ C:\Windows\System32\MSVCR71.DLL
2008-04-01 18:11 . 2008-04-01 18:11 <REP> d-------- C:\Users\All Users\eisindhs
2008-04-01 18:11 . 2008-04-01 18:11 <REP> d-------- C:\ProgramData\eisindhs
2008-03-30 17:11 . 2008-04-01 04:19 <REP> d-------- C:\Users\All Users\ytgsepdm
2008-03-30 17:11 . 2008-04-01 04:19 <REP> d-------- C:\ProgramData\ytgsepdm
2008-03-30 16:56 . 2008-03-30 17:00 <REP> d-------- C:\ComboFix
2008-03-30 02:59 . 2008-03-30 02:59 691 --a------ C:\Users\nataku\AppData\Roaming\GetValue.vbs
2008-03-30 02:59 . 2008-03-30 02:59 35 --a------ C:\Users\nataku\AppData\Roaming\SetValue.bat
2008-03-30 02:43 . 2008-03-30 02:59 4,280 --a------ C:\Windows\System32\tmp.reg
2008-03-30 02:32 . 2008-03-30 02:31 512,096 --a------ C:\Windows\System32\drivers\amon.sys
2008-03-30 02:32 . 2008-03-30 02:31 298,104 --a------ C:\Windows\System32\imon.dll
2008-03-30 02:32 . 2008-03-30 02:31 15,424 --a------ C:\Windows\System32\drivers\nod32drv.sys
2008-03-30 02:19 . 2008-03-30 02:19 <REP> d-------- C:\Users\All Users\kwwmspnn
2008-03-30 02:19 . 2008-03-30 02:19 <REP> d-------- C:\ProgramData\kwwmspnn
2008-03-30 01:45 . 2008-03-30 01:45 <REP> d-------- C:\Users\nataku\AppData\Roaming\Malwarebytes
2008-03-30 01:45 . 2008-03-30 01:45 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-03-30 01:45 . 2008-03-30 01:45 <REP> d-------- C:\ProgramData\Malwarebytes
2008-03-30 01:45 . 2008-03-30 01:45 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-30 01:43 . 2008-03-30 01:43 <REP> d-------- C:\Program Files\RogueRemover FREE
2008-03-30 01:40 . 2008-03-30 01:40 <REP> d-------- C:\Users\All Users\gfclvhqo
2008-03-30 01:40 . 2008-03-30 01:40 <REP> d-------- C:\ProgramData\gfclvhqo
2008-03-30 00:59 . 2008-03-30 00:59 <REP> d-------- C:\Program Files\Trend Micro
2008-03-30 00:07 . 2008-03-30 00:07 3,120 --a------ C:\Windows\System32\118290.54
2008-03-30 00:07 . 2008-03-30 00:07 3,120 --a------ C:\Windows\118294.78
2008-03-30 00:06 . 1996-08-20 21:37 15,840 --a------ C:\Windows\System32\Machnm1.exe
2008-03-30 00:06 . 2005-09-25 17:37 5,632 --a------ C:\Windows\System32\Machnm64.sys
2008-03-30 00:06 . 2003-08-13 01:27 2,304 --a------ C:\Windows\System32\Machnm32.sys
2008-03-30 00:01 . 2008-03-30 00:01 <REP> d-------- C:\Users\All Users\ovwgcjgs
2008-03-30 00:01 . 2008-03-30 00:01 <REP> d-------- C:\ProgramData\ovwgcjgs
2008-03-29 21:28 . 2008-03-29 21:28 <REP> d-------- C:\Users\All Users\rsiwakrt
2008-03-29 21:28 . 2008-03-29 21:28 <REP> d-------- C:\ProgramData\rsiwakrt
2008-03-29 20:48 . 2008-04-01 04:25 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-03-29 20:48 . 2008-04-01 04:25 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-03-29 20:48 . 2008-04-01 04:19 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-29 00:41 . 2008-04-03 00:59 <REP> d-------- C:\Users\All Users\kdahorml
2008-03-29 00:41 . 2008-03-30 02:13 <REP> d-------- C:\Users\All Users\alcpusaq
2008-03-29 00:41 . 2008-04-03 00:59 <REP> d-------- C:\ProgramData\kdahorml
2008-03-29 00:41 . 2008-03-30 02:13 <REP> d-------- C:\ProgramData\alcpusaq
2008-03-22 05:01 . 2008-03-22 12:38 <REP> d-------- C:\Program Files\Seagate
2008-03-22 02:55 . 2008-03-22 02:55 <REP> d-------- C:\Users\nataku\AppData\Roaming\Media Player Classic
2008-03-22 02:54 . 2007-09-04 18:56 164,352 --a------ C:\Windows\System32\unrar.dll
2008-03-22 02:53 . 2008-03-22 02:53 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-03-22 02:53 . 2007-07-29 17:51 7,680 --a------ C:\Windows\System32\ff_vfw.dll
2008-03-22 02:53 . 2007-07-10 18:10 547 --a------ C:\Windows\System32\ff_vfw.dll.manifest
2008-03-22 02:51 . 2008-03-22 23:13 <REP> d-------- C:\Users\nataku\AppData\Roaming\EoRezo
2008-03-20 02:51 . 2008-03-20 02:52 <REP> d--h----- C:\Windows\msdownld.tmp
2008-03-20 02:45 . 2008-03-20 03:16 <REP> d-------- C:\Program Files\3000AD
2008-03-17 04:41 . 2008-03-17 04:41 <REP> d-------- C:\Program Files\Codemasters
2008-03-12 14:02 . 2008-04-02 21:48 <REP> d-------- C:\Downloads
2008-03-12 13:52 . 2008-04-03 01:07 <REP> d-------- C:\Users\nataku\AppData\Roaming\Free Download Manager
2008-03-12 13:52 . 2008-03-12 13:52 <REP> d-------- C:\Users\All Users\FreeDownloadManager.ORG
2008-03-12 13:52 . 2008-03-12 13:52 <REP> d-------- C:\ProgramData\FreeDownloadManager.ORG
2008-03-12 13:52 . 2008-03-30 02:43 <REP> d-------- C:\Program Files\Free Download Manager
2008-03-12 13:45 . 2007-12-17 00:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-03-12 13:45 . 2007-12-16 11:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-03-11 19:52 . 2008-03-11 19:52 <REP> d-------- C:\Program Files\Common Files\INCA Shared
2008-03-05 03:55 . 2008-03-05 03:55 <REP> d-------- C:\NVIDIA
2008-03-05 03:53 . 2008-03-05 03:53 <REP> d-------- C:\Program Files\SystemRequirementsLab
2008-03-05 02:25 . 2008-04-03 01:08 <REP> d-------- C:\Program Files\ESET
2008-03-04 23:35 . 2008-03-04 23:35 278,728 --a------ C:\Windows\System32\drivers\atksgt.sys
2008-03-04 23:35 . 2008-03-04 23:35 25,416 --a------ C:\Windows\System32\drivers\lirsgt.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-02 23:00 --------- d-----w C:\Program Files\Steam
2008-04-02 23:00 --------- d-----w C:\Program Files\Common Files\Steam
2008-04-02 15:18 --------- d-----w C:\Program Files\World of Warcraft
2008-04-01 16:18 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-30 02:01 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-03-30 02:01 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-03-30 01:12 --------- d-----w C:\Program Files\Packard Bell
2008-03-30 01:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-29 19:27 --------- d-----w C:\ProgramData\Sonic
2008-03-25 15:39 --------- d-----w C:\Users\nataku\AppData\Roaming\Azureus
2008-03-24 19:57 --------- d-----w C:\Program Files\Azureus
2008-03-22 10:41 --------- d-----w C:\ProgramData\NVIDIA
2008-03-21 03:17 --------- d-----w C:\Program Files\Eidos
2008-03-21 03:13 --------- d-----w C:\ProgramData\WinZip
2008-03-21 03:02 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-03-14 14:36 --------- d-----w C:\Program Files\Java
2008-03-13 04:21 --------- d-----w C:\Program Files\Windows Mail
2008-03-13 02:05 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-09 15:25 --------- d-----w C:\ProgramData\Media Center Programs
2008-03-09 15:25 --------- d-----w C:\Program Files\THQ
2008-03-07 11:52 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-03-05 19:31 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-03-05 15:03 479,752 ----a-w C:\Windows\System32\XAudio2_0.dll
2008-03-05 15:03 238,088 ----a-w C:\Windows\System32\xactengine3_0.dll
2008-03-05 15:00 25,608 ----a-w C:\Windows\System32\X3DAudio1_3.dll
2008-03-05 14:56 3,786,760 ----a-w C:\Windows\System32\D3DX9_37.dll
2008-03-05 14:56 1,420,824 ----a-w C:\Windows\System32\D3DCompiler_37.dll
2008-03-05 01:25 --------- d-----w C:\ProgramData\Symantec
2008-03-05 01:23 --------- d-----w C:\Program Files\Norton 360
2008-02-23 17:47 --------- d--h--r C:\Users\nataku\AppData\Roaming\SecuROM
2008-02-23 17:33 --------- d-----w C:\Program Files\Electronic Arts
2008-02-20 05:39 147,051,896 ----a-w C:\Users\nataku\WoW-2.3.3.7799-to-0.4.0.7897-frFR-patch.exe
2008-02-20 04:37 --------- d-----w C:\Program Files\GameSpy
2008-02-19 06:18 --------- d-----w C:\Program Files\GameShadow
2008-02-17 01:48 --------- d-----w C:\Program Files\Uniblue
2008-02-17 01:32 --------- d-----w C:\Users\nataku\AppData\Roaming\Uniblue
2008-02-17 01:18 716,272 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-02-17 01:17 --------- d-----w C:\Users\nataku\AppData\Roaming\DAEMON Tools
2008-02-17 01:09 --------- d-----w C:\ProgramData\Roxio
2008-02-16 11:56 --------- d-----w C:\Users\all users.Gamepc\AppData\Roaming\VersionTracker Pro
2008-02-16 00:30 --------- d-----w C:\Program Files\Warcraft III
2008-02-15 03:43 --------- d-----w C:\Program Files\AGEIA Technologies
2008-02-15 03:42 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-14 22:55 --------- d-----w C:\Program Files\directx
2008-02-14 13:54 215,144 ----a-w C:\Windows\patchw32.dll
2008-02-14 02:18 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 02:18 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 02:10 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 02:10 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-14 02:10 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 02:10 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 02:10 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 02:10 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 02:10 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 02:10 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-14 02:10 20,024 ----a-w C:\Windows\system32\drivers\viaide.sys
2008-02-14 02:10 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 02:10 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-14 02:10 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-14 02:09 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 02:09 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 02:09 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 02:09 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 02:09 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 02:09 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-14 02:04 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 02:04 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 02:04 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-14 02:03 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-06 03:19 --------- d-----w C:\ProgramData\CyberLink
2008-02-05 22:07 462,864 ----a-w C:\Windows\System32\d3dx10_37.dll
2008-02-05 14:35 --------- d-----w C:\Users\nataku\AppData\Roaming\DivX
2008-02-03 16:43 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-02-03 16:20 --------- d-----w C:\Users\nataku\AppData\Roaming\InstallShield
2008-02-03 16:17 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-02-03 15:52 --------- d-----w C:\Program Files\Realtek
2008-02-02 05:12 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-23 14:10 0 ----a-w C:\Users\all users.Gamepc\AppData\Roaming\wklnhst.dat
2008-01-18 07:02 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-01-18 03:22 174 --sha-w C:\Program Files\desktop.ini
2008-01-18 03:01 8,192 ----a-w C:\Windows\System32\riched32.dll
2008-01-18 02:59 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-01-18 02:58 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-01-18 02:58 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-01-18 02:58 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-01-18 02:58 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-01-18 02:58 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-01-18 02:58 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-01-18 02:58 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-01-18 02:58 2,923,520 ----a-w C:\Windows\explorer.exe
2008-01-18 02:58 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-01-18 02:53 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-01-18 02:53 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-01-18 02:53 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-01-18 02:53 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-01-18 02:48 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-01-18 02:47 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-01-18 02:47 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-01-18 02:45 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-01-18 02:44 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
.

((((((((((((((((((((((((((((( snapshot_2008-04-03_ 0.49.41,70 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-02 22:40:10 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-02 22:58:37 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-04-02 22:42:36 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-02 23:13:45 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-02 22:41:46 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-02 23:00:13 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-04-02 22:43:15 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-02 23:12:56 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-02 22:41:41 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-02 23:00:07 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-02 23:00:07 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-04-02 22:42:33 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-02 23:00:02 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-02 22:42:33 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-02 23:00:02 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-02 22:42:33 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-02 23:00:02 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-02 22:47:08 107,416 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-04-02 23:03:13 107,416 ----a-w C:\Windows\System32\perfc009.dat
- 2008-04-02 22:47:08 121,814 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-04-02 23:03:13 121,814 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-04-02 22:47:08 618,272 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-04-02 23:03:13 618,272 ----a-w C:\Windows\System32\perfh009.dat
- 2008-04-02 22:47:08 699,984 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-04-02 23:03:13 699,984 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-04-01 17:14:35 11,912 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-473692253-1343356130-1243632525-1002_UserData.bin
+ 2008-04-02 23:00:25 12,068 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-473692253-1343356130-1243632525-1002_UserData.bin
- 2008-04-02 22:41:58 64,690 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-02 23:00:25 64,752 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-04-02 22:41:56 46,716 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-04-02 23:00:24 46,788 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 15:32 1120568]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 04:40 218032]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 01:15 1271032]
"Uniblue RegistryBooster 2"="c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe" [ ]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09 486856]
"rsiwakrt"="C:\ProgramData\rsiwakrt\izmbylil.exe" [2008-03-29 21:28 114688]
"ovwgcjgs"="C:\ProgramData\ovwgcjgs\qpqdwtgz.exe" [2008-03-30 00:01 90112]
"eisindhs"="C:\ProgramData\eisindhs\jwlyrcvk.exe" [2008-04-01 18:11 106496]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"OrH4HUiW1L"="C:\ProgramData\kdahorml\szyxuril.exe" [ ]
"ceweewtc"="C:\Windows\system32\ylwzmlsj.exe" [2008-04-03 00:40 114688]
"nzpspzuw"="C:\Windows\system32\yjgpmtoj.exe" [2008-04-03 00:59 114688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 11:40 232184]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-28 13:38 243200]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 03:18 366400]
"toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 18:20 28672]
"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 14:35 176128]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 16:38 4390912 C:\Windows\RtHDVCpl.exe]
"EoEngine"="" []
"EoWeather"="" []
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-11 23:28 81920]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-11 23:28 8497696]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-11 23:28 86016]
"MSPService"="C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe" [2007-06-12 23:36 102400]

C:\Users\nataku\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 05:45:42 101784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"OrH4HUiW1L"= C:\ProgramData\kdahorml\szyxuril.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"= C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{23032023-6D34-4D91-BBF4-02CCC1D50D4D}"= C:\Program Files\CyberLink\MagicSports\MagicSports.exe:CyberLink MagicSports
"{CFB5F5C7-8E96-4CBE-8DAA-5E403A097969}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A05C928C-FDFE-40A5-AEE5-203A8E7ABD76}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{AE2D4037-438E-4E36-AA92-F3C257E656DA}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{F1323BA2-2A8D-46F1-83FC-D9673AEDC439}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{B4A63B20-D357-4DFF-B7BB-1429ACF6E2B6}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{9BF1D760-AD15-4E8F-BDE9-7FFD86CA49D9}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{6BCCEB6D-0710-4061-9A13-3998E1503BC2}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{57722C18-4F90-4C3E-97D5-D7C310C2121A}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{0278D2F2-E264-416C-A1B7-9CEFBF2F477F}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe
"{69239868-18D4-493C-AF38-8139E97B0489}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe
"TCP Query User{0E699FB6-36D3-4F51-B452-D7F20CEB11E5}C:\\program files\\warcraft iii\\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{52FD2554-CBAC-4973-8948-246CEFE3A085}C:\\program files\\warcraft iii\\war3.exe"= TCP:C:\program files\warcraft iii\war3.exe:Warcraft III
"{3249A72C-3294-4790-AA85-A9F2B6028A0D}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars(TM)
"{337F4BC0-B79B-4001-A50F-6703FD210422}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars(TM)
"{0BECF2EB-C1D2-413A-A63C-7ADFD7EE982F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E5797BAC-BA75-43C8-9F4D-6D4FFA9007E5}"= UDP:C:\Program Files\Azureus\Azureus.exe:Azureus Vuze
"{DB7FDD6A-B5A1-4986-8FAA-F2D23545BF93}"= TCP:C:\Program Files\Azureus\Azureus.exe:Azureus Vuze
"TCP Query User{8AAEB151-B87D-4F8D-A370-05EB8B243664}C:\\program files\\maiet\\gunz\\gunzlauncher.exe"= UDP:C:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher
"UDP Query User{02BAE378-1EA1-48E7-A2A7-F42503BDA0F1}C:\\program files\\maiet\\gunz\\gunzlauncher.exe"= TCP:C:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher
"TCP Query User{84C1727C-44A0-43C3-A786-D1C0B2AA6905}C:\\program files\\steam\\steamapps\\natakugm69\\day of defeat\\hl.exe"= UDP:C:\program files\steam\steamapps\natakugm69\day of defeat\hl.exe:Half-Life Launcher
"UDP Query User{541D7C44-0E6B-4E14-B495-EC16AA2B97B2}C:\\program files\\steam\\steamapps\\natakugm69\\day of defeat\\hl.exe"= TCP:C:\program files\steam\steamapps\natakugm69\day of defeat\hl.exe:Half-Life Launcher
"TCP Query User{274DB71E-D3F3-4572-B2CC-8775CC345A3F}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus.exe
"UDP Query User{378FAF82-FBDF-4EDA-8F23-8380A149A5F8}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus.exe
"{9DDC4559-5BC1-4819-A210-A70F6BEC0EF9}"= UDP:C:\Users\nataku\AppData\Local\Apps\2.0\H67GP02X.7DL\CXVHJ3CP.Z23\thef...app_0d221d3645bc6701_0002.0005_8decbbb466c17454\The Filter.exe:The Filter: Windows Media Player plugin
"{D71C5DAA-751A-45EE-B38D-0894F647E0C3}"= TCP:C:\Users\nataku\AppData\Local\Apps\2.0\H67GP02X.7DL\CXVHJ3CP.Z23\thef...app_0d221d3645bc6701_0002.0005_8decbbb466c17454\The Filter.exe:The Filter: Windows Media Player plugin
"{B0B8B17D-543C-453F-A6AA-48959D765035}"= UDP:C:\Program Files\NCSoft\Launcher\NCLauncher.exe:PlayNC Launcher
"{6C2F73B6-FE4F-43D5-9E09-5F61FD3F916A}"= TCP:C:\Program Files\NCSoft\Launcher\NCLauncher.exe:PlayNC Launcher
"TCP Query User{75B7379D-09B8-4DDE-AB89-74BC031B8D6F}C:\\windows\\system32\\dpnsvr.exe"= UDP:C:\windows\system32\dpnsvr.exe:Serveur Microsoft DirectPlay 8
"UDP Query User{D3F8672D-7683-4CB9-A96E-6C0E086C998D}C:\\windows\\system32\\dpnsvr.exe"= TCP:C:\windows\system32\dpnsvr.exe:Serveur Microsoft DirectPlay 8
"TCP Query User{A5B7728F-740C-4E35-AC65-EC22083F2BE3}C:\\program files\\webzen\\soul of the ultimate nation\\vmmodule._ex"= UDP:C:\program files\webzen\soul of the ultimate nation\vmmodule._ex:VMModule._ex
"UDP Query User{850C5BB3-0D00-4162-BB57-F7662E68CD4D}C:\\program files\\webzen\\soul of the ultimate nation\\vmmodule._ex"= TCP:C:\program files\webzen\soul of the ultimate nation\vmmodule._ex:VMModule._ex
"{AC7A68F7-ED51-41B1-B818-D01579F25EB3}"= UDP:C:\Program Files\WEBZEN\Soul of the Ultimate Nation\SUN.exe:Soul of the Ultimate Nation
"{DC7D4195-40AE-40D7-82E4-75D8D0E1F87D}"= TCP:C:\Program Files\WEBZEN\Soul of the Ultimate Nation\SUN.exe:Soul of the Ultimate Nation
"{BA9BA66C-88DD-46DF-BE43-7F7770FB69BA}"= UDP:C:\Program Files\Knight Online\Launcher.exe:Knight OnLine
"{9CA8B0F1-16B0-4AB6-ACDF-2B2EE4205F56}"= TCP:C:\Program Files\Knight Online\Launcher.exe:Knight OnLine
"{9025D7C1-034A-46BE-B734-FDB04A587F0E}"= UDP:C:\Program Files\WinZip\WINZIP32.EXE:WinZip 11.1
"{04327A0F-7708-4213-B23F-DC9468BEEB09}"= TCP:C:\Program Files\WinZip\WINZIP32.EXE:WinZip 11.1
"TCP Query User{726FF681-23C5-40C7-83F0-8950FD94B272}C:\\aeriagames\\12sky\\twelvesky.exe"= UDP:C:\aeriagames\12sky\twelvesky.exe:TwelveSky.exe
"UDP Query User{9ADA62AB-F252-40CA-89C2-DE0C15FDDD19}C:\\aeriagames\\12sky\\twelvesky.exe"= TCP:C:\aeriagames\12sky\twelvesky.exe:TwelveSky.exe
"TCP Query User{2F790898-1F02-4DF7-A0E0-58881206A163}C:\\program files\\steam\\steamapps\\natakugm69\\garrysmod\\hl2.exe"= UDP:C:\program files\steam\steamapps\natakugm69\garrysmod\hl2.exe:hl2.exe
"UDP Query User{79874D7B-FFC2-4F3B-B175-C3D49286A17D}C:\\program files\\steam\\steamapps\\natakugm69\\garrysmod\\hl2.exe"= TCP:C:\program files\steam\steamapps\natakugm69\garrysmod\hl2.exe:hl2.exe
"TCP Query User{C0662D61-D14E-4FE3-9D3C-E3B5CF2B5766}C:\\program files\\steam\\steamapps\\natakugm69\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\natakugm69\counter-strike source\hl2.exe:hl2.exe
"UDP Query User{A7A89274-A6E5-48BD-A8F8-0904BBD9E468}C:\\program files\\steam\\steamapps\\natakugm69\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\natakugm69\counter-strike source\hl2.exe:hl2.exe
"TCP Query User{9330CDFF-A547-4F8B-9A1D-54B5D9A97544}C:\\program files\\warcraft iii\\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{EE822F91-436B-47C3-87E3-756E2BDC39F9}C:\\program files\\warcraft iii\\war3.exe"= TCP:C:\program files\warcraft iii\war3.exe:Warcraft III
"TCP Query User{8C2812D3-E917-4DC2-8787-C9000B8F26CC}C:\\program files\\world of warcraft\\repair.exe"= UDP:C:\program files\world of warcraft\repair.exe:Blizzard Repair Utility
"UDP Query User{4B4DAC8A-73FD-4D92-BBA6-373D0108F161}C:\\program files\\world of warcraft\\repair.exe"= TCP:C:\program files\world of warcraft\repair.exe:Blizzard Repair Utility
"{F24FE47E-7544-4C61-91AB-9ADB8970606B}"= UDP:C:\Program Files\World of Warcraft\Launcher.exe:World of Warcraft
"{12533CA3-7286-4683-B791-59DF6540B0AC}"= TCP:C:\Program Files\World of Warcraft\Launcher.exe:World of Warcraft
"{EB7CB3B5-ADA0-4CDE-8CFA-86BC314C6BD9}"= Disabled:UDP:C:\Users\nataku\Documents\Azureus Downloads\Frontlines Fuel of War - Public Beta\FFOW_BETA_0.3.0.exe:FFOW_BETA_0.3.0.exe
"{C8BA228A-1815-436E-8D9B-7DB23978FF66}"= Disabled:TCP:C:\Users\nataku\Documents\Azureus Downloads\Frontlines Fuel of War - Public Beta\FFOW_BETA_0.3.0.exe:FFOW_BETA_0.3.0.exe
"{087E21CB-BF5A-4BE9-9DEE-9B5FD4617467}"= Disabled:UDP:C:\Users\nataku\Documents\Azureus Downloads\Frontlines Fuel of War - Public Beta\update\FFOW_Patch_030_to_031.exe:FFOW_Patch_030_to_031.exe
"{AC484165-90C5-4D11-9B02-3092FE5ADCC3}"= Disabled:TCP:C:\Users\nataku\Documents\Azureus Downloads\Frontlines Fuel of War - Public Beta\update\FFOW_Patch_030_to_031.exe:FFOW_Patch_030_to_031.exe
"TCP Query User{B7E6F47C-FA97-492D-B3BF-397D5AB1F10B}C:\\program files\\thq\\frontlines-fuel of war beta\\binaries\\ffow-beta.exe"= Disabled:UDP:C:\program files\thq\frontlines-fuel of war beta\binaries\ffow-beta.exe:Frontlines Game
"UDP Query User{AC982320-A3D9-46FB-8675-4385F302A529}C:\\program files\\thq\\frontlines-fuel of war beta\\binaries\\ffow-beta.exe"= Disabled:TCP:C:\program files\thq\frontlines-fuel of war beta\binaries\ffow-beta.exe:Frontlines Game
"TCP Query User{CE83DD67-6A44-41CD-AEF1-2FA372683A75}C:\\users\\nataku\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\h01tseim\\wow-2.3.3.7799-to-0.4.0.7897-frfr-downloader[1].exe"= UDP:C:\users\nataku\appdata\local\microsoft\windows\temporary internet files\content.ie5\h01tseim\wow-2.3.3.7799-to-0.4.0.7897-frfr-downloader[1].exe:wow-2.3.3.7799-to-0.4.0.7897-frfr-downloader[1].exe
"UDP Query User{26A51545-2477-4585-ACA1-5ADE5565F4E6}C:\\users\\nataku\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\h01tseim\\wow-2.3.3.7799-to-0.4.0.7897-frfr-downloader[1].exe"= TCP:C:\users\nataku\appdata\local\microsoft\windows\temporary internet files\content.ie5\h01tseim\wow-2.3.3.7799-to-0.4.0.7897-frfr-downloader[1].exe:wow-2.3.3.7799-to-0.4.0.7897-frfr-downloader[1].exe
"{8B3C294A-F626-4536-A7EB-3328EB09E15D}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{9906B0E3-736E-47EF-8508-4AD8D1B8080C}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{A182B197-1B9D-4674-B066-6D0A7DF612EB}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{C5A2714E-899F-418F-98B0-502FE14722B9}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"TCP Query User{3169638C-744E-4F0E-8A7D-BE1D3260AAE3}C:\\program files\\free download manager\\fdm.exe"= UDP:C:\program files\free download manager\fdm.exe:Free Download Manager
"UDP Query User{91E7727F-428B-455F-96C9-B9031A42BF8C}C:\\program files\\free download manager\\fdm.exe"= TCP:C:\program files\free download manager\fdm.exe:Free Download Manager
"{4A9B2D45-2778-401C-8D43-7873D8440489}"= UDP:C:\Program Files\Electronic Arts\Battlefield 2142 Deluxe Edition\BF2142.exe:Battlefield 2142
"{D7E38E86-D996-4F47-A7C4-0700E938929F}"= TCP:C:\Program Files\Electronic Arts\Battlefield 2142 Deluxe Edition\BF2142.exe:Battlefield 2142

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"= C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-03 00:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\shell\AutoRun\command - D:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23f6e8d9-aa36-11dc-aadc-806e6f6e6963}]
\shell\AutoRun\command - H:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5527e689-acd7-11dc-a03c-001c252d63ad}]
\shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{febc019b-b6fb-11dc-ba34-001c252d63ad}]
\shell\AutoRun\command - J:\LaunchU3.exe -a

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-02 23:00:02 C:\Windows\Tasks\Extension de garantie.job"
- C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
"2008-04-02 23:00:01 C:\Windows\Tasks\Recovery DVD Creator.job"
- C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe
"2008-04-02 18:14:25 C:\Windows\Tasks\User_Feed_Synchronization-{8BB7E93E-40DA-40AE-BB67-D72DEC967818}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-03 01:14:37
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-03 1:15:10
ComboFix-quarantined-files.txt 2008-04-02 23:15:07
ComboFix2.txt 2008-04-02 22:54:00
ComboFix3.txt 2008-04-02 22:49:54
ComboFix4.txt 2008-03-30 15:00:43
ComboFix5.txt 2008-03-30 14:35:10
Pre-Run: 76,638,646,272 octets libres
Post-Run: 76,605,595,648 octets libres
.
2008-03-28 21:06:50 --- E O F ---

Et voila le rapport de OTmoveIT:

File/Folder C:\DOWNLO~1\Software\RFONLI~1.EXE /r not found.
C:\ProgramData\rsiwakrt\izmbylil.exe moved successfully.
C:\ProgramData\ovwgcjgs\qpqdwtgz.exe moved successfully.
C:\ProgramData\eisindhs\jwlyrcvk.exe moved successfully.
File/Folder C:\ProgramData\kdahorml\szyxuril.exe not found.

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 04032008_011721

Répondre à T-T

T-T, le 3 avr 2008 à 10:46:05

Slt jlpjlp

J'ai trouve dans l'exploarateur de logiciel de windows defender un software nomme ylzmlsj.exe je me demande ce que c'est et si c'est une bonne idée de l'enlevé voici la description:

Nom du fichier: ylwzmlsj.exe
Nom complet: ylwzmlsj.exe
Description: Non disponible
Éditeur: Non disponible
Signé numériquement par: Non signé
Type de fichier: Application
Valeur de démarrage: C:\Windows\system32\ylwzmlsj.exe
Chemin du fichier: C:\Windows\system32\ylwzmlsj.exe
Taille du fichier: 114688
Version du fichier: Non disponible
Date d'installation: 03/04/2008 00:40:55
Type de démarrage: Registre : utilisateur actuel
Emplacement: Software\Microsoft\Windows\CurrentVersion\Run
Classification: Désactivé
Inclus dans le système d’exploitation: Non
Vote SpyNet: Non disponible

Je l'ai désactivé pour voir si je ne recevais plus d'alerte.

Répondre à T-T

bleuville, le 1 mai 2008 à 13:03:35

Bonjour jlpjlp, j'ai moi aussi un problème avec trojan downloader.xs, j'ai suivi les conseils sur le forum mais lorsque je copie votre citation dans la colonne de gauche de OTMovelt2.exe, sa ne passe pas et une fenêtre apparaît en me signalant le message suivant : Invalid time flag [r] Must be mumérical. Ce message semble être destiné au petir r situé à la fin de la première ligne de la citation. Pourriez-vous m'aider à ce sujet.
En vous remerciant, bien à vous - bleuville

Répondre à bleuville

jlpjlp, le 1 mai 2008 à 13:05:39

Slt cré ton propre post et colle moi le lien et je viendrais voir, mets y aussi un rapport hijakchtis
mais ne le fais pas dans le post d'un autre

Répondre à jlpjlp

bleuville, le 1 mai 2008 à 14:43:14

Que veux-tu dire par créer mon propre post? lorsque le lance KillBagie, (combofix), il termine les étapes de 1 à 43 puis indique la suppression de fichiers/dossiers ( ces fichiers/dossiers sont dans windows/ système32). Il redémare mon pc et puis sa fenêtre disparaît sans me laisser aucun rapport.
Ensuite je lance OTMevelt2.exe, je copie ta citation qui ne passe pas.
je te remercie de m'avoir répondu et pour ton aide - bleuville

Répondre à bleuville

jlpjlp, le 1 mai 2008 à 16:54:19

Tu clique sur POSEZ VOTRE QUESTION situé au dessus du premier message et comme cela tu cré un post a toi seul

Répondre à jlpjlp

jlpjlp, le 3 avr 2008 à 11:32:29

Slt on n'a pas encore viré ce fichier!!!

__________

analyse ces deux fichier sur virus total et si inféctés tu les mets dans la citation otmovit pour les virer:http://www.virustotal.com/fr/

C:\Windows\System32\yjgpmtoj.exe
C:\Windows\System32\ylwzmlsj.exe

_____________
recolle un nouveau hijackthis et dis tes soucis

Répondre à jlpjlp

T-T, le 3 avr 2008 à 23:21:53

Slt
Le problême des alertes est résolu merci beaucoup de ton aide et a + (voila le rapport de hijackthis)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:08:52, on 03/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Eset\nod32kui.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Electronic Arts\Battlefield 2142 Deluxe Edition\BF2142.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\conime.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [rsiwakrt] C:\ProgramData\rsiwakrt\izmbylil.exe
O4 - HKCU\..\Run: [ovwgcjgs] C:\ProgramData\ovwgcjgs\qpqdwtgz.exe
O4 - HKCU\..\Run: [eisindhs] C:\ProgramData\eisindhs\jwlyrcvk.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [OrH4HUiW1L] C:\ProgramData\kdahorml\szyxuril.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [OrH4HUiW1L] C:\ProgramData\kdahorml\szyxuril.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
End of file - 9670 bytes

a+

Répondre à T-T

jlpjlp, le 6 avr 2008 à 13:58:33

Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKCU\..\Run: [rsiwakrt] C:\ProgramData\rsiwakrt\izmbylil.exe
O4 - HKCU\..\Run: [ovwgcjgs] C:\ProgramData\ovwgcjgs\qpqdwtgz.exe
O4 - HKCU\..\Run: [eisindhs] C:\ProgramData\eisindhs\jwlyrcvk.exe
O4 - HKCU\..\Run: [OrH4HUiW1L] C:\ProgramData\kdahorml\szyxuril.exe
O4 - HKLM\..\Policies\Explorer\Run: [OrH4HUiW1L] C:\ProgramData\kdahorml\szyxuril.exe

________________

télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur http://up.sur-la-toile.com/sadW
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\ProgramData\rsiwakrt\izmbylil.exe
C:\ProgramData\ovwgcjgs\qpqdwtgz.exe
C:\ProgramData\eisindhs\jwlyrcvk.exe
C:\ProgramData\kdahorml\szyxuril.exe
C:\ProgramData\kdahorml\szyxuril.exe

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
_________

colle le rapport d'un scan en ligne
avec un des suivants:

bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://www.pandasoftware.fr/Activescan/Activescan.html

Kaspersky en ligne
http://webscanner.kaspersky.fr/

Répondre à jlpjlp

bob, le 6 avr 2008 à 13:11:15

Depuis quelque jours j'ai des fenêtres de sécurite qui pop toutes les 30 min concernant abebot et trojan downloader xs et un petit triangle d'avertissement dans la barre
j'ai besoin d'un coup de main SVP car je suis vraiment novice
merci d'avance
VOila le rapport de Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:06:02, on 06/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Documents and Settings\All Users\Application Data\cruncrcj\ynengboz.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\arafkvot.exe
C:\Program Files\Winsos\WINSOS.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\speech\vcmd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\SPYWAR~2\swdoctor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\alexandre\Local Settings\Temporary Internet Files\Content.IE5\AIB1D26V\HiJackThis[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO Barre de Confiance CM-CIC - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Barre de confiance CM-CIC - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Conjugaison] C:\Program Files\conjugaison\conjLauncher.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\alexandre\Local Settings\Temporary Internet Files\Content.IE5\U6N9IB8G\install_sbd_fr[1].exe
O4 - HKLM\..\Run: [bm] "C:\Program Files\Fichiers communs\AntivirusFiable\bm.exe" dm=http://antivirusfiable.com ad=http://antivirusfiable.com sd=http://gregistre.antivirusfiable.com
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [way program] C:\DOCUME~1\ALEXAN~1\APPLIC~1\UP01WA~1\dvdoptionnoun.exe
O4 - HKCU\..\Run: [upxckkac] C:\WINDOWS\system32\arafkvot.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [jmvzzyvv] C:\WINDOWS\system32\hgpytcri.exe
O4 - HKCU\..\Policies\Explorer\Run: [MPaEi14fG0] C:\Documents and Settings\All Users\Application Data\cruncrcj\ynengboz.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office2K\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://gamenextfr.oberon-media.com/online/online2/luxor_amun_rising/mjolauncher.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - rundll32.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
End of file - 12561 bytes

Répondre à bob

bob, le 6 avr 2008 à 14:39:16

Suite a votre mail, j'ai relancer hijackthis avec "do a scan only" mais toutes les lignes que vous avez demandé de cocher n'apparaissent pas
ci-joint copie ecran des lignes qui n'apparaissent pas :

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKCU\..\Run: [rsiwakrt] C:\ProgramData\rsiwakrt\izmbylil.exe

O4 - HKCU\..\Run: [ovwgcjgs] C:\ProgramData\ovwgcjgs\qpqdwtgz.exe
O4 - HKCU\..\Run: [eisindhs] C:\ProgramData\eisindhs\jwlyrcvk.exe
O4 - HKCU\..\Run: [OrH4HUiW1L] C:\ProgramData\kdahorml\szyxuril.exe
O4 - HKLM\..\Policies\Explorer\Run: [OrH4HUiW1L] C:\ProgramData\kdahorml\szyxuril.exe

Répondre à bob

jlpjlp, le 6 avr 2008 à 15:25:51

Slt ,'c'est pas a toi que je parle... cré toi un post sinon on va se perdre, si tu me colle le lien je viendrai t'aider
a plus

Répondre à jlpjlp

tabarani, le 26 avr 2008 à 00:27:42

Slt

Répondre à tabarani

OSS117, le 1 mai 2008 à 02:48:46

Bonjour !
Problème de TrojanDownloader et de adebot.

voici mon Hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:48:12, on 01/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\xkzixyla\fuvghyjc.exe
C:\WINDOWS\vphc700.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\dcvmdcpq.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [phc710] C:\WINDOWS\vphc700.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [fiphvcop] C:\WINDOWS\system32\dcvmdcpq.exe
O4 - HKCU\..\Run: [mhptwgas] C:\WINDOWS\system32\onwlalwf.exe
O4 - HKLM\..\Policies\Explorer\Run: [wZcFcJTwco] C:\Documents and Settings\All Users\Application Data\xkzixyla\fuvghyjc.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: TrayMin710.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/...
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://config.zebulon.fr/plugins/hardwaredetection.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
End of file - 8468 bytes

Aidez mois Svp

Répondre à OSS117

jlpjlp, le 1 mai 2008 à 11:03:48

Creer son propre post permet de faire du meilleur travail!!!

post férmé

Répondre à jlpjlp

julien , le 29 aoû 2009 à 03:41:22

J ai probleme avec ffow j ai telecharger le patch 1.1.0 et il me dit invalid patch file

Répondre à julien

Posez votre question Répondre