HELP ME (trojan downloader.xs et abebot)

Résolu
T-T Messages postés 7 Statut Membre -  
 julien -
Bonjour,

Depuis quelque jours j'ai des fenêtres de sécurite qui pop toutes les 30 min concernant abebot et trojan downloader xs j'ai besoin d'un coup de main SVP
VOila le rapport de Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:04:30, on 02/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Eset\nod32kui.exe
C:\ProgramData\ovwgcjgs\qpqdwtgz.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [47ea4d4dc632a050dffc4787d01c78db] C:\DOWNLO~1\Software\RFONLI~1.EXE /r
O4 - HKCU\..\Run: [rsiwakrt] C:\ProgramData\rsiwakrt\izmbylil.exe
O4 - HKCU\..\Run: [ovwgcjgs] C:\ProgramData\ovwgcjgs\qpqdwtgz.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [eisindhs] C:\ProgramData\eisindhs\jwlyrcvk.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [OrH4HUiW1L] C:\ProgramData\kdahorml\szyxuril.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9414 bytes
Configuration: Windows vista
Internet Explorer 7.0

9 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !

    Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

    Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

    ____________

    télécharge OTMoveIt
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    C:\DOWNLO~1\Software\RFONLI~1.EXE /r
    C:\ProgramData\rsiwakrt\izmbylil.exe
    C:\ProgramData\ovwgcjgs\qpqdwtgz.exe
    C:\ProgramData\eisindhs\jwlyrcvk.exe
    C:\ProgramData\kdahorml\szyxuril.exe

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
    1
    1. T-T Messages postés 7 Statut Membre
       
      SLt jlpjlp et merci pour ton aide j'ai fais ce que tu m'as dit et voila le rapport de combofix:

      ComboFix 08-04-02.1 - nataku 2008-04-03 1:12:50.5 - NTFSx86
      Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1412 [GMT 2:00]
      Endroit: C:\Users\nataku\Desktop\killbagle.exe
      * Resident AV is active

      .

      ((((((((((((((((((((((((((((( Fichiers créés 2008-03-02 to 2008-04-02 ))))))))))))))))))))))))))))))))))))
      .

      2008-04-03 00:59 . 2008-04-03 00:59 114,688 --a------ C:\Windows\System32\yjgpmtoj.exe
      2008-04-03 00:40 . 2008-04-03 00:40 114,688 --a------ C:\Windows\System32\ylwzmlsj.exe
      2008-04-01 18:18 . 2008-04-01 18:18 <REP> d-------- C:\Program Files\Symantec
      2008-04-01 18:18 . 2007-03-21 20:39 1,060,864 --a------ C:\Windows\System32\MFC71.DLL
      2008-04-01 18:18 . 2007-03-21 20:33 503,808 --a------ C:\Windows\System32\MSVCP71.DLL
      2008-04-01 18:18 . 2007-03-21 20:33 348,160 --a------ C:\Windows\System32\MSVCR71.DLL
      2008-04-01 18:11 . 2008-04-01 18:11 <REP> d-------- C:\Users\All Users\eisindhs
      2008-04-01 18:11 . 2008-04-01 18:11 <REP> d-------- C:\ProgramData\eisindhs
      2008-03-30 17:11 . 2008-04-01 04:19 <REP> d-------- C:\Users\All Users\ytgsepdm
      2008-03-30 17:11 . 2008-04-01 04:19 <REP> d-------- C:\ProgramData\ytgsepdm
      2008-03-30 16:56 . 2008-03-30 17:00 <REP> d-------- C:\ComboFix
      2008-03-30 02:59 . 2008-03-30 02:59 691 --a------ C:\Users\nataku\AppData\Roaming\GetValue.vbs
      2008-03-30 02:59 . 2008-03-30 02:59 35 --a------ C:\Users\nataku\AppData\Roaming\SetValue.bat
      2008-03-30 02:43 . 2008-03-30 02:59 4,280 --a------ C:\Windows\System32\tmp.reg
      2008-03-30 02:32 . 2008-03-30 02:31 512,096 --a------ C:\Windows\System32\drivers\amon.sys
      2008-03-30 02:32 . 2008-03-30 02:31 298,104 --a------ C:\Windows\System32\imon.dll
      2008-03-30 02:32 . 2008-03-30 02:31 15,424 --a------ C:\Windows\System32\drivers\nod32drv.sys
      2008-03-30 02:19 . 2008-03-30 02:19 <REP> d-------- C:\Users\All Users\kwwmspnn
      2008-03-30 02:19 . 2008-03-30 02:19 <REP> d-------- C:\ProgramData\kwwmspnn
      2008-03-30 01:45 . 2008-03-30 01:45 <REP> d-------- C:\Users\nataku\AppData\Roaming\Malwarebytes
      2008-03-30 01:45 . 2008-03-30 01:45 <REP> d-------- C:\Users\All Users\Malwarebytes
      2008-03-30 01:45 . 2008-03-30 01:45 <REP> d-------- C:\ProgramData\Malwarebytes
      2008-03-30 01:45 . 2008-03-30 01:45 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
      2008-03-30 01:43 . 2008-03-30 01:43 <REP> d-------- C:\Program Files\RogueRemover FREE
      2008-03-30 01:40 . 2008-03-30 01:40 <REP> d-------- C:\Users\All Users\gfclvhqo
      2008-03-30 01:40 . 2008-03-30 01:40 <REP> d-------- C:\ProgramData\gfclvhqo
      2008-03-30 00:59 . 2008-03-30 00:59 <REP> d-------- C:\Program Files\Trend Micro
      2008-03-30 00:07 . 2008-03-30 00:07 3,120 --a------ C:\Windows\System32\118290.54
      2008-03-30 00:07 . 2008-03-30 00:07 3,120 --a------ C:\Windows\118294.78
      2008-03-30 00:06 . 1996-08-20 21:37 15,840 --a------ C:\Windows\System32\Machnm1.exe
      2008-03-30 00:06 . 2005-09-25 17:37 5,632 --a------ C:\Windows\System32\Machnm64.sys
      2008-03-30 00:06 . 2003-08-13 01:27 2,304 --a------ C:\Windows\System32\Machnm32.sys
      2008-03-30 00:01 . 2008-03-30 00:01 <REP> d-------- C:\Users\All Users\ovwgcjgs
      2008-03-30 00:01 . 2008-03-30 00:01 <REP> d-------- C:\ProgramData\ovwgcjgs
      2008-03-29 21:28 . 2008-03-29 21:28 <REP> d-------- C:\Users\All Users\rsiwakrt
      2008-03-29 21:28 . 2008-03-29 21:28 <REP> d-------- C:\ProgramData\rsiwakrt
      2008-03-29 20:48 . 2008-04-01 04:25 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
      2008-03-29 20:48 . 2008-04-01 04:25 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
      2008-03-29 20:48 . 2008-04-01 04:19 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
      2008-03-29 00:41 . 2008-04-03 00:59 <REP> d-------- C:\Users\All Users\kdahorml
      2008-03-29 00:41 . 2008-03-30 02:13 <REP> d-------- C:\Users\All Users\alcpusaq
      2008-03-29 00:41 . 2008-04-03 00:59 <REP> d-------- C:\ProgramData\kdahorml
      2008-03-29 00:41 . 2008-03-30 02:13 <REP> d-------- C:\ProgramData\alcpusaq
      2008-03-22 05:01 . 2008-03-22 12:38 <REP> d-------- C:\Program Files\Seagate
      2008-03-22 02:55 . 2008-03-22 02:55 <REP> d-------- C:\Users\nataku\AppData\Roaming\Media Player Classic
      2008-03-22 02:54 . 2007-09-04 18:56 164,352 --a------ C:\Windows\System32\unrar.dll
      2008-03-22 02:53 . 2008-03-22 02:53 <REP> d-------- C:\Program Files\K-Lite Codec Pack
      2008-03-22 02:53 . 2007-07-29 17:51 7,680 --a------ C:\Windows\System32\ff_vfw.dll
      2008-03-22 02:53 . 2007-07-10 18:10 547 --a------ C:\Windows\System32\ff_vfw.dll.manifest
      2008-03-22 02:51 . 2008-03-22 23:13 <REP> d-------- C:\Users\nataku\AppData\Roaming\EoRezo
      2008-03-20 02:51 . 2008-03-20 02:52 <REP> d--h----- C:\Windows\msdownld.tmp
      2008-03-20 02:45 . 2008-03-20 03:16 <REP> d-------- C:\Program Files\3000AD
      2008-03-17 04:41 . 2008-03-17 04:41 <REP> d-------- C:\Program Files\Codemasters
      2008-03-12 14:02 . 2008-04-02 21:48 <REP> d-------- C:\Downloads
      2008-03-12 13:52 . 2008-04-03 01:07 <REP> d-------- C:\Users\nataku\AppData\Roaming\Free Download Manager
      2008-03-12 13:52 . 2008-03-12 13:52 <REP> d-------- C:\Users\All Users\FreeDownloadManager.ORG
      2008-03-12 13:52 . 2008-03-12 13:52 <REP> d-------- C:\ProgramData\FreeDownloadManager.ORG
      2008-03-12 13:52 . 2008-03-30 02:43 <REP> d-------- C:\Program Files\Free Download Manager
      2008-03-12 13:45 . 2007-12-17 00:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
      2008-03-12 13:45 . 2007-12-16 11:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
      2008-03-11 19:52 . 2008-03-11 19:52 <REP> d-------- C:\Program Files\Common Files\INCA Shared
      2008-03-05 03:55 . 2008-03-05 03:55 <REP> d-------- C:\NVIDIA
      2008-03-05 03:53 . 2008-03-05 03:53 <REP> d-------- C:\Program Files\SystemRequirementsLab
      2008-03-05 02:25 . 2008-04-03 01:08 <REP> d-------- C:\Program Files\ESET
      2008-03-04 23:35 . 2008-03-04 23:35 278,728 --a------ C:\Windows\System32\drivers\atksgt.sys
      2008-03-04 23:35 . 2008-03-04 23:35 25,416 --a------ C:\Windows\System32\drivers\lirsgt.sys

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-04-02 23:00 --------- d-----w C:\Program Files\Steam
      2008-04-02 23:00 --------- d-----w C:\Program Files\Common Files\Steam
      2008-04-02 15:18 --------- d-----w C:\Program Files\World of Warcraft
      2008-04-01 16:18 --------- d-----w C:\Program Files\Common Files\Symantec Shared
      2008-03-30 02:01 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
      2008-03-30 02:01 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
      2008-03-30 01:12 --------- d-----w C:\Program Files\Packard Bell
      2008-03-30 01:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-03-29 19:27 --------- d-----w C:\ProgramData\Sonic
      2008-03-25 15:39 --------- d-----w C:\Users\nataku\AppData\Roaming\Azureus
      2008-03-24 19:57 --------- d-----w C:\Program Files\Azureus
      2008-03-22 10:41 --------- d-----w C:\ProgramData\NVIDIA
      2008-03-21 03:17 --------- d-----w C:\Program Files\Eidos
      2008-03-21 03:13 --------- d-----w C:\ProgramData\WinZip
      2008-03-21 03:02 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
      2008-03-14 14:36 --------- d-----w C:\Program Files\Java
      2008-03-13 04:21 --------- d-----w C:\Program Files\Windows Mail
      2008-03-13 02:05 --------- d-----w C:\ProgramData\Microsoft Help
      2008-03-09 15:25 --------- d-----w C:\ProgramData\Media Center Programs
      2008-03-09 15:25 --------- d-----w C:\Program Files\THQ
      2008-03-07 11:52 --------- d-----w C:\Program Files\DAEMON Tools Lite
      2008-03-05 19:31 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
      2008-03-05 15:03 479,752 ----a-w C:\Windows\System32\XAudio2_0.dll
      2008-03-05 15:03 238,088 ----a-w C:\Windows\System32\xactengine3_0.dll
      2008-03-05 15:00 25,608 ----a-w C:\Windows\System32\X3DAudio1_3.dll
      2008-03-05 14:56 3,786,760 ----a-w C:\Windows\System32\D3DX9_37.dll
      2008-03-05 14:56 1,420,824 ----a-w C:\Windows\System32\D3DCompiler_37.dll
      2008-03-05 01:25 --------- d-----w C:\ProgramData\Symantec
      2008-03-05 01:23 --------- d-----w C:\Program Files\Norton 360
      2008-02-23 17:47 --------- d--h--r C:\Users\nataku\AppData\Roaming\SecuROM
      2008-02-23 17:33 --------- d-----w C:\Program Files\Electronic Arts
      2008-02-20 05:39 147,051,896 ----a-w C:\Users\nataku\WoW-2.3.3.7799-to-0.4.0.7897-frFR-patch.exe
      2008-02-20 04:37 --------- d-----w C:\Program Files\GameSpy
      2008-02-19 06:18 --------- d-----w C:\Program Files\GameShadow
      2008-02-17 01:48 --------- d-----w C:\Program Files\Uniblue
      2008-02-17 01:32 --------- d-----w C:\Users\nataku\AppData\Roaming\Uniblue
      2008-02-17 01:18 716,272 ----a-w C:\Windows\system32\drivers\sptd.sys
      2008-02-17 01:17 --------- d-----w C:\Users\nataku\AppData\Roaming\DAEMON Tools
      2008-02-17 01:09 --------- d-----w C:\ProgramData\Roxio
      2008-02-16 11:56 --------- d-----w C:\Users\all users.Gamepc\AppData\Roaming\VersionTracker Pro
      2008-02-16 00:30 --------- d-----w C:\Program Files\Warcraft III
      2008-02-15 03:43 --------- d-----w C:\Program Files\AGEIA Technologies
      2008-02-15 03:42 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
      2008-02-14 22:55 --------- d-----w C:\Program Files\directx
      2008-02-14 13:54 215,144 ----a-w C:\Windows\patchw32.dll
      2008-02-14 02:18 194,560 ----a-w C:\Windows\System32\WebClnt.dll
      2008-02-14 02:18 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
      2008-02-14 02:10 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
      2008-02-14 02:10 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
      2008-02-14 02:10 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
      2008-02-14 02:10 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
      2008-02-14 02:10 24,064 ----a-w C:\Windows\System32\netcfg.exe
      2008-02-14 02:10 22,016 ----a-w C:\Windows\System32\netiougc.exe
      2008-02-14 02:10 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
      2008-02-14 02:10 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
      2008-02-14 02:10 20,024 ----a-w C:\Windows\system32\drivers\viaide.sys
      2008-02-14 02:10 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
      2008-02-14 02:10 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
      2008-02-14 02:10 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
      2008-02-14 02:09 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
      2008-02-14 02:09 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
      2008-02-14 02:09 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
      2008-02-14 02:09 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
      2008-02-14 02:09 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
      2008-02-14 02:09 1,686,528 ----a-w C:\Windows\System32\gameux.dll
      2008-02-14 02:04 824,832 ----a-w C:\Windows\System32\wininet.dll
      2008-02-14 02:04 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
      2008-02-14 02:04 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
      2008-02-14 02:03 56,320 ----a-w C:\Windows\System32\iesetup.dll
      2008-02-06 03:19 --------- d-----w C:\ProgramData\CyberLink
      2008-02-05 22:07 462,864 ----a-w C:\Windows\System32\d3dx10_37.dll
      2008-02-05 14:35 --------- d-----w C:\Users\nataku\AppData\Roaming\DivX
      2008-02-03 16:43 --------- d-----w C:\Program Files\Teamspeak2_RC2
      2008-02-03 16:20 --------- d-----w C:\Users\nataku\AppData\Roaming\InstallShield
      2008-02-03 16:17 319,456 ----a-w C:\Windows\DIFxAPI.dll
      2008-02-03 15:52 --------- d-----w C:\Program Files\Realtek
      2008-02-02 05:12 --------- d-----w C:\Program Files\Common Files\Adobe
      2008-01-23 14:10 0 ----a-w C:\Users\all users.Gamepc\AppData\Roaming\wklnhst.dat
      2008-01-18 07:02 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
      2008-01-18 03:22 174 --sha-w C:\Program Files\desktop.ini
      2008-01-18 03:01 8,192 ----a-w C:\Windows\System32\riched32.dll
      2008-01-18 02:59 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
      2008-01-18 02:58 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
      2008-01-18 02:58 542,720 ----a-w C:\Windows\System32\sysmain.dll
      2008-01-18 02:58 502,784 ----a-w C:\Windows\System32\wlansvc.dll
      2008-01-18 02:58 47,104 ----a-w C:\Windows\System32\wlanapi.dll
      2008-01-18 02:58 297,984 ----a-w C:\Windows\System32\wlansec.dll
      2008-01-18 02:58 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
      2008-01-18 02:58 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
      2008-01-18 02:58 2,923,520 ----a-w C:\Windows\explorer.exe
      2008-01-18 02:58 2,027,008 ----a-w C:\Windows\System32\win32k.sys
      2008-01-18 02:53 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
      2008-01-18 02:53 7,680 ----a-w C:\Windows\System32\spwmp.dll
      2008-01-18 02:53 4,096 ----a-w C:\Windows\System32\dxmasf.dll
      2008-01-18 02:53 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
      2008-01-18 02:48 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
      2008-01-18 02:47 8,704 ----a-w C:\Windows\System32\hcrstco.dll
      2008-01-18 02:47 8,704 ----a-w C:\Windows\System32\hccoin.dll
      2008-01-18 02:45 1,327,104 ----a-w C:\Windows\System32\quartz.dll
      2008-01-18 02:44 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
      .

      ((((((((((((((((((((((((((((( snapshot_2008-04-03_ 0.49.41,70 )))))))))))))))))))))))))))))))))))))))))
      .
      - 2008-04-02 22:40:10 67,584 --s-a-w C:\Windows\bootstat.dat
      + 2008-04-02 22:58:37 67,584 --s-a-w C:\Windows\bootstat.dat
      - 2008-04-02 22:42:36 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
      + 2008-04-02 23:13:45 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
      - 2008-04-02 22:41:46 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
      + 2008-04-02 23:00:13 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
      - 2008-04-02 22:43:15 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
      + 2008-04-02 23:12:56 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
      - 2008-04-02 22:41:41 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
      + 2008-04-02 23:00:07 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
      + 2008-04-02 23:00:07 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
      - 2008-04-02 22:42:33 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
      + 2008-04-02 23:00:02 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
      - 2008-04-02 22:42:33 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
      + 2008-04-02 23:00:02 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
      - 2008-04-02 22:42:33 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
      + 2008-04-02 23:00:02 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
      - 2008-04-02 22:47:08 107,416 ----a-w C:\Windows\System32\perfc009.dat
      + 2008-04-02 23:03:13 107,416 ----a-w C:\Windows\System32\perfc009.dat
      - 2008-04-02 22:47:08 121,814 ----a-w C:\Windows\System32\perfc00C.dat
      + 2008-04-02 23:03:13 121,814 ----a-w C:\Windows\System32\perfc00C.dat
      - 2008-04-02 22:47:08 618,272 ----a-w C:\Windows\System32\perfh009.dat
      + 2008-04-02 23:03:13 618,272 ----a-w C:\Windows\System32\perfh009.dat
      - 2008-04-02 22:47:08 699,984 ----a-w C:\Windows\System32\perfh00C.dat
      + 2008-04-02 23:03:13 699,984 ----a-w C:\Windows\System32\perfh00C.dat
      - 2008-04-01 17:14:35 11,912 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-473692253-1343356130-1243632525-1002_UserData.bin
      + 2008-04-02 23:00:25 12,068 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-473692253-1343356130-1243632525-1002_UserData.bin
      - 2008-04-02 22:41:58 64,690 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
      + 2008-04-02 23:00:25 64,752 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
      - 2008-04-02 22:41:56 46,716 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
      + 2008-04-02 23:00:24 46,788 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
      .
      -- Snapshot reset to current date --
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 15:32 1120568]
      "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 04:40 218032]
      "Steam"="c:\program files\steam\steam.exe" [2008-03-28 01:15 1271032]
      "Uniblue RegistryBooster 2"="c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe" [ ]
      "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
      "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09 486856]
      "rsiwakrt"="C:\ProgramData\rsiwakrt\izmbylil.exe" [2008-03-29 21:28 114688]
      "ovwgcjgs"="C:\ProgramData\ovwgcjgs\qpqdwtgz.exe" [2008-03-30 00:01 90112]
      "eisindhs"="C:\ProgramData\eisindhs\jwlyrcvk.exe" [2008-04-01 18:11 106496]
      "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
      "OrH4HUiW1L"="C:\ProgramData\kdahorml\szyxuril.exe" [ ]
      "ceweewtc"="C:\Windows\system32\ylwzmlsj.exe" [2008-04-03 00:40 114688]
      "nzpspzuw"="C:\Windows\system32\yjgpmtoj.exe" [2008-04-03 00:59 114688]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 11:40 232184]
      "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-28 13:38 243200]
      "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 03:18 366400]
      "toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 18:20 28672]
      "WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 14:35 176128]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]
      "RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 16:38 4390912 C:\Windows\RtHDVCpl.exe]
      "EoEngine"="" []
      "EoWeather"="" []
      "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-11 23:28 81920]
      "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-11 23:28 8497696]
      "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-11 23:28 86016]
      "MSPService"="C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe" [2007-06-12 23:36 102400]

      C:\Users\nataku\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
      OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 05:45:42 101784]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "EnableLUA"= 0 (0x0)

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
      "LogonHoursAction"= 2 (0x2)
      "DontDisplayLogonHoursWarnings"= 1 (0x1)

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
      "OrH4HUiW1L"= C:\ProgramData\kdahorml\szyxuril.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
      "C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"= C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
      "{23032023-6D34-4D91-BBF4-02CCC1D50D4D}"= C:\Program Files\CyberLink\MagicSports\MagicSports.exe:CyberLink MagicSports
      "{CFB5F5C7-8E96-4CBE-8DAA-5E403A097969}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
      "{A05C928C-FDFE-40A5-AEE5-203A8E7ABD76}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
      "{AE2D4037-438E-4E36-AA92-F3C257E656DA}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
      "{F1323BA2-2A8D-46F1-83FC-D9673AEDC439}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
      "{B4A63B20-D357-4DFF-B7BB-1429ACF6E2B6}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
      "{9BF1D760-AD15-4E8F-BDE9-7FFD86CA49D9}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
      "{6BCCEB6D-0710-4061-9A13-3998E1503BC2}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
      "{57722C18-4F90-4C3E-97D5-D7C310C2121A}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
      "{0278D2F2-E264-416C-A1B7-9CEFBF2F477F}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe
      "{69239868-18D4-493C-AF38-8139E97B0489}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe
      "TCP Query User{0E699FB6-36D3-4F51-B452-D7F20CEB11E5}C:\\program files\\warcraft iii\\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:Warcraft III
      "UDP Query User{52FD2554-CBAC-4973-8948-246CEFE3A085}C:\\program files\\warcraft iii\\war3.exe"= TCP:C:\program files\warcraft iii\war3.exe:Warcraft III
      "{3249A72C-3294-4790-AA85-A9F2B6028A0D}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars(TM)
      "{337F4BC0-B79B-4001-A50F-6703FD210422}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars(TM)
      "{0BECF2EB-C1D2-413A-A63C-7ADFD7EE982F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
      "{E5797BAC-BA75-43C8-9F4D-6D4FFA9007E5}"= UDP:C:\Program Files\Azureus\Azureus.exe:Azureus Vuze
      "{DB7FDD6A-B5A1-4986-8FAA-F2D23545BF93}"= TCP:C:\Program Files\Azureus\Azureus.exe:Azureus Vuze
      "TCP Query User{8AAEB151-B87D-4F8D-A370-05EB8B243664}C:\\program files\\maiet\\gunz\\gunzlauncher.exe"= UDP:C:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher
      "UDP Query User{02BAE378-1EA1-48E7-A2A7-F42503BDA0F1}C:\\program files\\maiet\\gunz\\gunzlauncher.exe"= TCP:C:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher
      "TCP Query User{84C1727C-44A0-43C3-A786-D1C0B2AA6905}C:\\program files\\steam\\steamapps\\natakugm69\\day of defeat\\hl.exe"= UDP:C:\program files\steam\steamapps\natakugm69\day of defeat\hl.exe:Half-Life Launcher
      "UDP Query User{541D7C44-0E6B-4E14-B495-EC16AA2B97B2}C:\\program files\\steam\\steamapps\\natakugm69\\day of defeat\\hl.exe"= TCP:C:\program files\steam\steamapps\natakugm69\day of defeat\hl.exe:Half-Life Launcher
      "TCP Query User{274DB71E-D3F3-4572-B2CC-8775CC345A3F}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus.exe
      "UDP Query User{378FAF82-FBDF-4EDA-8F23-8380A149A5F8}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus.exe
      "{9DDC4559-5BC1-4819-A210-A70F6BEC0EF9}"= UDP:C:\Users\nataku\AppData\Local\Apps\2.0\H67GP02X.7DL\CXVHJ3CP.Z23\thef...app_0d221d3645bc6701_0002.0005_8decbbb466c17454\The Filter.exe:The Filter: Windows Media Player plugin
      "{D71C5DAA-751A-45EE-B38D-0894F647E0C3}"= TCP:C:\Users\nataku\AppData\Local\Apps\2.0\H67GP02X.7DL\CXVHJ3CP.Z23\thef...app_0d221d3645bc6701_0002.0005_8decbbb466c17454\The Filter.exe:The Filter: Windows Media Player plugin
      "{B0B8B17D-543C-453F-A6AA-48959D765035}"= UDP:C:\Program Files\NCSoft\Launcher\NCLauncher.exe:PlayNC Launcher
      "{6C2F73B6-FE4F-43D5-9E09-5F61FD3F916A}"= TCP:C:\Program Files\NCSoft\Launcher\NCLauncher.exe:PlayNC Launcher
      "TCP Query User{75B7379D-09B8-4DDE-AB89-74BC031B8D6F}C:\\windows\\system32\\dpnsvr.exe"= UDP:C:\windows\system32\dpnsvr.exe:Serveur Microsoft DirectPlay 8
      "UDP Query User{D3F8672D-7683-4CB9-A96E-6C0E086C998D}C:\\windows\\system32\\dpnsvr.exe"= TCP:C:\windows\system32\dpnsvr.exe:Serveur Microsoft DirectPlay 8
      "TCP Query User{A5B7728F-740C-4E35-AC65-EC22083F2BE3}C:\\program files\\webzen\\soul of the ultimate nation\\vmmodule._ex"= UDP:C:\program files\webzen\soul of the ultimate nation\vmmodule._ex:VMModule._ex
      "UDP Query User{850C5BB3-0D00-4162-BB57-F7662E68CD4D}C:\\program files\\webzen\\soul of the ultimate nation\\vmmodule._ex"= TCP:C:\program files\webzen\soul of the ultimate nation\vmmodule._ex:VMModule._ex
      "{AC7A68F7-ED51-41B1-B818-D01579F25EB3}"= UDP:C:\Program Files\WEBZEN\Soul of the Ultimate Nation\SUN.exe:Soul of the Ultimate Nation
      "{DC7D4195-40AE-40D7-82E4-75D8D0E1F87D}"= TCP:C:\Program Files\WEBZEN\Soul of the Ultimate Nation\SUN.exe:Soul of the Ultimate Nation
      "{BA9BA66C-88DD-46DF-BE43-7F7770FB69BA}"= UDP:C:\Program Files\Knight Online\Launcher.exe:Knight OnLine
      "{9CA8B0F1-16B0-4AB6-ACDF-2B2EE4205F56}"= TCP:C:\Program Files\Knight Online\Launcher.exe:Knight OnLine
      "{9025D7C1-034A-46BE-B734-FDB04A587F0E}"= UDP:C:\Program Files\WinZip\WINZIP32.EXE:WinZip 11.1
      "{04327A0F-7708-4213-B23F-DC9468BEEB09}"= TCP:C:\Program Files\WinZip\WINZIP32.EXE:WinZip 11.1
      "TCP Query User{726FF681-23C5-40C7-83F0-8950FD94B272}C:\\aeriagames\\12sky\\twelvesky.exe"= UDP:C:\aeriagames\12sky\twelvesky.exe:TwelveSky.exe
      "UDP Query User{9ADA62AB-F252-40CA-89C2-DE0C15FDDD19}C:\\aeriagames\\12sky\\twelvesky.exe"= TCP:C:\aeriagames\12sky\twelvesky.exe:TwelveSky.exe
      "TCP Query User{2F790898-1F02-4DF7-A0E0-58881206A163}C:\\program files\\steam\\steamapps\\natakugm69\\garrysmod\\hl2.exe"= UDP:C:\program files\steam\steamapps\natakugm69\garrysmod\hl2.exe:hl2.exe
      "UDP Query User{79874D7B-FFC2-4F3B-B175-C3D49286A17D}C:\\program files\\steam\\steamapps\\natakugm69\\garrysmod\\hl2.exe"= TCP:C:\program files\steam\steamapps\natakugm69\garrysmod\hl2.exe:hl2.exe
      "TCP Query User{C0662D61-D14E-4FE3-9D3C-E3B5CF2B5766}C:\\program files\\steam\\steamapps\\natakugm69\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\natakugm69\counter-strike source\hl2.exe:hl2.exe
      "UDP Query User{A7A89274-A6E5-48BD-A8F8-0904BBD9E468}C:\\program files\\steam\\steamapps\\natakugm69\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\natakugm69\counter-strike source\hl2.exe:hl2.exe
      "TCP Query User{9330CDFF-A547-4F8B-9A1D-54B5D9A97544}C:\\program files\\warcraft iii\\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:Warcraft III
      "UDP Query User{EE822F91-436B-47C3-87E3-756E2BDC39F9}C:\\program files\\warcraft iii\\war3.exe"= TCP:C:\program files\warcraft iii\war3.exe:Warcraft III
      "TCP Query User{8C2812D3-E917-4DC2-8787-C9000B8F26CC}C:\\program files\\world of warcraft\\repair.exe"= UDP:C:\program files\world of warcraft\repair.exe:Blizzard Repair Utility
      "UDP Query User{4B4DAC8A-73FD-4D92-BBA6-373D0108F161}C:\\program files\\world of warcraft\\repair.exe"= TCP:C:\program files\world of warcraft\repair.exe:Blizzard Repair Utility
      "{F24FE47E-7544-4C61-91AB-9ADB8970606B}"= UDP:C:\Program Files\World of Warcraft\Launcher.exe:World of Warcraft
      "{12533CA3-7286-4683-B791-59DF6540B0AC}"= TCP:C:\Program Files\World of Warcraft\Launcher.exe:World of Warcraft
      "{EB7CB3B5-ADA0-4CDE-8CFA-86BC314C6BD9}"= Disabled:UDP:C:\Users\nataku\Documents\Azureus Downloads\Frontlines Fuel of War - Public Beta\FFOW_BETA_0.3.0.exe:FFOW_BETA_0.3.0.exe
      "{C8BA228A-1815-436E-8D9B-7DB23978FF66}"= Disabled:TCP:C:\Users\nataku\Documents\Azureus Downloads\Frontlines Fuel of War - Public Beta\FFOW_BETA_0.3.0.exe:FFOW_BETA_0.3.0.exe
      "{087E21CB-BF5A-4BE9-9DEE-9B5FD4617467}"= Disabled:UDP:C:\Users\nataku\Documents\Azureus Downloads\Frontlines Fuel of War - Public Beta\update\FFOW_Patch_030_to_031.exe:FFOW_Patch_030_to_031.exe
      "{AC484165-90C5-4D11-9B02-3092FE5ADCC3}"= Disabled:TCP:C:\Users\nataku\Documents\Azureus Downloads\Frontlines Fuel of War - Public Beta\update\FFOW_Patch_030_to_031.exe:FFOW_Patch_030_to_031.exe
      "TCP Query User{B7E6F47C-FA97-492D-B3BF-397D5AB1F10B}C:\\program files\\thq\\frontlines-fuel of war beta\\binaries\\ffow-beta.exe"= Disabled:UDP:C:\program files\thq\frontlines-fuel of war beta\binaries\ffow-beta.exe:Frontlines Game
      "UDP Query User{AC982320-A3D9-46FB-8675-4385F302A529}C:\\program files\\thq\\frontlines-fuel of war beta\\binaries\\ffow-beta.exe"= Disabled:TCP:C:\program files\thq\frontlines-fuel of war beta\binaries\ffow-beta.exe:Frontlines Game
      "TCP Query User{CE83DD67-6A44-41CD-AEF1-2FA372683A75}C:\\users\\nataku\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\h01tseim\\wow-2.3.3.7799-to-0.4.0.7897-frfr-downloader[1].exe"= UDP:C:\users\nataku\appdata\local\microsoft\windows\temporary internet files\content.ie5\h01tseim\wow-2.3.3.7799-to-0.4.0.7897-frfr-downloader[1].exe:wow-2.3.3.7799-to-0.4.0.7897-frfr-downloader[1].exe
      "UDP Query User{26A51545-2477-4585-ACA1-5ADE5565F4E6}C:\\users\\nataku\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\h01tseim\\wow-2.3.3.7799-to-0.4.0.7897-frfr-downloader[1].exe"= TCP:C:\users\nataku\appdata\local\microsoft\windows\temporary internet files\content.ie5\h01tseim\wow-2.3.3.7799-to-0.4.0.7897-frfr-downloader[1].exe:wow-2.3.3.7799-to-0.4.0.7897-frfr-downloader[1].exe
      "{8B3C294A-F626-4536-A7EB-3328EB09E15D}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
      "{9906B0E3-736E-47EF-8508-4AD8D1B8080C}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
      "{A182B197-1B9D-4674-B066-6D0A7DF612EB}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
      "{C5A2714E-899F-418F-98B0-502FE14722B9}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
      "TCP Query User{3169638C-744E-4F0E-8A7D-BE1D3260AAE3}C:\\program files\\free download manager\\fdm.exe"= UDP:C:\program files\free download manager\fdm.exe:Free Download Manager
      "UDP Query User{91E7727F-428B-455F-96C9-B9031A42BF8C}C:\\program files\\free download manager\\fdm.exe"= TCP:C:\program files\free download manager\fdm.exe:Free Download Manager
      "{4A9B2D45-2778-401C-8D43-7873D8440489}"= UDP:C:\Program Files\Electronic Arts\Battlefield 2142 Deluxe Edition\BF2142.exe:Battlefield 2142
      "{D7E38E86-D996-4F47-A7C4-0700E938929F}"= TCP:C:\Program Files\Electronic Arts\Battlefield 2142 Deluxe Edition\BF2142.exe:Battlefield 2142

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
      "DoNotAllowExceptions"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
      "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
      "C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"= C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel

      R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
      S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-03 00:41]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
      \shell\AutoRun\command - D:\LaunchU3.exe -a

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
      \shell\AutoRun\command - J:\LaunchU3.exe -a

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23f6e8d9-aa36-11dc-aadc-806e6f6e6963}]
      \shell\AutoRun\command - H:\Autorun.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5527e689-acd7-11dc-a03c-001c252d63ad}]
      \shell\AutoRun\command - E:\LaunchU3.exe -a

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{febc019b-b6fb-11dc-ba34-001c252d63ad}]
      \shell\AutoRun\command - J:\LaunchU3.exe -a

      .
      Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
      "2008-04-02 23:00:02 C:\Windows\Tasks\Extension de garantie.job"
      - C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
      "2008-04-02 23:00:01 C:\Windows\Tasks\Recovery DVD Creator.job"
      - C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe
      "2008-04-02 18:14:25 C:\Windows\Tasks\User_Feed_Synchronization-{8BB7E93E-40DA-40AE-BB67-D72DEC967818}.job"
      - C:\Windows\system32\msfeedssync.exe
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-04-03 01:14:37
      Windows 6.0.6000 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************
      .
      Temps d'accomplissement: 2008-04-03 1:15:10
      ComboFix-quarantined-files.txt 2008-04-02 23:15:07
      ComboFix2.txt 2008-04-02 22:54:00
      ComboFix3.txt 2008-04-02 22:49:54
      ComboFix4.txt 2008-03-30 15:00:43
      ComboFix5.txt 2008-03-30 14:35:10
      Pre-Run: 76,638,646,272 octets libres
      Post-Run: 76,605,595,648 octets libres
      .
      2008-03-28 21:06:50 --- E O F ---


      Et voila le rapport de OTmoveIT:

      File/Folder C:\DOWNLO~1\Software\RFONLI~1.EXE /r not found.
      C:\ProgramData\rsiwakrt\izmbylil.exe moved successfully.
      C:\ProgramData\ovwgcjgs\qpqdwtgz.exe moved successfully.
      C:\ProgramData\eisindhs\jwlyrcvk.exe moved successfully.
      File/Folder C:\ProgramData\kdahorml\szyxuril.exe not found.

      OTMoveIt2 by OldTimer - Version 1.0.21 log created on 04032008_011721
      0
    2. T-T Messages postés 7 Statut Membre
       
      Slt jlpjlp

      J'ai trouve dans l'exploarateur de logiciel de windows defender un software nomme ylzmlsj.exe je me demande ce que c'est et si c'est une bonne idée de l'enlevé voici la description:

      Nom du fichier: ylwzmlsj.exe
      Nom complet: ylwzmlsj.exe
      Description: Non disponible
      Éditeur: Non disponible
      Signé numériquement par: Non signé
      Type de fichier: Application
      Valeur de démarrage: C:\Windows\system32\ylwzmlsj.exe
      Chemin du fichier: C:\Windows\system32\ylwzmlsj.exe
      Taille du fichier: 114688
      Version du fichier: Non disponible
      Date d'installation: 03/04/2008 00:40:55
      Type de démarrage: Registre : utilisateur actuel
      Emplacement: Software\Microsoft\Windows\CurrentVersion\Run
      Classification: Désactivé
      Inclus dans le système d’exploitation: Non
      Vote SpyNet: Non disponible

      Je l'ai désactivé pour voir si je ne recevais plus d'alerte.
      0
    3. bleuville
       
      bonjour jlpjlp, j'ai moi aussi un problème avec trojan downloader.xs, j'ai suivi les conseils sur le forum mais lorsque je copie votre citation dans la colonne de gauche de OTMovelt2.exe, sa ne passe pas et une fenêtre apparaît en me signalant le message suivant : Invalid time flag [r] Must be mumérical. Ce message semble être destiné au petir r situé à la fin de la première ligne de la citation. Pourriez-vous m'aider à ce sujet.
      En vous remerciant, bien à vous - bleuville
      0
    4. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041 > bleuville
       
      slt cré ton propre post et colle moi le lien et je viendrais voir, mets y aussi un rapport hijakchtis
      mais ne le fais pas dans le post d'un autre
      0
    5. bleuville Messages postés 1 Statut Membre
       
      que veux-tu dire par créer mon propre post? lorsque le lance KillBagie, (combofix), il termine les étapes de 1 à 43 puis indique la suppression de fichiers/dossiers ( ces fichiers/dossiers sont dans windows/ système32). Il redémare mon pc et puis sa fenêtre disparaît sans me laisser aucun rapport.
      Ensuite je lance OTMevelt2.exe, je copie ta citation qui ne passe pas.
      je te remercie de m'avoir répondu et pour ton aide - bleuville
      0
  2. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt on n'a pas encore viré ce fichier!!!

    __________

    analyse ces deux fichier sur virus total et si inféctés tu les mets dans la citation otmovit pour les virer:https://www.virustotal.com/gui/

    C:\Windows\System32\yjgpmtoj.exe
    C:\Windows\System32\ylwzmlsj.exe

    _____________
    recolle un nouveau hijackthis et dis tes soucis
    0
  3. T-T Messages postés 7 Statut Membre
     
    Slt
    Le problême des alertes est résolu merci beaucoup de ton aide et a + (voila le rapport de hijackthis)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:08:52, on 03/04/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Windows\System32\wpcumi.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Electronic Arts\Battlefield 2142 Deluxe Edition\BF2142.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
    O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
    O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [rsiwakrt] C:\ProgramData\rsiwakrt\izmbylil.exe
    O4 - HKCU\..\Run: [ovwgcjgs] C:\ProgramData\ovwgcjgs\qpqdwtgz.exe
    O4 - HKCU\..\Run: [eisindhs] C:\ProgramData\eisindhs\jwlyrcvk.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [OrH4HUiW1L] C:\ProgramData\kdahorml\szyxuril.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKLM\..\Policies\Explorer\Run: [OrH4HUiW1L] C:\ProgramData\kdahorml\szyxuril.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    0
    1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
       
      Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

      O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)

      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

      O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

      O4 - HKCU\..\Run: [rsiwakrt] C:\ProgramData\rsiwakrt\izmbylil.exe
      O4 - HKCU\..\Run: [ovwgcjgs] C:\ProgramData\ovwgcjgs\qpqdwtgz.exe
      O4 - HKCU\..\Run: [eisindhs] C:\ProgramData\eisindhs\jwlyrcvk.exe
      O4 - HKCU\..\Run: [OrH4HUiW1L] C:\ProgramData\kdahorml\szyxuril.exe
      O4 - HKLM\..\Policies\Explorer\Run: [OrH4HUiW1L] C:\ProgramData\kdahorml\szyxuril.exe


      ________________


      télécharge OTMoveIt
      http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
      double-clique sur OTMoveIt.exe pour le lancer.
      copie la liste qui se trouve en citation ci-dessous,
      et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

      Citation :

      C:\ProgramData\rsiwakrt\izmbylil.exe
      C:\ProgramData\ovwgcjgs\qpqdwtgz.exe
      C:\ProgramData\eisindhs\jwlyrcvk.exe
      C:\ProgramData\kdahorml\szyxuril.exe
      C:\ProgramData\kdahorml\szyxuril.exe


      clique sur MoveIt! pour lancer la suppression.
      le résultat apparaitra dans le cadre "Results".
      clique sur Exit pour fermer.
      poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

      il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
      _________


      colle le rapport d'un scan en ligne
      avec un des suivants:


      bitdefender en ligne :
      http://www.bitdefender.fr/scan_fr/scan8/ie.html

      Panda en ligne :
      http://pandasoftware.fr

      Kaspersky en ligne
      https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
      0
  4. bob
     
    Depuis quelque jours j'ai des fenêtres de sécurite qui pop toutes les 30 min concernant abebot et trojan downloader xs et un petit triangle d'avertissement dans la barre
    j'ai besoin d'un coup de main SVP car je suis vraiment novice
    merci d'avance
    VOila le rapport de Hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:06:02, on 06/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\D-Tools\daemon.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Documents and Settings\All Users\Application Data\cruncrcj\ynengboz.exe
    C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\arafkvot.exe
    C:\Program Files\Winsos\WINSOS.EXE
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\WINDOWS\speech\vcmd.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\SPYWAR~2\swdoctor.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\alexandre\Local Settings\Temporary Internet Files\Content.IE5\AIB1D26V\HiJackThis[1].exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/fr-fr
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: BHO Barre de Confiance CM-CIC - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Barre de confiance CM-CIC - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Conjugaison] C:\Program Files\conjugaison\conjLauncher.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\alexandre\Local Settings\Temporary Internet Files\Content.IE5\U6N9IB8G\install_sbd_fr[1].exe
    O4 - HKLM\..\Run: [bm] "C:\Program Files\Fichiers communs\AntivirusFiable\bm.exe" dm=http://antivirusfiable.com ad=http://antivirusfiable.com sd=http://gregistre.antivirusfiable.com
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
    O4 - HKCU\..\Run: [way program] C:\DOCUME~1\ALEXAN~1\APPLIC~1\UP01WA~1\dvdoptionnoun.exe
    O4 - HKCU\..\Run: [upxckkac] C:\WINDOWS\system32\arafkvot.exe
    O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
    O4 - HKCU\..\Run: [jmvzzyvv] C:\WINDOWS\system32\hgpytcri.exe
    O4 - HKCU\..\Policies\Explorer\Run: [MPaEi14fG0] C:\Documents and Settings\All Users\Application Data\cruncrcj\ynengboz.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office2K\Office\OSA9.EXE
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://gamenextfr.oberon-media.com/online/online2/luxor_amun_rising/mjolauncher.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - rundll32.exe (file missing)
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. bob
     
    suite a votre mail, j'ai relancer hijackthis avec "do a scan only" mais toutes les lignes que vous avez demandé de cocher n'apparaissent pas
    ci-joint copie ecran des lignes qui n'apparaissent pas :

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

    O4 - HKCU\..\Run: [rsiwakrt] C:\ProgramData\rsiwakrt\izmbylil.exe

    O4 - HKCU\..\Run: [ovwgcjgs] C:\ProgramData\ovwgcjgs\qpqdwtgz.exe
    O4 - HKCU\..\Run: [eisindhs] C:\ProgramData\eisindhs\jwlyrcvk.exe
    O4 - HKCU\..\Run: [OrH4HUiW1L] C:\ProgramData\kdahorml\szyxuril.exe
    O4 - HKLM\..\Policies\Explorer\Run: [OrH4HUiW1L] C:\ProgramData\kdahorml\szyxuril.exe
    0
    1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
       
      slt ,'c'est pas a toi que je parle... cré toi un post sinon on va se perdre, si tu me colle le lien je viendrai t'aider
      a plus
      0
  7. OSS117
     
    Bonjour !
    Problème de TrojanDownloader et de adebot.

    voici mon Hijackthis.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 02:48:12, on 01/05/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\All Users\Application Data\xkzixyla\fuvghyjc.exe
    C:\WINDOWS\vphc700.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Cyberlink\Shared Files\brs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\dcvmdcpq.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [phc710] C:\WINDOWS\vphc700.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [fiphvcop] C:\WINDOWS\system32\dcvmdcpq.exe
    O4 - HKCU\..\Run: [mhptwgas] C:\WINDOWS\system32\onwlalwf.exe
    O4 - HKLM\..\Policies\Explorer\Run: [wZcFcJTwco] C:\Documents and Settings\All Users\Application Data\xkzixyla\fuvghyjc.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: TrayMin710.exe.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.zebulon.fr/scan8/oscan8.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://config.zebulon.fr/plugins/hardwaredetection.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Service Framework McAfee (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    0
  8. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    creer son propre post permet de faire du meilleur travail!!!

    post férmé
    0
  9. julien
     
    j ai probleme avec ffow j ai telecharger le patch 1.1.0 et il me dit invalid patch file
    0