Sujet Précédent Sujet Suivant

Suppresion system guard 2009

fremel Messages postés 9 Statut Membre -  
Destrio5 Messages postés 99820 Statut Modérateur -
Bonjour,
J'ai depuis 3 ou 4 jours, system guard 2009 qui me pollue l'ordinateur.
Que dois-je faire pour le supprimer?
j'ai 2 rappports rsit

Merci de votre aide

13 réponses

Réponse 1 / 13
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
Salut,

Poste les deux rapports.
0
fremel Messages postés 9 Statut Membre
 
Logfile of random's system information tool 1.05 (written by random/random)
Run by rivoalen at 2009-02-23 10:58:21
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 19 GB (31%) free of 60 GB
Total RAM: 1023 MB (81% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:15:59, on 20/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\drivers\services.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINNT\TPPALDR.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\rundll32.exe
C:\DOCUME~1\rivoalen\LOCALS~1\Temp\winlognn.exe
C:\WINNT\system32\drivers\services.exe
C:\Documents and Settings\rivoalen\svchost.exe
C:\WINNT\System32\rs32net.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINNT\system32\winscenter.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\rivoalen\Application Data\cogad\cogad.exe
C:\Program Files\XPPoliceAntivirus\xppolice.exe
C:\DOCUME~1\rivoalen\LOCALS~1\Temp\winlognn.exe
C:\WINNT\system32\drivers\services.exe
C:\Documents and Settings\rivoalen\svchost.exe
C:\WINNT\System32\rs32net.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\MSI\US54SE II\Installer\WINXP\MCU.exe
C:\Documents and Settings\rivoalen\Menu Démarrer\Programmes\Démarrage\userinit.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\TEMP\nsyF.tmp
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\TEMP\E265.tmp
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\System Guard 2009\systemguard.exe
C:\WINNT\System32\svchost.exe
C:\Documents and Settings\rivoalen\Mes documents\Downloads\Kaspersky Antivirus 2009 + key [Full]\kav.en.exe
C:\DOCUME~1\rivoalen\LOCALS~1\Temp\IXP000.TMP\Setup_ver1.1524.0.exe
G:\RSIT.exe
C:\Program Files\trend micro\rivoalen.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,C:\WINNT\system32\drivers\services.exe
O2 - BHO: (no name) - {55737035-1B75-48DD-A4D8-66155D8AC7A3} - C:\WINNT\system32\ddcArRkL.dll
O2 - BHO: (no name) - {9356EA01-DBD4-45DF-A374-818CC609A7B2} - C:\WINNT\system32\byXRhHxW.dll
O2 - BHO: C:\WINNT\system32\hs78344kjkfd.dll - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\WINNT\system32\hs78344kjkfd.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\WINNT\system32\LVCOMS.EXE
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINNT\TPPALDR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [486c3fde] rundll32.exe "C:\WINNT\system32\jtsvijyf.dll",b
O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINNT\system32\autochk.dll,_IWMPEvents@16
O4 - HKLM\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\rivoalen\LOCALS~1\Temp\winlognn.exe
O4 - HKLM\..\Run: system C:\WINNT\system32\drivers\services.exe
O4 - HKLM\..\Run: [winlogon] C:\Documents and Settings\rivoalen\svchost.exe
O4 - HKLM\..\Run: [rs32net] C:\WINNT\System32\rs32net.exe
O4 - HKLM\..\Run: [systemguard] C:\Program Files\System Guard 2009\systemguard.exe
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINNT\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\rivoalen\LOCALS~1\Temp\IXP000.TMP\"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [autochk] rundll32.exe C:\DOCUME~1\NETWOR~1\protect.dll,_IWMPEvents@16
O4 - HKCU\..\Run: [cogad] "C:\Documents and Settings\rivoalen\Application Data\cogad\cogad.exe" 61A847B5BBF7281033923C466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [PoliceAV] C:\Program Files\XPPoliceAntivirus\xppolice.exe
O4 - HKCU\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\rivoalen\LOCALS~1\Temp\winlognn.exe
O4 - HKCU\..\Run: system C:\WINNT\system32\drivers\services.exe
O4 - HKCU\..\Run: [winlogon] C:\Documents and Settings\rivoalen\svchost.exe
O4 - HKCU\..\Run: [rs32net] C:\WINNT\System32\rs32net.exe
O4 - HKCU\..\Run: [rivoalen] C:\Documents and Settings\rivoalen\rivoalen.exe /i
O4 - HKCU\..\Run: [5774] C:\DOCUME~1\rivoalen\LOCALS~1\Temp\F.tmp.exe
O4 - HKUS\S-1-5-19\..\Run: [internat.exe] internat.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [] (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [internat.exe] internat.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [internat.exe] internat.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: ChkDisk.dll
O4 - Startup: ChkDisk.lnk = ?
O4 - Startup: userinit.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MSI US54SE II Wireless Client Utility.lnk = C:\Program Files\MSI\US54SE II\Installer\WINXP\MCU.exe
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BC2BC91-03EC-453F-9236-DFB176CFE6B2}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F59AAA6-C334-4CA4-92B0-CE6ED1C00B23}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O20 - Winlogon Notify: cbaefbac - C:\WINNT\system32\cbaefbac.dll
O20 - Winlogon Notify: crypt - C:\WINNT\SYSTEM32\crypts.dll
O20 - Winlogon Notify: ddcArRkL - C:\WINNT\SYSTEM32\ddcArRkL.dll
O20 - Winlogon Notify: lavtxswi - C:\WINNT\SYSTEM32\lavtxswi.dll
O21 - SSODL: ieModule - {C0DAA278-B7DE-49FF-995D-2082C2CC1606} - C:\Documents and Settings\All Users\Application Data\Microsoft\Network\DLLs\ieModule.dll
O21 - SSODL: InternetConnection - {E7805B8F-FB7F-4A88-85D2-427D22B88884} - C:\Documents and Settings\All Users\Application Data\Microsoft\Network\DLLs\gkczqxlkes.dll
O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\WINNT\system32\hs78344kjkfd.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICF - Unknown owner - C:\WINNT\system32\svchost.exe:ext.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\winnt\system32\mssrv32.exe
0
Réponse 2 / 13
fremel Messages postés 9 Statut Membre
 
info.txt logfile of random's system information tool 1.05 2009-02-20 20:16:02

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINNT\INF\PCHealth.inf
Adobe Acrobat 4.0, 5.0-->C:\WINNT\ISUN040C.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe AIR-->c:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Download Manager 2.2 (Supprimer uniquement)-->"C:\Program Files\Fichiers communs\Adobe\ESD\uninst.exe"
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 ActiveX-->C:\WINNT\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files\Fichiers communs\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Reader 7.0.9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70900000002}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\Setup.exe" -l0x40c
ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{4B892137-6FB6-4622-B568-488E38F2E727}
ATI Control Panel-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINNT\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"
Barre d'outils MSN-->C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\mtbs.exe c
Canon CanoScan Toolbox 4.9-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}\setup.exe" -l0x40c anything
C-Media 3D Audio-->C:\WINNT\CMIUnInstall.exe
C-Media WDM Audio Driver-->C:\WINNT\system32\cmirmdrv.exe
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Correctif pour Windows XP (KB952287)-->"C:\WINNT\$NtUninstallKB952287$\spuninst\spuninst.exe"
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for MDAC 2.53 (KB927779)-->"C:\WINNT\$SQLUninstallMDAC25SP3-KB927779-x86-FRA$\spuninst\spuninst.exe"
Internet Explorer Q903235-->C:\WINNT\ieuninst.exe C:\WINNT\INF\Q903235.inf
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1 Hotfix (KB947742)-->"C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\M947742\M947742Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Data Access Components KB870669-->C:\WINNT\muninst.exe C:\WINNT\INF\KB870669.inf
Microsoft Office 2000 Professional-->MsiExec.exe /I{0001040C-78E1-11D2-B60F-006097C998E7}
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINNT\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINNT\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINNT\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINNT\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINNT\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINNT\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINNT\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINNT\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINNT\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINNT\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINNT\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINNT\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINNT\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINNT\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINNT\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINNT\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINNT\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINNT\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINNT\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINNT\$NtUninstallKB958215$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINNT\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINNT\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINNT\$NtUninstallKB960714$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB898461)-->"C:\WINNT\$NtUninstallKB898461$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINNT\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINNT\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.20)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSI US54SE II Wireless Client Utility-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EBB4501-6521-4D70-9E9A-301757CD00D6}\setup.exe" -l0x9 -removeonly
MSN Messenger 7.0-->MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600820}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero - Burning Rom-->MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
PDFCreator-->"C:\Program Files\PDFCreator\unins000.exe"
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
QuickCam-->MsiExec.exe /I{55A26FBA-3777-4F13-B593-7701474313DF}
RealPlayer 7 Basic-->C:\Program Files\Fichiers communs\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
ScanSoft OmniPage SE 4.0-->MsiExec.exe /I{C1E693A4-B1D5-4DCD-B68D-2087835B7184}
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
System Guard 2009-->C:\Program Files\System Guard 2009\uninstall.exe
TPP Storage Driver Installation-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E258A840-7E9A-443A-B156-67102C48BF17}\Setup.exe" NotFirstInstall
USB Storage Adapter (TPP)-->tppun.exe TPP725
USB Storage Adapter V2 (TPP)-->tppun.exe TPP200
USB Storage Adapter V3 (TPP)-->tppun.exe TPP300
VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"

System event log

Computer Name: RIVOALEN-1EE5B5
Event Code: 26
Message: Application popup :  : Machine Check: Regs

Record Number: 8111
Source Name: Application Popup
Time Written: 20090207141653.000000+060
Event Type: Informations
User:

Computer Name: RIVOALEN-1EE5B5
Event Code: 26
Message: Application popup :  : Machine Check:

Record Number: 8110
Source Name: Application Popup
Time Written: 20090207141653.000000+060
Event Type: Informations
User:

Computer Name: RIVOALEN-1EE5B5
Event Code: 26
Message: Application popup :  : Machine Check: Regs

Record Number: 8109
Source Name: Application Popup
Time Written: 20090207141653.000000+060
Event Type: Informations
User:

Computer Name: RIVOALEN-1EE5B5
Event Code: 26
Message: Application popup :  : Machine Check:

Record Number: 8108
Source Name: Application Popup
Time Written: 20090207141653.000000+060
Event Type: Informations
User:

Computer Name: RIVOALEN-1EE5B5
Event Code: 26
Message: Application popup :  : Machine Check: Regs

Record Number: 8107
Source Name: Application Popup
Time Written: 20090207141653.000000+060
Event Type: Informations
User:

Application event log

Computer Name: RIVOALEN-1EE5B5
Event Code: 47
Message: WMI ADAP n'a pas pu récupérer les données à partir de la sous-clé PerfLib : SYSTEM\CurrentControlSet\Services\VIGHLPR\Performance, code d'erreur : Access Denied

Record Number: 1381
Source Name: WinMgmt
Time Written: 20071214151831.000000+060
Event Type: Avertissement
User:

Computer Name: RIVOALEN-1EE5B5
Event Code: 105
Message: The service was started.

Record Number: 1380
Source Name: WMDM PMSP Service
Time Written: 20071214151712.000000+060
Event Type: Informations
User:

Computer Name: RIVOALEN-1EE5B5
Event Code: 105
Message: The service was started.

Record Number: 1379
Source Name: ATI Smart
Time Written: 20071214151655.000000+060
Event Type: Informations
User:

Computer Name: RIVOALEN-1EE5B5
Event Code: 1015
Message: Le délai d'exécution de la fonction "PerfProc" de collecte de données de
performance dans la bibliothèque "C:\WINNT\system32\perfproc.dll" a expiré. Il y a peut-être un
problème pour ce compteur extensible ou le service dont il tire ses
informations, ou le système était peut-être très occupé au moment où
l'appel a été tenté.

Record Number: 1378
Source Name: Perflib
Time Written: 20071213192253.000000+060
Event Type: erreur
User:

Computer Name: RIVOALEN-1EE5B5
Event Code: 4097
Message: L'application, , a généré une erreur d'application
L'erreur s'est produite le 12/13/2007 à 09:32:36.609
L'exception générée était c0000005 à l'adresse 05E6F3D3 (<nosymbols>)

Record Number: 1377
Source Name: DrWatson
Time Written: 20071213093236.000000+060
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\ATI Technologies\ATI Control Panel
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------
0
Réponse 3 / 13
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
C'est la fête dans ton PC.

/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\

--> Télécharge ComboFix (de sUBs) sur ton Bureau.
--> Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
--> Il va te demander d'installer la console de récupération : accepte.
--> Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
0
Réponse 4 / 13
fremel Messages postés 9 Statut Membre
 
ComboFix 09-02-24.02 - rivoalen 2009-02-25 18:21:41.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1023.589 [GMT 1:00]
Running from: c:\documents and settings\rivoalen\Bureau\ComboFix.exe
Command switches used :: c:\documents and settings\rivoalen\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
[i] ADS - svchost.exe: deleted 32768 bytes in 1 streams. /i

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\Application Data\winlogon.exe
c:\documents and settings\NetworkService\protect.dll
c:\documents and settings\rivoalen\Application Data\GetModule
c:\documents and settings\rivoalen\Application Data\GetModule\dicik.gz
c:\documents and settings\rivoalen\Application Data\GetModule\kwdik.gz
c:\documents and settings\rivoalen\Application Data\GetModule\ofadik.gz
c:\documents and settings\rivoalen\Application Data\SpeedRunner
c:\documents and settings\rivoalen\Application Data\SpeedRunner\config.cfg
c:\documents and settings\rivoalen\Application Data\SpeedRunner\SpeedRunner.exe
c:\documents and settings\rivoalen\Application Data\SpeedRunner\SRUninstall.exe
c:\documents and settings\rivoalen\Application Data\twain\Twain.exe
c:\documents and settings\rivoalen\Local Settings\Temporary Internet Files\bestwiner.stt
c:\documents and settings\rivoalen\Local Settings\Temporary Internet Files\CPV.stt
c:\documents and settings\rivoalen\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\rivoalen\Menu Démarrer\Programmes\Démarrage\ChkDisk.dll
c:\documents and settings\rivoalen\Menu Démarrer\Programmes\Démarrage\ChkDisk.lnk
c:\documents and settings\rivoalen\Menu Démarrer\Programmes\Démarrage\userinit.exe
c:\documents and settings\rivoalen\Menu Démarrer\XP Police Antivirus.LNK
c:\documents and settings\rivoalen\protect.dll
c:\documents and settings\rivoalen\rivoalen.exe
c:\documents and settings\rivoalen\svchost.exe
c:\program files\GetModule
c:\program files\GetModule\GetModule37.exe
c:\program files\iCheck
c:\program files\iCheck\Uninstall.exe
c:\program files\Mozilla Firefox\components\iamfamous.dll
c:\program files\VnrPack
c:\program files\VnrPack\dicts.gz
c:\program files\VnrPack\trgts.gz
c:\program files\VnrPack\VnrPack25.exe
c:\recycler\S-1-7-64-100002160-100023697-100006695-2568.com
c:\recycler\S-7-4-26-100001451-100015812-100008546-4586.com
c:\winnt\IE4 Error Log.txt
c:\winnt\iehost.dll
c:\winnt\reged.exe
c:\winnt\spoolsystem.exe
c:\winnt\svchost.exe
c:\winnt\sys.com
c:\winnt\syscert.exe
c:\winnt\sysexplorer.exe
c:\winnt\system32\autochk.dll
c:\winnt\system32\byXRhHxW.dll
c:\winnt\system32\config\systemprofile\Local Settings\Temporary Internet Files\CPV.stt
c:\winnt\system32\crypts.dll
c:\winnt\system32\dpnsvr.dll
c:\winnt\system32\drivers\gaopdxdvgppnsi.sys
c:\winnt\system32\drivers\gaopdxoodpxwkk.sys
c:\winnt\system32\drivers\gaopdxrdqpsxwk.sys
c:\winnt\system32\drivers\gaopdxsaopppvj.sys
c:\winnt\system32\drivers\services.exe
c:\winnt\system32\fnrcedey.dll
c:\winnt\system32\fyjivstj.ini
c:\winnt\system32\gaopdxamtpbrdq.dll
c:\winnt\system32\gaopdxcounter
c:\winnt\system32\hbtalm.dll
c:\winnt\system32\hs78344kjkfd.dll
c:\winnt\system32\kr_done1
c:\winnt\system32\lavtxswi.dll
c:\winnt\system32\lavtxswi32.dll
c:\winnt\system32\mcenspc.dll
c:\winnt\system32\rs32net.exe
c:\winnt\system32\staqytih.dll
c:\winnt\system32\upbkwlrk.dll
c:\winnt\system32\winscenter.exe
c:\winnt\system32\WxHhRXyb.ini
c:\winnt\system32\WxHhRXyb.ini2
c:\winnt\system32\ydglplfy.dll
c:\winnt\system32\yedecrnf.ini
c:\winnt\system32\yflplgdy.ini
c:\winnt\Temp\2519136420.exe
c:\winnt\Temp\2532417670.exe
c:\winnt\vmreg.dll
c:\winnt\Web\default.htt
D:\Autorun.inf
d:\recycler\S-1-7-64-100002160-100023697-100006695-2568.com
d:\recycler\S-7-3-82-100000905-100016656-100015351-1365.com
d:\recycler\S-7-4-26-100001451-100015812-100008546-4586.com
d:\recycler\S-8-1-17-100003485-100014126-100012875-1452.com
d:\recycler\S-8-9-75-100019398-100029362-100026842-8313.com
d:\recycler\S-9-1-82-100025046-100002628-100031388-5794.com
d:\recycler\S-9-4-39-100018786-100002504-100011528-8534.com
g:\recycler\S-1-7-64-100002160-100023697-100006695-2568.com
g:\recycler\S-7-4-26-100001451-100015812-100008546-4586.com
g:\recycler\S-8-9-75-100019398-100029362-100026842-8313.com

----- BITS: Possible infected sites -----

hxxp://vestepau.cn
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ICF
-------\Legacy_MSDVDR
-------\Legacy_MSUPDATE
-------\Legacy_TCPSR
-------\Service_IAS
-------\Service_ICF
-------\Service_msdvdDrv
-------\Service_msdvdr
-------\Service_msupdate
-------\Service_restore
-------\Service_tcpsr

((((((((((((((((((((((((( Files Created from 2009-01-25 to 2009-02-25 )))))))))))))))))))))))))))))))
.

2009-02-25 18:27 . 2009-02-25 18:27 179,200 --a------ c:\winnt\system32\fastopen.dll
2009-02-25 18:02 . 2009-02-25 18:02 179,200 --a------ c:\winnt\system32\dcomcnfg.dll
2009-02-25 17:52 . 2009-02-25 17:52 179,200 --a------ c:\winnt\system32\progman.dll
2009-02-25 17:50 . 2009-02-25 17:50 281,105 --------- c:\winnt\system32\eafc9d9468a13ed7673e0f5163e26ea0.TMP
2009-02-25 17:50 . 2009-02-25 17:50 179,200 --a------ c:\winnt\system32\cacls.dll
2009-02-24 16:03 . 2009-02-25 18:02 3,156 -ra------ c:\winnt\system32\msdvdr.sys
2009-02-23 10:25 . 2009-02-23 10:25 <REP> d-------- c:\documents and settings\rivoalen\Application Data\Malwarebytes
2009-02-23 10:24 . 2009-02-23 10:25 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-23 10:24 . 2009-02-23 10:24 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-23 10:19 . 2009-02-25 18:03 5,760 --a------ c:\winnt\system32\drivers\restore.sys
2009-02-23 10:05 . 2009-02-25 18:22 <REP> d-------- c:\documents and settings\rivoalen\Application Data\Twain
2009-02-23 10:00 . 2009-02-23 10:00 <REP> d-------- c:\program files\WebShow
2009-02-23 09:46 . 2009-02-23 09:45 48,836 --a------ c:\winnt\system32\msdvdr.pif
2009-02-23 09:45 . 2009-02-23 09:45 <REP> d-------- c:\program files\System Guard 2009
2009-02-23 09:45 . 2009-02-23 09:45 8 --a------ c:\winnt\system32\msdvdr.dat
2009-02-21 11:10 . 2009-02-21 11:10 <REP> d-------- c:\program files\Alwil Software
2009-02-21 10:31 . 2008-04-14 13:00 26,624 --a------ c:\winnt\system32\stu2.exe
2009-02-20 20:35 . 2009-02-20 20:35 <REP> d-------- c:\program files\Enigma Software Group
2009-02-20 20:15 . 2009-02-20 20:16 <REP> d-------- C:\rsit
2009-02-20 20:15 . 2009-02-23 10:58 <REP> d-------- c:\program files\trend micro
2009-02-20 17:51 . 2009-02-25 18:03 32,768 --a------ c:\winnt\system32\drivers\ati8jmxx.sys
2009-02-20 17:47 . 2009-02-20 17:47 100,590 --a------ c:\winnt\system32\drivers\3dbe187.sys
2009-02-20 17:47 . 2009-02-20 17:47 81,920 --a------ C:\eslb.exe
2009-02-20 17:47 . 2009-02-20 17:47 56,320 --a------ c:\winnt\system32\drivers\UACd.sys
2009-02-20 17:47 . 2009-02-20 17:47 22,784 --a------ c:\winnt\system32\drivers\systemntmi.sys
2009-02-20 17:47 . 2009-02-20 17:47 22,784 --a------ c:\winnt\system32\drivers\nicsk32.sys
2009-02-20 17:47 . 2009-02-20 17:47 19,456 --a------ C:\bwrsnohl.exe
2009-02-20 17:46 . 2009-02-20 17:46 76,314 --a------ C:\ebum.exe
2009-02-20 17:46 . 2009-02-20 17:46 2 --a------ C:\1215053681
2009-02-20 17:45 . 2009-02-20 17:45 <REP> d-------- c:\documents and settings\rivoalen\Application Data\cogad
2009-02-20 17:43 . 2009-02-20 17:43 17,920 --a------ c:\winnt\regsv32.exe
2009-02-20 17:42 . 2009-02-25 17:57 200,210 --a------ c:\winnt\system32\vumer.dll
2009-02-20 17:29 . 2009-02-20 17:29 <REP> d-------- C:\ATI
2009-02-20 17:27 . 2009-02-20 17:40 <REP> d--h----- c:\documents and settings\All Users\Application Data\~0
2009-02-20 17:26 . 2009-02-20 17:26 <REP> d-------- c:\program files\XPC Tools
2009-02-20 15:56 . 2009-02-20 15:57 <REP> d-------- c:\winnt\BDOSCAN8
2009-02-16 17:08 . 2005-05-17 16:24 311,296 --a------ c:\winnt\system32\AegisI5.exe
2009-02-16 17:08 . 2006-01-18 13:55 290,918 --a------ c:\winnt\system32\Install7x.dll
2009-02-16 17:08 . 2005-10-17 19:50 245,376 --a------ c:\winnt\system32\drivers\rt2500usb.SYS
2009-02-16 17:08 . 2005-11-30 11:33 2,048 --a------ c:\winnt\system32\drivers\rt73.bin
2009-02-16 17:08 . 2005-08-19 15:51 138 --a------ c:\winnt\filespec7x
2009-02-16 17:07 . 2009-02-16 17:07 <REP> d-------- c:\program files\MSI
2009-02-16 17:07 . 2009-02-16 17:07 22,784 --a------ c:\winnt\system32\drivers\ksi32sk.sys
2009-02-16 17:07 . 2009-02-16 17:07 22,784 --a------ c:\winnt\system32\drivers\acpi32.sys
2009-02-16 17:07 . 2009-02-16 17:07 20,747 --a------ c:\winnt\system32\drivers\AegisP.sys
2009-02-16 17:00 . 2006-01-12 19:46 252,928 --a------ c:\winnt\system32\drivers\rt73.sys
2009-02-15 18:08 . 2005-03-28 19:20 352,256 --a------ c:\winnt\system32\CNQL1213.DLL
2009-02-15 18:08 . 2005-01-25 15:55 147,456 --a------ c:\winnt\system32\CNQW110.DLL
2009-02-15 18:08 . 2005-01-25 15:55 57,344 --a------ c:\winnt\system32\CNQI110.DLL
2009-02-15 17:48 . 2009-02-15 17:48 <REP> d-------- c:\documents and settings\rivoalen\Application Data\ScanSoft
2009-02-15 17:48 . 2009-02-15 17:48 416 --a------ c:\winnt\MAXLINK.INI
2009-02-15 17:47 . 2009-02-15 17:47 <REP> d-------- c:\program files\ScanSoft
2009-02-15 17:47 . 2009-02-15 17:47 <REP> d-------- c:\program files\Fichiers communs\ScanSoft Shared
2009-02-15 17:47 . 2009-02-15 17:47 <REP> d-------- c:\documents and settings\All Users\Application Data\ScanSoft
2009-02-10 17:25 . 2009-02-10 17:25 <REP> d-------- c:\program files\Adobe Media Player
2009-02-10 17:19 . 2009-02-10 17:19 <REP> d-------- c:\program files\Fichiers communs\Adobe AIR
2009-02-10 17:13 . 2009-02-10 17:13 <REP> d-------- c:\program files\Fichiers communs\Macrovision Shared
2009-02-09 13:21 . 2008-06-14 18:33 272,768 --------- c:\winnt\system32\drivers\bthport.sys
2009-02-09 13:21 . 2008-06-14 18:33 272,768 -----c--- c:\winnt\system32\dllcache\bthport.sys
2009-02-09 13:05 . 2008-08-14 14:23 2,191,232 -----c--- c:\winnt\system32\dllcache\ntoskrnl.exe
2009-02-09 13:05 . 2008-08-14 14:23 2,147,328 -----c--- c:\winnt\system32\dllcache\ntkrnlmp.exe
2009-02-09 13:05 . 2008-08-14 14:23 2,068,096 -----c--- c:\winnt\system32\dllcache\ntkrnlpa.exe
2009-02-09 13:05 . 2008-08-14 14:23 2,025,984 -----c--- c:\winnt\system32\dllcache\ntkrpamp.exe
2009-02-09 11:33 . 2008-10-24 12:21 455,296 -----c--- c:\winnt\system32\dllcache\mrxsmb.sys
2009-02-08 18:47 . 2009-02-08 19:02 <REP> d-------- c:\documents and settings\All Users\Application Data\Sports Interactive
2009-02-08 18:33 . 2009-02-08 18:33 <REP> d--h----- c:\program files\Zero G Registry
2009-02-08 18:31 . 2009-02-20 10:10 <REP> d-------- c:\documents and settings\rivoalen\Application Data\Sports Interactive
2009-02-08 16:35 . 2009-02-08 16:37 <REP> d-------- c:\winnt\SxsCaPendDel
2009-02-08 13:33 . 2009-02-08 13:33 <REP> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2009-02-08 12:59 . 2007-02-20 16:04 2,463,976 --a------ c:\winnt\system32\NPSWF32.dll
2009-02-08 12:59 . 2007-02-20 16:04 190,696 --a------ c:\winnt\system32\NPSWF32_FlashUtil.exe
2009-02-07 23:38 . 2009-02-11 20:49 <REP> d--h----- c:\winnt\$hf_mig$
2009-02-07 16:10 . 2009-02-07 16:13 <REP> d-------- c:\program files\uTorrent
2009-02-07 16:10 . 2009-02-23 09:02 <REP> d-------- c:\documents and settings\rivoalen\Application Data\uTorrent
2009-02-07 15:31 . 2009-02-21 10:33 1,073,299,456 --a------ c:\winnt\MEMORY.DMP
2009-02-07 14:58 . 2008-04-14 13:00 1,875,968 --a--c--- c:\winnt\system32\dllcache\msir3jp.lex
2009-02-07 14:57 . 2008-04-14 13:00 13,463,552 --a--c--- c:\winnt\system32\dllcache\hwxjpn.dll
2009-02-07 14:56 . 2008-04-14 13:00 2,134,528 --a--c--- c:\winnt\system32\dllcache\smtpsnap.dll
2009-02-07 14:55 . 2009-02-07 14:55 488 -rah----- c:\winnt\system32\logonui.exe.manifest
2009-02-07 14:54 . 2009-02-07 14:54 749 -rah----- c:\winnt\WindowsShell.Manifest
2009-02-07 14:54 . 2009-02-07 14:54 749 -rah----- c:\winnt\system32\wuaucpl.cpl.manifest
2009-02-07 14:54 . 2009-02-07 14:54 749 -rah----- c:\winnt\system32\sapi.cpl.manifest
2009-02-07 14:54 . 2009-02-07 14:54 749 -rah----- c:\winnt\system32\nwc.cpl.manifest
2009-02-07 14:54 . 2009-02-07 14:54 749 -rah----- c:\winnt\system32\ncpa.cpl.manifest
2009-02-07 14:46 . 2008-04-13 19:33 870,784 --a------ c:\winnt\system32\ati3d1ag.dll
2009-02-07 13:47 . 2009-02-17 22:40 <REP> d-------- c:\winnt\WinSxS
2009-02-07 13:24 . 2009-02-07 13:24 <REP> d--hs---- c:\documents and settings\LocalService
2009-02-07 13:20 . 2009-02-25 18:22 <REP> d--hs---- c:\documents and settings\NetworkService
2009-02-07 13:18 . 2005-07-22 16:38 <REP> d--h----- c:\winnt\system32\config\systemprofile\Voisinage réseau
2009-02-07 13:18 . 2005-07-22 16:38 <REP> d--h----- c:\winnt\system32\config\systemprofile\Voisinage d'impression
2009-02-07 13:18 . 2009-02-07 13:09 <REP> d--h----- c:\winnt\system32\config\systemprofile\Modèles
2009-02-07 13:18 . 2005-07-22 16:38 <REP> d-------- c:\winnt\system32\config\systemprofile\Mes documents
2009-02-07 13:18 . 2009-02-07 12:56 <REP> dr------- c:\winnt\system32\config\systemprofile\Menu Démarrer
2009-02-07 13:18 . 2009-02-20 18:03 <REP> d-------- c:\winnt\system32\config\systemprofile\Favoris
2009-02-07 13:18 . 2005-07-26 21:30 <REP> d-------- c:\winnt\system32\config\systemprofile\Bureau
2009-02-07 13:15 . 2009-02-07 13:15 <REP> d-------- c:\winnt\system32\xircom
2009-02-07 13:15 . 2001-11-23 05:08 712,704 -ra------ c:\winnt\system32\OLD71A.tmp
2009-02-07 13:14 . 2008-04-14 13:00 221,184 --a------ c:\winnt\system32\wmpns.dll
2009-02-07 13:13 . 2009-02-07 14:55 488 -rah----- c:\winnt\system32\WindowsLogon.manifest
2009-02-07 13:12 . 2009-02-07 13:12 <REP> d-------- c:\program files\Services en ligne
2009-02-07 13:11 . 2009-02-07 15:02 <REP> d-------- c:\winnt\system32\Restore
2009-02-07 13:10 . 2009-02-07 13:10 <REP> d-------- c:\winnt\system32\FxsTmp
2009-02-07 13:08 . 2008-04-13 11:45 6,272 --a------ c:\winnt\system32\drivers\splitter.sys
2009-02-07 13:00 . 2001-08-17 21:46 6,400 --a------ c:\winnt\system32\drivers\enum1394.sys
2009-02-07 12:57 . 2009-02-07 14:51 4,444 --a------ c:\winnt\system32\pid.PNF
2009-02-07 12:55 . 2009-02-25 18:27 <REP> d-------- c:\winnt\system32\CatRoot2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-25 16:50 1,139,712 ----a-w c:\winnt\explorer.exe
2009-02-23 09:01 --------- d-----w c:\program files\Google
2009-02-20 16:55 --------- d-----w c:\program files\Fichiers communs\Adobe
2009-02-20 09:22 --------- d-----w c:\program files\QuarkXPress Passport
2009-02-16 16:15 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-15 17:09 --------- d-----w c:\documents and settings\rivoalen\Application Data\Canon
2009-02-07 14:57 --------- d-----w c:\program files\eMule
2009-02-07 14:46 --------- d-----w c:\program files\MSN Messenger
2009-02-07 14:44 --------- d---a-w c:\program files\VIGUARD
2005-07-22 14:47 271 --sh--w c:\program files\desktop.ini
2005-07-22 14:47 22,115 ---h--w c:\program files\folder.htt
2001-11-23 04:08 712,704 ----a-r c:\winnt\inf\OTHER\AUDIO3D.DLL
2001-10-05 10:53 21,866 ----a-w c:\program files\Fichiers communs\tppupd2k.dll
2009-02-23 09:11 211,456 ----a-w c:\program files\mozilla firefox\components\srff.dll
.

------- Sigcheck -------

2009-02-25 17:50 1139712 86d9136d0eb9726448bbe3f9f1d0bcd3 c:\winnt\explorer.exe
2009-02-25 17:50 1139712 86d9136d0eb9726448bbe3f9f1d0bcd3 c:\winnt\system32\dllcache\explorer.exe

2009-02-21 10:31 30208 0fe5d20ae9ace2cf91c339aaf134c78e c:\winnt\system32\userinit.exe
2008-04-14 13:00 26624 e74ddb12188c2ff57a78624dbf7332fc c:\winnt\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-09-04 6856704]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-04 68856]
"cogad"="c:\documents and settings\rivoalen\Application Data\cogad\cogad.exe" [2009-02-20 56832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 339968]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-22 32768]
"NeroCheck"="c:\winnt\system32\\NeroCheck.exe" [2001-07-09 155648]
"TPP Auto Loader"="c:\winnt\TPPALDR.EXE" [2001-10-05 118784]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"AdobeCS4ServiceManager"="c:\program files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"systemguard"="c:\program files\System Guard 2009\systemguard.exe" [2009-02-23 1007616]
"Synchronization Manager"="mobsync.exe" [2008-04-14 c:\winnt\system32\mobsync.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-22 32768]
"internat.exe"="internat.exe" [2003-06-23 c:\winnt\system32\internat.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2008-04-14 218624]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-02-22 32768]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
MSI US54SE II Wireless Client Utility.lnk - c:\program files\MSI\US54SE II\Installer\WINXP\MCU.exe [2009-02-16 593920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbaefbac]
2003-08-16 03:20 281105 c:\winnt\system32\cbaefbac.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= mmdrv.dll
"MSVideo"= lvfwwdmt.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8jmxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VigService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Fichiers communs\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\WINNT\\system32\\userinit.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 ati8jmxx;ati8jmxx;c:\winnt\system32\drivers\ati8jmxx.sys [2009-02-20 32768]
S2 acpi32;acpi32;c:\winnt\system32\drivers\acpi32.sys [2009-02-16 22784]
S2 amd64si;amd64si;\??\c:\winnt\system32\drivers\amd64si.sys --> c:\winnt\system32\drivers\amd64si.sys [?]
S2 ati64si;ati64si;c:\winnt\system32\drivers\ati64si.sys [2008-04-14 22784]
S2 fips32cup;fips32cup;c:\winnt\system32\drivers\fips32cup.sys [2008-04-14 22784]
S2 i386si;i386si;\??\c:\winnt\system32\drivers\i386si.sys --> c:\winnt\system32\drivers\i386si.sys [?]
S2 ksi32sk;ksi32sk;c:\winnt\system32\drivers\ksi32sk.sys [2009-02-16 22784]
S2 netsik;netsik;c:\winnt\system32\drivers\netsik.sys [2008-04-13 22784]
S2 nicsk32;nicsk32;c:\winnt\system32\drivers\nicsk32.sys [2009-02-20 22784]
S2 port135sik;port135sik;c:\winnt\system32\drivers\port135sik.sys [2008-04-13 22784]
S2 securentm;securentm;\??\c:\winnt\system32\drivers\securentm.sys --> c:\winnt\system32\drivers\securentm.sys [?]
S2 systemntmi;systemntmi;c:\winnt\system32\drivers\systemntmi.sys [2009-02-20 22784]
S2 ws2_32sik;ws2_32sik;\??\c:\winnt\system32\drivers\ws2_32sik.sys --> c:\winnt\system32\drivers\ws2_32sik.sys [?]
S3 QCEmerald;Logitech QuickCam Web;c:\winnt\system32\drivers\lvce.sys [2000-06-09 37376]
S3 rt2571;Wireless 802.11g USB Adapter Driver;c:\winnt\system32\drivers\rt2571.sys [2008-03-03 79616]
S3 usbhub20;Prise en charge du concentrateur racine USB 2.0;c:\winnt\system32\drivers\usbhub20.sys [2005-07-22 49776]
S3 viafilter;VIA USB Filter;c:\winnt\system32\drivers\viausb.sys [2005-07-22 9038]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - c:\winnt\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-7-64-100002160-100023697-100006695-2568.com c:\
\Shell\Open\command - c:\recycler\S-1-7-64-100002160-100023697-100006695-2568.com c:\

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\winnt\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-7-64-100002160-100023697-100006695-2568.com d:\
\Shell\Open\command - d:\recycler\S-1-7-64-100002160-100023697-100006695-2568.com d:\
.
- - - - ORPHANS REMOVED - - - -

BHO-{A2E292BA-8FB3-42A5-8F4C-E2156142422C} - c:\winnt\system32\byXRhHxW.dll
HKCU-Run-DriverUpdaterPro - c:\program files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe
HKCU-Run-PoliceAV - c:\program files\XPPoliceAntivirus\xppolice.exe
HKCU-Run-rs32net - c:\winnt\System32\rs32net.exe
HKCU-Run-rivoalen - c:\documents and settings\rivoalen\rivoalen.exe
HKCU-Run-VnrPack25 - c:\program files\VnrPack\VnrPack25.exe
HKCU-Run-GetModule37 - c:\program files\GetModule\GetModule37.exe
HKLM-Run-LVCOMS - c:\winnt\system32\LVCOMS.EXE
HKLM-Run-autochk - c:\winnt\system32\autochk.dll
HKLM-Run-Cmaudio - cmicnfg.cpl
HKU-Default-RunOnce-tscuninstall - c:\winnt\system32\tscupgrd.exe
Notify-ddcArRkL - ddcArRkL.dll
SafeBoot-sglfb.sys
SafeBoot-tga.sys

.
------- Supplementary Scan -------
.
uStart Page = www.google.fr/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
FF - ProfilePath - c:\documents and settings\rivoalen\Application Data\Mozilla\Firefox\Profiles\bh0rgrnz.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF - component: c:\program files\Mozilla Firefox\components\srff.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-25 18:27:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\winnt\system32\58d1221b64df5b21c14ee33e93bd342a.sys 39936 bytes executable
c:\winnt\system32\_58d1221b64df5b21c14ee33e93bd342a.sys_.vir 39936 bytes executable

scan completed successfully
hidden files: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\58d1221b64df5b21c14ee33e93bd342a]
"ImagePath"="system32\58d1221b64df5b21c14ee33e93bd342a.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(516)
c:\winnt\system32\cbaefbac.dll
c:\winnt\system32\eappprxy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\winnt\system32\ati2evxx.exe
c:\winnt\system32\mspmspsv.exe
c:\winnt\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-02-25 18:31:32 - machine was rebooted [rivoalen]
ComboFix-quarantined-files.txt 2009-02-25 17:31:29

Pre-Run: 18,521,665,536 octets libres
Post-Run: 18,833,420,288 octets libres

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
387 --- E O F --- 2009-02-11 19:49:38
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 13
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.

A la fin de l'analyse, un message s'affiche :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
0
Réponse 6 / 13
fremel Messages postés 9 Statut Membre
 
Je l'avais déjà installé mais il ne e lance plus???
0
Réponse 7 / 13
fremel Messages postés 9 Statut Membre
 
Il est déjà installé mais ne veut plus e lancer!
0
Réponse 8 / 13
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
---> Fais analyser les fichiers suivants :
- c:\winnt\system32\drivers\ati8jmxx.sys
- c:\winnt\system32\progman.dll
- c:\winnt\system32\msdvdr.sys
- c:\winnt\system32\vumer.dll
- C:\eslb.exe

---> Sur VirusTotal et poste les liens des analyses :
https://www.virustotal.com/gui/
0
Réponse 9 / 13
fremel Messages postés 9 Statut Membre
 
c:\winnt\system32\drivers\ati8jmxx.sys
fichier de 0 octets
0
Réponse 10 / 13
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
Ok pour le premier.
0
Réponse 11 / 13
fremel Messages postés 9 Statut Membre
 
c:\winnt\system32\drivers\ati8jmxx.sys
O octets aussi
0
Réponse 12 / 13
fremel Messages postés 9 Statut Membre
 
Fichier itamcndf.exe reçu le 2009.02.24 17:10:33 (CET)
Situation actuelle: terminé

Résultat: 26/39 (66.67%)
Formaté Impression des résultats
Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.93 2009.02.24 Trojan-Spy.Finanz.J!IK
AhnLab-V3 2009.2.24.0 2009.02.24 Win-Trojan/Xema.81920.D
AntiVir 7.9.0.88 2009.02.24 TR/Downloader.Gen
Authentium 5.1.0.4 2009.02.24 -
Avast 4.8.1335.0 2009.02.24 Win32:Trojan-gen {Other}
AVG 8.0.0.237 2009.02.24 Agent_r.IE
BitDefender 7.2 2009.02.24 Trojan.Downloader.JLQS
CAT-QuickHeal 10.00 2009.02.22 TrojanDownloader.Slupim.b
ClamAV 0.94.1 2009.02.24 -
Comodo 983 2009.02.20 -
DrWeb 4.44.0.09170 2009.02.24 -
eSafe 7.0.17.0 2009.02.19 Suspicious File
eTrust-Vet 31.6.6372 2009.02.24 Win32/Donloz.CM
F-Prot 4.4.4.56 2009.02.24 -
F-Secure 8.0.14470.0 2009.02.24 -
Fortinet 3.117.0.0 2009.02.24 -
GData 19 2009.02.24 Trojan.Downloader.JLQS
Ikarus T3.1.1.45.0 2009.02.24 Trojan-Spy.Finanz.J
K7AntiVirus 7.10.639 2009.02.21 -
Kaspersky 7.0.0.125 2009.02.24 Trojan.Win32.Agent.brfl
McAfee 5534 2009.02.23 Generic Downloader.x
McAfee+Artemis 5534 2009.02.23 Generic Downloader.x
Microsoft 1.4306 2009.02.24 TrojanDownloader:Win32/Slupim.B
NOD32 3885 2009.02.24 Win32/TrojanDownloader.Agent.ORH
Norman 6.00.06 2009.02.24 W32/DLoader.NMFD
nProtect 2009.1.8.0 2009.02.24 -
Panda 10.0.0.10 2009.02.23 Trj/Dropper.AGJ
PCTools 4.4.2.0 2009.02.24 -
Prevx1 V2 2009.02.24 Medium Risk Malware
Rising 21.18.12.00 2009.02.24 -
SecureWeb-Gateway 6.7.6 2009.02.24 Trojan.Downloader.Gen
Sophos 4.39.0 2009.02.24 Sus/Spy-B
Sunbelt 3.2.1856.2 2009.02.24 Trojan.Unidentified.Gen.VS
Symantec 10 2009.02.24 Downloader
TheHacker 6.3.2.5.264 2009.02.24 -
TrendMicro 8.700.0.1004 2009.02.24 PAK_Generic.001
VBA32 3.12.10.0 2009.02.24 Win32.TrojanDownloader.Agent.ORH
ViRobot 2009.2.24.1621 2009.02.24 Trojan.Win32.Downloader.81920.CI
VirusBuster 4.5.11.0 2009.02.24 -
Information additionnelle
File size: 81920 bytes
MD5...: 358bfb45984caee6e1a4afbea62b0f08
SHA1..: 5cce36ff0ba828f398944524b9c0a80bbd15de65
SHA256: f2303f9b683a3309197aff588b5767722eff6684c1bd56944bc817321e51a102
SHA512: 040a1d8a19fefee586c9e3459e1acb93e00bee8bdbf6555daea2498f26e94fdb
d7342d34d7af2d05abc23f12034c21b604740a9589a40feeea3b48c781beca65
ssdeep: 1536:XO//IR5USbGNls4FD3ZQVQjl5wlfhXKwzD0+WwTTzOEkKJ1GYPUghO7v1Md
ScNWM:XOK5N9MT2i525X7D0KTzO1UwY8ghO7v0

PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
TrID..: File type identification
UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x131827f0
timedatestamp.....: 0x499a9aa0 (Tue Feb 17 11:08:16 2009)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x1e000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x1f000 0x14000 0x13a00 7.84 2a7b20d8c74ea71d0b35ab4b294367d2
UPX2 0x33000 0x1000 0x200 2.90 fb41c4cc52850c8464bede12ab9c9c91

( 5 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, ExitProcess
> ADVAPI32.dll: RegCloseKey
> USER32.dll: wsprintfA
> WINMM.dll: timeGetTime
> WS2_32.dll: -

( 0 exports )

ThreatExpert info: https://www.symantec.com?md5=358bfb45984caee6e1a4afbea62b0f08
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=805C4663005DDEC54025012D95BE7800559C168F
packers (Kaspersky): PE_Patch.UPX, UPX
packers (F-Prot): UPX
0
Réponse 13 / 13
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
---> Fais un scan avec AVPTool et poste le rapport.

Tu as le tutoriel ici :
http://www.commentcamarche.net/faq/sujet 16138 comment supprimer virut#deuxieme methode avptool
0

Discussions similaires

Rétrodiffusion "Mail Delivery System"
baissaoui -
baissaoui -

0 réponse
Télécharger Encarta Junior
98653773 -
1 -

3 réponses
comment faire si on a un mail delivery system
angeldu5954 -
angeldu5954 -

5 réponses
Avast HNS-SELF-WAN-ACCESS-IPV6
Astafor99 -
Astafor99 -

4 réponses
Telecharger encarta junior 2015 Gratuit en Francais
Chairman -
Weuz -

2 réponses