Suppresion system guard 2009

fremel Messages postés 9 Statut Membre -  
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   -
Bonjour,
J'ai depuis 3 ou 4 jours, system guard 2009 qui me pollue l'ordinateur.
Que dois-je faire pour le supprimer?
j'ai 2 rappports rsit

Merci de votre aide
Configuration: Windows XP
Firefox 3.0.6

13 réponses

  1. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Salut,

    Poste les deux rapports.
    0
    1. fremel Messages postés 9 Statut Membre
       
      Logfile of random's system information tool 1.05 (written by random/random)
      Run by rivoalen at 2009-02-23 10:58:21
      Microsoft Windows XP Professionnel Service Pack 3
      System drive C: has 19 GB (31%) free of 60 GB
      Total RAM: 1023 MB (81% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 20:15:59, on 20/02/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
      Boot mode: Normal

      Running processes:
      C:\WINNT\System32\smss.exe
      C:\WINNT\system32\winlogon.exe
      C:\WINNT\system32\services.exe
      C:\WINNT\system32\lsass.exe
      C:\WINNT\system32\Ati2evxx.exe
      C:\WINNT\system32\svchost.exe
      C:\WINNT\System32\svchost.exe
      C:\WINNT\system32\svchost.exe
      C:\WINNT\system32\svchost.exe
      C:\WINNT\system32\drivers\services.exe
      C:\WINNT\Explorer.EXE
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\WINNT\TPPALDR.EXE
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
      C:\WINNT\system32\rundll32.exe
      C:\WINNT\system32\rundll32.exe
      C:\DOCUME~1\rivoalen\LOCALS~1\Temp\winlognn.exe
      C:\WINNT\system32\drivers\services.exe
      C:\Documents and Settings\rivoalen\svchost.exe
      C:\WINNT\System32\rs32net.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\WINNT\system32\winscenter.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Documents and Settings\rivoalen\Application Data\cogad\cogad.exe
      C:\Program Files\XPPoliceAntivirus\xppolice.exe
      C:\DOCUME~1\rivoalen\LOCALS~1\Temp\winlognn.exe
      C:\WINNT\system32\drivers\services.exe
      C:\Documents and Settings\rivoalen\svchost.exe
      C:\WINNT\System32\rs32net.exe
      C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
      C:\Program Files\MSI\US54SE II\Installer\WINXP\MCU.exe
      C:\Documents and Settings\rivoalen\Menu Démarrer\Programmes\Démarrage\userinit.exe
      C:\WINNT\system32\spoolsv.exe
      C:\WINNT\system32\svchost.exe
      C:\WINNT\system32\mspmspsv.exe
      C:\WINNT\System32\svchost.exe
      C:\WINNT\system32\svchost.exe
      C:\WINNT\System32\svchost.exe
      C:\WINNT\System32\svchost.exe
      C:\WINNT\TEMP\nsyF.tmp
      C:\WINNT\system32\svchost.exe
      C:\WINNT\system32\svchost.exe
      C:\WINNT\system32\svchost.exe
      C:\WINNT\TEMP\E265.tmp
      C:\Program Files\uTorrent\uTorrent.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\System Guard 2009\systemguard.exe
      C:\WINNT\System32\svchost.exe
      C:\Documents and Settings\rivoalen\Mes documents\Downloads\Kaspersky Antivirus 2009 + key [Full]\kav.en.exe
      C:\DOCUME~1\rivoalen\LOCALS~1\Temp\IXP000.TMP\Setup_ver1.1524.0.exe
      G:\RSIT.exe
      C:\Program Files\trend micro\rivoalen.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,C:\WINNT\system32\drivers\services.exe
      O2 - BHO: (no name) - {55737035-1B75-48DD-A4D8-66155D8AC7A3} - C:\WINNT\system32\ddcArRkL.dll
      O2 - BHO: (no name) - {9356EA01-DBD4-45DF-A374-818CC609A7B2} - C:\WINNT\system32\byXRhHxW.dll
      O2 - BHO: C:\WINNT\system32\hs78344kjkfd.dll - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\WINNT\system32\hs78344kjkfd.dll
      O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
      O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
      O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
      O4 - HKLM\..\Run: [LVCOMS] C:\WINNT\system32\LVCOMS.EXE
      O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINNT\TPPALDR.EXE
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
      O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
      O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
      O4 - HKLM\..\Run: [486c3fde] rundll32.exe "C:\WINNT\system32\jtsvijyf.dll",b
      O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINNT\system32\autochk.dll,_IWMPEvents@16
      O4 - HKLM\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\rivoalen\LOCALS~1\Temp\winlognn.exe
      O4 - HKLM\..\Run: system C:\WINNT\system32\drivers\services.exe
      O4 - HKLM\..\Run: [winlogon] C:\Documents and Settings\rivoalen\svchost.exe
      O4 - HKLM\..\Run: [rs32net] C:\WINNT\System32\rs32net.exe
      O4 - HKLM\..\Run: [systemguard] C:\Program Files\System Guard 2009\systemguard.exe
      O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINNT\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\rivoalen\LOCALS~1\Temp\IXP000.TMP\"
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
      O4 - HKCU\..\Run: [autochk] rundll32.exe C:\DOCUME~1\NETWOR~1\protect.dll,_IWMPEvents@16
      O4 - HKCU\..\Run: [cogad] "C:\Documents and Settings\rivoalen\Application Data\cogad\cogad.exe" 61A847B5BBF7281033923C466188719AB689201522886B092CBD44BD8689220221DD3257
      O4 - HKCU\..\Run: [PoliceAV] C:\Program Files\XPPoliceAntivirus\xppolice.exe
      O4 - HKCU\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\rivoalen\LOCALS~1\Temp\winlognn.exe
      O4 - HKCU\..\Run: system C:\WINNT\system32\drivers\services.exe
      O4 - HKCU\..\Run: [winlogon] C:\Documents and Settings\rivoalen\svchost.exe
      O4 - HKCU\..\Run: [rs32net] C:\WINNT\System32\rs32net.exe
      O4 - HKCU\..\Run: [rivoalen] C:\Documents and Settings\rivoalen\rivoalen.exe /i
      O4 - HKCU\..\Run: [5774] C:\DOCUME~1\rivoalen\LOCALS~1\Temp\F.tmp.exe
      O4 - HKUS\S-1-5-19\..\Run: [internat.exe] internat.exe (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\Run: [] (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [internat.exe] internat.exe (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [internat.exe] internat.exe (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
      O4 - Startup: ChkDisk.dll
      O4 - Startup: ChkDisk.lnk = ?
      O4 - Startup: userinit.exe
      O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: MSI US54SE II Wireless Client Utility.lnk = C:\Program Files\MSI\US54SE II\Installer\WINXP\MCU.exe
      O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{2BC2BC91-03EC-453F-9236-DFB176CFE6B2}: NameServer = 85.255.112.39,85.255.112.40
      O17 - HKLM\System\CCS\Services\Tcpip\..\{4F59AAA6-C334-4CA4-92B0-CE6ED1C00B23}: NameServer = 85.255.112.39,85.255.112.40
      O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
      O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
      O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
      O20 - Winlogon Notify: cbaefbac - C:\WINNT\system32\cbaefbac.dll
      O20 - Winlogon Notify: crypt - C:\WINNT\SYSTEM32\crypts.dll
      O20 - Winlogon Notify: ddcArRkL - C:\WINNT\SYSTEM32\ddcArRkL.dll
      O20 - Winlogon Notify: lavtxswi - C:\WINNT\SYSTEM32\lavtxswi.dll
      O21 - SSODL: ieModule - {C0DAA278-B7DE-49FF-995D-2082C2CC1606} - C:\Documents and Settings\All Users\Application Data\Microsoft\Network\DLLs\ieModule.dll
      O21 - SSODL: InternetConnection - {E7805B8F-FB7F-4A88-85D2-427D22B88884} - C:\Documents and Settings\All Users\Application Data\Microsoft\Network\DLLs\gkczqxlkes.dll
      O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\WINNT\system32\hs78344kjkfd.dll
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
      O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: ICF - Unknown owner - C:\WINNT\system32\svchost.exe:ext.exe
      O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\winnt\system32\mssrv32.exe
      0
  2. fremel Messages postés 9 Statut Membre
     
    info.txt logfile of random's system information tool 1.05 2009-02-20 20:16:02

    ======Uninstall list======

    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINNT\INF\PCHealth.inf
    Adobe Acrobat 4.0, 5.0-->C:\WINNT\ISUN040C.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll"
    Adobe AIR-->c:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
    Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
    Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
    Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
    Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
    Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
    Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
    Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
    Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
    Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
    Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
    Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
    Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
    Adobe Download Manager 2.2 (Supprimer uniquement)-->"C:\Program Files\Fichiers communs\Adobe\ESD\uninst.exe"
    Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
    Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
    Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
    Adobe Flash Player 10 ActiveX-->C:\WINNT\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
    Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
    Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
    Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
    Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
    Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
    Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
    Adobe Photoshop CS4-->C:\Program Files\Fichiers communs\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
    Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
    Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
    Adobe Reader 7.0.9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70900000002}
    Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
    Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
    Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
    Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
    Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
    Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
    Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
    AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
    AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\Setup.exe" -l0x40c
    ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
    ATI Catalyst Control Center-->MsiExec.exe /I{4B892137-6FB6-4622-B568-488E38F2E727}
    ATI Control Panel-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
    ATI Display Driver-->rundll32 C:\WINNT\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
    ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"
    Barre d'outils MSN-->C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\mtbs.exe c
    Canon CanoScan Toolbox 4.9-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}\setup.exe" -l0x40c anything
    C-Media 3D Audio-->C:\WINNT\CMIUnInstall.exe
    C-Media WDM Audio Driver-->C:\WINNT\system32\cmirmdrv.exe
    Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
    Correctif pour Windows XP (KB952287)-->"C:\WINNT\$NtUninstallKB952287$\spuninst\spuninst.exe"
    eMule-->"C:\Program Files\eMule\Uninstall.exe"
    Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
    Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
    HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
    Hotfix for MDAC 2.53 (KB927779)-->"C:\WINNT\$SQLUninstallMDAC25SP3-KB927779-x86-FRA$\spuninst\spuninst.exe"
    Internet Explorer Q903235-->C:\WINNT\ieuninst.exe C:\WINNT\INF\Q903235.inf
    Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1 Hotfix (KB947742)-->"C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\M947742\M947742Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft Data Access Components KB870669-->C:\WINNT\muninst.exe C:\WINNT\INF\KB870669.inf
    Microsoft Office 2000 Professional-->MsiExec.exe /I{0001040C-78E1-11D2-B60F-006097C998E7}
    Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINNT\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINNT\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINNT\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINNT\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINNT\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINNT\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINNT\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINNT\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINNT\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINNT\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINNT\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINNT\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINNT\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINNT\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINNT\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINNT\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINNT\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINNT\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINNT\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINNT\$NtUninstallKB958215$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINNT\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINNT\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINNT\$NtUninstallKB960714$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB898461)-->"C:\WINNT\$NtUninstallKB898461$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951978)-->"C:\WINNT\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB955839)-->"C:\WINNT\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Mozilla Firefox (2.0.0.20)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSI US54SE II Wireless Client Utility-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EBB4501-6521-4D70-9E9A-301757CD00D6}\setup.exe" -l0x9 -removeonly
    MSN Messenger 7.0-->MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600820}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    Nero - Burning Rom-->MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
    PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
    PDFCreator-->"C:\Program Files\PDFCreator\unins000.exe"
    Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
    QuickCam-->MsiExec.exe /I{55A26FBA-3777-4F13-B593-7701474313DF}
    RealPlayer 7 Basic-->C:\Program Files\Fichiers communs\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
    ScanSoft OmniPage SE 4.0-->MsiExec.exe /I{C1E693A4-B1D5-4DCD-B68D-2087835B7184}
    Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
    System Guard 2009-->C:\Program Files\System Guard 2009\uninstall.exe
    TPP Storage Driver Installation-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E258A840-7E9A-443A-B156-67102C48BF17}\Setup.exe" NotFirstInstall
    USB Storage Adapter (TPP)-->tppun.exe TPP725
    USB Storage Adapter V2 (TPP)-->tppun.exe TPP200
    USB Storage Adapter V3 (TPP)-->tppun.exe TPP300
    VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    Winamp-->"C:\Program Files\Winamp\UninstWA.exe"

    System event log

    Computer Name: RIVOALEN-1EE5B5
    Event Code: 26
    Message: Application popup :  : Machine Check: Regs

    Record Number: 8111
    Source Name: Application Popup
    Time Written: 20090207141653.000000+060
    Event Type: Informations
    User:

    Computer Name: RIVOALEN-1EE5B5
    Event Code: 26
    Message: Application popup :  : Machine Check:

    Record Number: 8110
    Source Name: Application Popup
    Time Written: 20090207141653.000000+060
    Event Type: Informations
    User:

    Computer Name: RIVOALEN-1EE5B5
    Event Code: 26
    Message: Application popup :  : Machine Check: Regs

    Record Number: 8109
    Source Name: Application Popup
    Time Written: 20090207141653.000000+060
    Event Type: Informations
    User:

    Computer Name: RIVOALEN-1EE5B5
    Event Code: 26
    Message: Application popup :  : Machine Check:

    Record Number: 8108
    Source Name: Application Popup
    Time Written: 20090207141653.000000+060
    Event Type: Informations
    User:

    Computer Name: RIVOALEN-1EE5B5
    Event Code: 26
    Message: Application popup :  : Machine Check: Regs

    Record Number: 8107
    Source Name: Application Popup
    Time Written: 20090207141653.000000+060
    Event Type: Informations
    User:

    Application event log

    Computer Name: RIVOALEN-1EE5B5
    Event Code: 47
    Message: WMI ADAP n'a pas pu récupérer les données à partir de la sous-clé PerfLib : SYSTEM\CurrentControlSet\Services\VIGHLPR\Performance, code d'erreur : Access Denied

    Record Number: 1381
    Source Name: WinMgmt
    Time Written: 20071214151831.000000+060
    Event Type: Avertissement
    User:

    Computer Name: RIVOALEN-1EE5B5
    Event Code: 105
    Message: The service was started.

    Record Number: 1380
    Source Name: WMDM PMSP Service
    Time Written: 20071214151712.000000+060
    Event Type: Informations
    User:

    Computer Name: RIVOALEN-1EE5B5
    Event Code: 105
    Message: The service was started.

    Record Number: 1379
    Source Name: ATI Smart
    Time Written: 20071214151655.000000+060
    Event Type: Informations
    User:

    Computer Name: RIVOALEN-1EE5B5
    Event Code: 1015
    Message: Le délai d'exécution de la fonction "PerfProc" de collecte de données de
    performance dans la bibliothèque "C:\WINNT\system32\perfproc.dll" a expiré. Il y a peut-être un
    problème pour ce compteur extensible ou le service dont il tire ses
    informations, ou le système était peut-être très occupé au moment où
    l'appel a été tenté.

    Record Number: 1378
    Source Name: Perflib
    Time Written: 20071213192253.000000+060
    Event Type: erreur
    User:

    Computer Name: RIVOALEN-1EE5B5
    Event Code: 4097
    Message: L'application, , a généré une erreur d'application
    L'erreur s'est produite le 12/13/2007 à 09:32:36.609
    L'exception générée était c0000005 à l'adresse 05E6F3D3 (<nosymbols>)

    Record Number: 1377
    Source Name: DrWatson
    Time Written: 20071213093236.000000+060
    Event Type: Informations
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\ATI Technologies\ATI Control Panel
    "windir"=%SystemRoot%
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
    "PROCESSOR_REVISION"=0a00
    "NUMBER_OF_PROCESSORS"=1
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "FP_NO_HOST_CHECK"=NO

    -----------------EOF-----------------
    0
  3. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    C'est la fête dans ton PC.

    /!\ Désactive tes protections résidentes (Antivirus, etc...) /!\

    --> Télécharge ComboFix (de sUBs) sur ton Bureau.
    --> Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
    --> Il va te demander d'installer la console de récupération : accepte.
    --> Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
    0
  4. fremel Messages postés 9 Statut Membre
     
    ComboFix 09-02-24.02 - rivoalen 2009-02-25 18:21:41.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1023.589 [GMT 1:00]
    Running from: c:\documents and settings\rivoalen\Bureau\ComboFix.exe
    Command switches used :: c:\documents and settings\rivoalen\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    [i] ADS - svchost.exe: deleted 32768 bytes in 1 streams. /i

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\autorun.inf
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    c:\documents and settings\All Users\Application Data\winlogon.exe
    c:\documents and settings\NetworkService\protect.dll
    c:\documents and settings\rivoalen\Application Data\GetModule
    c:\documents and settings\rivoalen\Application Data\GetModule\dicik.gz
    c:\documents and settings\rivoalen\Application Data\GetModule\kwdik.gz
    c:\documents and settings\rivoalen\Application Data\GetModule\ofadik.gz
    c:\documents and settings\rivoalen\Application Data\SpeedRunner
    c:\documents and settings\rivoalen\Application Data\SpeedRunner\config.cfg
    c:\documents and settings\rivoalen\Application Data\SpeedRunner\SpeedRunner.exe
    c:\documents and settings\rivoalen\Application Data\SpeedRunner\SRUninstall.exe
    c:\documents and settings\rivoalen\Application Data\twain\Twain.exe
    c:\documents and settings\rivoalen\Local Settings\Temporary Internet Files\bestwiner.stt
    c:\documents and settings\rivoalen\Local Settings\Temporary Internet Files\CPV.stt
    c:\documents and settings\rivoalen\Local Settings\Temporary Internet Files\fbk.sts
    c:\documents and settings\rivoalen\Menu Démarrer\Programmes\Démarrage\ChkDisk.dll
    c:\documents and settings\rivoalen\Menu Démarrer\Programmes\Démarrage\ChkDisk.lnk
    c:\documents and settings\rivoalen\Menu Démarrer\Programmes\Démarrage\userinit.exe
    c:\documents and settings\rivoalen\Menu Démarrer\XP Police Antivirus.LNK
    c:\documents and settings\rivoalen\protect.dll
    c:\documents and settings\rivoalen\rivoalen.exe
    c:\documents and settings\rivoalen\svchost.exe
    c:\program files\GetModule
    c:\program files\GetModule\GetModule37.exe
    c:\program files\iCheck
    c:\program files\iCheck\Uninstall.exe
    c:\program files\Mozilla Firefox\components\iamfamous.dll
    c:\program files\VnrPack
    c:\program files\VnrPack\dicts.gz
    c:\program files\VnrPack\trgts.gz
    c:\program files\VnrPack\VnrPack25.exe
    c:\recycler\S-1-7-64-100002160-100023697-100006695-2568.com
    c:\recycler\S-7-4-26-100001451-100015812-100008546-4586.com
    c:\winnt\IE4 Error Log.txt
    c:\winnt\iehost.dll
    c:\winnt\reged.exe
    c:\winnt\spoolsystem.exe
    c:\winnt\svchost.exe
    c:\winnt\sys.com
    c:\winnt\syscert.exe
    c:\winnt\sysexplorer.exe
    c:\winnt\system32\autochk.dll
    c:\winnt\system32\byXRhHxW.dll
    c:\winnt\system32\config\systemprofile\Local Settings\Temporary Internet Files\CPV.stt
    c:\winnt\system32\crypts.dll
    c:\winnt\system32\dpnsvr.dll
    c:\winnt\system32\drivers\gaopdxdvgppnsi.sys
    c:\winnt\system32\drivers\gaopdxoodpxwkk.sys
    c:\winnt\system32\drivers\gaopdxrdqpsxwk.sys
    c:\winnt\system32\drivers\gaopdxsaopppvj.sys
    c:\winnt\system32\drivers\services.exe
    c:\winnt\system32\fnrcedey.dll
    c:\winnt\system32\fyjivstj.ini
    c:\winnt\system32\gaopdxamtpbrdq.dll
    c:\winnt\system32\gaopdxcounter
    c:\winnt\system32\hbtalm.dll
    c:\winnt\system32\hs78344kjkfd.dll
    c:\winnt\system32\kr_done1
    c:\winnt\system32\lavtxswi.dll
    c:\winnt\system32\lavtxswi32.dll
    c:\winnt\system32\mcenspc.dll
    c:\winnt\system32\rs32net.exe
    c:\winnt\system32\staqytih.dll
    c:\winnt\system32\upbkwlrk.dll
    c:\winnt\system32\winscenter.exe
    c:\winnt\system32\WxHhRXyb.ini
    c:\winnt\system32\WxHhRXyb.ini2
    c:\winnt\system32\ydglplfy.dll
    c:\winnt\system32\yedecrnf.ini
    c:\winnt\system32\yflplgdy.ini
    c:\winnt\Temp\2519136420.exe
    c:\winnt\Temp\2532417670.exe
    c:\winnt\vmreg.dll
    c:\winnt\Web\default.htt
    D:\Autorun.inf
    d:\recycler\S-1-7-64-100002160-100023697-100006695-2568.com
    d:\recycler\S-7-3-82-100000905-100016656-100015351-1365.com
    d:\recycler\S-7-4-26-100001451-100015812-100008546-4586.com
    d:\recycler\S-8-1-17-100003485-100014126-100012875-1452.com
    d:\recycler\S-8-9-75-100019398-100029362-100026842-8313.com
    d:\recycler\S-9-1-82-100025046-100002628-100031388-5794.com
    d:\recycler\S-9-4-39-100018786-100002504-100011528-8534.com
    g:\recycler\S-1-7-64-100002160-100023697-100006695-2568.com
    g:\recycler\S-7-4-26-100001451-100015812-100008546-4586.com
    g:\recycler\S-8-9-75-100019398-100029362-100026842-8313.com

    ----- BITS: Possible infected sites -----

    hxxp://vestepau.cn
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_ICF
    -------\Legacy_MSDVDR
    -------\Legacy_MSUPDATE
    -------\Legacy_TCPSR
    -------\Service_IAS
    -------\Service_ICF
    -------\Service_msdvdDrv
    -------\Service_msdvdr
    -------\Service_msupdate
    -------\Service_restore
    -------\Service_tcpsr

    ((((((((((((((((((((((((( Files Created from 2009-01-25 to 2009-02-25 )))))))))))))))))))))))))))))))
    .

    2009-02-25 18:27 . 2009-02-25 18:27 179,200 --a------ c:\winnt\system32\fastopen.dll
    2009-02-25 18:02 . 2009-02-25 18:02 179,200 --a------ c:\winnt\system32\dcomcnfg.dll
    2009-02-25 17:52 . 2009-02-25 17:52 179,200 --a------ c:\winnt\system32\progman.dll
    2009-02-25 17:50 . 2009-02-25 17:50 281,105 --------- c:\winnt\system32\eafc9d9468a13ed7673e0f5163e26ea0.TMP
    2009-02-25 17:50 . 2009-02-25 17:50 179,200 --a------ c:\winnt\system32\cacls.dll
    2009-02-24 16:03 . 2009-02-25 18:02 3,156 -ra------ c:\winnt\system32\msdvdr.sys
    2009-02-23 10:25 . 2009-02-23 10:25 <REP> d-------- c:\documents and settings\rivoalen\Application Data\Malwarebytes
    2009-02-23 10:24 . 2009-02-23 10:25 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-02-23 10:24 . 2009-02-23 10:24 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-02-23 10:19 . 2009-02-25 18:03 5,760 --a------ c:\winnt\system32\drivers\restore.sys
    2009-02-23 10:05 . 2009-02-25 18:22 <REP> d-------- c:\documents and settings\rivoalen\Application Data\Twain
    2009-02-23 10:00 . 2009-02-23 10:00 <REP> d-------- c:\program files\WebShow
    2009-02-23 09:46 . 2009-02-23 09:45 48,836 --a------ c:\winnt\system32\msdvdr.pif
    2009-02-23 09:45 . 2009-02-23 09:45 <REP> d-------- c:\program files\System Guard 2009
    2009-02-23 09:45 . 2009-02-23 09:45 8 --a------ c:\winnt\system32\msdvdr.dat
    2009-02-21 11:10 . 2009-02-21 11:10 <REP> d-------- c:\program files\Alwil Software
    2009-02-21 10:31 . 2008-04-14 13:00 26,624 --a------ c:\winnt\system32\stu2.exe
    2009-02-20 20:35 . 2009-02-20 20:35 <REP> d-------- c:\program files\Enigma Software Group
    2009-02-20 20:15 . 2009-02-20 20:16 <REP> d-------- C:\rsit
    2009-02-20 20:15 . 2009-02-23 10:58 <REP> d-------- c:\program files\trend micro
    2009-02-20 17:51 . 2009-02-25 18:03 32,768 --a------ c:\winnt\system32\drivers\ati8jmxx.sys
    2009-02-20 17:47 . 2009-02-20 17:47 100,590 --a------ c:\winnt\system32\drivers\3dbe187.sys
    2009-02-20 17:47 . 2009-02-20 17:47 81,920 --a------ C:\eslb.exe
    2009-02-20 17:47 . 2009-02-20 17:47 56,320 --a------ c:\winnt\system32\drivers\UACd.sys
    2009-02-20 17:47 . 2009-02-20 17:47 22,784 --a------ c:\winnt\system32\drivers\systemntmi.sys
    2009-02-20 17:47 . 2009-02-20 17:47 22,784 --a------ c:\winnt\system32\drivers\nicsk32.sys
    2009-02-20 17:47 . 2009-02-20 17:47 19,456 --a------ C:\bwrsnohl.exe
    2009-02-20 17:46 . 2009-02-20 17:46 76,314 --a------ C:\ebum.exe
    2009-02-20 17:46 . 2009-02-20 17:46 2 --a------ C:\1215053681
    2009-02-20 17:45 . 2009-02-20 17:45 <REP> d-------- c:\documents and settings\rivoalen\Application Data\cogad
    2009-02-20 17:43 . 2009-02-20 17:43 17,920 --a------ c:\winnt\regsv32.exe
    2009-02-20 17:42 . 2009-02-25 17:57 200,210 --a------ c:\winnt\system32\vumer.dll
    2009-02-20 17:29 . 2009-02-20 17:29 <REP> d-------- C:\ATI
    2009-02-20 17:27 . 2009-02-20 17:40 <REP> d--h----- c:\documents and settings\All Users\Application Data\~0
    2009-02-20 17:26 . 2009-02-20 17:26 <REP> d-------- c:\program files\XPC Tools
    2009-02-20 15:56 . 2009-02-20 15:57 <REP> d-------- c:\winnt\BDOSCAN8
    2009-02-16 17:08 . 2005-05-17 16:24 311,296 --a------ c:\winnt\system32\AegisI5.exe
    2009-02-16 17:08 . 2006-01-18 13:55 290,918 --a------ c:\winnt\system32\Install7x.dll
    2009-02-16 17:08 . 2005-10-17 19:50 245,376 --a------ c:\winnt\system32\drivers\rt2500usb.SYS
    2009-02-16 17:08 . 2005-11-30 11:33 2,048 --a------ c:\winnt\system32\drivers\rt73.bin
    2009-02-16 17:08 . 2005-08-19 15:51 138 --a------ c:\winnt\filespec7x
    2009-02-16 17:07 . 2009-02-16 17:07 <REP> d-------- c:\program files\MSI
    2009-02-16 17:07 . 2009-02-16 17:07 22,784 --a------ c:\winnt\system32\drivers\ksi32sk.sys
    2009-02-16 17:07 . 2009-02-16 17:07 22,784 --a------ c:\winnt\system32\drivers\acpi32.sys
    2009-02-16 17:07 . 2009-02-16 17:07 20,747 --a------ c:\winnt\system32\drivers\AegisP.sys
    2009-02-16 17:00 . 2006-01-12 19:46 252,928 --a------ c:\winnt\system32\drivers\rt73.sys
    2009-02-15 18:08 . 2005-03-28 19:20 352,256 --a------ c:\winnt\system32\CNQL1213.DLL
    2009-02-15 18:08 . 2005-01-25 15:55 147,456 --a------ c:\winnt\system32\CNQW110.DLL
    2009-02-15 18:08 . 2005-01-25 15:55 57,344 --a------ c:\winnt\system32\CNQI110.DLL
    2009-02-15 17:48 . 2009-02-15 17:48 <REP> d-------- c:\documents and settings\rivoalen\Application Data\ScanSoft
    2009-02-15 17:48 . 2009-02-15 17:48 416 --a------ c:\winnt\MAXLINK.INI
    2009-02-15 17:47 . 2009-02-15 17:47 <REP> d-------- c:\program files\ScanSoft
    2009-02-15 17:47 . 2009-02-15 17:47 <REP> d-------- c:\program files\Fichiers communs\ScanSoft Shared
    2009-02-15 17:47 . 2009-02-15 17:47 <REP> d-------- c:\documents and settings\All Users\Application Data\ScanSoft
    2009-02-10 17:25 . 2009-02-10 17:25 <REP> d-------- c:\program files\Adobe Media Player
    2009-02-10 17:19 . 2009-02-10 17:19 <REP> d-------- c:\program files\Fichiers communs\Adobe AIR
    2009-02-10 17:13 . 2009-02-10 17:13 <REP> d-------- c:\program files\Fichiers communs\Macrovision Shared
    2009-02-09 13:21 . 2008-06-14 18:33 272,768 --------- c:\winnt\system32\drivers\bthport.sys
    2009-02-09 13:21 . 2008-06-14 18:33 272,768 -----c--- c:\winnt\system32\dllcache\bthport.sys
    2009-02-09 13:05 . 2008-08-14 14:23 2,191,232 -----c--- c:\winnt\system32\dllcache\ntoskrnl.exe
    2009-02-09 13:05 . 2008-08-14 14:23 2,147,328 -----c--- c:\winnt\system32\dllcache\ntkrnlmp.exe
    2009-02-09 13:05 . 2008-08-14 14:23 2,068,096 -----c--- c:\winnt\system32\dllcache\ntkrnlpa.exe
    2009-02-09 13:05 . 2008-08-14 14:23 2,025,984 -----c--- c:\winnt\system32\dllcache\ntkrpamp.exe
    2009-02-09 11:33 . 2008-10-24 12:21 455,296 -----c--- c:\winnt\system32\dllcache\mrxsmb.sys
    2009-02-08 18:47 . 2009-02-08 19:02 <REP> d-------- c:\documents and settings\All Users\Application Data\Sports Interactive
    2009-02-08 18:33 . 2009-02-08 18:33 <REP> d--h----- c:\program files\Zero G Registry
    2009-02-08 18:31 . 2009-02-20 10:10 <REP> d-------- c:\documents and settings\rivoalen\Application Data\Sports Interactive
    2009-02-08 16:35 . 2009-02-08 16:37 <REP> d-------- c:\winnt\SxsCaPendDel
    2009-02-08 13:33 . 2009-02-08 13:33 <REP> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
    2009-02-08 12:59 . 2007-02-20 16:04 2,463,976 --a------ c:\winnt\system32\NPSWF32.dll
    2009-02-08 12:59 . 2007-02-20 16:04 190,696 --a------ c:\winnt\system32\NPSWF32_FlashUtil.exe
    2009-02-07 23:38 . 2009-02-11 20:49 <REP> d--h----- c:\winnt\$hf_mig$
    2009-02-07 16:10 . 2009-02-07 16:13 <REP> d-------- c:\program files\uTorrent
    2009-02-07 16:10 . 2009-02-23 09:02 <REP> d-------- c:\documents and settings\rivoalen\Application Data\uTorrent
    2009-02-07 15:31 . 2009-02-21 10:33 1,073,299,456 --a------ c:\winnt\MEMORY.DMP
    2009-02-07 14:58 . 2008-04-14 13:00 1,875,968 --a--c--- c:\winnt\system32\dllcache\msir3jp.lex
    2009-02-07 14:57 . 2008-04-14 13:00 13,463,552 --a--c--- c:\winnt\system32\dllcache\hwxjpn.dll
    2009-02-07 14:56 . 2008-04-14 13:00 2,134,528 --a--c--- c:\winnt\system32\dllcache\smtpsnap.dll
    2009-02-07 14:55 . 2009-02-07 14:55 488 -rah----- c:\winnt\system32\logonui.exe.manifest
    2009-02-07 14:54 . 2009-02-07 14:54 749 -rah----- c:\winnt\WindowsShell.Manifest
    2009-02-07 14:54 . 2009-02-07 14:54 749 -rah----- c:\winnt\system32\wuaucpl.cpl.manifest
    2009-02-07 14:54 . 2009-02-07 14:54 749 -rah----- c:\winnt\system32\sapi.cpl.manifest
    2009-02-07 14:54 . 2009-02-07 14:54 749 -rah----- c:\winnt\system32\nwc.cpl.manifest
    2009-02-07 14:54 . 2009-02-07 14:54 749 -rah----- c:\winnt\system32\ncpa.cpl.manifest
    2009-02-07 14:46 . 2008-04-13 19:33 870,784 --a------ c:\winnt\system32\ati3d1ag.dll
    2009-02-07 13:47 . 2009-02-17 22:40 <REP> d-------- c:\winnt\WinSxS
    2009-02-07 13:24 . 2009-02-07 13:24 <REP> d--hs---- c:\documents and settings\LocalService
    2009-02-07 13:20 . 2009-02-25 18:22 <REP> d--hs---- c:\documents and settings\NetworkService
    2009-02-07 13:18 . 2005-07-22 16:38 <REP> d--h----- c:\winnt\system32\config\systemprofile\Voisinage réseau
    2009-02-07 13:18 . 2005-07-22 16:38 <REP> d--h----- c:\winnt\system32\config\systemprofile\Voisinage d'impression
    2009-02-07 13:18 . 2009-02-07 13:09 <REP> d--h----- c:\winnt\system32\config\systemprofile\Modèles
    2009-02-07 13:18 . 2005-07-22 16:38 <REP> d-------- c:\winnt\system32\config\systemprofile\Mes documents
    2009-02-07 13:18 . 2009-02-07 12:56 <REP> dr------- c:\winnt\system32\config\systemprofile\Menu Démarrer
    2009-02-07 13:18 . 2009-02-20 18:03 <REP> d-------- c:\winnt\system32\config\systemprofile\Favoris
    2009-02-07 13:18 . 2005-07-26 21:30 <REP> d-------- c:\winnt\system32\config\systemprofile\Bureau
    2009-02-07 13:15 . 2009-02-07 13:15 <REP> d-------- c:\winnt\system32\xircom
    2009-02-07 13:15 . 2001-11-23 05:08 712,704 -ra------ c:\winnt\system32\OLD71A.tmp
    2009-02-07 13:14 . 2008-04-14 13:00 221,184 --a------ c:\winnt\system32\wmpns.dll
    2009-02-07 13:13 . 2009-02-07 14:55 488 -rah----- c:\winnt\system32\WindowsLogon.manifest
    2009-02-07 13:12 . 2009-02-07 13:12 <REP> d-------- c:\program files\Services en ligne
    2009-02-07 13:11 . 2009-02-07 15:02 <REP> d-------- c:\winnt\system32\Restore
    2009-02-07 13:10 . 2009-02-07 13:10 <REP> d-------- c:\winnt\system32\FxsTmp
    2009-02-07 13:08 . 2008-04-13 11:45 6,272 --a------ c:\winnt\system32\drivers\splitter.sys
    2009-02-07 13:00 . 2001-08-17 21:46 6,400 --a------ c:\winnt\system32\drivers\enum1394.sys
    2009-02-07 12:57 . 2009-02-07 14:51 4,444 --a------ c:\winnt\system32\pid.PNF
    2009-02-07 12:55 . 2009-02-25 18:27 <REP> d-------- c:\winnt\system32\CatRoot2

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-25 16:50 1,139,712 ----a-w c:\winnt\explorer.exe
    2009-02-23 09:01 --------- d-----w c:\program files\Google
    2009-02-20 16:55 --------- d-----w c:\program files\Fichiers communs\Adobe
    2009-02-20 09:22 --------- d-----w c:\program files\QuarkXPress Passport
    2009-02-16 16:15 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-02-15 17:09 --------- d-----w c:\documents and settings\rivoalen\Application Data\Canon
    2009-02-07 14:57 --------- d-----w c:\program files\eMule
    2009-02-07 14:46 --------- d-----w c:\program files\MSN Messenger
    2009-02-07 14:44 --------- d---a-w c:\program files\VIGUARD
    2005-07-22 14:47 271 --sh--w c:\program files\desktop.ini
    2005-07-22 14:47 22,115 ---h--w c:\program files\folder.htt
    2001-11-23 04:08 712,704 ----a-r c:\winnt\inf\OTHER\AUDIO3D.DLL
    2001-10-05 10:53 21,866 ----a-w c:\program files\Fichiers communs\tppupd2k.dll
    2009-02-23 09:11 211,456 ----a-w c:\program files\mozilla firefox\components\srff.dll
    .

    ------- Sigcheck -------

    2009-02-25 17:50 1139712 86d9136d0eb9726448bbe3f9f1d0bcd3 c:\winnt\explorer.exe
    2009-02-25 17:50 1139712 86d9136d0eb9726448bbe3f9f1d0bcd3 c:\winnt\system32\dllcache\explorer.exe

    2009-02-21 10:31 30208 0fe5d20ae9ace2cf91c339aaf134c78e c:\winnt\system32\userinit.exe
    2008-04-14 13:00 26624 e74ddb12188c2ff57a78624dbf7332fc c:\winnt\system32\dllcache\userinit.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-09-04 6856704]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-04 68856]
    "cogad"="c:\documents and settings\rivoalen\Application Data\cogad\cogad.exe" [2009-02-20 56832]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 339968]
    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-22 32768]
    "NeroCheck"="c:\winnt\system32\\NeroCheck.exe" [2001-07-09 155648]
    "TPP Auto Loader"="c:\winnt\TPPALDR.EXE" [2001-10-05 118784]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
    "AdobeCS4ServiceManager"="c:\program files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
    "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
    "systemguard"="c:\program files\System Guard 2009\systemguard.exe" [2009-02-23 1007616]
    "Synchronization Manager"="mobsync.exe" [2008-04-14 c:\winnt\system32\mobsync.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-22 32768]
    "internat.exe"="internat.exe" [2003-06-23 c:\winnt\system32\internat.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2008-04-14 218624]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-02-22 32768]
    Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
    MSI US54SE II Wireless Client Utility.lnk - c:\program files\MSI\US54SE II\Installer\WINXP\MCU.exe [2009-02-16 593920]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbaefbac]
    2003-08-16 03:20 281105 c:\winnt\system32\cbaefbac.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"= mmdrv.dll
    "MSVideo"= lvfwwdmt.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8jmxx.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "VigService"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Fichiers communs\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
    "c:\\WINNT\\system32\\userinit.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:TCP"= 5353:TCP:Adobe CSI CS4

    R0 ati8jmxx;ati8jmxx;c:\winnt\system32\drivers\ati8jmxx.sys [2009-02-20 32768]
    S2 acpi32;acpi32;c:\winnt\system32\drivers\acpi32.sys [2009-02-16 22784]
    S2 amd64si;amd64si;\??\c:\winnt\system32\drivers\amd64si.sys --> c:\winnt\system32\drivers\amd64si.sys [?]
    S2 ati64si;ati64si;c:\winnt\system32\drivers\ati64si.sys [2008-04-14 22784]
    S2 fips32cup;fips32cup;c:\winnt\system32\drivers\fips32cup.sys [2008-04-14 22784]
    S2 i386si;i386si;\??\c:\winnt\system32\drivers\i386si.sys --> c:\winnt\system32\drivers\i386si.sys [?]
    S2 ksi32sk;ksi32sk;c:\winnt\system32\drivers\ksi32sk.sys [2009-02-16 22784]
    S2 netsik;netsik;c:\winnt\system32\drivers\netsik.sys [2008-04-13 22784]
    S2 nicsk32;nicsk32;c:\winnt\system32\drivers\nicsk32.sys [2009-02-20 22784]
    S2 port135sik;port135sik;c:\winnt\system32\drivers\port135sik.sys [2008-04-13 22784]
    S2 securentm;securentm;\??\c:\winnt\system32\drivers\securentm.sys --> c:\winnt\system32\drivers\securentm.sys [?]
    S2 systemntmi;systemntmi;c:\winnt\system32\drivers\systemntmi.sys [2009-02-20 22784]
    S2 ws2_32sik;ws2_32sik;\??\c:\winnt\system32\drivers\ws2_32sik.sys --> c:\winnt\system32\drivers\ws2_32sik.sys [?]
    S3 QCEmerald;Logitech QuickCam Web;c:\winnt\system32\drivers\lvce.sys [2000-06-09 37376]
    S3 rt2571;Wireless 802.11g USB Adapter Driver;c:\winnt\system32\drivers\rt2571.sys [2008-03-03 79616]
    S3 usbhub20;Prise en charge du concentrateur racine USB 2.0;c:\winnt\system32\drivers\usbhub20.sys [2005-07-22 49776]
    S3 viafilter;VIA USB Filter;c:\winnt\system32\drivers\viausb.sys [2005-07-22 9038]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
    \Shell\AutoRun\command - c:\winnt\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-7-64-100002160-100023697-100006695-2568.com c:\
    \Shell\Open\command - c:\recycler\S-1-7-64-100002160-100023697-100006695-2568.com c:\

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \Shell\AutoRun\command - c:\winnt\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-7-64-100002160-100023697-100006695-2568.com d:\
    \Shell\Open\command - d:\recycler\S-1-7-64-100002160-100023697-100006695-2568.com d:\
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{A2E292BA-8FB3-42A5-8F4C-E2156142422C} - c:\winnt\system32\byXRhHxW.dll
    HKCU-Run-DriverUpdaterPro - c:\program files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe
    HKCU-Run-PoliceAV - c:\program files\XPPoliceAntivirus\xppolice.exe
    HKCU-Run-rs32net - c:\winnt\System32\rs32net.exe
    HKCU-Run-rivoalen - c:\documents and settings\rivoalen\rivoalen.exe
    HKCU-Run-VnrPack25 - c:\program files\VnrPack\VnrPack25.exe
    HKCU-Run-GetModule37 - c:\program files\GetModule\GetModule37.exe
    HKLM-Run-LVCOMS - c:\winnt\system32\LVCOMS.EXE
    HKLM-Run-autochk - c:\winnt\system32\autochk.dll
    HKLM-Run-Cmaudio - cmicnfg.cpl
    HKU-Default-RunOnce-tscuninstall - c:\winnt\system32\tscupgrd.exe
    Notify-ddcArRkL - ddcArRkL.dll
    SafeBoot-sglfb.sys
    SafeBoot-tga.sys

    .
    ------- Supplementary Scan -------
    .
    uStart Page = www.google.fr/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    mDefault_Search_URL = hxxp://www.google.com/ie
    mSearch Bar =
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    FF - ProfilePath - c:\documents and settings\rivoalen\Application Data\Mozilla\Firefox\Profiles\bh0rgrnz.default\
    FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
    FF - component: c:\program files\Mozilla Firefox\components\srff.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-25 18:27:35
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    c:\winnt\system32\58d1221b64df5b21c14ee33e93bd342a.sys 39936 bytes executable
    c:\winnt\system32\_58d1221b64df5b21c14ee33e93bd342a.sys_.vir 39936 bytes executable

    scan completed successfully
    hidden files: 2

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\58d1221b64df5b21c14ee33e93bd342a]
    "ImagePath"="system32\58d1221b64df5b21c14ee33e93bd342a.sys"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(516)
    c:\winnt\system32\cbaefbac.dll
    c:\winnt\system32\eappprxy.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\winnt\system32\ati2evxx.exe
    c:\winnt\system32\mspmspsv.exe
    c:\winnt\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2009-02-25 18:31:32 - machine was rebooted [rivoalen]
    ComboFix-quarantined-files.txt 2009-02-25 17:31:29

    Pre-Run: 18,521,665,536 octets libres
    Post-Run: 18,833,420,288 octets libres

    Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
    387 --- E O F --- 2009-02-11 19:49:38
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    ---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
    ---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
    ---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
    ---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
    ---> Sélectionne Exécuter un examen rapide.
    ---> Clique sur Rechercher. L'analyse démarre.

    A la fin de l'analyse, un message s'affiche :

    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

    ---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
    ---> Ferme tes navigateurs.
    Si des malwares ont été détectés, clique sur Afficher les résultats.
    ---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
    ---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    0
  7. fremel Messages postés 9 Statut Membre
     
    Je l'avais déjà installé mais il ne e lance plus???
    0
  8. fremel Messages postés 9 Statut Membre
     
    Il est déjà installé mais ne veut plus e lancer!
    0
  9. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    ---> Fais analyser les fichiers suivants :
    - c:\winnt\system32\drivers\ati8jmxx.sys
    - c:\winnt\system32\progman.dll
    - c:\winnt\system32\msdvdr.sys
    - c:\winnt\system32\vumer.dll
    - C:\eslb.exe

    ---> Sur VirusTotal et poste les liens des analyses :
    https://www.virustotal.com/gui/
    0
  10. fremel Messages postés 9 Statut Membre
     
    c:\winnt\system32\drivers\ati8jmxx.sys
    fichier de 0 octets
    0
  11. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Ok pour le premier.
    0
  12. fremel Messages postés 9 Statut Membre
     
    c:\winnt\system32\drivers\ati8jmxx.sys
    O octets aussi
    0
  13. fremel Messages postés 9 Statut Membre
     
    Fichier itamcndf.exe reçu le 2009.02.24 17:10:33 (CET)
    Situation actuelle: terminé

    Résultat: 26/39 (66.67%)
    Formaté Impression des résultats
    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.0.0.93 2009.02.24 Trojan-Spy.Finanz.J!IK
    AhnLab-V3 2009.2.24.0 2009.02.24 Win-Trojan/Xema.81920.D
    AntiVir 7.9.0.88 2009.02.24 TR/Downloader.Gen
    Authentium 5.1.0.4 2009.02.24 -
    Avast 4.8.1335.0 2009.02.24 Win32:Trojan-gen {Other}
    AVG 8.0.0.237 2009.02.24 Agent_r.IE
    BitDefender 7.2 2009.02.24 Trojan.Downloader.JLQS
    CAT-QuickHeal 10.00 2009.02.22 TrojanDownloader.Slupim.b
    ClamAV 0.94.1 2009.02.24 -
    Comodo 983 2009.02.20 -
    DrWeb 4.44.0.09170 2009.02.24 -
    eSafe 7.0.17.0 2009.02.19 Suspicious File
    eTrust-Vet 31.6.6372 2009.02.24 Win32/Donloz.CM
    F-Prot 4.4.4.56 2009.02.24 -
    F-Secure 8.0.14470.0 2009.02.24 -
    Fortinet 3.117.0.0 2009.02.24 -
    GData 19 2009.02.24 Trojan.Downloader.JLQS
    Ikarus T3.1.1.45.0 2009.02.24 Trojan-Spy.Finanz.J
    K7AntiVirus 7.10.639 2009.02.21 -
    Kaspersky 7.0.0.125 2009.02.24 Trojan.Win32.Agent.brfl
    McAfee 5534 2009.02.23 Generic Downloader.x
    McAfee+Artemis 5534 2009.02.23 Generic Downloader.x
    Microsoft 1.4306 2009.02.24 TrojanDownloader:Win32/Slupim.B
    NOD32 3885 2009.02.24 Win32/TrojanDownloader.Agent.ORH
    Norman 6.00.06 2009.02.24 W32/DLoader.NMFD
    nProtect 2009.1.8.0 2009.02.24 -
    Panda 10.0.0.10 2009.02.23 Trj/Dropper.AGJ
    PCTools 4.4.2.0 2009.02.24 -
    Prevx1 V2 2009.02.24 Medium Risk Malware
    Rising 21.18.12.00 2009.02.24 -
    SecureWeb-Gateway 6.7.6 2009.02.24 Trojan.Downloader.Gen
    Sophos 4.39.0 2009.02.24 Sus/Spy-B
    Sunbelt 3.2.1856.2 2009.02.24 Trojan.Unidentified.Gen.VS
    Symantec 10 2009.02.24 Downloader
    TheHacker 6.3.2.5.264 2009.02.24 -
    TrendMicro 8.700.0.1004 2009.02.24 PAK_Generic.001
    VBA32 3.12.10.0 2009.02.24 Win32.TrojanDownloader.Agent.ORH
    ViRobot 2009.2.24.1621 2009.02.24 Trojan.Win32.Downloader.81920.CI
    VirusBuster 4.5.11.0 2009.02.24 -
    Information additionnelle
    File size: 81920 bytes
    MD5...: 358bfb45984caee6e1a4afbea62b0f08
    SHA1..: 5cce36ff0ba828f398944524b9c0a80bbd15de65
    SHA256: f2303f9b683a3309197aff588b5767722eff6684c1bd56944bc817321e51a102
    SHA512: 040a1d8a19fefee586c9e3459e1acb93e00bee8bdbf6555daea2498f26e94fdb
    d7342d34d7af2d05abc23f12034c21b604740a9589a40feeea3b48c781beca65
    ssdeep: 1536:XO//IR5USbGNls4FD3ZQVQjl5wlfhXKwzD0+WwTTzOEkKJ1GYPUghO7v1Md
    ScNWM:XOK5N9MT2i525X7D0KTzO1UwY8ghO7v0

    PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
    TrID..: File type identification
    UPX compressed Win32 Executable (39.5%)
    Win32 EXE Yoda's Crypter (34.3%)
    Win32 Executable Generic (11.0%)
    Win32 Dynamic Link Library (generic) (9.8%)
    Generic Win/DOS Executable (2.5%)
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x131827f0
    timedatestamp.....: 0x499a9aa0 (Tue Feb 17 11:08:16 2009)
    machinetype.......: 0x14c (I386)

    ( 3 sections )
    name viradd virsiz rawdsiz ntrpy md5
    UPX0 0x1000 0x1e000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
    UPX1 0x1f000 0x14000 0x13a00 7.84 2a7b20d8c74ea71d0b35ab4b294367d2
    UPX2 0x33000 0x1000 0x200 2.90 fb41c4cc52850c8464bede12ab9c9c91

    ( 5 imports )
    > KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, ExitProcess
    > ADVAPI32.dll: RegCloseKey
    > USER32.dll: wsprintfA
    > WINMM.dll: timeGetTime
    > WS2_32.dll: -

    ( 0 exports )

    ThreatExpert info: https://www.symantec.com?md5=358bfb45984caee6e1a4afbea62b0f08
    Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=805C4663005DDEC54025012D95BE7800559C168F
    packers (Kaspersky): PE_Patch.UPX, UPX
    packers (F-Prot): UPX
    0
  14. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    ---> Fais un scan avec AVPTool et poste le rapport.

    Tu as le tutoriel ici :
    http://www.commentcamarche.net/faq/sujet 16138 comment supprimer virut#deuxieme methode avptool
    0