Aller au contenu

tunesl1tr

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    6

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par tunesl1tr

  1. tunesl1tr
    probleme règler mon mainboard a sauter et jai changer de pc merci pareille pour le coup de main
  2. tunesl1tr
    ComboFix 08-07-09.2 - Steve 2008-07-10 13:30:46.2 - NTFSx86 Endroit: C:\Documents and Settings\Steve\Bureau\ComboFix.exe AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\WINDOWS\dobe~1 C:\WINDOWS\pskt.ini C:\WINDOWS\sks~1 C:\WINDOWS\sks~1\??sks\ C:\WINDOWS\system32\bdqsqy.dll C:\WINDOWS\system32\fOrCcfii.ini C:\WINDOWS\system32\fOrCcfii.ini2 C:\WINDOWS\system32\grcgjq.dll C:\WINDOWS\system32\hjrkjccr.ini C:\WINDOWS\system32\hwbasbhx.dll C:\WINDOWS\system32\KUwHRqru.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mlJYrsqP.dll C:\WINDOWS\system32\MSINET.oca C:\WINDOWS\system32\nwuuwull.dll C:\WINDOWS\system32\pygdnuivmrmodtoq.dll C:\WINDOWS\system32\qtqvjeaw.dll C:\WINDOWS\system32\talodxet.dll C:\WINDOWS\system32\urqRHwUK.dll C:\WINDOWS\system32\vcdvli.dll . ((((((((((((((((((((((((((((( Fichiers créés 2008-06-10 to 2008-07-10 )))))))))))))))))))))))))))))))))))) . 2008-07-09 18:34 . 2008-07-09 18:34 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-09 18:34 . 2008-07-09 18:34 <REP> d-------- C:\Documents and Settings\Steve\Application Data\Malwarebytes 2008-07-09 18:34 . 2008-07-09 18:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-09 18:34 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-07-09 18:34 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-07-08 22:41 . 2008-07-08 22:41 <REP> d-------- C:\Program Files\Avira 2008-07-08 22:41 . 2008-07-08 22:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-07-08 21:38 . 2008-07-08 23:09 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-07-08 21:37 . 2008-07-08 21:40 <REP> d-------- C:\Program Files\Spyware Doctor 2008-07-08 21:37 . 2008-07-08 21:37 <REP> d-------- C:\Documents and Settings\Steve\Application Data\PC Tools 2008-07-08 21:37 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-07-08 21:37 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-07-08 21:37 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-07-08 21:37 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-07-07 22:50 . 2006-06-20 04:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll 2008-07-07 22:19 . 2008-07-09 08:34 110,478 --a------ C:\WINDOWS\BMf3044ad2.xml 2008-07-07 19:40 . 2008-07-07 19:40 58 --a------ C:\SCRIPT.CLN 2008-07-07 19:40 . 2008-07-07 19:40 17 --a------ C:\MAINMSG.DAT 2008-07-07 19:40 . 2008-07-07 19:40 12 --a------ C:\DISKFREE.DAT 2008-07-07 19:40 . 2008-07-07 19:40 8 --a------ C:\WINDOWS\$tmp$.tm$ 2008-07-07 19:40 . 2008-07-07 19:40 1 --a------ C:\PROGRES.DAT 2008-07-07 19:06 . 2008-07-07 21:22 <REP> d-------- C:\Program Files\Spybot - Search & Destroy 2008-07-07 19:06 . 2008-07-07 21:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-07-07 12:38 . 2008-07-08 13:58 <REP> d--h----- C:\$AVG8.VAULT$ 2008-07-07 12:19 . 2008-07-07 18:14 <REP> d-------- C:\WINDOWS\system32\drivers\Avg 2008-07-07 12:19 . 2008-07-07 12:31 <REP> d-------- C:\Documents and Settings\Steve\Application Data\AVGTOOLBAR 2008-07-07 12:19 . 2008-07-07 13:13 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-07-07 12:19 . 2008-07-07 13:14 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys 2008-07-07 12:19 . 2008-07-07 13:13 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-07-07 10:40 . 2008-07-07 21:22 <REP> d-------- C:\WINDOWS\system32\olixds01 2008-07-07 10:22 . 2008-07-07 10:22 <REP> dr------- C:\Documents and Settings\LocalService\Favoris 2008-07-07 10:10 . 2008-07-07 18:00 <REP> d-------- C:\WINDOWS\system32\secX 2008-07-07 10:10 . 2008-07-07 17:59 <REP> d-------- C:\WINDOWS\system32\olixds05 2008-07-07 10:10 . 2008-07-07 17:58 <REP> d-------- C:\WINDOWS\system32\ine 2008-07-07 10:10 . 2008-07-07 17:55 <REP> d-------- C:\WINDOWS\system32\dev2 2008-07-07 10:10 . 2008-07-07 12:39 <REP> d--hs---- C:\WINDOWS\c3RldmUgZHVwb250 2008-07-07 10:10 . 2008-07-07 10:10 <REP> d-------- C:\Temp\stmpv4 2008-07-07 10:10 . 2008-07-09 22:34 <REP> d-------- C:\Temp 2008-07-07 10:10 . 2008-07-07 10:10 359 --a------ C:\714.bat 2008-07-07 10:06 . 2005-02-24 23:35 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-07-07 10:01 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll 2008-07-07 09:55 . 2008-07-09 22:54 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-07-07 09:55 . 2008-07-07 09:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-07-07 09:45 . 2002-07-11 08:47 98,304 --------- C:\WINDOWS\system32\msikbd.dll 2008-07-07 09:45 . 2000-06-08 03:09 28,672 --------- C:\WINDOWS\system32\msiosd32.dll 2008-07-07 09:45 . 2001-12-20 10:02 6,656 --------- C:\WINDOWS\system32\drivers\Msikbd2k.sys 2008-07-07 09:45 . 2008-07-08 07:52 295 --a------ C:\WINDOWS\WININIT.INI 2008-07-07 09:45 . 2008-07-10 13:34 245 --a------ C:\WINDOWS\Msiosd.ini 2008-07-07 01:04 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2008-07-07 01:04 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys 2008-07-07 01:04 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2008-07-07 01:04 . 2004-08-04 00:54 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll 2008-07-07 01:04 . 2004-08-04 00:45 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2008-07-07 01:04 . 2004-08-04 00:45 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys 2008-07-07 01:04 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2008-07-07 01:04 . 2001-08-23 17:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys 2008-07-07 01:04 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2008-07-07 01:04 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys 2008-07-07 00:29 . 2008-07-07 10:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NexonUS 2008-07-06 21:50 . 2008-07-07 09:45 <REP> d-------- C:\Program Files\Netropa 2008-07-05 23:34 . 2008-07-07 00:54 <REP> d-------- C:\Program Files\ASIO4ALL v2 2008-07-05 23:33 . 2002-07-07 18:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm 2008-07-05 23:32 . 2008-07-05 23:32 <REP> d-------- C:\Program Files\Outsim 2008-07-05 23:29 . 2008-07-05 23:35 <REP> d-------- C:\Program Files\Image-Line 2008-07-03 10:45 . 2008-07-03 10:45 364,544 --a------ C:\WINDOWS\system32\pwcndjiabgtdjjmqt.dll 2008-06-28 22:20 . 2008-07-07 09:54 <REP> d-------- C:\Documents and Settings\Steve\Application Data\teamspeak2 2008-06-28 22:20 . 2008-06-28 22:20 34,064 --a------ C:\WINDOWS\system32\lhacm.acm 2008-06-28 22:19 . 2008-07-07 09:54 <REP> d-------- C:\Program Files\Teamspeak2_RC2 2008-06-25 22:57 . 2008-07-07 00:58 <REP> d-------- C:\Program Files\Knight Online 2008-06-17 09:00 . 2008-07-07 01:00 <REP> d-------- C:\AeriaGames(2) 2008-06-16 18:48 . 2008-06-16 18:48 <REP> d-------- C:\WINDOWS\system32\LogFiles 2008-06-16 17:10 . 2008-07-07 00:03 <REP> d-------- C:\Documents and Settings\Steve\Application Data\skypePM 2008-06-16 17:10 . 2008-06-16 17:10 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat 2008-06-16 17:07 . 2008-07-07 01:00 <REP> d-------- C:\Program Files\Skype 2008-06-16 17:07 . 2008-07-07 01:00 <REP> d-------- C:\Documents and Settings\Steve\Application Data\Skype 2008-06-16 17:06 . 2008-07-07 01:00 <REP> d-------- C:\Program Files\Windows Live Toolbar 2008-06-16 17:06 . 2008-07-07 01:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype 2008-06-14 12:54 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-06-13 15:50 . 2008-07-07 19:44 <REP> d-------- C:\Documents and Settings\Steve\Application Data\LimeWire 2008-06-13 15:49 . 2008-07-08 21:37 <REP> d-------- C:\Program Files\Google 2008-06-13 15:48 . 2008-06-13 15:49 <REP> d-------- C:\Program Files\Java 2008-06-13 15:48 . 2008-06-13 15:48 <REP> d-------- C:\Program Files\Fichiers communs\Java 2008-06-13 15:46 . 2008-07-07 01:01 <REP> d-------- C:\Program Files\LimeWire 2008-06-13 15:26 . 2008-07-09 22:54 <REP> d-------- C:\Documents and Settings\Steve\Contacts 2008-06-13 15:07 . 2008-06-16 17:03 <REP> d-------- C:\Program Files\Windows Live 2008-06-13 15:07 . 2008-07-09 22:53 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-06-13 15:07 . 2008-07-09 22:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-06-13 15:00 . 2008-06-26 20:00 <REP> d-------- C:\WINDOWS\$hf_mig$ 2008-06-13 14:27 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll.wusetup.10866593(2).new 2008-06-13 14:27 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2008-06-13 14:27 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2008-06-13 14:27 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-06-13 14:27 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2008-06-13 14:23 . 2008-07-07 09:56 <REP> d-------- C:\Program Files\iTunes 2008-06-13 14:23 . 2008-06-13 14:23 <REP> d-------- C:\Program Files\iPod 2008-06-13 14:23 . 2008-07-07 09:56 <REP> d-------- C:\Program Files\Bonjour 2008-06-13 14:23 . 2008-06-16 20:48 <REP> d-------- C:\Documents and Settings\Steve\Application Data\Apple Computer 2008-06-13 14:22 . 2008-07-07 09:56 <REP> d-------- C:\Program Files\QuickTime 2008-06-13 14:22 . 2008-07-07 09:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-06-13 14:21 . 2008-06-13 14:21 <REP> d-------- C:\Program Files\Fichiers communs\Apple 2008-06-13 14:21 . 2008-07-07 09:55 <REP> d-------- C:\Program Files\Apple Software Update 2008-06-13 11:28 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\hidserv(2).dll 2008-06-13 10:19 . 2008-07-06 08:03 <REP> d-------- C:\WINDOWS\system32\drivers\Avg(2) 2008-06-13 10:19 . 2008-07-05 08:42 10,520 --a------ C:\WINDOWS\system32\avgrsstx(2).dll 2008-06-13 10:18 . 2008-06-13 10:18 <REP> d-------- C:\Program Files\AVG 2008-06-13 10:18 . 2008-07-07 12:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-06-13 09:57 . 2008-07-10 09:38 <REP> d---s---- C:\Documents and Settings\Steve\UserData 2008-06-12 16:53 . 2008-06-12 17:35 <REP> d-------- C:\Program Files\Fichiers communs\InstallShield 2008-06-12 13:09 . 2004-08-03 20:39 58,496 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2008-06-12 13:09 . 2001-08-17 17:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2008-06-12 13:08 . 2008-05-02 22:46 6,554,496 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys 2008-06-12 13:08 . 2008-05-02 22:46 6,108,160 --a------ C:\WINDOWS\system32\nv4_disp.dll 2008-06-12 13:08 . 2004-08-03 20:54 77,312 --a------ C:\WINDOWS\system32\usbui.dll 2008-06-12 13:08 . 2004-08-03 20:43 5,504 --a------ C:\WINDOWS\system32\drivers\intelide.sys 2008-06-12 13:05 . 2008-06-12 13:05 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage réseau 2008-06-12 13:05 . 2008-06-12 13:05 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage d'impression 2008-06-12 13:05 . 2008-06-12 17:32 <REP> d--h----- C:\Documents and Settings\Default User\Modèles 2008-06-12 13:05 . 2008-06-12 13:05 <REP> d-------- C:\Documents and Settings\Default User\Mes documents 2008-06-12 13:05 . 2008-06-12 13:05 <REP> dr------- C:\Documents and Settings\Default User\Menu Démarrer 2008-06-12 13:05 . 2008-06-12 13:05 <REP> d-------- C:\Documents and Settings\Default User\Favoris 2008-06-12 13:05 . 2008-06-12 13:05 <REP> d-------- C:\Documents and Settings\Default User\Bureau 2008-06-12 13:05 . 2008-06-12 13:05 <REP> d--h----- C:\Documents and Settings\All Users\Modèles 2008-06-12 13:05 . 2008-06-12 17:41 <REP> dr------- C:\Documents and Settings\All Users\Menu Démarrer 2008-06-12 13:05 . 2008-06-12 13:05 <REP> d-------- C:\Documents and Settings\All Users\Favoris 2008-06-12 13:05 . 2008-06-12 17:33 <REP> dr------- C:\Documents and Settings\All Users\Documents . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-07 05:00 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-12 21:57 --------- d-----w C:\Program Files\CyberLink 2008-06-12 21:53 --------- d-----w C:\Program Files\Intel 2008-06-12 21:47 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-06-12 21:46 --------- d-----w C:\Program Files\Fichiers communs\Ahead 2008-06-12 21:45 --------- d-----w C:\Documents and Settings\Steve\Application Data\Ahead 2008-06-12 21:44 --------- d-----w C:\Program Files\Nero 2008-06-12 21:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2008-06-12 21:38 --------- d-----w C:\Program Files\microsoft frontpage 2008-06-12 21:35 --------- d-----w C:\Program Files\Services en ligne 2008-06-12 21:03 --------- d-----w C:\Program Files\Analog Devices 2008-04-30 21:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE 2008-04-21 07:02 663,552 ----a-w C:\WINDOWS\system32\wininet(2).dll 2008-04-21 07:02 617,984 ----a-w C:\WINDOWS\system32\urlmon(2).dll 2008-04-21 07:02 474,624 ----a-w C:\WINDOWS\system32\shlwapi(2).dll 2008-04-21 07:02 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw(2).dll 2005-07-29 20:24 472 --sha-r C:\WINDOWS\c3RldmUgZHVwb250\wal5xAo0tJpTvZcX.vbs . ((((((((((((((((((((((((((((( snapshot@2008-07-09_22.40.59.60 ))))))))))))))))))))))))))))))))))))))))) . - 2008-07-10 02:38:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-07-10 13:37:25 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-07-10 02:53:58 29,926 ----a-r C:\WINDOWS\Installer\{BADF6744-3787-48F6-B8C9-4C4995401D65}\MsblIco.Exe + 2007-10-18 15:31:46 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03017810-cd66-849f-a47c-d11269d5080b}] 2008-07-03 10:45 364544 --a------ C:\WINDOWS\system32\pwcndjiabgtdjjmqt.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7403BC49-1B92-4F00-8683-46D8895A3DAD}] C:\WINDOWS\system32\iifcCrOf.dll [bU] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FE38E56B-2F85-7550-FD3A-0DA2E0E94BB6}] C:\WINDOWS\system32\sotr.dll [bU] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-08 21:37 171448] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "{ed4714d3-1995-52e9-4117-b8f4550c041c}"="C:\WINDOWS\system32\pygdnuivmrmodtoq.dll" [bU] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"= "E:\Program Files\Combat Arms\CombatArms.exe"= E:\Program Files\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe "E:\Program Files\Combat Arms\Engine.exe"= E:\Program Files\Combat Arms\Engine.exe:*Enabled:Engine.exe "E:\\Program Files\\Combat Arms\\NMService.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-07 13:13] R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2001-12-20 10:02] R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-07 13:13] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-07 13:13] R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-07 13:14] R2 nhksrv;Netropa NHK Server;C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 07:41] . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-07-08 23:19:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-07-10 16:57:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-10 13:34:52 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-07-10 13:36:50 ComboFix-quarantined-files.txt 2008-07-10 17:36:29 Pre-Run: 9,526,022,144 octets libres Post-Run: 9,551,630,336 octets libres 252
  3. tunesl1tr
    je n'est pas eu de log quand combo fix a terminer
  4. tunesl1tr
    voici mon log malwarebyte' anti-malware: Malwarebytes' Anti-Malware 1.20 Version de la base de données: 935 Windows 5.1.2600 Service Pack 2 21:43:40 2008-07-09 mbam-log-7-9-2008 (21-43-40).txt Type de recherche: Examen complet (C:\|E:\|) Eléments examinés: 215567 Temps écoulé: 40 minute(s), 2 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 3 Clé(s) du Registre infectée(s): 27 Valeur(s) du Registre infectée(s): 3 Elément(s) de données du Registre infecté(s): 3 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 46 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): C:\WINDOWS\system32\mwfolwmu.dll (Trojan.Vundo) -> Unloaded module successfully. C:\WINDOWS\system32\urqRHwUK.dll (Trojan.Vundo) -> Unloaded module successfully. C:\WINDOWS\system32\mlJYrsqP.dll (Trojan.Vundo) -> Unloaded module successfully. Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a9e4036e-a6a8-494c-a2ee-327e6bef8e69} (Trojan.Vundo) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{a9e4036e-a6a8-494c-a2ee-327e6bef8e69} (Trojan.Vundo) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{85891cf5-118e-44af-8682-a7b08d33a9e7} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85891cf5-118e-44af-8682-a7b08d33a9e7} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mljyrsqp (Trojan.Vundo) -> Delete on reboot. HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{9f593aac-ca4c-4a41-a7ff-a00812192d61} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{749ec66f-a838-4b38-b8e5-e65d905fff74} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\il download manager (Rogue.Installer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\toxic biohazard (Rogue.Installer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gooochi (Rogue.Installer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{cf2818bd-fad5-0094-2dd1-b8c90593cf3a} (Rogue.Installer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fl studio 8 (Rogue.Installer) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\AntiSpywareMaster (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MySidesearch (Adware.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deewoo Network Manager (Adware.Radio) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f037794e (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{85891cf5-118e-44af-8682-a7b08d33a9e7} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmf3044ad2 (Trojan.Agent) -> Delete on reboot. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqrhwuk -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqrhwuk -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): C:\Program Files\AntiSpywareMaster (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\WINDOWS\system32\urqRHwUK.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\KUwHRqru.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\KUwHRqru.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bkayjghc.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\chgjyakb.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bvgmglbi.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iblgmgvb.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mwfolwmu.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\umwlofwm.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mlJYrsqP.dll (Trojan.Vundo) -> Delete on reboot. C:\Program Files\Image-Line\Downloader\Uninstall.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Program Files\Image-Line\Toxic Biohazard\Uninstall.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{96F01DAA-D378-4248-9573-9FA18879C7F3}\RP45\A0024222.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{96F01DAA-D378-4248-9573-9FA18879C7F3}\RP45\A0024224.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{96F01DAA-D378-4248-9573-9FA18879C7F3}\RP45\A0024227.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{96F01DAA-D378-4248-9573-9FA18879C7F3}\RP45\A0024229.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{96F01DAA-D378-4248-9573-9FA18879C7F3}\RP45\A0024233.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{96F01DAA-D378-4248-9573-9FA18879C7F3}\RP45\A0024234.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{96F01DAA-D378-4248-9573-9FA18879C7F3}\RP45\A0024240.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{96F01DAA-D378-4248-9573-9FA18879C7F3}\RP45\A0024241.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{96F01DAA-D378-4248-9573-9FA18879C7F3}\RP45\A0024242.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{96F01DAA-D378-4248-9573-9FA18879C7F3}\RP45\A0024245.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{96F01DAA-D378-4248-9573-9FA18879C7F3}\RP45\A0024247.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{96F01DAA-D378-4248-9573-9FA18879C7F3}\RP45\A0024248.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{96F01DAA-D378-4248-9573-9FA18879C7F3}\RP45\A0024250.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{96F01DAA-D378-4248-9573-9FA18879C7F3}\RP45\A0024253.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{96F01DAA-D378-4248-9573-9FA18879C7F3}\RP45\A0024255.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{96F01DAA-D378-4248-9573-9FA18879C7F3}\RP45\A0024257.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{96F01DAA-D378-4248-9573-9FA18879C7F3}\RP45\A0024391.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{96F01DAA-D378-4248-9573-9FA18879C7F3}\RP45\A0024413.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{96F01DAA-D378-4248-9573-9FA18879C7F3}\RP45\A0024417.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{96F01DAA-D378-4248-9573-9FA18879C7F3}\RP53\A0040424.dll (Adware.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\g74.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\WINDOWS\system32\klbpjzjyhjvin.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pwcndjiabgtdjjmqt.dll-uninst.exe (Rogue.Installer) -> Quarantined and deleted successfully. E:\Program Files\Image-Line\FL Studio 8\Uninstall.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\gside.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ktpcdods.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qoMdeDVm.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cbXOHWNG.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hgGwTkLc.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hgGyxwXn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  5. tunesl1tr
    bonjour jai 2 problème sur ma machine premierement, je perd mais icon et ma barre de tache sur mon bureau seul solution jai trouver pour la ravoir c en rebootent mon ordi. Deuxiemement jais plusieur trojan dont l'un est virtumonde et plusieur autre je poste mon log danalyse de hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 22:00:05, on 2008-07-08 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\wdfmgr.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\Program Files\Analog Devices\SoundMAX\Smtray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe C:\Program Files\Netropa\Onscreen Display\OSD.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Spyware Doctor\pctsGui.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\System32\Rundll32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\installer\WLSetupSvc.exe C:\WINDOWS\explorer.exe E:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [{ed4714d3-1995-52e9-4117-b8f4550c041c}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\pygdnuivmrmodtoq.dll" DllStart O4 - HKLM\..\Run: [AntiSpywareMaster] C:\Program Files\AntiSpywareMaster\asm.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [bMf3044ad2] Rundll32.exe "C:\WINDOWS\system32\nwuuwull.dll",s O4 - HKLM\..\Run: [f037794e] rundll32.exe "C:\WINDOWS\system32\bvgmglbi.dll",b O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [Mwto] "C:\WINDOWS\SKS~1\chkntfs.exe" -vt yazb O4 - HKCU\..\Run: [Mxistsrh] C:\WINDOWS\?dobe\w?nword.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\ncntmtdm.exe O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rswnw64l.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1215439294515 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe merci d'avance
  6. tunesl1tr
    bonjour jai 2 problème sur ma machine premierement, je perd mais icon et ma barre de tache sur mon bureau seul solution jai trouver pour la ravoir c en rebootent mon ordi. Deuxiemement jais plusieur trojan dont l'un est virtumonde et plusieur autre je poste mon log danalyse de hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 22:00:05, on 2008-07-08 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\wdfmgr.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\Program Files\Analog Devices\SoundMAX\Smtray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe C:\Program Files\Netropa\Onscreen Display\OSD.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Spyware Doctor\pctsGui.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\System32\Rundll32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\installer\WLSetupSvc.exe C:\WINDOWS\explorer.exe E:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [{ed4714d3-1995-52e9-4117-b8f4550c041c}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\pygdnuivmrmodtoq.dll" DllStart O4 - HKLM\..\Run: [AntiSpywareMaster] C:\Program Files\AntiSpywareMaster\asm.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [bMf3044ad2] Rundll32.exe "C:\WINDOWS\system32\nwuuwull.dll",s O4 - HKLM\..\Run: [f037794e] rundll32.exe "C:\WINDOWS\system32\bvgmglbi.dll",b O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [Mwto] "C:\WINDOWS\SKS~1\chkntfs.exe" -vt yazb O4 - HKCU\..\Run: [Mxistsrh] C:\WINDOWS\?dobe\w?nword.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\ncntmtdm.exe O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rswnw64l.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1215439294515 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe merci d'avance
×
×
  • Créer...