Salut à tous!

Hier soir, j'ai chopé un virus... J'ai réussi à l'exterminer mais depuis, Win XP SP2 m'indique qu'il y a un DLL manquant...

Le nom du fautif : NKXPITFV.DLL

Et impossible de le trouver pour le télécharger...

Voilà, je voulais savoir où je peux le trouver, ou alors ce que je dois faire pour que Win ne m'affiche plus ce DLL manquant...

Merci à tous,

Bonne journée!

UP!

Bonjour,

Pourquoi poster ici ?

Salut! Comme c'est du à un virus je me suis dit que j'étais dans la bonne catégorie...

Mais c'est vrai que j'ai hésité avec la catégorie OS...

On peut voir ce qu'on peut faire.

Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

Ok merci je ferai cela dès que je serai chez moi! Ce sera demain matin!

Merci beaucoup!

Voici mon rapport Hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 10:49:14, on 31/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\SyncServer.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\WINDOWS\system32\DllHost.exe
Z:\Arnaud\Mes Documents\My Completed Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {35DA0A6C-A175-4232-9488-AF5D7F7FB79F} - C:\WINDOWS\system32\xxyyvUNE.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {BB81FE02-F70B-46C2-82C3-DE5C6652E677} - C:\WINDOWS\system32\urqqQhFy.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BMa7632f4b] "Rundll32.exe" "C:\WINDOWS\system32\nkxptifv.dll",s
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{6051CC9A-59E4-4AA8-8623-3CA747C03D17}: NameServer = 192.168.103.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{6051CC9A-59E4-4AA8-8623-3CA747C03D17}: NameServer = 192.168.103.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: urqqQhFy - urqqQhFy.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

J'espere que c'est assez!

Il y a bien une infection.

Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !

• Télécharge ComboFix (sUBs) sur ton Bureau.
• Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
• Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer

Merci beaucoup de m'aider!

Alors, voici le log complet :

ComboFix 08-08-30.03 - Arnaud 2008-08-31 22:03:02.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1586 [GMT 2:00]
Endroit: Z:\Arnaud\Mes Documents\My Completed Downloads\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Arnaud\Application Data\macromedia\Flash Player\#SharedObjects\SQ6MYELS\bin.clearspring.com
C:\Documents and Settings\Arnaud\Application Data\macromedia\Flash Player\#SharedObjects\SQ6MYELS\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Arnaud\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Arnaud\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\WINDOWS\BMa7632f4b.txt
C:\WINDOWS\BMa7632f4b.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ENUvyyxx.ini
C:\WINDOWS\system32\ENUvyyxx.ini2
C:\WINDOWS\system32\tuvSmnKC.dll
C:\WINDOWS\system32\vtUOGyWM.dll
C:\WINDOWS\system32\wvUkHxVM.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-28 to 2008-08-31 ))))))))))))))))))))))))))))))))))))
.

2008-08-31 11:05 . 2004-08-03 23:08 59,136 --a------ C:\WINDOWS\system32\drivers\GcKernel.sys
2008-08-31 11:05 . 2004-08-03 23:08 59,136 --a--c--- C:\WINDOWS\system32\dllcache\gckernel.sys
2008-08-31 11:05 . 2001-08-17 22:02 2,688 --a------ C:\WINDOWS\system32\drivers\HIDSwvd.sys
2008-08-31 11:05 . 2001-08-17 22:02 2,688 --a--c--- C:\WINDOWS\system32\dllcache\hidswvd.sys
2008-08-31 10:53 . 2008-08-31 10:53 <REP> d-------- C:\Program Files\QuickTime
2008-08-30 18:30 . 2008-08-30 18:30 <REP> d-------- C:\Program Files\winpwn-2.5
2008-08-30 18:30 . 2008-08-30 18:30 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\cmw
2008-08-30 16:16 . 2008-08-30 16:16 <REP> d-------- C:\Documents and Settings\Arnaud\Dossier partag‚ de Storm
2008-08-30 16:14 . 1999-12-17 11:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-08-30 15:59 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-08-30 15:59 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-08-30 15:58 . 2008-08-30 15:58 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\Ableton
2008-08-30 15:58 . 2008-08-30 15:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ableton
2008-08-30 15:53 . 2008-08-30 15:53 <REP> d-------- C:\Program Files\Creative
2008-08-30 15:53 . 1999-10-11 11:00 41,984 --------- C:\WINDOWS\Ctregrun.exe
2008-08-30 15:52 . 2005-01-19 16:42 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-08-30 15:52 . 2005-01-19 16:42 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-08-30 15:52 . 2005-01-19 16:42 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-08-30 15:51 . 2008-08-30 15:51 <REP> d-------- C:\Program Files\Ableton
2008-08-30 15:49 . 2008-08-30 15:49 <REP> d-------- C:\WINDOWS\system32\Data
2008-08-30 15:49 . 2008-08-30 15:53 <REP> d-------- C:\Program Files\Creative Professional
2008-08-30 15:49 . 2000-05-11 01:00 90,112 --------- C:\WINDOWS\Updreg.EXE
2008-08-30 15:49 . 2005-04-27 02:44 11,776 --a------ C:\WINDOWS\INRES.DLL
2008-08-30 15:49 . 2005-04-27 02:43 1,884 -ra------ C:\WINDOWS\system32\emuumidi.ini
2008-08-30 15:49 . 2005-04-27 02:43 38 -ra------ C:\WINDOWS\system32\ctzapxx.ini
2008-08-30 13:26 . 2008-08-30 13:27 <REP> d-------- C:\Program Files\Mobile Master
2008-08-30 13:26 . 2008-08-30 13:26 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-08-30 09:31 . 2008-08-30 09:31 <REP> d-------- C:\Program Files\MSXML 4.0
2008-08-29 18:34 . 2008-08-29 18:34 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\Lavasoft
2008-08-29 18:30 . 2008-08-29 18:31 <REP> d-------- C:\Program Files\Spyware Doctor
2008-08-29 18:30 . 2008-08-29 18:30 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\PC Tools
2008-08-29 18:30 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-08-29 18:30 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-08-29 18:30 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-08-29 18:30 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-08-29 18:29 . 2008-08-29 18:29 <REP> d-------- C:\Program Files\Webroot
2008-08-29 18:29 . 2008-08-29 18:29 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-08-29 18:29 . 2008-08-29 18:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-08-29 18:29 . 2007-03-01 19:54 144,960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-08-29 18:29 . 2007-03-01 19:54 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-08-29 18:29 . 2007-03-01 19:54 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-08-29 18:29 . 2007-03-01 19:54 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2008-08-29 18:28 . 2008-08-29 18:28 164 --a------ C:\install.dat
2008-08-29 18:27 . 2008-08-29 18:27 <REP> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-08-29 18:27 . 2008-08-29 18:27 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\Webroot
2008-08-29 18:26 . 2008-08-29 18:27 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-29 18:26 . 2008-08-29 19:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-29 18:25 . 2008-08-29 18:32 <REP> d-------- C:\Program Files\SpywareBlaster
2008-08-29 18:23 . 2008-08-29 18:25 <REP> d-------- C:\Temp
2008-08-29 18:23 . 2008-08-29 18:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-08-29 18:16 . 2008-08-29 18:16 <REP> d-------- C:\WINDOWS\system32\GroupPolicy
2008-08-29 13:11 . 2008-08-29 17:23 28 --a------ C:\WINDOWS\ODBC.INI
2008-08-29 12:32 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-08-29 12:32 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-08-29 12:27 . 1998-10-29 17:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-08-29 12:24 . 2008-08-29 12:24 1,409 --a------ C:\WINDOWS\system32\tmp157F3.FOT
2008-08-29 12:16 . 2008-08-29 12:16 <REP> d-------- C:\Program Files\RegCleaner
2008-08-29 12:04 . 2008-08-29 12:04 <REP> d-------- C:\Program Files\Symbian
2008-08-29 12:03 . 2008-08-29 21:38 <REP> d-------- C:\Program Files\Siemens Data Suite SX1
2008-08-29 11:00 . 2008-08-29 11:00 <REP> d-------- C:\Program Files\Microsoft Works
2008-08-29 10:59 . 2008-08-29 10:59 <REP> d-------- C:\Program Files\MSBuild
2008-08-29 10:59 . 2008-08-29 10:59 <REP> d-------- C:\Program Files\Microsoft.NET
2008-08-29 10:57 . 2008-08-29 10:57 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-08-29 10:56 . 2008-08-29 14:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-29 10:55 . 2008-08-29 10:55 <REP> dr-h----- C:\MSOCache
2008-08-29 10:54 . 2008-08-29 10:54 36,864 --a------ C:\WINDOWS\system32\urqqQhFy.dll__DELETE_ON_REBOOT
2008-08-28 22:09 . 2008-08-28 22:09 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\LGSync
2008-08-28 22:08 . 2004-09-16 11:31 1,703,936 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-08-28 22:08 . 2005-09-26 22:55 419,240 --a------ C:\WINDOWS\system32\Vsflex7L.ocx
2008-08-28 22:08 . 2000-05-22 00:00 244,416 --a------ C:\WINDOWS\system32\Msflxgrd.ocx
2008-08-28 22:08 . 2005-06-28 22:12 36,864 --a------ C:\WINDOWS\system32\CSDLGE1LIB.dll
2008-08-28 21:46 . 2008-08-28 22:06 <REP> d-------- C:\KE970
2008-08-28 21:41 . 2005-11-24 11:34 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2008-08-28 21:41 . 2006-05-04 08:33 53,248 --a------ C:\WINDOWS\system32\CommonDL.dll
2008-08-28 21:41 . 2005-10-04 10:39 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2008-08-28 21:41 . 2008-08-28 21:43 2,412 --a------ C:\WINDOWS\system32\lgAxconfig.ini
2008-08-28 21:40 . 2008-08-28 21:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
2008-08-28 21:32 . 2008-08-28 21:32 41 --a------ C:\WINDOWS\pos.ini
2008-08-28 15:28 . 2004-08-19 16:09 154,112 --a------ C:\WINDOWS\system32\irftp.exe
2008-08-28 15:28 . 2004-08-19 16:09 154,112 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2008-08-28 15:28 . 2004-08-19 16:09 28,160 --a------ C:\WINDOWS\system32\irmon.dll
2008-08-28 15:28 . 2004-08-19 16:09 28,160 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll
2008-08-28 15:28 . 2004-08-19 16:09 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2008-08-28 15:28 . 2004-08-19 16:09 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2008-08-28 15:05 . 2008-08-28 15:05 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-08-28 15:05 . 2008-08-28 15:05 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-08-28 15:01 . 2008-08-28 15:01 <REP> d-------- C:\Program Files\Fichiers communs\Motorola Shared
2008-08-28 15:01 . 2008-08-28 15:01 <REP> d-------- C:\Program Files\Common Files
2008-08-28 15:01 . 2006-11-13 14:45 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-08-28 15:01 . 2006-12-13 17:52 20,992 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
2008-08-26 21:44 . 2008-08-26 21:44 <REP> d---s---- C:\Documents and Settings\Arnaud\UserData
2008-08-26 21:40 . 2008-08-26 21:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-08-26 18:29 . 2008-08-30 13:27 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\Mobile Master
2008-08-26 13:47 . 2008-08-26 13:47 <REP> d-------- C:\Documents and Settings\Arnaud\Contacts
2008-08-26 13:46 . 2008-08-26 21:43 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-08-26 13:46 . 2008-08-26 13:46 268 --ah----- C:\sqmdata00.sqm
2008-08-26 13:46 . 2008-08-26 13:46 244 --ah----- C:\sqmnoopt00.sqm
2008-08-25 09:13 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-24 17:30 . 2008-08-24 17:30 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-08-24 17:27 . 2008-04-28 20:25 4,224 --a------ C:\WINDOWS\system32\drivers\NVStrap.sys
2008-08-23 23:47 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2008-08-23 23:47 . 2003-02-28 18:26 46,352 --a------ C:\WINDOWS\setdebug.exe
2008-08-23 23:47 . 2003-02-28 16:54 7,315 --a------ C:\WINDOWS\system32\javasup.vxd
2008-08-23 23:47 . 2003-02-28 16:35 6,550 --a------ C:\WINDOWS\jautoexp.dat
2008-08-23 23:47 . 2003-02-28 16:38 113 --a------ C:\WINDOWS\system32\zonedon.reg
2008-08-23 23:47 . 2003-02-28 16:38 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2008-08-23 22:58 . 2008-08-23 22:58 <REP> d-------- C:\Documents and Settings\Arnaud\Incomplete
2008-08-23 22:58 . 2008-08-24 14:37 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\LimeWire
2008-08-23 19:37 . 2008-08-23 19:37 <REP> d-------- C:\Program Files\Mio Technology
2008-08-23 13:22 . 2008-08-23 13:22 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-08-23 13:18 . 2008-08-23 23:49 <REP> d-------- C:\Program Files\NOS
2008-08-23 13:18 . 2008-08-23 23:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-08-22 14:41 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-08-22 14:28 . 2008-08-22 14:28 <REP> d-------- C:\Program Files\Apple Software Update
2008-08-21 22:41 . 2008-08-21 22:41 <REP> d-------- C:\Program Files\uTorrent
2008-08-21 22:19 . 2008-08-21 22:21 <REP> d-------- C:\Documents and Settings\Arnaud\.VirtualBox
2008-08-21 22:19 . 2008-07-29 21:24 54,896 --a------ C:\WINDOWS\system32\drivers\VBoxDrv.sys
2008-08-21 22:19 . 2008-07-29 21:24 41,616 --a------ C:\WINDOWS\system32\drivers\VBoxUSBMon.sys
2008-08-21 22:18 . 2008-08-21 22:18 <REP> d-------- C:\Program Files\Sun
2008-08-21 20:45 . 2008-08-21 20:45 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\ImgBurn
2008-08-21 20:44 . 2008-08-21 20:44 <REP> d-------- C:\Program Files\ImgBurn
2008-08-21 18:51 . 2008-08-21 18:51 <REP> d-------- C:\Program Files\HELP
2008-08-21 18:51 . 2008-08-21 18:51 38,201 --a------ C:\Program Files\uninstall.exe
2008-08-21 18:25 . 2008-08-21 18:25 <REP> dr-h----- C:\Documents and Settings\Arnaud\Application Data\SecuROM
2008-08-21 18:25 . 2008-08-21 18:25 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-30 13:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-30 13:50 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-08-24 10:50 100 ----a-w C:\Program Files\FRAPSLOG.TXT
2008-08-21 08:10 4,952 --sha-r C:\Bootfont.bin
2008-08-20 20:56 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-08-20 20:56 --------- d-----w C:\Program Files\Realtek
2008-08-20 20:55 --------- d-----w C:\Documents and Settings\Arnaud\Application Data\InstallShield
2008-08-20 20:48 558,142 ----a-w C:\WINDOWS\java\Packages\X7DNZTZD.ZIP
2008-08-20 20:48 155,995 ----a-w C:\WINDOWS\java\Packages\H7F973RH.ZIP
2008-08-20 20:48 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-20 20:46 --------- d-----w C:\Program Files\Services en ligne
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-05-16 09:48 446,464 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2006-10-26 09:44 2,838,528 ----a-w C:\Program Files\fraps.exe
2006-10-26 09:43 122,880 ----a-w C:\Program Files\frapslcd.dll
2006-10-26 09:43 110,592 ----a-w C:\Program Files\fraps.dll
2006-10-26 08:36 11,066 ----a-w C:\Program Files\changes.txt
2006-10-26 02:44 1,859 ----a-w C:\Program Files\README.HTM
2006-10-21 00:56 56,320 ----a-w C:\Program Files\fraps64.dll
2006-10-21 00:56 293,376 ----a-w C:\Program Files\fraps64.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-09 09:29 7561216]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-09 09:29 86016]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-03-01 20:30 4865600]
"nwiz"="nwiz.exe" [2006-03-09 09:29 1519616 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-22 16:40 16858112 C:\WINDOWS\RTHDCPL.EXE]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 16:10 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"C:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\DRIVERS\avgntmgr.sys [2008-01-21 18:11]
R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2008-05-09 13:15]
R1 VBoxDrv;VirtualBox Service;C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2008-07-29 21:24]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2008-07-29 21:24]
S0 NVStrap;NVStrap;C:\WINDOWS\system32\drivers\NVStrap.sys [2008-04-28 20:25]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-08-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{35DA0A6C-A175-4232-9488-AF5D7F7FB79F} - C:\WINDOWS\system32\xxyyvUNE.dll
HKLM-Run-BMa7632f4b - C:\WINDOWS\system32\nkxptifv.dll
Notify-urqqQhFy - urqqQhFy.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\7o7heck6.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.be/
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-31 22:07:08
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...