[RESOLU]Fichier DLL manquant
Dernière réponse : dans Sécurité
Salut à tous!
Hier soir, j'ai chopé un virus... J'ai réussi à l'exterminer mais depuis, Win XP SP2 m'indique qu'il y a un DLL manquant...
Le nom du fautif : NKXPITFV.DLL
Et impossible de le trouver pour le télécharger...
Voilà, je voulais savoir où je peux le trouver, ou alors ce que je dois faire pour que Win ne m'affiche plus ce DLL manquant...
Merci à tous,
Bonne journée!
Hier soir, j'ai chopé un virus... J'ai réussi à l'exterminer mais depuis, Win XP SP2 m'indique qu'il y a un DLL manquant...
Le nom du fautif : NKXPITFV.DLL
Et impossible de le trouver pour le télécharger...
Voilà, je voulais savoir où je peux le trouver, ou alors ce que je dois faire pour que Win ne m'affiche plus ce DLL manquant...
Merci à tous,
Bonne journée!
Autres pages sur : resolu fichier dll manquant
Lassé par la pub ? Créez un compte
On peut voir ce qu'on peut faire.
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Voici mon rapport Hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 10:49:14, on 31/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\SyncServer.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\WINDOWS\system32\DllHost.exe
Z:\Arnaud\Mes Documents\My Completed Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {35DA0A6C-A175-4232-9488-AF5D7F7FB79F} - C:\WINDOWS\system32\xxyyvUNE.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {BB81FE02-F70B-46C2-82C3-DE5C6652E677} - C:\WINDOWS\system32\urqqQhFy.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BMa7632f4b] "Rundll32.exe" "C:\WINDOWS\system32\nkxptifv.dll",s
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{6051CC9A-59E4-4AA8-8623-3CA747C03D17}: NameServer = 192.168.103.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{6051CC9A-59E4-4AA8-8623-3CA747C03D17}: NameServer = 192.168.103.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: urqqQhFy - urqqQhFy.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
J'espere que c'est assez!![;)]( ";)")
Logfile of HijackThis v1.99.1
Scan saved at 10:49:14, on 31/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\SyncServer.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\WINDOWS\system32\DllHost.exe
Z:\Arnaud\Mes Documents\My Completed Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {35DA0A6C-A175-4232-9488-AF5D7F7FB79F} - C:\WINDOWS\system32\xxyyvUNE.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {BB81FE02-F70B-46C2-82C3-DE5C6652E677} - C:\WINDOWS\system32\urqqQhFy.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BMa7632f4b] "Rundll32.exe" "C:\WINDOWS\system32\nkxptifv.dll",s
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{6051CC9A-59E4-4AA8-8623-3CA747C03D17}: NameServer = 192.168.103.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{6051CC9A-59E4-4AA8-8623-3CA747C03D17}: NameServer = 192.168.103.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: urqqQhFy - urqqQhFy.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
J'espere que c'est assez!
Il y a bien une infection.
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
Merci beaucoup de m'aider! ![:D]( ":D")
Alors, voici le log complet :
ComboFix 08-08-30.03 - Arnaud 2008-08-31 22:03:02.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1586 [GMT 2:00]
Endroit: Z:\Arnaud\Mes Documents\My Completed Downloads\ComboFix.exe
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Arnaud\Application Data\macromedia\Flash Player\#SharedObjects\SQ6MYELS\bin.clearspring.com
C:\Documents and Settings\Arnaud\Application Data\macromedia\Flash Player\#SharedObjects\SQ6MYELS\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Arnaud\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Arnaud\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\WINDOWS\BMa7632f4b.txt
C:\WINDOWS\BMa7632f4b.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ENUvyyxx.ini
C:\WINDOWS\system32\ENUvyyxx.ini2
C:\WINDOWS\system32\tuvSmnKC.dll
C:\WINDOWS\system32\vtUOGyWM.dll
C:\WINDOWS\system32\wvUkHxVM.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-28 to 2008-08-31 ))))))))))))))))))))))))))))))))))))
.
2008-08-31 11:05 . 2004-08-03 23:08 59,136 --a------ C:\WINDOWS\system32\drivers\GcKernel.sys
2008-08-31 11:05 . 2004-08-03 23:08 59,136 --a--c--- C:\WINDOWS\system32\dllcache\gckernel.sys
2008-08-31 11:05 . 2001-08-17 22:02 2,688 --a------ C:\WINDOWS\system32\drivers\HIDSwvd.sys
2008-08-31 11:05 . 2001-08-17 22:02 2,688 --a--c--- C:\WINDOWS\system32\dllcache\hidswvd.sys
2008-08-31 10:53 . 2008-08-31 10:53 <REP> d-------- C:\Program Files\QuickTime
2008-08-30 18:30 . 2008-08-30 18:30 <REP> d-------- C:\Program Files\winpwn-2.5
2008-08-30 18:30 . 2008-08-30 18:30 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\cmw
2008-08-30 16:16 . 2008-08-30 16:16 <REP> d-------- C:\Documents and Settings\Arnaud\Dossier partag‚ de Storm
2008-08-30 16:14 . 1999-12-17 11:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-08-30 15:59 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-08-30 15:59 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-08-30 15:58 . 2008-08-30 15:58 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\Ableton
2008-08-30 15:58 . 2008-08-30 15:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ableton
2008-08-30 15:53 . 2008-08-30 15:53 <REP> d-------- C:\Program Files\Creative
2008-08-30 15:53 . 1999-10-11 11:00 41,984 --------- C:\WINDOWS\Ctregrun.exe
2008-08-30 15:52 . 2005-01-19 16:42 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-08-30 15:52 . 2005-01-19 16:42 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-08-30 15:52 . 2005-01-19 16:42 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-08-30 15:51 . 2008-08-30 15:51 <REP> d-------- C:\Program Files\Ableton
2008-08-30 15:49 . 2008-08-30 15:49 <REP> d-------- C:\WINDOWS\system32\Data
2008-08-30 15:49 . 2008-08-30 15:53 <REP> d-------- C:\Program Files\Creative Professional
2008-08-30 15:49 . 2000-05-11 01:00 90,112 --------- C:\WINDOWS\Updreg.EXE
2008-08-30 15:49 . 2005-04-27 02:44 11,776 --a------ C:\WINDOWS\INRES.DLL
2008-08-30 15:49 . 2005-04-27 02:43 1,884 -ra------ C:\WINDOWS\system32\emuumidi.ini
2008-08-30 15:49 . 2005-04-27 02:43 38 -ra------ C:\WINDOWS\system32\ctzapxx.ini
2008-08-30 13:26 . 2008-08-30 13:27 <REP> d-------- C:\Program Files\Mobile Master
2008-08-30 13:26 . 2008-08-30 13:26 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-08-30 09:31 . 2008-08-30 09:31 <REP> d-------- C:\Program Files\MSXML 4.0
2008-08-29 18:34 . 2008-08-29 18:34 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\Lavasoft
2008-08-29 18:30 . 2008-08-29 18:31 <REP> d-------- C:\Program Files\Spyware Doctor
2008-08-29 18:30 . 2008-08-29 18:30 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\PC Tools
2008-08-29 18:30 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-08-29 18:30 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-08-29 18:30 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-08-29 18:30 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-08-29 18:29 . 2008-08-29 18:29 <REP> d-------- C:\Program Files\Webroot
2008-08-29 18:29 . 2008-08-29 18:29 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-08-29 18:29 . 2008-08-29 18:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-08-29 18:29 . 2007-03-01 19:54 144,960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-08-29 18:29 . 2007-03-01 19:54 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-08-29 18:29 . 2007-03-01 19:54 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-08-29 18:29 . 2007-03-01 19:54 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2008-08-29 18:28 . 2008-08-29 18:28 164 --a------ C:\install.dat
2008-08-29 18:27 . 2008-08-29 18:27 <REP> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-08-29 18:27 . 2008-08-29 18:27 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\Webroot
2008-08-29 18:26 . 2008-08-29 18:27 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-29 18:26 . 2008-08-29 19:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-29 18:25 . 2008-08-29 18:32 <REP> d-------- C:\Program Files\SpywareBlaster
2008-08-29 18:23 . 2008-08-29 18:25 <REP> d-------- C:\Temp
2008-08-29 18:23 . 2008-08-29 18:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-08-29 18:16 . 2008-08-29 18:16 <REP> d-------- C:\WINDOWS\system32\GroupPolicy
2008-08-29 13:11 . 2008-08-29 17:23 28 --a------ C:\WINDOWS\ODBC.INI
2008-08-29 12:32 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-08-29 12:32 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-08-29 12:27 . 1998-10-29 17:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-08-29 12:24 . 2008-08-29 12:24 1,409 --a------ C:\WINDOWS\system32\tmp157F3.FOT
2008-08-29 12:16 . 2008-08-29 12:16 <REP> d-------- C:\Program Files\RegCleaner
2008-08-29 12:04 . 2008-08-29 12:04 <REP> d-------- C:\Program Files\Symbian
2008-08-29 12:03 . 2008-08-29 21:38 <REP> d-------- C:\Program Files\Siemens Data Suite SX1
2008-08-29 11:00 . 2008-08-29 11:00 <REP> d-------- C:\Program Files\Microsoft Works
2008-08-29 10:59 . 2008-08-29 10:59 <REP> d-------- C:\Program Files\MSBuild
2008-08-29 10:59 . 2008-08-29 10:59 <REP> d-------- C:\Program Files\Microsoft.NET
2008-08-29 10:57 . 2008-08-29 10:57 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-08-29 10:56 . 2008-08-29 14:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-29 10:55 . 2008-08-29 10:55 <REP> dr-h----- C:\MSOCache
2008-08-29 10:54 . 2008-08-29 10:54 36,864 --a------ C:\WINDOWS\system32\urqqQhFy.dll__DELETE_ON_REBOOT
2008-08-28 22:09 . 2008-08-28 22:09 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\LGSync
2008-08-28 22:08 . 2004-09-16 11:31 1,703,936 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-08-28 22:08 . 2005-09-26 22:55 419,240 --a------ C:\WINDOWS\system32\Vsflex7L.ocx
2008-08-28 22:08 . 2000-05-22 00:00 244,416 --a------ C:\WINDOWS\system32\Msflxgrd.ocx
2008-08-28 22:08 . 2005-06-28 22:12 36,864 --a------ C:\WINDOWS\system32\CSDLGE1LIB.dll
2008-08-28 21:46 . 2008-08-28 22:06 <REP> d-------- C:\KE970
2008-08-28 21:41 . 2005-11-24 11:34 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2008-08-28 21:41 . 2006-05-04 08:33 53,248 --a------ C:\WINDOWS\system32\CommonDL.dll
2008-08-28 21:41 . 2005-10-04 10:39 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2008-08-28 21:41 . 2008-08-28 21:43 2,412 --a------ C:\WINDOWS\system32\lgAxconfig.ini
2008-08-28 21:40 . 2008-08-28 21:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
2008-08-28 21:32 . 2008-08-28 21:32 41 --a------ C:\WINDOWS\pos.ini
2008-08-28 15:28 . 2004-08-19 16:09 154,112 --a------ C:\WINDOWS\system32\irftp.exe
2008-08-28 15:28 . 2004-08-19 16:09 154,112 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2008-08-28 15:28 . 2004-08-19 16:09 28,160 --a------ C:\WINDOWS\system32\irmon.dll
2008-08-28 15:28 . 2004-08-19 16:09 28,160 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll
2008-08-28 15:28 . 2004-08-19 16:09 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2008-08-28 15:28 . 2004-08-19 16:09 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2008-08-28 15:05 . 2008-08-28 15:05 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-08-28 15:05 . 2008-08-28 15:05 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-08-28 15:01 . 2008-08-28 15:01 <REP> d-------- C:\Program Files\Fichiers communs\Motorola Shared
2008-08-28 15:01 . 2008-08-28 15:01 <REP> d-------- C:\Program Files\Common Files
2008-08-28 15:01 . 2006-11-13 14:45 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-08-28 15:01 . 2006-12-13 17:52 20,992 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
2008-08-26 21:44 . 2008-08-26 21:44 <REP> d---s---- C:\Documents and Settings\Arnaud\UserData
2008-08-26 21:40 . 2008-08-26 21:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-08-26 18:29 . 2008-08-30 13:27 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\Mobile Master
2008-08-26 13:47 . 2008-08-26 13:47 <REP> d-------- C:\Documents and Settings\Arnaud\Contacts
2008-08-26 13:46 . 2008-08-26 21:43 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-08-26 13:46 . 2008-08-26 13:46 268 --ah----- C:\sqmdata00.sqm
2008-08-26 13:46 . 2008-08-26 13:46 244 --ah----- C:\sqmnoopt00.sqm
2008-08-25 09:13 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-24 17:30 . 2008-08-24 17:30 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-08-24 17:27 . 2008-04-28 20:25 4,224 --a------ C:\WINDOWS\system32\drivers\NVStrap.sys
2008-08-23 23:47 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2008-08-23 23:47 . 2003-02-28 18:26 46,352 --a------ C:\WINDOWS\setdebug.exe
2008-08-23 23:47 . 2003-02-28 16:54 7,315 --a------ C:\WINDOWS\system32\javasup.vxd
2008-08-23 23:47 . 2003-02-28 16:35 6,550 --a------ C:\WINDOWS\jautoexp.dat
2008-08-23 23:47 . 2003-02-28 16:38 113 --a------ C:\WINDOWS\system32\zonedon.reg
2008-08-23 23:47 . 2003-02-28 16:38 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2008-08-23 22:58 . 2008-08-23 22:58 <REP> d-------- C:\Documents and Settings\Arnaud\Incomplete
2008-08-23 22:58 . 2008-08-24 14:37 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\LimeWire
2008-08-23 19:37 . 2008-08-23 19:37 <REP> d-------- C:\Program Files\Mio Technology
2008-08-23 13:22 . 2008-08-23 13:22 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-08-23 13:18 . 2008-08-23 23:49 <REP> d-------- C:\Program Files\NOS
2008-08-23 13:18 . 2008-08-23 23:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-08-22 14:41 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-08-22 14:28 . 2008-08-22 14:28 <REP> d-------- C:\Program Files\Apple Software Update
2008-08-21 22:41 . 2008-08-21 22:41 <REP> d-------- C:\Program Files\uTorrent
2008-08-21 22:19 . 2008-08-21 22:21 <REP> d-------- C:\Documents and Settings\Arnaud\.VirtualBox
2008-08-21 22:19 . 2008-07-29 21:24 54,896 --a------ C:\WINDOWS\system32\drivers\VBoxDrv.sys
2008-08-21 22:19 . 2008-07-29 21:24 41,616 --a------ C:\WINDOWS\system32\drivers\VBoxUSBMon.sys
2008-08-21 22:18 . 2008-08-21 22:18 <REP> d-------- C:\Program Files\Sun
2008-08-21 20:45 . 2008-08-21 20:45 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\ImgBurn
2008-08-21 20:44 . 2008-08-21 20:44 <REP> d-------- C:\Program Files\ImgBurn
2008-08-21 18:51 . 2008-08-21 18:51 <REP> d-------- C:\Program Files\HELP
2008-08-21 18:51 . 2008-08-21 18:51 38,201 --a------ C:\Program Files\uninstall.exe
2008-08-21 18:25 . 2008-08-21 18:25 <REP> dr-h----- C:\Documents and Settings\Arnaud\Application Data\SecuROM
2008-08-21 18:25 . 2008-08-21 18:25 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-30 13:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-30 13:50 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-08-24 10:50 100 ----a-w C:\Program Files\FRAPSLOG.TXT
2008-08-21 08:10 4,952 --sha-r C:\Bootfont.bin
2008-08-20 20:56 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-08-20 20:56 --------- d-----w C:\Program Files\Realtek
2008-08-20 20:55 --------- d-----w C:\Documents and Settings\Arnaud\Application Data\InstallShield
2008-08-20 20:48 558,142 ----a-w C:\WINDOWS\java\Packages\X7DNZTZD.ZIP
2008-08-20 20:48 155,995 ----a-w C:\WINDOWS\java\Packages\H7F973RH.ZIP
2008-08-20 20:48 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-20 20:46 --------- d-----w C:\Program Files\Services en ligne
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-05-16 09:48 446,464 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2006-10-26 09:44 2,838,528 ----a-w C:\Program Files\fraps.exe
2006-10-26 09:43 122,880 ----a-w C:\Program Files\frapslcd.dll
2006-10-26 09:43 110,592 ----a-w C:\Program Files\fraps.dll
2006-10-26 08:36 11,066 ----a-w C:\Program Files\changes.txt
2006-10-26 02:44 1,859 ----a-w C:\Program Files\README.HTM
2006-10-21 00:56 56,320 ----a-w C:\Program Files\fraps64.dll
2006-10-21 00:56 293,376 ----a-w C:\Program Files\fraps64.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-09 09:29 7561216]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-09 09:29 86016]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-03-01 20:30 4865600]
"nwiz"="nwiz.exe" [2006-03-09 09:29 1519616 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-22 16:40 16858112 C:\WINDOWS\RTHDCPL.EXE]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 16:10 110592 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"C:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\DRIVERS\avgntmgr.sys [2008-01-21 18:11]
R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2008-05-09 13:15]
R1 VBoxDrv;VirtualBox Service;C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2008-07-29 21:24]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2008-07-29 21:24]
S0 NVStrap;NVStrap;C:\WINDOWS\system32\drivers\NVStrap.sys [2008-04-28 20:25]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
2008-08-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -
BHO-{35DA0A6C-A175-4232-9488-AF5D7F7FB79F} - C:\WINDOWS\system32\xxyyvUNE.dll
HKLM-Run-BMa7632f4b - C:\WINDOWS\system32\nkxptifv.dll
Notify-urqqQhFy - urqqQhFy.dll
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\7o7heck6.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.be/
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-31 22:07:08
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\ssu.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\SyncServer.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-31 22:10:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-31 20:09:57
Pre-Run: 152,724,185,088 octets libres
Post-Run: 152,892,514,304 octets libres
274 --- E O F --- 2008-08-30 07:31:15
Alors, voici le log complet :
ComboFix 08-08-30.03 - Arnaud 2008-08-31 22:03:02.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1586 [GMT 2:00]
Endroit: Z:\Arnaud\Mes Documents\My Completed Downloads\ComboFix.exe
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Arnaud\Application Data\macromedia\Flash Player\#SharedObjects\SQ6MYELS\bin.clearspring.com
C:\Documents and Settings\Arnaud\Application Data\macromedia\Flash Player\#SharedObjects\SQ6MYELS\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Arnaud\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Arnaud\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\WINDOWS\BMa7632f4b.txt
C:\WINDOWS\BMa7632f4b.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ENUvyyxx.ini
C:\WINDOWS\system32\ENUvyyxx.ini2
C:\WINDOWS\system32\tuvSmnKC.dll
C:\WINDOWS\system32\vtUOGyWM.dll
C:\WINDOWS\system32\wvUkHxVM.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-28 to 2008-08-31 ))))))))))))))))))))))))))))))))))))
.
2008-08-31 11:05 . 2004-08-03 23:08 59,136 --a------ C:\WINDOWS\system32\drivers\GcKernel.sys
2008-08-31 11:05 . 2004-08-03 23:08 59,136 --a--c--- C:\WINDOWS\system32\dllcache\gckernel.sys
2008-08-31 11:05 . 2001-08-17 22:02 2,688 --a------ C:\WINDOWS\system32\drivers\HIDSwvd.sys
2008-08-31 11:05 . 2001-08-17 22:02 2,688 --a--c--- C:\WINDOWS\system32\dllcache\hidswvd.sys
2008-08-31 10:53 . 2008-08-31 10:53 <REP> d-------- C:\Program Files\QuickTime
2008-08-30 18:30 . 2008-08-30 18:30 <REP> d-------- C:\Program Files\winpwn-2.5
2008-08-30 18:30 . 2008-08-30 18:30 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\cmw
2008-08-30 16:16 . 2008-08-30 16:16 <REP> d-------- C:\Documents and Settings\Arnaud\Dossier partag‚ de Storm
2008-08-30 16:14 . 1999-12-17 11:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-08-30 15:59 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-08-30 15:59 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-08-30 15:58 . 2008-08-30 15:58 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\Ableton
2008-08-30 15:58 . 2008-08-30 15:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ableton
2008-08-30 15:53 . 2008-08-30 15:53 <REP> d-------- C:\Program Files\Creative
2008-08-30 15:53 . 1999-10-11 11:00 41,984 --------- C:\WINDOWS\Ctregrun.exe
2008-08-30 15:52 . 2005-01-19 16:42 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-08-30 15:52 . 2005-01-19 16:42 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-08-30 15:52 . 2005-01-19 16:42 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-08-30 15:51 . 2008-08-30 15:51 <REP> d-------- C:\Program Files\Ableton
2008-08-30 15:49 . 2008-08-30 15:49 <REP> d-------- C:\WINDOWS\system32\Data
2008-08-30 15:49 . 2008-08-30 15:53 <REP> d-------- C:\Program Files\Creative Professional
2008-08-30 15:49 . 2000-05-11 01:00 90,112 --------- C:\WINDOWS\Updreg.EXE
2008-08-30 15:49 . 2005-04-27 02:44 11,776 --a------ C:\WINDOWS\INRES.DLL
2008-08-30 15:49 . 2005-04-27 02:43 1,884 -ra------ C:\WINDOWS\system32\emuumidi.ini
2008-08-30 15:49 . 2005-04-27 02:43 38 -ra------ C:\WINDOWS\system32\ctzapxx.ini
2008-08-30 13:26 . 2008-08-30 13:27 <REP> d-------- C:\Program Files\Mobile Master
2008-08-30 13:26 . 2008-08-30 13:26 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-08-30 09:31 . 2008-08-30 09:31 <REP> d-------- C:\Program Files\MSXML 4.0
2008-08-29 18:34 . 2008-08-29 18:34 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\Lavasoft
2008-08-29 18:30 . 2008-08-29 18:31 <REP> d-------- C:\Program Files\Spyware Doctor
2008-08-29 18:30 . 2008-08-29 18:30 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\PC Tools
2008-08-29 18:30 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-08-29 18:30 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-08-29 18:30 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-08-29 18:30 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-08-29 18:29 . 2008-08-29 18:29 <REP> d-------- C:\Program Files\Webroot
2008-08-29 18:29 . 2008-08-29 18:29 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-08-29 18:29 . 2008-08-29 18:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-08-29 18:29 . 2007-03-01 19:54 144,960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-08-29 18:29 . 2007-03-01 19:54 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-08-29 18:29 . 2007-03-01 19:54 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-08-29 18:29 . 2007-03-01 19:54 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2008-08-29 18:28 . 2008-08-29 18:28 164 --a------ C:\install.dat
2008-08-29 18:27 . 2008-08-29 18:27 <REP> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-08-29 18:27 . 2008-08-29 18:27 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\Webroot
2008-08-29 18:26 . 2008-08-29 18:27 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-29 18:26 . 2008-08-29 19:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-29 18:25 . 2008-08-29 18:32 <REP> d-------- C:\Program Files\SpywareBlaster
2008-08-29 18:23 . 2008-08-29 18:25 <REP> d-------- C:\Temp
2008-08-29 18:23 . 2008-08-29 18:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-08-29 18:16 . 2008-08-29 18:16 <REP> d-------- C:\WINDOWS\system32\GroupPolicy
2008-08-29 13:11 . 2008-08-29 17:23 28 --a------ C:\WINDOWS\ODBC.INI
2008-08-29 12:32 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-08-29 12:32 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-08-29 12:27 . 1998-10-29 17:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-08-29 12:24 . 2008-08-29 12:24 1,409 --a------ C:\WINDOWS\system32\tmp157F3.FOT
2008-08-29 12:16 . 2008-08-29 12:16 <REP> d-------- C:\Program Files\RegCleaner
2008-08-29 12:04 . 2008-08-29 12:04 <REP> d-------- C:\Program Files\Symbian
2008-08-29 12:03 . 2008-08-29 21:38 <REP> d-------- C:\Program Files\Siemens Data Suite SX1
2008-08-29 11:00 . 2008-08-29 11:00 <REP> d-------- C:\Program Files\Microsoft Works
2008-08-29 10:59 . 2008-08-29 10:59 <REP> d-------- C:\Program Files\MSBuild
2008-08-29 10:59 . 2008-08-29 10:59 <REP> d-------- C:\Program Files\Microsoft.NET
2008-08-29 10:57 . 2008-08-29 10:57 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-08-29 10:56 . 2008-08-29 14:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-29 10:55 . 2008-08-29 10:55 <REP> dr-h----- C:\MSOCache
2008-08-29 10:54 . 2008-08-29 10:54 36,864 --a------ C:\WINDOWS\system32\urqqQhFy.dll__DELETE_ON_REBOOT
2008-08-28 22:09 . 2008-08-28 22:09 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\LGSync
2008-08-28 22:08 . 2004-09-16 11:31 1,703,936 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-08-28 22:08 . 2005-09-26 22:55 419,240 --a------ C:\WINDOWS\system32\Vsflex7L.ocx
2008-08-28 22:08 . 2000-05-22 00:00 244,416 --a------ C:\WINDOWS\system32\Msflxgrd.ocx
2008-08-28 22:08 . 2005-06-28 22:12 36,864 --a------ C:\WINDOWS\system32\CSDLGE1LIB.dll
2008-08-28 21:46 . 2008-08-28 22:06 <REP> d-------- C:\KE970
2008-08-28 21:41 . 2005-11-24 11:34 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2008-08-28 21:41 . 2006-05-04 08:33 53,248 --a------ C:\WINDOWS\system32\CommonDL.dll
2008-08-28 21:41 . 2005-10-04 10:39 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2008-08-28 21:41 . 2008-08-28 21:43 2,412 --a------ C:\WINDOWS\system32\lgAxconfig.ini
2008-08-28 21:40 . 2008-08-28 21:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
2008-08-28 21:32 . 2008-08-28 21:32 41 --a------ C:\WINDOWS\pos.ini
2008-08-28 15:28 . 2004-08-19 16:09 154,112 --a------ C:\WINDOWS\system32\irftp.exe
2008-08-28 15:28 . 2004-08-19 16:09 154,112 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2008-08-28 15:28 . 2004-08-19 16:09 28,160 --a------ C:\WINDOWS\system32\irmon.dll
2008-08-28 15:28 . 2004-08-19 16:09 28,160 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll
2008-08-28 15:28 . 2004-08-19 16:09 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2008-08-28 15:28 . 2004-08-19 16:09 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2008-08-28 15:05 . 2008-08-28 15:05 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-08-28 15:05 . 2008-08-28 15:05 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-08-28 15:01 . 2008-08-28 15:01 <REP> d-------- C:\Program Files\Fichiers communs\Motorola Shared
2008-08-28 15:01 . 2008-08-28 15:01 <REP> d-------- C:\Program Files\Common Files
2008-08-28 15:01 . 2006-11-13 14:45 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-08-28 15:01 . 2006-12-13 17:52 20,992 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
2008-08-26 21:44 . 2008-08-26 21:44 <REP> d---s---- C:\Documents and Settings\Arnaud\UserData
2008-08-26 21:40 . 2008-08-26 21:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-08-26 18:29 . 2008-08-30 13:27 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\Mobile Master
2008-08-26 13:47 . 2008-08-26 13:47 <REP> d-------- C:\Documents and Settings\Arnaud\Contacts
2008-08-26 13:46 . 2008-08-26 21:43 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-08-26 13:46 . 2008-08-26 13:46 268 --ah----- C:\sqmdata00.sqm
2008-08-26 13:46 . 2008-08-26 13:46 244 --ah----- C:\sqmnoopt00.sqm
2008-08-25 09:13 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-24 17:30 . 2008-08-24 17:30 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-08-24 17:27 . 2008-04-28 20:25 4,224 --a------ C:\WINDOWS\system32\drivers\NVStrap.sys
2008-08-23 23:47 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2008-08-23 23:47 . 2003-02-28 18:26 46,352 --a------ C:\WINDOWS\setdebug.exe
2008-08-23 23:47 . 2003-02-28 16:54 7,315 --a------ C:\WINDOWS\system32\javasup.vxd
2008-08-23 23:47 . 2003-02-28 16:35 6,550 --a------ C:\WINDOWS\jautoexp.dat
2008-08-23 23:47 . 2003-02-28 16:38 113 --a------ C:\WINDOWS\system32\zonedon.reg
2008-08-23 23:47 . 2003-02-28 16:38 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2008-08-23 22:58 . 2008-08-23 22:58 <REP> d-------- C:\Documents and Settings\Arnaud\Incomplete
2008-08-23 22:58 . 2008-08-24 14:37 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\LimeWire
2008-08-23 19:37 . 2008-08-23 19:37 <REP> d-------- C:\Program Files\Mio Technology
2008-08-23 13:22 . 2008-08-23 13:22 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-08-23 13:18 . 2008-08-23 23:49 <REP> d-------- C:\Program Files\NOS
2008-08-23 13:18 . 2008-08-23 23:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-08-22 14:41 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-08-22 14:28 . 2008-08-22 14:28 <REP> d-------- C:\Program Files\Apple Software Update
2008-08-21 22:41 . 2008-08-21 22:41 <REP> d-------- C:\Program Files\uTorrent
2008-08-21 22:19 . 2008-08-21 22:21 <REP> d-------- C:\Documents and Settings\Arnaud\.VirtualBox
2008-08-21 22:19 . 2008-07-29 21:24 54,896 --a------ C:\WINDOWS\system32\drivers\VBoxDrv.sys
2008-08-21 22:19 . 2008-07-29 21:24 41,616 --a------ C:\WINDOWS\system32\drivers\VBoxUSBMon.sys
2008-08-21 22:18 . 2008-08-21 22:18 <REP> d-------- C:\Program Files\Sun
2008-08-21 20:45 . 2008-08-21 20:45 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\ImgBurn
2008-08-21 20:44 . 2008-08-21 20:44 <REP> d-------- C:\Program Files\ImgBurn
2008-08-21 18:51 . 2008-08-21 18:51 <REP> d-------- C:\Program Files\HELP
2008-08-21 18:51 . 2008-08-21 18:51 38,201 --a------ C:\Program Files\uninstall.exe
2008-08-21 18:25 . 2008-08-21 18:25 <REP> dr-h----- C:\Documents and Settings\Arnaud\Application Data\SecuROM
2008-08-21 18:25 . 2008-08-21 18:25 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-30 13:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-30 13:50 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-08-24 10:50 100 ----a-w C:\Program Files\FRAPSLOG.TXT
2008-08-21 08:10 4,952 --sha-r C:\Bootfont.bin
2008-08-20 20:56 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-08-20 20:56 --------- d-----w C:\Program Files\Realtek
2008-08-20 20:55 --------- d-----w C:\Documents and Settings\Arnaud\Application Data\InstallShield
2008-08-20 20:48 558,142 ----a-w C:\WINDOWS\java\Packages\X7DNZTZD.ZIP
2008-08-20 20:48 155,995 ----a-w C:\WINDOWS\java\Packages\H7F973RH.ZIP
2008-08-20 20:48 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-20 20:46 --------- d-----w C:\Program Files\Services en ligne
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-05-16 09:48 446,464 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2006-10-26 09:44 2,838,528 ----a-w C:\Program Files\fraps.exe
2006-10-26 09:43 122,880 ----a-w C:\Program Files\frapslcd.dll
2006-10-26 09:43 110,592 ----a-w C:\Program Files\fraps.dll
2006-10-26 08:36 11,066 ----a-w C:\Program Files\changes.txt
2006-10-26 02:44 1,859 ----a-w C:\Program Files\README.HTM
2006-10-21 00:56 56,320 ----a-w C:\Program Files\fraps64.dll
2006-10-21 00:56 293,376 ----a-w C:\Program Files\fraps64.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-09 09:29 7561216]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-09 09:29 86016]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-03-01 20:30 4865600]
"nwiz"="nwiz.exe" [2006-03-09 09:29 1519616 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-22 16:40 16858112 C:\WINDOWS\RTHDCPL.EXE]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 16:10 110592 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"C:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\DRIVERS\avgntmgr.sys [2008-01-21 18:11]
R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2008-05-09 13:15]
R1 VBoxDrv;VirtualBox Service;C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2008-07-29 21:24]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2008-07-29 21:24]
S0 NVStrap;NVStrap;C:\WINDOWS\system32\drivers\NVStrap.sys [2008-04-28 20:25]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
2008-08-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -
BHO-{35DA0A6C-A175-4232-9488-AF5D7F7FB79F} - C:\WINDOWS\system32\xxyyvUNE.dll
HKLM-Run-BMa7632f4b - C:\WINDOWS\system32\nkxptifv.dll
Notify-urqqQhFy - urqqQhFy.dll
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Arnaud\Application Data\Mozilla\Firefox\Profiles\7o7heck6.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.be/
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-31 22:07:08
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\ssu.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\SyncServer.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-31 22:10:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-31 20:09:57
Pre-Run: 152,724,185,088 octets libres
Post-Run: 152,892,514,304 octets libres
274 --- E O F --- 2008-08-30 07:31:15
Re,
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Bonjour! Voila, je poste mon log Malwarebytes :
Malwarebytes' Anti-Malware 1.25
Database version: 1102
Windows 5.1.2600 Service Pack 2
09:52:58 01/09/2008
mbam-log-09-01-2008 (09-52-58).txt
Scan type: Full Scan (C:\|)
Objects scanned: 144789
Time elapsed: 1 hour(s), 10 minute(s), 49 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\QooBox\Quarantine\C\WINDOWS\system32\tuvSmnKC.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\vtUOGyWM.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\wvUkHxVM.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABACFB86-EBC0-4677-8584-AA219EF1A50C}\RP59\A0011372.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABACFB86-EBC0-4677-8584-AA219EF1A50C}\RP71\A0013416.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABACFB86-EBC0-4677-8584-AA219EF1A50C}\RP71\A0013417.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABACFB86-EBC0-4677-8584-AA219EF1A50C}\RP71\A0013418.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqqQhFy.dll__DELETE_ON_REBOOT (Trojan.Vundo) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.25
Database version: 1102
Windows 5.1.2600 Service Pack 2
09:52:58 01/09/2008
mbam-log-09-01-2008 (09-52-58).txt
Scan type: Full Scan (C:\|)
Objects scanned: 144789
Time elapsed: 1 hour(s), 10 minute(s), 49 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\QooBox\Quarantine\C\WINDOWS\system32\tuvSmnKC.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\vtUOGyWM.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\wvUkHxVM.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABACFB86-EBC0-4677-8584-AA219EF1A50C}\RP59\A0011372.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABACFB86-EBC0-4677-8584-AA219EF1A50C}\RP71\A0013416.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABACFB86-EBC0-4677-8584-AA219EF1A50C}\RP71\A0013417.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{ABACFB86-EBC0-4677-8584-AA219EF1A50C}\RP71\A0013418.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqqQhFy.dll__DELETE_ON_REBOOT (Trojan.Vundo) -> Quarantined and deleted successfully.
Voilà le rapport :
Logfile of HijackThis v1.99.1
Scan saved at 13:17:45, on 1/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\distnoted.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
Z:\Arnaud\Mes Documents\My Completed Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.09\RivaTuner.exe" /S
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{6051CC9A-59E4-4AA8-8623-3CA747C03D17}: NameServer = 192.168.103.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{6051CC9A-59E4-4AA8-8623-3CA747C03D17}: NameServer = 192.168.103.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Logfile of HijackThis v1.99.1
Scan saved at 13:17:45, on 1/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\distnoted.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
Z:\Arnaud\Mes Documents\My Completed Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.09\RivaTuner.exe" /S
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{6051CC9A-59E4-4AA8-8623-3CA747C03D17}: NameServer = 192.168.103.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{6051CC9A-59E4-4AA8-8623-3CA747C03D17}: NameServer = 192.168.103.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Voila :
Alors pour le emuumidi.ini, c'est mon clavier(synthétiseur) qui est branché en MIDI à mon pc.
Et pour l'autre : http://www.virustotal.com/fr/analisis/3f62cdb1d19fe3bc6a104776a22c723f
Alors pour le emuumidi.ini, c'est mon clavier(synthétiseur) qui est branché en MIDI à mon pc.
Et pour l'autre : http://www.virustotal.com/fr/analisis/3f62cdb1d19fe3bc6a104776a22c723f
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumComment installer fichier dll manquant
- ForumFichier dll manquant ou supprime
- solutionsOu trouver un fichier .dll manquant
- solutionsFichier dll manquant pour java
- ForumEcran bleu fichier dll manquant
- ForumFichier dll manquant impossible a retrouver
- ForumFichier .dll manquant
- ForumWorks fichier dll manquant
- ForumMettre un fichier dll manquant
- ForumFichier dll manquant
- Voir plus
