Bonjour,
au démarrage de vista j'ai le message :
c:\ users\kueco\appdata\local\temp\fdtwwwco.dll
entré manquante : run
Mon antivirus est Mac afee ( version d'essai)
Je ne peux pas désinstaller Mac afee et je ne peux pas non plus démarrer Antivir
Voici mon rapport HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:58:33, on 27.02.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe
C:\Program Files\McAfee\MSC\mcshell.exe
C:\Windows\explorer.exe
C:\Users\Kueco\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ch/ig/dell?hl=fr&clie ... bd=4080126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Kueco\AppData\Local\Temp\cbxxy.dll,#1
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Kueco\AppData\Local\Temp\fdtwwwco.dll",run
O4 - HKCU\..\Run: [82bfbea2] rundll32.exe "C:\Users\Kueco\AppData\Local\Temp\dokbmhdq.dll",b
O4 - HKCU\..\Run: [BM818c8d3e] Rundll32.exe "C:\Users\Kueco\AppData\Local\Temp\hbbnpjnr.dll",s
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/v ... .2.1.6.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 12296 bytes
Merci pour votre aide.
Entrée manquante au démarrage : runDLL
Modérateur: Modérateurs
Règles du forum
Les désinfections sont prises en charge par un groupe spécifique, tout le monde ne peut pas intervenir pour désinfecter les machines (règles).
Les procédures sont sur-mesure, ne faites pas la même chose chez vous (explications).
Un topic par machine, chacun crée le sien. 
Les désinfections sont prises en charge par un groupe spécifique, tout le monde ne peut pas intervenir pour désinfecter les machines (règles). Les procédures sont sur-mesure, ne faites pas la même chose chez vous (explications). Un topic par machine, chacun crée le sien.
14 messages
• Page 1 sur 1
Entrée manquante au démarrage : runDLL
par Kueco » 27 Fév 2008 19:07
- Kueco
- Messages: 11
- Inscription: 27 Fév 2008 18:37
Re: Entrée manquante au démarrage : runDLL
par Kueco » 27 Fév 2008 19:21
Voici le rapport ComboFix :
ComboFix 08-02-25.3 - Kueco 2008-02-27 19:16:55.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.2511 [GMT 1:00]
Endroit: C:\Users\Kueco\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-27 to 2008-02-27 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-27 17:13 --------- d-----w C:\ProgramData\AntiVir PersonalEdition Classic
2008-02-27 16:51 27,335 ----a-w C:\Users\Kueco\AppData\Roaming\nvModes.dat
2008-02-27 09:34 --------- d-----w C:\Program Files\McAfee
2008-02-26 08:24 --------- d-----w C:\ProgramData\Dell
2008-02-21 14:35 --------- d-----w C:\Users\Kueco\AppData\Roaming\PeerNetworking
2008-02-17 11:55 --------- d-----w C:\Program Files\HTML Help Workshop
2008-02-17 11:50 --------- d-----w C:\Program Files\RamBoost XP
2008-02-14 13:01 --------- d-----w C:\Users\Kueco\AppData\Roaming\Apple Computer
2008-02-14 13:01 --------- d-----w C:\ProgramData\Apple Computer
2008-02-14 13:01 --------- d-----w C:\Program Files\iTunes
2008-02-14 13:01 --------- d-----w C:\Program Files\iPod
2008-02-14 13:00 --------- d-----w C:\Program Files\QuickTime
2008-02-14 13:00 --------- d-----w C:\Program Files\Bonjour
2008-02-14 12:59 --------- d-----w C:\Program Files\Apple Software Update
2008-02-14 12:58 --------- d-----w C:\ProgramData\Apple
2008-02-14 12:58 --------- d-----w C:\Program Files\Common Files\Apple
2008-02-13 20:27 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-13 20:27 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-13 20:25 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-13 20:25 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-13 20:25 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-13 20:25 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-13 20:25 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-13 20:25 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-13 20:25 110,136 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-13 20:24 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 20:24 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 20:24 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 20:24 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 20:24 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-13 20:24 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-13 20:24 217,144 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-13 20:24 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 20:24 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 20:24 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-13 20:24 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-13 20:23 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 20:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 20:22 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-13 20:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-10 13:14 --------- d-----w C:\ProgramData\FLEXnet
2008-02-10 13:12 --------- d-----w C:\ProgramData\ALM
2008-02-10 12:51 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-10 12:44 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-02-10 09:29 --------- d-----w C:\Users\Kueco\AppData\Roaming\Creative
2008-02-07 19:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-07 19:47 --------- d-----w C:\Program Files\Veoh Networks
2008-02-07 16:44 --------- d-----w C:\Program Files\Windows Live
2008-02-07 16:43 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-07 16:40 --------- d-----w C:\ProgramData\WLInstaller
2008-02-06 20:34 --------- d-----w C:\ProgramData\CyberLink
2008-02-06 18:38 --------- d-----w C:\Program Files\Windows Sidebar
2008-02-06 18:38 --------- d-----w C:\Program Files\Windows Mail
2008-02-06 18:24 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-02-06 18:24 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-02-06 18:24 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-02-06 18:24 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-02-06 18:24 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-06 18:24 --------- d-----w C:\Program Files\Dofus
2008-02-06 18:11 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-02-06 18:11 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-02-06 18:11 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-02-06 18:11 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-02-06 18:10 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-02-06 18:10 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-02-06 18:10 33,624 ----a-w C:\Windows\System32\wups.dll
2008-02-06 18:09 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-02-06 18:09 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2008-02-06 18:02 --------- d-----w C:\Users\Kueco\AppData\Roaming\CyberLink
2008-02-06 17:54 --------- d-----w C:\Users\Kueco\AppData\Roaming\Roxio
2008-02-06 17:51 --------- d-sh--w C:\ProgramData\Modèles
2008-02-06 17:51 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-02-06 17:51 --------- d-sh--w C:\ProgramData\Favoris
2008-02-06 17:51 --------- d-sh--w C:\ProgramData\Documents
2008-02-06 17:51 --------- d-sh--w C:\ProgramData\Bureau
2008-02-06 17:51 --------- d-sh--w C:\ProgramData\Application Data
2008-02-06 17:51 --------- d-sh--w C:\Program Files\Fichiers communs
2008-01-26 04:00 25,784 ------w C:\Windows\system32\drivers\msahci.sys
2008-01-26 04:00 229,888 ----a-w C:\Windows\System32\msshsq.dll
2008-01-26 04:00 20,152 ------w C:\Windows\system32\drivers\viaide.sys
2008-01-26 04:00 19,128 ------w C:\Windows\system32\drivers\cmdide.sys
2008-01-26 04:00 18,104 ------w C:\Windows\system32\drivers\amdide.sys
2008-01-26 04:00 17,592 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-01-26 04:00 17,592 ------w C:\Windows\system32\drivers\aliide.sys
2008-01-26 04:00 --------- d-----w C:\Program Files\DellTPad
2008-01-26 03:59 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-01-26 03:59 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-01-26 03:59 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-01-26 03:59 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-01-26 03:59 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-01-26 03:57 974,336 ----a-w C:\Windows\System32\crypt32.dll
2008-01-26 03:56 8,192 ----a-w C:\Windows\System32\riched32.dll
2008-01-26 03:55 82,432 ----a-w C:\Windows\system32\drivers\sdbus.sys
2008-01-26 03:55 13,312 ------w C:\Windows\system32\drivers\sffdisk.sys
2008-01-26 03:55 12,800 ------w C:\Windows\system32\drivers\sffp_sd.sys
2008-01-26 03:55 12,800 ------w C:\Windows\system32\drivers\sffp_mmc.sys
2008-01-26 03:53 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-01-26 03:53 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-01-26 03:53 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-01-26 03:53 376,320 ----a-w C:\Windows\System32\winsrv.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"MSServer"="C:\Users\Kueco\AppData\Local\Temp\cbxxy.dll" [2008-02-26 22:06 36864]
"MS Juan"="C:\Users\Kueco\AppData\Local\Temp\fdtwwwco.dll" [2008-02-27 10:35 90176]
"82bfbea2"="C:\Users\Kueco\AppData\Local\Temp\dokbmhdq.dll" [2008-02-27 10:35 85056]
"BM818c8d3e"="C:\Users\Kueco\AppData\Local\Temp\hbbnpjnr.dll" [2008-02-27 10:35 91712]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-26 04:53 1006264]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-25 07:03 17920]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-09-24 10:27 159744]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-12-03 06:58 36864]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 19:23 405504]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-16 07:54 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-16 07:53 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-16 07:54 81920]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-05-16 07:54 67584]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]
"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008-01-25 21:20 77824]
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 17:43 118784]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37 81920]
"@"="" []
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 12:22 221184]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 18:30 152144]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-25 21:35 1838592]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-11-01 16:39 189736]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 12:35 221184]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 14:18 267048]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2006-01-18 15:52 266280]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 18:55:50 703280]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-01-25 21:23:39 50688]
QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2008-01-25 21:22:40 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
"LoadAppInit_DLLs"=1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{67D99ACC-179D-4EB2-A026-96D5878773F4}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{F552F0E2-9EEB-4BBA-8516-9F9F4E286BB2}"= TCP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{8C1A063A-DE1C-451C-ABCF-BB6F9ABDF343}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect|Desc=Dell MediaDirect
"{F8135FA2-5091-47E1-8DD8-AC4B3F7E33E9}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program|Desc=CyberLink PowerCinema Resident Program
"{DF81F6C6-585F-4200-9AD5-C83E03EA197B}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine|Desc=Cyberlink Media Server Browser Engine
"{75BFC0CF-D451-45BA-BA98-46706F2FEF56}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server|Desc=CyberLink Media Server
"{3A8E909C-4E21-465B-BC6F-D966CFA6968A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{FC324445-3C18-4984-BF3F-7175E7CF7D6E}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{8766899A-D869-40ED-AF0B-7C587395DCE9}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{41DF32A4-F9F3-4CE3-81F7-DC22883D04B6}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{38E38B6D-B70E-4BFE-97CA-4FA4B37211CA}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-08-29 22:25]
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service []
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 01:39]
R3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-02-25 15:14]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-12-03 06:58]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-12-03 06:59]
S3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2006-11-07 02:37]
S3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2006-11-07 00:13]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-07 00:13]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 08:36]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0049155b-e119-11dc-a2f3-001d09b64a6c}]
\shell\AutoRun\command - RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00491570-e119-11dc-a2f3-001d09b64a6c}]
\shell\AutoRun\command - RavMon.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-25 20:41:47 C:\Windows\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-01-25 20:41:47 C:\Windows\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-27 19:18:45
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\Windows\explorer.exe [6.00.6000.16549]
-> C:\Users\Kueco\AppData\Local\Temp\dokbmhdq.dll
.
Temps d'accomplissement: 2008-02-27 19:19:28
.
2008-02-16 08:01:15 --- E O F ---
ComboFix 08-02-25.3 - Kueco 2008-02-27 19:16:55.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.2511 [GMT 1:00]
Endroit: C:\Users\Kueco\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-27 to 2008-02-27 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-27 17:13 --------- d-----w C:\ProgramData\AntiVir PersonalEdition Classic
2008-02-27 16:51 27,335 ----a-w C:\Users\Kueco\AppData\Roaming\nvModes.dat
2008-02-27 09:34 --------- d-----w C:\Program Files\McAfee
2008-02-26 08:24 --------- d-----w C:\ProgramData\Dell
2008-02-21 14:35 --------- d-----w C:\Users\Kueco\AppData\Roaming\PeerNetworking
2008-02-17 11:55 --------- d-----w C:\Program Files\HTML Help Workshop
2008-02-17 11:50 --------- d-----w C:\Program Files\RamBoost XP
2008-02-14 13:01 --------- d-----w C:\Users\Kueco\AppData\Roaming\Apple Computer
2008-02-14 13:01 --------- d-----w C:\ProgramData\Apple Computer
2008-02-14 13:01 --------- d-----w C:\Program Files\iTunes
2008-02-14 13:01 --------- d-----w C:\Program Files\iPod
2008-02-14 13:00 --------- d-----w C:\Program Files\QuickTime
2008-02-14 13:00 --------- d-----w C:\Program Files\Bonjour
2008-02-14 12:59 --------- d-----w C:\Program Files\Apple Software Update
2008-02-14 12:58 --------- d-----w C:\ProgramData\Apple
2008-02-14 12:58 --------- d-----w C:\Program Files\Common Files\Apple
2008-02-13 20:27 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-13 20:27 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-13 20:25 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-13 20:25 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-13 20:25 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-13 20:25 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-13 20:25 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-13 20:25 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-13 20:25 110,136 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-13 20:24 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 20:24 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 20:24 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 20:24 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 20:24 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-13 20:24 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-13 20:24 217,144 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-13 20:24 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 20:24 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 20:24 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-13 20:24 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-13 20:23 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 20:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 20:22 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-13 20:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-10 13:14 --------- d-----w C:\ProgramData\FLEXnet
2008-02-10 13:12 --------- d-----w C:\ProgramData\ALM
2008-02-10 12:51 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-10 12:44 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-02-10 09:29 --------- d-----w C:\Users\Kueco\AppData\Roaming\Creative
2008-02-07 19:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-07 19:47 --------- d-----w C:\Program Files\Veoh Networks
2008-02-07 16:44 --------- d-----w C:\Program Files\Windows Live
2008-02-07 16:43 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-07 16:40 --------- d-----w C:\ProgramData\WLInstaller
2008-02-06 20:34 --------- d-----w C:\ProgramData\CyberLink
2008-02-06 18:38 --------- d-----w C:\Program Files\Windows Sidebar
2008-02-06 18:38 --------- d-----w C:\Program Files\Windows Mail
2008-02-06 18:24 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-02-06 18:24 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-02-06 18:24 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-02-06 18:24 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-02-06 18:24 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-06 18:24 --------- d-----w C:\Program Files\Dofus
2008-02-06 18:11 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-02-06 18:11 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-02-06 18:11 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-02-06 18:11 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-02-06 18:10 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-02-06 18:10 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-02-06 18:10 33,624 ----a-w C:\Windows\System32\wups.dll
2008-02-06 18:09 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-02-06 18:09 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2008-02-06 18:02 --------- d-----w C:\Users\Kueco\AppData\Roaming\CyberLink
2008-02-06 17:54 --------- d-----w C:\Users\Kueco\AppData\Roaming\Roxio
2008-02-06 17:51 --------- d-sh--w C:\ProgramData\Modèles
2008-02-06 17:51 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-02-06 17:51 --------- d-sh--w C:\ProgramData\Favoris
2008-02-06 17:51 --------- d-sh--w C:\ProgramData\Documents
2008-02-06 17:51 --------- d-sh--w C:\ProgramData\Bureau
2008-02-06 17:51 --------- d-sh--w C:\ProgramData\Application Data
2008-02-06 17:51 --------- d-sh--w C:\Program Files\Fichiers communs
2008-01-26 04:00 25,784 ------w C:\Windows\system32\drivers\msahci.sys
2008-01-26 04:00 229,888 ----a-w C:\Windows\System32\msshsq.dll
2008-01-26 04:00 20,152 ------w C:\Windows\system32\drivers\viaide.sys
2008-01-26 04:00 19,128 ------w C:\Windows\system32\drivers\cmdide.sys
2008-01-26 04:00 18,104 ------w C:\Windows\system32\drivers\amdide.sys
2008-01-26 04:00 17,592 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-01-26 04:00 17,592 ------w C:\Windows\system32\drivers\aliide.sys
2008-01-26 04:00 --------- d-----w C:\Program Files\DellTPad
2008-01-26 03:59 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-01-26 03:59 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-01-26 03:59 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-01-26 03:59 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-01-26 03:59 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-01-26 03:57 974,336 ----a-w C:\Windows\System32\crypt32.dll
2008-01-26 03:56 8,192 ----a-w C:\Windows\System32\riched32.dll
2008-01-26 03:55 82,432 ----a-w C:\Windows\system32\drivers\sdbus.sys
2008-01-26 03:55 13,312 ------w C:\Windows\system32\drivers\sffdisk.sys
2008-01-26 03:55 12,800 ------w C:\Windows\system32\drivers\sffp_sd.sys
2008-01-26 03:55 12,800 ------w C:\Windows\system32\drivers\sffp_mmc.sys
2008-01-26 03:53 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-01-26 03:53 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-01-26 03:53 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-01-26 03:53 376,320 ----a-w C:\Windows\System32\winsrv.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"MSServer"="C:\Users\Kueco\AppData\Local\Temp\cbxxy.dll" [2008-02-26 22:06 36864]
"MS Juan"="C:\Users\Kueco\AppData\Local\Temp\fdtwwwco.dll" [2008-02-27 10:35 90176]
"82bfbea2"="C:\Users\Kueco\AppData\Local\Temp\dokbmhdq.dll" [2008-02-27 10:35 85056]
"BM818c8d3e"="C:\Users\Kueco\AppData\Local\Temp\hbbnpjnr.dll" [2008-02-27 10:35 91712]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-26 04:53 1006264]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-25 07:03 17920]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-09-24 10:27 159744]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-12-03 06:58 36864]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 19:23 405504]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-16 07:54 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-16 07:53 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-16 07:54 81920]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-05-16 07:54 67584]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]
"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008-01-25 21:20 77824]
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 17:43 118784]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37 81920]
"@"="" []
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 12:22 221184]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 18:30 152144]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-25 21:35 1838592]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-11-01 16:39 189736]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 12:35 221184]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 14:18 267048]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2006-01-18 15:52 266280]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 18:55:50 703280]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-01-25 21:23:39 50688]
QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2008-01-25 21:22:40 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
"LoadAppInit_DLLs"=1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{67D99ACC-179D-4EB2-A026-96D5878773F4}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{F552F0E2-9EEB-4BBA-8516-9F9F4E286BB2}"= TCP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{8C1A063A-DE1C-451C-ABCF-BB6F9ABDF343}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect|Desc=Dell MediaDirect
"{F8135FA2-5091-47E1-8DD8-AC4B3F7E33E9}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program|Desc=CyberLink PowerCinema Resident Program
"{DF81F6C6-585F-4200-9AD5-C83E03EA197B}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine|Desc=Cyberlink Media Server Browser Engine
"{75BFC0CF-D451-45BA-BA98-46706F2FEF56}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server|Desc=CyberLink Media Server
"{3A8E909C-4E21-465B-BC6F-D966CFA6968A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{FC324445-3C18-4984-BF3F-7175E7CF7D6E}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{8766899A-D869-40ED-AF0B-7C587395DCE9}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{41DF32A4-F9F3-4CE3-81F7-DC22883D04B6}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{38E38B6D-B70E-4BFE-97CA-4FA4B37211CA}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-08-29 22:25]
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service []
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 01:39]
R3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-02-25 15:14]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-12-03 06:58]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-12-03 06:59]
S3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2006-11-07 02:37]
S3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2006-11-07 00:13]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-07 00:13]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 08:36]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0049155b-e119-11dc-a2f3-001d09b64a6c}]
\shell\AutoRun\command - RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00491570-e119-11dc-a2f3-001d09b64a6c}]
\shell\AutoRun\command - RavMon.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-25 20:41:47 C:\Windows\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-01-25 20:41:47 C:\Windows\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-27 19:18:45
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\Windows\explorer.exe [6.00.6000.16549]
-> C:\Users\Kueco\AppData\Local\Temp\dokbmhdq.dll
.
Temps d'accomplissement: 2008-02-27 19:19:28
.
2008-02-16 08:01:15 --- E O F ---
- Kueco
- Messages: 11
- Inscription: 27 Fév 2008 18:37
Re: Entrée manquante au démarrage : runDLL
par Falkra » 27 Fév 2008 20:18
Bonsoir, règle d'or : ne jamais utiliser combofix tout seul sans savoir pourquoi. Cet outil est potentiellement dangereux et à réserver uniquement aux infections qui résistent au reste. Sois plus prudent à l'avenir, les nombreux automatismes de CF peuvent être dangereux.
Maintenant - de toute façon - qu'il est en place, on va finir avec, mais on aurait certainement pu faire plus simple.
Relance hijackthis par clic droit, "exécuter en tant que..." "administrateur".
Coche cette ligne dans HijackThis et fais fix checked : juste celle là.
Ensuite.
Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
Maintenant - de toute façon - qu'il est en place, on va finir avec, mais on aurait certainement pu faire plus simple.
Relance hijackthis par clic droit, "exécuter en tant que..." "administrateur".Coche cette ligne dans HijackThis et fais fix checked : juste celle là.
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/v ... .2.1.6.cab
Ensuite.
- Crée un fichier texte nommé CFScript.txt
Double clique pour l'ouvrir, et copie colle ceci dedans :
RootKit::
C:\Users\Kueco\AppData\Local\Temp\cbxxy.dll
C:\Users\Kueco\AppData\Local\Temp\fdtwwwco.dll
C:\Users\Kueco\AppData\Local\Temp\dokbmhdq.dll
C:\Users\Kueco\AppData\Local\Temp\hbbnpjnr.dll
C:\Windows\OEM02Mon.exe
Registry::
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSServer"=-
"82bfbea2"=-
"MS Juan"=-
"BM818c8d3e"=-
"OEM02Mon.exe"=-
DirLook::
C:\Users\Kueco\AppData\Local\Temp\
Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture- Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
- Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
- Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
- Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
-
Falkra - Admin libellules.ch
- Messages: 24424
- Inscription: 30 Jan 2005 13:44
- Localisation: 127.0.0.1
Re: Entrée manquante au démarrage : runDLL
par Kueco » 27 Fév 2008 21:35
Voilà le contenu:
ComboFix 08-02-25.3 - Kueco 2008-02-27 19:16:55.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.2511 [GMT 1:00]
Endroit: C:\Users\Kueco\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-27 to 2008-02-27 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-27 17:13 --------- d-----w C:\ProgramData\AntiVir PersonalEdition Classic
2008-02-27 16:51 27,335 ----a-w C:\Users\Kueco\AppData\Roaming\nvModes.dat
2008-02-27 09:34 --------- d-----w C:\Program Files\McAfee
2008-02-26 08:24 --------- d-----w C:\ProgramData\Dell
2008-02-21 14:35 --------- d-----w C:\Users\Kueco\AppData\Roaming\PeerNetworking
2008-02-17 11:55 --------- d-----w C:\Program Files\HTML Help Workshop
2008-02-17 11:50 --------- d-----w C:\Program Files\RamBoost XP
2008-02-14 13:01 --------- d-----w C:\Users\Kueco\AppData\Roaming\Apple Computer
2008-02-14 13:01 --------- d-----w C:\ProgramData\Apple Computer
2008-02-14 13:01 --------- d-----w C:\Program Files\iTunes
2008-02-14 13:01 --------- d-----w C:\Program Files\iPod
2008-02-14 13:00 --------- d-----w C:\Program Files\QuickTime
2008-02-14 13:00 --------- d-----w C:\Program Files\Bonjour
2008-02-14 12:59 --------- d-----w C:\Program Files\Apple Software Update
2008-02-14 12:58 --------- d-----w C:\ProgramData\Apple
2008-02-14 12:58 --------- d-----w C:\Program Files\Common Files\Apple
2008-02-13 20:27 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-13 20:27 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-13 20:25 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-13 20:25 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-13 20:25 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-13 20:25 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-13 20:25 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-13 20:25 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-13 20:25 110,136 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-13 20:24 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 20:24 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 20:24 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 20:24 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 20:24 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-13 20:24 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-13 20:24 217,144 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-13 20:24 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 20:24 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 20:24 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-13 20:24 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-13 20:23 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 20:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 20:22 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-13 20:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-10 13:14 --------- d-----w C:\ProgramData\FLEXnet
2008-02-10 13:12 --------- d-----w C:\ProgramData\ALM
2008-02-10 12:51 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-10 12:44 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-02-10 09:29 --------- d-----w C:\Users\Kueco\AppData\Roaming\Creative
2008-02-07 19:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-07 19:47 --------- d-----w C:\Program Files\Veoh Networks
2008-02-07 16:44 --------- d-----w C:\Program Files\Windows Live
2008-02-07 16:43 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-07 16:40 --------- d-----w C:\ProgramData\WLInstaller
2008-02-06 20:34 --------- d-----w C:\ProgramData\CyberLink
2008-02-06 18:38 --------- d-----w C:\Program Files\Windows Sidebar
2008-02-06 18:38 --------- d-----w C:\Program Files\Windows Mail
2008-02-06 18:24 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-02-06 18:24 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-02-06 18:24 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-02-06 18:24 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-02-06 18:24 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-06 18:24 --------- d-----w C:\Program Files\Dofus
2008-02-06 18:11 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-02-06 18:11 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-02-06 18:11 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-02-06 18:11 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-02-06 18:10 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-02-06 18:10 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-02-06 18:10 33,624 ----a-w C:\Windows\System32\wups.dll
2008-02-06 18:09 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-02-06 18:09 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2008-02-06 18:02 --------- d-----w C:\Users\Kueco\AppData\Roaming\CyberLink
2008-02-06 17:54 --------- d-----w C:\Users\Kueco\AppData\Roaming\Roxio
2008-02-06 17:51 --------- d-sh--w C:\ProgramData\Modèles
2008-02-06 17:51 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-02-06 17:51 --------- d-sh--w C:\ProgramData\Favoris
2008-02-06 17:51 --------- d-sh--w C:\ProgramData\Documents
2008-02-06 17:51 --------- d-sh--w C:\ProgramData\Bureau
2008-02-06 17:51 --------- d-sh--w C:\ProgramData\Application Data
2008-02-06 17:51 --------- d-sh--w C:\Program Files\Fichiers communs
2008-01-26 04:00 25,784 ------w C:\Windows\system32\drivers\msahci.sys
2008-01-26 04:00 229,888 ----a-w C:\Windows\System32\msshsq.dll
2008-01-26 04:00 20,152 ------w C:\Windows\system32\drivers\viaide.sys
2008-01-26 04:00 19,128 ------w C:\Windows\system32\drivers\cmdide.sys
2008-01-26 04:00 18,104 ------w C:\Windows\system32\drivers\amdide.sys
2008-01-26 04:00 17,592 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-01-26 04:00 17,592 ------w C:\Windows\system32\drivers\aliide.sys
2008-01-26 04:00 --------- d-----w C:\Program Files\DellTPad
2008-01-26 03:59 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-01-26 03:59 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-01-26 03:59 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-01-26 03:59 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-01-26 03:59 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-01-26 03:57 974,336 ----a-w C:\Windows\System32\crypt32.dll
2008-01-26 03:56 8,192 ----a-w C:\Windows\System32\riched32.dll
2008-01-26 03:55 82,432 ----a-w C:\Windows\system32\drivers\sdbus.sys
2008-01-26 03:55 13,312 ------w C:\Windows\system32\drivers\sffdisk.sys
2008-01-26 03:55 12,800 ------w C:\Windows\system32\drivers\sffp_sd.sys
2008-01-26 03:55 12,800 ------w C:\Windows\system32\drivers\sffp_mmc.sys
2008-01-26 03:53 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-01-26 03:53 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-01-26 03:53 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-01-26 03:53 376,320 ----a-w C:\Windows\System32\winsrv.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"MSServer"="C:\Users\Kueco\AppData\Local\Temp\cbxxy.dll" [2008-02-26 22:06 36864]
"MS Juan"="C:\Users\Kueco\AppData\Local\Temp\fdtwwwco.dll" [2008-02-27 10:35 90176]
"82bfbea2"="C:\Users\Kueco\AppData\Local\Temp\dokbmhdq.dll" [2008-02-27 10:35 85056]
"BM818c8d3e"="C:\Users\Kueco\AppData\Local\Temp\hbbnpjnr.dll" [2008-02-27 10:35 91712]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-26 04:53 1006264]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-25 07:03 17920]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-09-24 10:27 159744]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-12-03 06:58 36864]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 19:23 405504]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-16 07:54 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-16 07:53 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-16 07:54 81920]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-05-16 07:54 67584]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]
"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008-01-25 21:20 77824]
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 17:43 118784]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37 81920]
"@"="" []
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 12:22 221184]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 18:30 152144]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-25 21:35 1838592]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-11-01 16:39 189736]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 12:35 221184]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 14:18 267048]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2006-01-18 15:52 266280]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 18:55:50 703280]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-01-25 21:23:39 50688]
QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2008-01-25 21:22:40 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
"LoadAppInit_DLLs"=1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{67D99ACC-179D-4EB2-A026-96D5878773F4}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{F552F0E2-9EEB-4BBA-8516-9F9F4E286BB2}"= TCP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{8C1A063A-DE1C-451C-ABCF-BB6F9ABDF343}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect|Desc=Dell MediaDirect
"{F8135FA2-5091-47E1-8DD8-AC4B3F7E33E9}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program|Desc=CyberLink PowerCinema Resident Program
"{DF81F6C6-585F-4200-9AD5-C83E03EA197B}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine|Desc=Cyberlink Media Server Browser Engine
"{75BFC0CF-D451-45BA-BA98-46706F2FEF56}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server|Desc=CyberLink Media Server
"{3A8E909C-4E21-465B-BC6F-D966CFA6968A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{FC324445-3C18-4984-BF3F-7175E7CF7D6E}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{8766899A-D869-40ED-AF0B-7C587395DCE9}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{41DF32A4-F9F3-4CE3-81F7-DC22883D04B6}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{38E38B6D-B70E-4BFE-97CA-4FA4B37211CA}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-08-29 22:25]
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service []
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 01:39]
R3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-02-25 15:14]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-12-03 06:58]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-12-03 06:59]
S3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2006-11-07 02:37]
S3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2006-11-07 00:13]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-07 00:13]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 08:36]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0049155b-e119-11dc-a2f3-001d09b64a6c}]
\shell\AutoRun\command - RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00491570-e119-11dc-a2f3-001d09b64a6c}]
\shell\AutoRun\command - RavMon.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-25 20:41:47 C:\Windows\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-01-25 20:41:47 C:\Windows\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-27 19:18:45
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\Windows\explorer.exe [6.00.6000.16549]
-> C:\Users\Kueco\AppData\Local\Temp\dokbmhdq.dll
.
Temps d'accomplissement: 2008-02-27 19:19:28
.
2008-02-16 08:01:15 --- E O F ---
ComboFix 08-02-25.3 - Kueco 2008-02-27 19:16:55.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.2511 [GMT 1:00]
Endroit: C:\Users\Kueco\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-27 to 2008-02-27 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-27 17:13 --------- d-----w C:\ProgramData\AntiVir PersonalEdition Classic
2008-02-27 16:51 27,335 ----a-w C:\Users\Kueco\AppData\Roaming\nvModes.dat
2008-02-27 09:34 --------- d-----w C:\Program Files\McAfee
2008-02-26 08:24 --------- d-----w C:\ProgramData\Dell
2008-02-21 14:35 --------- d-----w C:\Users\Kueco\AppData\Roaming\PeerNetworking
2008-02-17 11:55 --------- d-----w C:\Program Files\HTML Help Workshop
2008-02-17 11:50 --------- d-----w C:\Program Files\RamBoost XP
2008-02-14 13:01 --------- d-----w C:\Users\Kueco\AppData\Roaming\Apple Computer
2008-02-14 13:01 --------- d-----w C:\ProgramData\Apple Computer
2008-02-14 13:01 --------- d-----w C:\Program Files\iTunes
2008-02-14 13:01 --------- d-----w C:\Program Files\iPod
2008-02-14 13:00 --------- d-----w C:\Program Files\QuickTime
2008-02-14 13:00 --------- d-----w C:\Program Files\Bonjour
2008-02-14 12:59 --------- d-----w C:\Program Files\Apple Software Update
2008-02-14 12:58 --------- d-----w C:\ProgramData\Apple
2008-02-14 12:58 --------- d-----w C:\Program Files\Common Files\Apple
2008-02-13 20:27 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-13 20:27 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-13 20:25 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-13 20:25 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-13 20:25 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-13 20:25 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-13 20:25 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-13 20:25 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-13 20:25 110,136 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-13 20:24 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 20:24 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 20:24 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 20:24 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 20:24 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-13 20:24 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-13 20:24 217,144 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-13 20:24 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 20:24 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 20:24 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-13 20:24 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-13 20:23 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 20:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 20:22 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-13 20:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-10 13:14 --------- d-----w C:\ProgramData\FLEXnet
2008-02-10 13:12 --------- d-----w C:\ProgramData\ALM
2008-02-10 12:51 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-10 12:44 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-02-10 09:29 --------- d-----w C:\Users\Kueco\AppData\Roaming\Creative
2008-02-07 19:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-07 19:47 --------- d-----w C:\Program Files\Veoh Networks
2008-02-07 16:44 --------- d-----w C:\Program Files\Windows Live
2008-02-07 16:43 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-07 16:40 --------- d-----w C:\ProgramData\WLInstaller
2008-02-06 20:34 --------- d-----w C:\ProgramData\CyberLink
2008-02-06 18:38 --------- d-----w C:\Program Files\Windows Sidebar
2008-02-06 18:38 --------- d-----w C:\Program Files\Windows Mail
2008-02-06 18:24 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-02-06 18:24 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-02-06 18:24 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-02-06 18:24 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-02-06 18:24 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-06 18:24 --------- d-----w C:\Program Files\Dofus
2008-02-06 18:11 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-02-06 18:11 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-02-06 18:11 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-02-06 18:11 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-02-06 18:10 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-02-06 18:10 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-02-06 18:10 33,624 ----a-w C:\Windows\System32\wups.dll
2008-02-06 18:09 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-02-06 18:09 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2008-02-06 18:02 --------- d-----w C:\Users\Kueco\AppData\Roaming\CyberLink
2008-02-06 17:54 --------- d-----w C:\Users\Kueco\AppData\Roaming\Roxio
2008-02-06 17:51 --------- d-sh--w C:\ProgramData\Modèles
2008-02-06 17:51 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-02-06 17:51 --------- d-sh--w C:\ProgramData\Favoris
2008-02-06 17:51 --------- d-sh--w C:\ProgramData\Documents
2008-02-06 17:51 --------- d-sh--w C:\ProgramData\Bureau
2008-02-06 17:51 --------- d-sh--w C:\ProgramData\Application Data
2008-02-06 17:51 --------- d-sh--w C:\Program Files\Fichiers communs
2008-01-26 04:00 25,784 ------w C:\Windows\system32\drivers\msahci.sys
2008-01-26 04:00 229,888 ----a-w C:\Windows\System32\msshsq.dll
2008-01-26 04:00 20,152 ------w C:\Windows\system32\drivers\viaide.sys
2008-01-26 04:00 19,128 ------w C:\Windows\system32\drivers\cmdide.sys
2008-01-26 04:00 18,104 ------w C:\Windows\system32\drivers\amdide.sys
2008-01-26 04:00 17,592 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-01-26 04:00 17,592 ------w C:\Windows\system32\drivers\aliide.sys
2008-01-26 04:00 --------- d-----w C:\Program Files\DellTPad
2008-01-26 03:59 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-01-26 03:59 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-01-26 03:59 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-01-26 03:59 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-01-26 03:59 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-01-26 03:57 974,336 ----a-w C:\Windows\System32\crypt32.dll
2008-01-26 03:56 8,192 ----a-w C:\Windows\System32\riched32.dll
2008-01-26 03:55 82,432 ----a-w C:\Windows\system32\drivers\sdbus.sys
2008-01-26 03:55 13,312 ------w C:\Windows\system32\drivers\sffdisk.sys
2008-01-26 03:55 12,800 ------w C:\Windows\system32\drivers\sffp_sd.sys
2008-01-26 03:55 12,800 ------w C:\Windows\system32\drivers\sffp_mmc.sys
2008-01-26 03:53 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-01-26 03:53 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-01-26 03:53 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-01-26 03:53 376,320 ----a-w C:\Windows\System32\winsrv.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"MSServer"="C:\Users\Kueco\AppData\Local\Temp\cbxxy.dll" [2008-02-26 22:06 36864]
"MS Juan"="C:\Users\Kueco\AppData\Local\Temp\fdtwwwco.dll" [2008-02-27 10:35 90176]
"82bfbea2"="C:\Users\Kueco\AppData\Local\Temp\dokbmhdq.dll" [2008-02-27 10:35 85056]
"BM818c8d3e"="C:\Users\Kueco\AppData\Local\Temp\hbbnpjnr.dll" [2008-02-27 10:35 91712]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-26 04:53 1006264]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-25 07:03 17920]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-09-24 10:27 159744]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-12-03 06:58 36864]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 19:23 405504]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-16 07:54 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-16 07:53 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-16 07:54 81920]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-05-16 07:54 67584]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]
"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008-01-25 21:20 77824]
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 17:43 118784]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37 81920]
"@"="" []
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 12:22 221184]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 18:30 152144]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-25 21:35 1838592]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-11-01 16:39 189736]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 12:35 221184]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 14:18 267048]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2006-01-18 15:52 266280]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 18:55:50 703280]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-01-25 21:23:39 50688]
QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2008-01-25 21:22:40 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
"LoadAppInit_DLLs"=1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{67D99ACC-179D-4EB2-A026-96D5878773F4}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{F552F0E2-9EEB-4BBA-8516-9F9F4E286BB2}"= TCP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{8C1A063A-DE1C-451C-ABCF-BB6F9ABDF343}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect|Desc=Dell MediaDirect
"{F8135FA2-5091-47E1-8DD8-AC4B3F7E33E9}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program|Desc=CyberLink PowerCinema Resident Program
"{DF81F6C6-585F-4200-9AD5-C83E03EA197B}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine|Desc=Cyberlink Media Server Browser Engine
"{75BFC0CF-D451-45BA-BA98-46706F2FEF56}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server|Desc=CyberLink Media Server
"{3A8E909C-4E21-465B-BC6F-D966CFA6968A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{FC324445-3C18-4984-BF3F-7175E7CF7D6E}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{8766899A-D869-40ED-AF0B-7C587395DCE9}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{41DF32A4-F9F3-4CE3-81F7-DC22883D04B6}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{38E38B6D-B70E-4BFE-97CA-4FA4B37211CA}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-08-29 22:25]
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service []
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 01:39]
R3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-02-25 15:14]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-12-03 06:58]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-12-03 06:59]
S3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2006-11-07 02:37]
S3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2006-11-07 00:13]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-07 00:13]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 08:36]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0049155b-e119-11dc-a2f3-001d09b64a6c}]
\shell\AutoRun\command - RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00491570-e119-11dc-a2f3-001d09b64a6c}]
\shell\AutoRun\command - RavMon.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-25 20:41:47 C:\Windows\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-01-25 20:41:47 C:\Windows\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-27 19:18:45
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\Windows\explorer.exe [6.00.6000.16549]
-> C:\Users\Kueco\AppData\Local\Temp\dokbmhdq.dll
.
Temps d'accomplissement: 2008-02-27 19:19:28
.
2008-02-16 08:01:15 --- E O F ---
- Kueco
- Messages: 11
- Inscription: 27 Fév 2008 18:37
Re: Entrée manquante au démarrage : runDLL
par Falkra » 27 Fév 2008 21:46
Ce rapport n'est pas le bon rapport CF, mais une copie de l'ancien.
Il me faut le nouveau rapport ComboFix, qui a été fait après que tu aies déposé le script sur son icône, et un nouveau rapport HijackThis.
Il me faut le nouveau rapport ComboFix, qui a été fait après que tu aies déposé le script sur son icône, et un nouveau rapport HijackThis.
-
Falkra - Admin libellules.ch
- Messages: 24424
- Inscription: 30 Jan 2005 13:44
- Localisation: 127.0.0.1
Re: Entrée manquante au démarrage : runDLL
par Kueco » 28 Fév 2008 06:41
J'ai une fenêtre qui s'ouvre et qui dit:
You cannot rename ComboFix as ComboFix
Please use another name
Je ne sais pas comment changer le nom.
You cannot rename ComboFix as ComboFix
Please use another name
Je ne sais pas comment changer le nom.
- Kueco
- Messages: 11
- Inscription: 27 Fév 2008 18:37
Re: Entrée manquante au démarrage : runDLL
par Falkra » 28 Fév 2008 08:54
A quel moment est-ce que cela se produit ?
As-tu fait glisser le script dessus ?
As-tu fait glisser le script dessus ?
-
Falkra - Admin libellules.ch
- Messages: 24424
- Inscription: 30 Jan 2005 13:44
- Localisation: 127.0.0.1
(Résolu) Entrée manquante au démarrage : runDLL
par Kueco » 28 Fév 2008 18:26
Alors j'ai pas compris pourquoi, mais lorsque j'ai refait la manipulation cela à fonctionné.
Voilà le Rapport ComboFix qui est apparu après que l'application se soit terminée:
ComboFix 08-02-25.3 - Kueco 2008-02-28 18:12:35.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.2475 [GMT 1:00]
Endroit: C:\Users\Kueco\Desktop\ComboFix.exe
Command switches used :: C:\Users\Kueco\Desktop\CFScript.txt
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\Kueco\AppData\Local\Temp\cbxxy.dll
C:\Users\Kueco\AppData\Local\Temp\dokbmhdq.dll
C:\Users\Kueco\AppData\Local\Temp\fdtwwwco.dll
C:\Users\Kueco\AppData\Local\Temp\hbbnpjnr.dll
C:\Windows\OEM02Mon.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-28 to 2008-02-28 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-28 17:10 --------- d-----w C:\ProgramData\AntiVir PersonalEdition Classic
2008-02-28 06:10 --------- d-----w C:\Program Files\McAfee
2008-02-28 06:02 27,335 ----a-w C:\Users\Kueco\AppData\Roaming\nvModes.dat
2008-02-26 08:24 --------- d-----w C:\ProgramData\Dell
2008-02-21 14:35 --------- d-----w C:\Users\Kueco\AppData\Roaming\PeerNetworking
2008-02-17 11:55 --------- d-----w C:\Program Files\HTML Help Workshop
2008-02-17 11:50 --------- d-----w C:\Program Files\RamBoost XP
2008-02-14 13:01 --------- d-----w C:\Users\Kueco\AppData\Roaming\Apple Computer
2008-02-14 13:01 --------- d-----w C:\ProgramData\Apple Computer
2008-02-14 13:01 --------- d-----w C:\Program Files\iTunes
2008-02-14 13:01 --------- d-----w C:\Program Files\iPod
2008-02-14 13:00 --------- d-----w C:\Program Files\QuickTime
2008-02-14 13:00 --------- d-----w C:\Program Files\Bonjour
2008-02-14 12:59 --------- d-----w C:\Program Files\Apple Software Update
2008-02-14 12:58 --------- d-----w C:\ProgramData\Apple
2008-02-14 12:58 --------- d-----w C:\Program Files\Common Files\Apple
2008-02-13 20:27 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-13 20:27 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-13 20:25 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-13 20:25 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-13 20:25 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-13 20:25 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-13 20:25 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-13 20:25 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-13 20:25 110,136 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-13 20:24 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 20:24 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 20:24 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 20:24 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 20:24 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-13 20:24 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-13 20:24 217,144 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-13 20:24 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 20:24 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 20:24 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-13 20:24 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-13 20:23 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 20:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 20:22 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-13 20:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-10 13:14 --------- d-----w C:\ProgramData\FLEXnet
2008-02-10 13:12 --------- d-----w C:\ProgramData\ALM
2008-02-10 12:51 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-10 12:44 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-02-10 09:29 --------- d-----w C:\Users\Kueco\AppData\Roaming\Creative
2008-02-07 19:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-07 19:47 --------- d-----w C:\Program Files\Veoh Networks
2008-02-07 16:44 --------- d-----w C:\Program Files\Windows Live
2008-02-07 16:43 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-07 16:40 --------- d-----w C:\ProgramData\WLInstaller
2008-02-06 20:34 --------- d-----w C:\ProgramData\CyberLink
2008-02-06 18:38 --------- d-----w C:\Program Files\Windows Sidebar
2008-02-06 18:38 --------- d-----w C:\Program Files\Windows Mail
2008-02-06 18:24 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-02-06 18:24 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-02-06 18:24 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-02-06 18:24 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-02-06 18:24 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-06 18:24 --------- d-----w C:\Program Files\Dofus
2008-02-06 18:11 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-02-06 18:11 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-02-06 18:11 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-02-06 18:11 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-02-06 18:10 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-02-06 18:10 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-02-06 18:10 33,624 ----a-w C:\Windows\System32\wups.dll
2008-02-06 18:09 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-02-06 18:09 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2008-02-06 18:02 --------- d-----w C:\Users\Kueco\AppData\Roaming\CyberLink
2008-02-06 17:54 --------- d-----w C:\Users\Kueco\AppData\Roaming\Roxio
2008-02-06 17:51 --------- d-sh--w C:\ProgramData\Modèles
2008-02-06 17:51 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-02-06 17:51 --------- d-sh--w C:\ProgramData\Favoris
2008-02-06 17:51 --------- d-sh--w C:\ProgramData\Documents
2008-02-06 17:51 --------- d-sh--w C:\ProgramData\Bureau
2008-02-06 17:51 --------- d-sh--w C:\ProgramData\Application Data
2008-02-06 17:51 --------- d-sh--w C:\Program Files\Fichiers communs
2008-01-26 04:00 25,784 ------w C:\Windows\system32\drivers\msahci.sys
2008-01-26 04:00 229,888 ----a-w C:\Windows\System32\msshsq.dll
2008-01-26 04:00 20,152 ------w C:\Windows\system32\drivers\viaide.sys
2008-01-26 04:00 19,128 ------w C:\Windows\system32\drivers\cmdide.sys
2008-01-26 04:00 18,104 ------w C:\Windows\system32\drivers\amdide.sys
2008-01-26 04:00 17,592 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-01-26 04:00 17,592 ------w C:\Windows\system32\drivers\aliide.sys
2008-01-26 04:00 --------- d-----w C:\Program Files\DellTPad
2008-01-26 03:59 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-01-26 03:59 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-01-26 03:59 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-01-26 03:59 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-01-26 03:59 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-01-26 03:57 974,336 ----a-w C:\Windows\System32\crypt32.dll
2008-01-26 03:56 8,192 ----a-w C:\Windows\System32\riched32.dll
2008-01-26 03:55 82,432 ----a-w C:\Windows\system32\drivers\sdbus.sys
2008-01-26 03:55 13,312 ------w C:\Windows\system32\drivers\sffdisk.sys
2008-01-26 03:55 12,800 ------w C:\Windows\system32\drivers\sffp_sd.sys
2008-01-26 03:55 12,800 ------w C:\Windows\system32\drivers\sffp_mmc.sys
2008-01-26 03:53 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-01-26 03:53 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-01-26 03:53 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-01-26 03:53 376,320 ----a-w C:\Windows\System32\winsrv.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\Users\Kueco\AppData\Local\Temp\ ----
2008-02-28 18:09 31832 --a------ C:\Users\Kueco\AppData\Local\Temp\\Kueco.bmp
2008-02-28 18:09 1259401 ---hs---- C:\Users\Kueco\AppData\Local\Temp\\qdhmbkod.ini
2008-02-28 18:08 512 --a----t- C:\Users\Kueco\AppData\Local\Temp\\~DFDAE0.tmp
2008-02-28 18:08 512 --a----t- C:\Users\Kueco\AppData\Local\Temp\\~DFB2F3.tmp
2008-02-28 18:08 376832 --a------ C:\Users\Kueco\AppData\Local\Temp\\~DFDA95.tmp
2008-02-28 18:08 376832 --a------ C:\Users\Kueco\AppData\Local\Temp\\~DFA8B4.tmp
2008-02-28 18:08 16384 --a------ C:\Users\Kueco\AppData\Local\Temp\\~DFEE45.tmp
2008-02-28 18:08 1020 --a----t- C:\Users\Kueco\AppData\Local\Temp\\~ROMFN_00000DB4
2008-02-28 08:03 346 --a------ C:\Users\Kueco\AppData\Local\Temp\\jusched.log
2008-02-28 07:58 16384 --a------ C:\Users\Kueco\AppData\Local\Temp\\~DFAB90.tmp
2008-02-28 07:09 16384 --a------ C:\Users\Kueco\AppData\Local\Temp\\~DF3E73.tmp
2008-02-27 20:09 548 --a------ C:\Users\Kueco\AppData\Local\Temp\\MessengerCache\F0KiABhochmOd82FYatjRixZC1Qk=
2008-02-27 20:06 922 --a------ C:\Users\Kueco\AppData\Local\Temp\\MessengerCache\92BbXLmeA+KcIbDfpOfUwpuRZHw=
2008-02-27 20:04 3389 --a------ C:\Users\Kueco\AppData\Local\Temp\\MessengerCache\nHHo2FcxCJFB1RUa2Fixd2FwEBmi2F8=
2008-02-27 19:57 28646 --a------ C:\Users\Kueco\AppData\Local\Temp\\MessengerCache\U5Zw2FQwoPiRa+csw1veIszkNkDE=
2008-02-27 19:54 26842 --a------ C:\Users\Kueco\AppData\Local\Temp\\MessengerCache\LP879t0QqTxdA8r236l9itE2FW0k=
2008-02-27 19:54 20442 --a------ C:\Users\Kueco\AppData\Local\Temp\\MessengerCache\QPME808Tp6DDgxYuBtzQ2FsDbOLs=
2008-02-27 19:53 19696 --a------ C:\Users\Kueco\AppData\Local\Temp\\MessengerCache\F8ti32FOjax2FOCGiJ9apeJ9ZyERI=
2008-02-27 19:52 28625 --a------ C:\Users\Kueco\AppData\Local\Temp\\MessengerCache\xZQsceKVGaVSwbij0TWLrEP9fPs=
2008-02-27 19:52 12617 --a------ C:\Users\Kueco\AppData\Local\Temp\\MessengerCache\nsh3bDX+8enO2FEsGgvQwuVy+OyY=
2008-02-27 19:48 21489 --a------ C:\Users\Kueco\AppData\Local\Temp\\MessengerCache\DjR6fHm1qwgzkQ0BAgIU2TqN84o=
2008-02-27 19:40 27795 --a------ C:\Users\Kueco\AppData\Local\Temp\\MessengerCache\wcj3C8rhk2GD1BJXWCpLqwCf9Mo=
2008-02-27 19:39 26928 --a------ C:\Users\Kueco\AppData\Local\Temp\\MessengerCache\gc125hZxC1LNW8ONS7kuX3FBcPo=
2008-02-27 19:35 2593 --a------ C:\Users\Kueco\AppData\Local\Temp\\MessengerCache\VpMh6MxKXkojqN7YiM2K9Kds2FqU=
2008-02-27 19:19 1256873 ---hs---- C:\Users\Kueco\AppData\Local\Temp\\qdhmbkod.ini2
2008-02-27 17:51 16384 --a------ C:\Users\Kueco\AppData\Local\Temp\\~DF4C9B.tmp
2008-02-27 10:35 85056 --------- C:\Users\Kueco\AppData\Local\Temp\\dokbmhdq.dll
2006-11-02 13:34 254216 --a------ C:\Users\Kueco\AppData\Local\Temp\\ppcrlui_4308_2
2006-11-02 13:34 254216 --a------ C:\Users\Kueco\AppData\Local\Temp\\ppcrlui_2596_2
2006-11-02 13:34 254216 --a------ C:\Users\Kueco\AppData\Local\Temp\\ppcrlui_2412_2
2006-11-02 13:34 254216 --a------ C:\Users\Kueco\AppData\Local\Temp\\ppcrlui_2136_2
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"82bfbea2"="C:\Users\Kueco\AppData\Local\Temp\dokbmhdq.dll" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-26 04:53 1006264]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-25 07:03 17920]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-09-24 10:27 159744]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [ ]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 19:23 405504]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-16 07:54 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-16 07:53 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-16 07:54 81920]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-05-16 07:54 67584]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]
"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008-01-25 21:20 77824]
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 17:43 118784]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37 81920]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 12:22 221184]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 18:30 152144]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-25 21:35 1838592]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-11-01 16:39 189736]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 12:35 221184]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 14:18 267048]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2006-01-18 15:52 266280]
"combofix"="C:\Windows\system32\kmd.exe" [2006-11-02 10:44 320000]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 18:55:50 703280]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-01-25 21:23:39 50688]
QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2008-01-25 21:22:40 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{67D99ACC-179D-4EB2-A026-96D5878773F4}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{F552F0E2-9EEB-4BBA-8516-9F9F4E286BB2}"= TCP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{8C1A063A-DE1C-451C-ABCF-BB6F9ABDF343}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect|Desc=Dell MediaDirect
"{F8135FA2-5091-47E1-8DD8-AC4B3F7E33E9}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program|Desc=CyberLink PowerCinema Resident Program
"{DF81F6C6-585F-4200-9AD5-C83E03EA197B}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine|Desc=Cyberlink Media Server Browser Engine
"{75BFC0CF-D451-45BA-BA98-46706F2FEF56}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server|Desc=CyberLink Media Server
"{3A8E909C-4E21-465B-BC6F-D966CFA6968A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{FC324445-3C18-4984-BF3F-7175E7CF7D6E}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{8766899A-D869-40ED-AF0B-7C587395DCE9}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{41DF32A4-F9F3-4CE3-81F7-DC22883D04B6}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{38E38B6D-B70E-4BFE-97CA-4FA4B37211CA}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-08-29 22:25]
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service []
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 01:39]
R3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-02-25 15:14]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-12-03 06:58]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-12-03 06:59]
S3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2006-11-07 02:37]
S3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2006-11-07 00:13]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-07 00:13]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 08:36]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0049155b-e119-11dc-a2f3-001d09b64a6c}]
\shell\AutoRun\command - RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00491570-e119-11dc-a2f3-001d09b64a6c}]
\shell\AutoRun\command - RavMon.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-25 20:41:47 C:\Windows\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-01-25 20:41:47 C:\Windows\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-28 18:20:10
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-28 18:22:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-28 17:22:06
ComboFix2.txt 2008-02-27 18:19:29
.
2008-02-16 08:01:15 --- E O F ---
En revanche, un autre message d'erreur est apparu à l'ouverture de la session, il dit ceci:
Erreur de chargement de C:\User\Kueco\AppData\Local\Temp\dokbmhdq.dll
Le module spécifié est introuvable.
Je ne sais pas si c'est en rapport avec celui d'avant?
Voilà le Rapport ComboFix qui est apparu après que l'application se soit terminée:
ComboFix 08-02-25.3 - Kueco 2008-02-28 18:12:35.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.2475 [GMT 1:00]
Endroit: C:\Users\Kueco\Desktop\ComboFix.exe
Command switches used :: C:\Users\Kueco\Desktop\CFScript.txt
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\Kueco\AppData\Local\Temp\cbxxy.dll
C:\Users\Kueco\AppData\Local\Temp\dokbmhdq.dll
C:\Users\Kueco\AppData\Local\Temp\fdtwwwco.dll
C:\Users\Kueco\AppData\Local\Temp\hbbnpjnr.dll
C:\Windows\OEM02Mon.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-28 to 2008-02-28 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-28 17:10 --------- d-----w C:\ProgramData\AntiVir PersonalEdition Classic
2008-02-28 06:10 --------- d-----w C:\Program Files\McAfee
2008-02-28 06:02 27,335 ----a-w C:\Users\Kueco\AppData\Roaming\nvModes.dat
2008-02-26 08:24 --------- d-----w C:\ProgramData\Dell
2008-02-21 14:35 --------- d-----w C:\Users\Kueco\AppData\Roaming\PeerNetworking
2008-02-17 11:55 --------- d-----w C:\Program Files\HTML Help Workshop
2008-02-17 11:50 --------- d-----w C:\Program Files\RamBoost XP
2008-02-14 13:01 --------- d-----w C:\Users\Kueco\AppData\Roaming\Apple Computer
2008-02-14 13:01 --------- d-----w C:\ProgramData\Apple Computer
2008-02-14 13:01 --------- d-----w C:\Program Files\iTunes
2008-02-14 13:01 --------- d-----w C:\Program Files\iPod
2008-02-14 13:00 --------- d-----w C:\Program Files\QuickTime
2008-02-14 13:00 --------- d-----w C:\Program Files\Bonjour
2008-02-14 12:59 --------- d-----w C:\Program Files\Apple Software Update
2008-02-14 12:58 --------- d-----w C:\ProgramData\Apple
2008-02-14 12:58 --------- d-----w C:\Program Files\Common Files\Apple
2008-02-13 20:27 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-13 20:27 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-13 20:25 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-13 20:25 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-13 20:25 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-13 20:25 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-13 20:25 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-13 20:25 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-13 20:25 110,136 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-13 20:24 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 20:24 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 20:24 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 20:24 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 20:24 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-13 20:24 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-13 20:24 217,144 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-13 20:24 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 20:24 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 20:24 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-13 20:24 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-13 20:23 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 20:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 20:22 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-13 20:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-10 13:14 --------- d-----w C:\ProgramData\FLEXnet
2008-02-10 13:12 --------- d-----w C:\ProgramData\ALM
2008-02-10 12:51 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-10 12:44 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-02-10 09:29 --------- d-----w C:\Users\Kueco\AppData\Roaming\Creative
2008-02-07 19:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-07 19:47 --------- d-----w C:\Program Files\Veoh Networks
2008-02-07 16:44 --------- d-----w C:\Program Files\Windows Live
2008-02-07 16:43 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-07 16:40 --------- d-----w C:\ProgramData\WLInstaller
2008-02-06 20:34 --------- d-----w C:\ProgramData\CyberLink
2008-02-06 18:38 --------- d-----w C:\Program Files\Windows Sidebar
2008-02-06 18:38 --------- d-----w C:\Program Files\Windows Mail
2008-02-06 18:24 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-02-06 18:24 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-02-06 18:24 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-02-06 18:24 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-02-06 18:24 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-06 18:24 --------- d-----w C:\Program Files\Dofus
2008-02-06 18:11 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-02-06 18:11 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-02-06 18:11 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-02-06 18:11 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-02-06 18:10 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-02-06 18:10 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-02-06 18:10 33,624 ----a-w C:\Windows\System32\wups.dll
2008-02-06 18:09 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-02-06 18:09 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2008-02-06 18:02 --------- d-----w C:\Users\Kueco\AppData\Roaming\CyberLink
2008-02-06 17:54 --------- d-----w C:\Users\Kueco\AppData\Roaming\Roxio
2008-02-06 17:51 --------- d-sh--w C:\ProgramData\Modèles
2008-02-06 17:51 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-02-06 17:51 --------- d-sh--w C:\ProgramData\Favoris
2008-02-06 17:51 --------- d-sh--w C:\ProgramData\Documents
2008-02-06 17:51 --------- d-sh--w C:\ProgramData\Bureau
2008-02-06 17:51 --------- d-sh--w C:\ProgramData\Application Data
2008-02-06 17:51 --------- d-sh--w C:\Program Files\Fichiers communs
2008-01-26 04:00 25,784 ------w C:\Windows\system32\drivers\msahci.sys
2008-01-26 04:00 229,888 ----a-w C:\Windows\System32\msshsq.dll
2008-01-26 04:00 20,152 ------w C:\Windows\system32\drivers\viaide.sys
2008-01-26 04:00 19,128 ------w C:\Windows\system32\drivers\cmdide.sys
2008-01-26 04:00 18,104 ------w C:\Windows\system32\drivers\amdide.sys
2008-01-26 04:00 17,592 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-01-26 04:00 17,592 ------w C:\Windows\system32\drivers\aliide.sys
2008-01-26 04:00 --------- d-----w C:\Program Files\DellTPad
2008-01-26 03:59 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-01-26 03:59 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-01-26 03:59 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-01-26 03:59 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-01-26 03:59 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-01-26 03:57 974,336 ----a-w C:\Windows\System32\crypt32.dll
2008-01-26 03:56 8,192 ----a-w C:\Windows\System32\riched32.dll
2008-01-26 03:55 82,432 ----a-w C:\Windows\system32\drivers\sdbus.sys
2008-01-26 03:55 13,312 ------w C:\Windows\system32\drivers\sffdisk.sys
2008-01-26 03:55 12,800 ------w C:\Windows\system32\drivers\sffp_sd.sys
2008-01-26 03:55 12,800 ------w C:\Windows\system32\drivers\sffp_mmc.sys
2008-01-26 03:53 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-01-26 03:53 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-01-26 03:53 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-01-26 03:53 376,320 ----a-w C:\Windows\System32\winsrv.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\Users\Kueco\AppData\Local\Temp\ ----
2008-02-28 18:09 31832 --a------ C:\Users\Kueco\AppData\Local\Temp\\Kueco.bmp
2008-02-28 18:09 1259401 ---hs---- C:\Users\Kueco\AppData\Local\Temp\\qdhmbkod.ini
2008-02-28 18:08 512 --a----t- C:\Users\Kueco\AppData\Local\Temp\\~DFDAE0.tmp
2008-02-28 18:08 512 --a----t- C:\Users\Kueco\AppData\Local\Temp\\~DFB2F3.tmp
2008-02-28 18:08 376832 --a------ C:\Users\Kueco\AppData\Local\Temp\\~DFDA95.tmp
2008-02-28 18:08 376832 --a------ C:\Users\Kueco\AppData\Local\Temp\\~DFA8B4.tmp
2008-02-28 18:08 16384 --a------ C:\Users\Kueco\AppData\Local\Temp\\~DFEE45.tmp
2008-02-28 18:08 1020 --a----t- C:\Users\Kueco\AppData\Local\Temp\\~ROMFN_00000DB4
2008-02-28 08:03 346 --a------ C:\Users\Kueco\AppData\Local\Temp\\jusched.log
2008-02-28 07:58 16384 --a------ C:\Users\Kueco\AppData\Local\Temp\\~DFAB90.tmp
2008-02-28 07:09 16384 --a------ C:\Users\Kueco\AppData\Local\Temp\\~DF3E73.tmp
2008-02-27 20:09 548 --a------ C:\Users\Kueco\AppData\Local\Temp\\MessengerCache\F0KiABhochmOd82FYatjRixZC1Qk=
2008-02-27 20:06 922 --a------ C:\Users\Kueco\AppData\Local\Temp\\MessengerCache\92BbXLmeA+KcIbDfpOfUwpuRZHw=
2008-02-27 20:04 3389 --a------ C:\Users\Kueco\AppData\Local\Temp\\MessengerCache\nHHo2FcxCJFB1RUa2Fixd2FwEBmi2F8=
2008-02-27 19:57 28646 --a------ C:\Users\Kueco\AppData\Local\Temp\\MessengerCache\U5Zw2FQwoPiRa+csw1veIszkNkDE=
2008-02-27 19:54 26842 --a------ C:\Users\Kueco\AppData\Local\Temp\\MessengerCache\LP879t0QqTxdA8r236l9itE2FW0k=
2008-02-27 19:54 20442 --a------ C:\Users\Kueco\AppData\Local\Temp\\MessengerCache\QPME808Tp6DDgxYuBtzQ2FsDbOLs=
2008-02-27 19:53 19696 --a------ C:\Users\Kueco\AppData\Local\Temp\\MessengerCache\F8ti32FOjax2FOCGiJ9apeJ9ZyERI=
2008-02-27 19:52 28625 --a------ C:\Users\Kueco\AppData\Local\Temp\\MessengerCache\xZQsceKVGaVSwbij0TWLrEP9fPs=
2008-02-27 19:52 12617 --a------ C:\Users\Kueco\AppData\Local\Temp\\MessengerCache\nsh3bDX+8enO2FEsGgvQwuVy+OyY=
2008-02-27 19:48 21489 --a------ C:\Users\Kueco\AppData\Local\Temp\\MessengerCache\DjR6fHm1qwgzkQ0BAgIU2TqN84o=
2008-02-27 19:40 27795 --a------ C:\Users\Kueco\AppData\Local\Temp\\MessengerCache\wcj3C8rhk2GD1BJXWCpLqwCf9Mo=
2008-02-27 19:39 26928 --a------ C:\Users\Kueco\AppData\Local\Temp\\MessengerCache\gc125hZxC1LNW8ONS7kuX3FBcPo=
2008-02-27 19:35 2593 --a------ C:\Users\Kueco\AppData\Local\Temp\\MessengerCache\VpMh6MxKXkojqN7YiM2K9Kds2FqU=
2008-02-27 19:19 1256873 ---hs---- C:\Users\Kueco\AppData\Local\Temp\\qdhmbkod.ini2
2008-02-27 17:51 16384 --a------ C:\Users\Kueco\AppData\Local\Temp\\~DF4C9B.tmp
2008-02-27 10:35 85056 --------- C:\Users\Kueco\AppData\Local\Temp\\dokbmhdq.dll
2006-11-02 13:34 254216 --a------ C:\Users\Kueco\AppData\Local\Temp\\ppcrlui_4308_2
2006-11-02 13:34 254216 --a------ C:\Users\Kueco\AppData\Local\Temp\\ppcrlui_2596_2
2006-11-02 13:34 254216 --a------ C:\Users\Kueco\AppData\Local\Temp\\ppcrlui_2412_2
2006-11-02 13:34 254216 --a------ C:\Users\Kueco\AppData\Local\Temp\\ppcrlui_2136_2
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"82bfbea2"="C:\Users\Kueco\AppData\Local\Temp\dokbmhdq.dll" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-26 04:53 1006264]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-25 07:03 17920]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-09-24 10:27 159744]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [ ]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 19:23 405504]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-16 07:54 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-16 07:53 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-16 07:54 81920]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-05-16 07:54 67584]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]
"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008-01-25 21:20 77824]
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 17:43 118784]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37 81920]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 12:22 221184]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 18:30 152144]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-25 21:35 1838592]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-11-01 16:39 189736]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 12:35 221184]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 14:18 267048]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2006-01-18 15:52 266280]
"combofix"="C:\Windows\system32\kmd.exe" [2006-11-02 10:44 320000]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 18:55:50 703280]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-01-25 21:23:39 50688]
QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2008-01-25 21:22:40 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{67D99ACC-179D-4EB2-A026-96D5878773F4}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{F552F0E2-9EEB-4BBA-8516-9F9F4E286BB2}"= TCP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{8C1A063A-DE1C-451C-ABCF-BB6F9ABDF343}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect|Desc=Dell MediaDirect
"{F8135FA2-5091-47E1-8DD8-AC4B3F7E33E9}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program|Desc=CyberLink PowerCinema Resident Program
"{DF81F6C6-585F-4200-9AD5-C83E03EA197B}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine|Desc=Cyberlink Media Server Browser Engine
"{75BFC0CF-D451-45BA-BA98-46706F2FEF56}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server|Desc=CyberLink Media Server
"{3A8E909C-4E21-465B-BC6F-D966CFA6968A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{FC324445-3C18-4984-BF3F-7175E7CF7D6E}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{8766899A-D869-40ED-AF0B-7C587395DCE9}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{41DF32A4-F9F3-4CE3-81F7-DC22883D04B6}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{38E38B6D-B70E-4BFE-97CA-4FA4B37211CA}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-08-29 22:25]
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service []
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 01:39]
R3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-02-25 15:14]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-12-03 06:58]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-12-03 06:59]
S3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2006-11-07 02:37]
S3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2006-11-07 00:13]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-07 00:13]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 08:36]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0049155b-e119-11dc-a2f3-001d09b64a6c}]
\shell\AutoRun\command - RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00491570-e119-11dc-a2f3-001d09b64a6c}]
\shell\AutoRun\command - RavMon.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-25 20:41:47 C:\Windows\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-01-25 20:41:47 C:\Windows\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-28 18:20:10
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-28 18:22:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-28 17:22:06
ComboFix2.txt 2008-02-27 18:19:29
.
2008-02-16 08:01:15 --- E O F ---
En revanche, un autre message d'erreur est apparu à l'ouverture de la session, il dit ceci:
Erreur de chargement de C:\User\Kueco\AppData\Local\Temp\dokbmhdq.dll
Le module spécifié est introuvable.
Je ne sais pas si c'est en rapport avec celui d'avant?
Dernière édition par Kueco le 28 Fév 2008 20:37, édité 1 fois.
- Kueco
- Messages: 11
- Inscription: 27 Fév 2008 18:37
Re: Entrée manquante au démarrage : runDLL
par Falkra » 28 Fév 2008 18:42
IL en reste, poste un nouveau rapport HijackThis stp.
-
Falkra - Admin libellules.ch
- Messages: 24424
- Inscription: 30 Jan 2005 13:44
- Localisation: 127.0.0.1
Re: Entrée manquante au démarrage : runDLL
par Kueco » 28 Fév 2008 18:43
Voilà
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:44:20, on 28.02.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\Explorer.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Dofus\dofus.dll
C:\Program Files\Dofus\dofus.dll
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe
C:\Users\Kueco\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ch/ig/dell?hl=fr&clie ... bd=4080126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 11327 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:44:20, on 28.02.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\Explorer.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Dofus\dofus.dll
C:\Program Files\Dofus\dofus.dll
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe
C:\Users\Kueco\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ch/ig/dell?hl=fr&clie ... bd=4080126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 11327 bytes
- Kueco
- Messages: 11
- Inscription: 27 Fév 2008 18:37
Re: Entrée manquante au démarrage : runDLL
par Falkra » 28 Fév 2008 18:50
Je ne vois plus de trace de l'animal, il devrait être déjà supprimé.
Redémarre et vois s'il reste des problèmes, j'ai l'impression que ton message est apparu avant le passage du script, ce qui serait logique.
@ toute
Redémarre et vois s'il reste des problèmes, j'ai l'impression que ton message est apparu avant le passage du script, ce qui serait logique.
@ toute
-
Falkra - Admin libellules.ch
- Messages: 24424
- Inscription: 30 Jan 2005 13:44
- Localisation: 127.0.0.1
Re: Entrée manquante au démarrage : runDLL
par Kueco » 28 Fév 2008 19:00
OUI! ça à l'air de fonctionner normalement. En tout cas Windows de ne se ferme plus et aucun message d'erreur ne s'est affiché.
Mille merci!
Mille merci!
- Kueco
- Messages: 11
- Inscription: 27 Fév 2008 18:37
Re: Entrée manquante au démarrage : runDLL
par Falkra » 28 Fév 2008 20:33
C'est réglé alors.
Un chose, je vois Avira AntiVir PersonalEdition Classic installé, avec aussi Network Associates McAfee VirusScan.
Ca fait 2 antivirus résident ensemble, ça doit gentiment ramer, non ?
Petite lecture, pour éviter bien des infections (conseils de protection et prévention).
Un chose, je vois Avira AntiVir PersonalEdition Classic installé, avec aussi Network Associates McAfee VirusScan.
Ca fait 2 antivirus résident ensemble, ça doit gentiment ramer, non ?
Petite lecture, pour éviter bien des infections (conseils de protection et prévention).
-
Falkra - Admin libellules.ch
- Messages: 24424
- Inscription: 30 Jan 2005 13:44
- Localisation: 127.0.0.1
Re: Entrée manquante au démarrage : runDLL
par Kueco » 28 Fév 2008 20:36
J'ai pas mal de ram ça va, mais j'ai viré McAfee.
Tout le monde conseil Antivir et puisqu'il est gratuit faut pas se géner!
Tout le monde conseil Antivir et puisqu'il est gratuit faut pas se géner!
- Kueco
- Messages: 11
- Inscription: 27 Fév 2008 18:37
14 messages
• Page 1 sur 1
Qui est en ligne
Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 2 invités
Développé par phpBB® Forum Software © phpBB Group
Traduction par phpBB-fr.com
Traduction par phpBB-fr.com
phpBB Metro Theme by PixelGoose Studio