spyware sur un PC tout neuf ... :/
Dernière réponse : dans Sécurité
Bonjour à tous !
Comme beaucoup sur ce forum, j'ai des soucis avec des spyware...
J'ai IE qui freeze et qui ne "répond plus", et dans Firefox je ne peux plus "enregistrer l'image sous"...
j'ai essayé de désinstaller puis réinstaller ff mais c'est toujours pareil.
J'ai AVG comme antivirus, qui me trouve :
trojan horse generic2.FAA
trojan horse dialer.DDA
Spybot qui me trouve : double click, Mediaplex, Smitfraud-C.toolbar888, winsoftware.WinAntivirusPro2006
J'ai également fait un scan avec Jijack This ce qui me donne :
Logfile of HijackThis v1.99.1
Scan saved at 16:12:59, on 07/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\Pmxmiced.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Elise\Bureau\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row-rel&channel...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/hws/sb/dell-row-rel/fr/side.html?c...
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row-rel&channel...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0A5DCF3B-7BFB-2F28-F2E8-06D5FB26E3BF} - C:\WINDOWS\system32\hbri.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [wytskbk.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Elise\Local Settings\Application Data\wytskbk.dll",igzbqi
O4 - HKLM\..\Run: [{7827FE8C-0D3D-1036-1130-0630021}] "C:\Program Files\Fichiers communs\{7827FE8C-0D3D-1036-1130-0630021}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ekpyerf.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Elise\Local Settings\Application Data\ekpyerf.dll",dwdrqp
O4 - HKLM\..\Run: [syswin] C:\WINDOWS\system32\v6.exe
O4 - HKLM\..\Run: [rkpyvgn.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Elise\Local Settings\Application Data\rkpyvgn.dll",mapkhy
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Toae] "C:\DOCUME~1\Elise\MESDOC~1\FNTS~1\dllhost.exe" -vt yazb
O4 - HKCU\..\Run: [Umgz] "C:\WINDOWS\system32\??sembly\w?aclt.exe" 99001162
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - http://www.inquiero.com/inquiero/mod/setup/ntractivex11...
O17 - HKLM\System\CCS\Services\Tcpip\..\{264ABCB4-8792-4BD0-A806-06180BF35A65}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Unknown owner - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: wampapache - Unknown owner - C:\Program Files\wamp\apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\mysql\bin\mysqld-nt.exe" "--defaults-file=C:\Program Files\wamp\mysql\my.ini" wampmysqld (file missing)
Merci de m'aider...![:(]( ":(")
Comme beaucoup sur ce forum, j'ai des soucis avec des spyware...
J'ai IE qui freeze et qui ne "répond plus", et dans Firefox je ne peux plus "enregistrer l'image sous"...
j'ai essayé de désinstaller puis réinstaller ff mais c'est toujours pareil.
J'ai AVG comme antivirus, qui me trouve :
trojan horse generic2.FAA
trojan horse dialer.DDA
Spybot qui me trouve : double click, Mediaplex, Smitfraud-C.toolbar888, winsoftware.WinAntivirusPro2006
J'ai également fait un scan avec Jijack This ce qui me donne :
Logfile of HijackThis v1.99.1
Scan saved at 16:12:59, on 07/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\Pmxmiced.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Elise\Bureau\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row-rel&channel...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/hws/sb/dell-row-rel/fr/side.html?c...
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row-rel&channel...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0A5DCF3B-7BFB-2F28-F2E8-06D5FB26E3BF} - C:\WINDOWS\system32\hbri.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [wytskbk.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Elise\Local Settings\Application Data\wytskbk.dll",igzbqi
O4 - HKLM\..\Run: [{7827FE8C-0D3D-1036-1130-0630021}] "C:\Program Files\Fichiers communs\{7827FE8C-0D3D-1036-1130-0630021}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ekpyerf.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Elise\Local Settings\Application Data\ekpyerf.dll",dwdrqp
O4 - HKLM\..\Run: [syswin] C:\WINDOWS\system32\v6.exe
O4 - HKLM\..\Run: [rkpyvgn.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Elise\Local Settings\Application Data\rkpyvgn.dll",mapkhy
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Toae] "C:\DOCUME~1\Elise\MESDOC~1\FNTS~1\dllhost.exe" -vt yazb
O4 - HKCU\..\Run: [Umgz] "C:\WINDOWS\system32\??sembly\w?aclt.exe" 99001162
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - http://www.inquiero.com/inquiero/mod/setup/ntractivex11...
O17 - HKLM\System\CCS\Services\Tcpip\..\{264ABCB4-8792-4BD0-A806-06180BF35A65}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Unknown owner - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: wampapache - Unknown owner - C:\Program Files\wamp\apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\mysql\bin\mysqld-nt.exe" "--defaults-file=C:\Program Files\wamp\mysql\my.ini" wampmysqld (file missing)
Merci de m'aider...
Autres pages sur : spyware
Lassé par la pub ? Créez un compte
Bonjour,
Etais-tu protégé lors de ta première connection ?
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
Double-clique VundoFix.exe afin de le lancer
Clique sur le bouton Scan for Vundo
Lorsque le scan est complété, clique sur le bouton Remove Vundo
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
Etais-tu protégé lors de ta première connection ?
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
Merci pour ta réponse !
voilà le contenu du rapport vundo :
Listing files found while scanning....
C:\WINDOWS\system32\cbxxxvw.dll
C:\WINDOWS\system32\iuafulos.dll
C:\WINDOWS\system32\khfghih.dll
C:\WINDOWS\system32\ljjjiih.dll
C:\WINDOWS\system32\mlnmp.bak1
C:\WINDOWS\system32\mlnmp.ini
C:\WINDOWS\system32\pmnlm.dll
C:\WINDOWS\system32\solufaui.ini
C:\WINDOWS\system32\xwogwjqt.exe
Beginning removal...
Attempting to delete C:\WINDOWS\system32\cbxxxvw.dll
C:\WINDOWS\system32\cbxxxvw.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\iuafulos.dll
C:\WINDOWS\system32\iuafulos.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\khfghih.dll
C:\WINDOWS\system32\khfghih.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ljjjiih.dll
C:\WINDOWS\system32\ljjjiih.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mlnmp.bak1
C:\WINDOWS\system32\mlnmp.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\mlnmp.ini
C:\WINDOWS\system32\mlnmp.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmnlm.dll
C:\WINDOWS\system32\pmnlm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\solufaui.ini
C:\WINDOWS\system32\solufaui.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\xwogwjqt.exe
C:\WINDOWS\system32\xwogwjqt.exe Has been deleted!
Performing Repairs to the registry.
Done!
et voilà pour HiJackThis :
Logfile of HijackThis v1.99.1
Scan saved at 16:52:36, on 07/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\Pmxmiced.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Elise\Bureau\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row-rel&channel...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/hws/sb/dell-row-rel/fr/side.html?c...
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row-rel&channel...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0A5DCF3B-7BFB-2F28-F2E8-06D5FB26E3BF} - C:\WINDOWS\system32\hbri.dll
O2 - BHO: (no name) - {0A5DCF3B-7BFB-2F28-F2E8-06D5FB26E3BF} - C:\WINDOWS\system32\hbri.dll
O2 - BHO: (no name) - {3040E20B-B0FB-3A2C-0AD4-07B43B75AB18} - C:\WINDOWS\system32\awfftlk.dll
O2 - BHO: (no name) - {3BFE8843-669B-AE21-7694-057D9C76831C} - C:\WINDOWS\system32\wcbhhtk.dll
O2 - BHO: (no name) - {3D601AC8-4030-90FD-B233-0A98B13B68B4} - C:\WINDOWS\system32\bwrfauc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {563AF8EA-5807-4FBC-A58E-ED7D9838F9C7} - C:\WINDOWS\system32\cbxxxvw.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {737CA0E9-8EBE-44A1-9ACD-9D6D5BFDE6FC} - C:\WINDOWS\system32\pmnlm.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [wytskbk.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Elise\Local Settings\Application Data\wytskbk.dll",igzbqi
O4 - HKLM\..\Run: [{7827FE8C-0D3D-1036-1130-0630021}] "C:\Program Files\Fichiers communs\{7827FE8C-0D3D-1036-1130-0630021}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ekpyerf.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Elise\Local Settings\Application Data\ekpyerf.dll",dwdrqp
O4 - HKLM\..\Run: [syswin] C:\WINDOWS\system32\v6.exe
O4 - HKLM\..\Run: [rkpyvgn.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Elise\Local Settings\Application Data\rkpyvgn.dll",mapkhy
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Toae] "C:\DOCUME~1\Elise\MESDOC~1\FNTS~1\dllhost.exe" -vt yazb
O4 - HKCU\..\Run: [Umgz] "C:\WINDOWS\system32\??sembly\w?aclt.exe" 99001162
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - http://www.inquiero.com/inquiero/mod/setup/ntractivex11...
O17 - HKLM\System\CCS\Services\Tcpip\..\{264ABCB4-8792-4BD0-A806-06180BF35A65}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: winmfu32 - C:\WINDOWS\SYSTEM32\winmfu32.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Unknown owner - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: wampapache - Unknown owner - C:\Program Files\wamp\apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\mysql\bin\mysqld-nt.exe" "--defaults-file=C:\Program Files\wamp\mysql\my.ini" wampmysqld (file missing)
En tous cas, ff remarche (je peux enregistrer les images à nouveau), alors je te remercie vivement de ton aide![:)]( ":)")
Effectivement, je n'étais pas protégée lors de la première connexion. En fait, ma boite vient de changer tout son matériel informatique et je pensais que dell (c'est chez eux qu'ils ont ahceté le matériel et qui sont venus l'installer) allait aussi mettre des antivirus sur les postes.
Malheureusement, ce n'était pas le cas et je m'en suis aperçue trop tard...
Mais j'avoue que c'était aussi de ma faute car j'ai voulu télécharger un keygen et à mon avis c'est plutôt ça qui à fait foirer le schmilblick... Ne t'inquiète pas j'ai déjà prévu de me fouetter les fesses avec des orties ce soir...![;)]( ";)")
C'est promis je le referais plus !
En tous cas, merci encore, j'ai vu que tu résouds les problèmes de tout le monde, c'est vraiment sympa !
(euh sinon j'ai encore tous les trojan que trouve AVG)![;)]( ";)")
Biz !
voilà le contenu du rapport vundo :
Listing files found while scanning....
C:\WINDOWS\system32\cbxxxvw.dll
C:\WINDOWS\system32\iuafulos.dll
C:\WINDOWS\system32\khfghih.dll
C:\WINDOWS\system32\ljjjiih.dll
C:\WINDOWS\system32\mlnmp.bak1
C:\WINDOWS\system32\mlnmp.ini
C:\WINDOWS\system32\pmnlm.dll
C:\WINDOWS\system32\solufaui.ini
C:\WINDOWS\system32\xwogwjqt.exe
Beginning removal...
Attempting to delete C:\WINDOWS\system32\cbxxxvw.dll
C:\WINDOWS\system32\cbxxxvw.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\iuafulos.dll
C:\WINDOWS\system32\iuafulos.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\khfghih.dll
C:\WINDOWS\system32\khfghih.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ljjjiih.dll
C:\WINDOWS\system32\ljjjiih.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mlnmp.bak1
C:\WINDOWS\system32\mlnmp.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\mlnmp.ini
C:\WINDOWS\system32\mlnmp.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmnlm.dll
C:\WINDOWS\system32\pmnlm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\solufaui.ini
C:\WINDOWS\system32\solufaui.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\xwogwjqt.exe
C:\WINDOWS\system32\xwogwjqt.exe Has been deleted!
Performing Repairs to the registry.
Done!
et voilà pour HiJackThis :
Logfile of HijackThis v1.99.1
Scan saved at 16:52:36, on 07/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\Pmxmiced.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Elise\Bureau\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row-rel&channel...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/hws/sb/dell-row-rel/fr/side.html?c...
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row-rel&channel...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0A5DCF3B-7BFB-2F28-F2E8-06D5FB26E3BF} - C:\WINDOWS\system32\hbri.dll
O2 - BHO: (no name) - {0A5DCF3B-7BFB-2F28-F2E8-06D5FB26E3BF} - C:\WINDOWS\system32\hbri.dll
O2 - BHO: (no name) - {3040E20B-B0FB-3A2C-0AD4-07B43B75AB18} - C:\WINDOWS\system32\awfftlk.dll
O2 - BHO: (no name) - {3BFE8843-669B-AE21-7694-057D9C76831C} - C:\WINDOWS\system32\wcbhhtk.dll
O2 - BHO: (no name) - {3D601AC8-4030-90FD-B233-0A98B13B68B4} - C:\WINDOWS\system32\bwrfauc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {563AF8EA-5807-4FBC-A58E-ED7D9838F9C7} - C:\WINDOWS\system32\cbxxxvw.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {737CA0E9-8EBE-44A1-9ACD-9D6D5BFDE6FC} - C:\WINDOWS\system32\pmnlm.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [wytskbk.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Elise\Local Settings\Application Data\wytskbk.dll",igzbqi
O4 - HKLM\..\Run: [{7827FE8C-0D3D-1036-1130-0630021}] "C:\Program Files\Fichiers communs\{7827FE8C-0D3D-1036-1130-0630021}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ekpyerf.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Elise\Local Settings\Application Data\ekpyerf.dll",dwdrqp
O4 - HKLM\..\Run: [syswin] C:\WINDOWS\system32\v6.exe
O4 - HKLM\..\Run: [rkpyvgn.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Elise\Local Settings\Application Data\rkpyvgn.dll",mapkhy
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Toae] "C:\DOCUME~1\Elise\MESDOC~1\FNTS~1\dllhost.exe" -vt yazb
O4 - HKCU\..\Run: [Umgz] "C:\WINDOWS\system32\??sembly\w?aclt.exe" 99001162
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - http://www.inquiero.com/inquiero/mod/setup/ntractivex11...
O17 - HKLM\System\CCS\Services\Tcpip\..\{264ABCB4-8792-4BD0-A806-06180BF35A65}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: winmfu32 - C:\WINDOWS\SYSTEM32\winmfu32.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Unknown owner - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: wampapache - Unknown owner - C:\Program Files\wamp\apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\mysql\bin\mysqld-nt.exe" "--defaults-file=C:\Program Files\wamp\mysql\my.ini" wampmysqld (file missing)
En tous cas, ff remarche (je peux enregistrer les images à nouveau), alors je te remercie vivement de ton aide
Effectivement, je n'étais pas protégée lors de la première connexion. En fait, ma boite vient de changer tout son matériel informatique et je pensais que dell (c'est chez eux qu'ils ont ahceté le matériel et qui sont venus l'installer) allait aussi mettre des antivirus sur les postes.
Malheureusement, ce n'était pas le cas et je m'en suis aperçue trop tard...
Mais j'avoue que c'était aussi de ma faute car j'ai voulu télécharger un keygen et à mon avis c'est plutôt ça qui à fait foirer le schmilblick... Ne t'inquiète pas j'ai déjà prévu de me fouetter les fesses avec des orties ce soir...
C'est promis je le referais plus !
En tous cas, merci encore, j'ai vu que tu résouds les problèmes de tout le monde, c'est vraiment sympa !
(euh sinon j'ai encore tous les trojan que trouve AVG)
Biz !
On est loin d'avoir finit !
- Assure toi d'avoir accès aux dossiers/fichiers cachés
-> Démarrer
-> Panneau de configuration
-> Options des Dossiers, onglet Affichage :
. Clique sur Afficher les dossiers cachés
. Décoche Masquer les extensions des fichiers dont le type est connu
. Décoche Masquer les fichiers protégés du système d'exploitation
S'il te plaît, va ici pour uploader un fichier douteux pour analyse.
"Your Username:" - Entre ton pseudo sur ce forum
"Topic Where File Was Requested:" - Copie-colle le lien vers cette discussion
"File(s) To Submit:" - Bouton "Parcourir..." pour naviguer vers ce nom de fichier : C:\WINDOWS\SYSTEM32\winmfu32.dll
Cliquez sur Send File
**********
- Lance Hijackthis ->Do a system scan only
->Coche les lignes ci-dessous :
R3 - URLSearchHook: (no name) - {0A5DCF3B-7BFB-2F28-F2E8-06D5FB26E3BF} - C:\WINDOWS\system32\hbri.dll
O2 - BHO: (no name) - {0A5DCF3B-7BFB-2F28-F2E8-06D5FB26E3BF} - C:\WINDOWS\system32\hbri.dll
O2 - BHO: (no name) - {3040E20B-B0FB-3A2C-0AD4-07B43B75AB18} - C:\WINDOWS\system32\awfftlk.dll
O2 - BHO: (no name) - {3BFE8843-669B-AE21-7694-057D9C76831C} - C:\WINDOWS\system32\wcbhhtk.dll
O2 - BHO: (no name) - {3D601AC8-4030-90FD-B233-0A98B13B68B4} - C:\WINDOWS\system32\bwrfauc.dll
O2 - BHO: (no name) - {563AF8EA-5807-4FBC-A58E-ED7D9838F9C7} - C:\WINDOWS\system32\cbxxxvw.dll (file missing)
O2 - BHO: (no name) - {737CA0E9-8EBE-44A1-9ACD-9D6D5BFDE6FC} - C:\WINDOWS\system32\pmnlm.dll (file missing)
O4 - HKLM\..\Run: [wytskbk.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Elise\Local Settings\Application Data\wytskbk.dll",igzbqi
O4 - HKLM\..\Run: [{7827FE8C-0D3D-1036-1130-0630021}] "C:\Program Files\Fichiers communs\{7827FE8C-0D3D-1036-1130-0630021}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ekpyerf.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Elise\Local Settings\Application Data\ekpyerf.dll",dwdrqp
O4 - HKLM\..\Run: [syswin] C:\WINDOWS\system32\v6.exe
O4 - HKLM\..\Run: [rkpyvgn.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Elise\Local Settings\Application Data\rkpyvgn.dll",mapkhy
O4 - HKCU\..\Run: [Toae] "C:\DOCUME~1\Elise\MESDOC~1\FNTS~1\dllhost.exe" -vt yazb
O4 - HKCU\..\Run: [Umgz] "C:\WINDOWS\system32\??sembly\w?aclt.exe" 99001162
O20 - Winlogon Notify: winmfu32 - C:\WINDOWS\SYSTEM32\winmfu32.dll
Clique sur Fix checked (en bas à gauche)
**********
Télécharge KillBox d'Option^Explicit.
Dézippe le dans un dossier ou sur ton bureau (Clique droit puis Extraire Tout).
Selectionne le texte dans le cadre :
C:\WINDOWS\system32\awfftlk.dll
C:\WINDOWS\system32\wcbhhtk.dll
C:\WINDOWS\system32\bwrfauc.dll
C:\Documents and Settings\Elise\Local Settings\Application Data\wytskbk.dll
C:\WINDOWS\system32\v6.exe
C:\Documents and Settings\Elise\Local Settings\Application Data\rkpyvgn.dll
C:\WINDOWS\SYSTEM32\winmfu32.dll
---> Clique Droit puis Copier.
----------
-- Ouvre Killbox.exe
-- Choisis "Delete on reboot"
-- Clique sur :
- " File " -> " Paste from Clipboard "
- " All Files "
Pour terminer clique sur![[:angeldark:3]]( "[:angeldark:3]")
Une question te sera alors posée :
" File will be Removed on Reboot, Do you want to reboot now ? "
-- Répond par OUI, un compte à rebours s'enclenche, ton PC va redémarrer.
-- Après redémarrage, relance Killbox puis clique sur le menu : Files -> Logs -> Actions History Log, poste ce rapport ici.
NOTE: Si tu reçois le message "PendingFileRenameOperations Registry Data has been removed by external process!"
Redémarre ton PC manuellement.
AIDE : Tuto sur KillBox (Jesses)
**********
Combofix devrait faire un gros nettoyage.
Quand on aura finit, regarde bien les conseils de protections![;)]( ";)")
Télécharge combofix.exe (par sUBs) sur ton Bureau
Double clique combofix.exe.
Tape sur la touche Y (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
- Assure toi d'avoir accès aux dossiers/fichiers cachés
-> Démarrer
-> Panneau de configuration
-> Options des Dossiers, onglet Affichage :
. Clique sur Afficher les dossiers cachés
. Décoche Masquer les extensions des fichiers dont le type est connu
. Décoche Masquer les fichiers protégés du système d'exploitation
S'il te plaît, va ici pour uploader un fichier douteux pour analyse.
**********
- Lance Hijackthis ->Do a system scan only
->Coche les lignes ci-dessous :
R3 - URLSearchHook: (no name) - {0A5DCF3B-7BFB-2F28-F2E8-06D5FB26E3BF} - C:\WINDOWS\system32\hbri.dll
O2 - BHO: (no name) - {0A5DCF3B-7BFB-2F28-F2E8-06D5FB26E3BF} - C:\WINDOWS\system32\hbri.dll
O2 - BHO: (no name) - {3040E20B-B0FB-3A2C-0AD4-07B43B75AB18} - C:\WINDOWS\system32\awfftlk.dll
O2 - BHO: (no name) - {3BFE8843-669B-AE21-7694-057D9C76831C} - C:\WINDOWS\system32\wcbhhtk.dll
O2 - BHO: (no name) - {3D601AC8-4030-90FD-B233-0A98B13B68B4} - C:\WINDOWS\system32\bwrfauc.dll
O2 - BHO: (no name) - {563AF8EA-5807-4FBC-A58E-ED7D9838F9C7} - C:\WINDOWS\system32\cbxxxvw.dll (file missing)
O2 - BHO: (no name) - {737CA0E9-8EBE-44A1-9ACD-9D6D5BFDE6FC} - C:\WINDOWS\system32\pmnlm.dll (file missing)
O4 - HKLM\..\Run: [wytskbk.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Elise\Local Settings\Application Data\wytskbk.dll",igzbqi
O4 - HKLM\..\Run: [{7827FE8C-0D3D-1036-1130-0630021}] "C:\Program Files\Fichiers communs\{7827FE8C-0D3D-1036-1130-0630021}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ekpyerf.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Elise\Local Settings\Application Data\ekpyerf.dll",dwdrqp
O4 - HKLM\..\Run: [syswin] C:\WINDOWS\system32\v6.exe
O4 - HKLM\..\Run: [rkpyvgn.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Elise\Local Settings\Application Data\rkpyvgn.dll",mapkhy
O4 - HKCU\..\Run: [Toae] "C:\DOCUME~1\Elise\MESDOC~1\FNTS~1\dllhost.exe" -vt yazb
O4 - HKCU\..\Run: [Umgz] "C:\WINDOWS\system32\??sembly\w?aclt.exe" 99001162
O20 - Winlogon Notify: winmfu32 - C:\WINDOWS\SYSTEM32\winmfu32.dll
Clique sur Fix checked (en bas à gauche)
**********
Télécharge KillBox d'Option^Explicit.
Dézippe le dans un dossier ou sur ton bureau (Clique droit puis Extraire Tout).
Selectionne le texte dans le cadre :
Citation :
C:\WINDOWS\system32\hbri.dllC:\WINDOWS\system32\awfftlk.dll
C:\WINDOWS\system32\wcbhhtk.dll
C:\WINDOWS\system32\bwrfauc.dll
C:\Documents and Settings\Elise\Local Settings\Application Data\wytskbk.dll
C:\WINDOWS\system32\v6.exe
C:\Documents and Settings\Elise\Local Settings\Application Data\rkpyvgn.dll
C:\WINDOWS\SYSTEM32\winmfu32.dll
---> Clique Droit puis Copier.
----------
-- Ouvre Killbox.exe
-- Choisis "Delete on reboot"
-- Clique sur :
- " File " -> " Paste from Clipboard "
- " All Files "
Pour terminer clique sur
![[:angeldark:3]](http://m.bestofmedia.com/sfp/design/usr/fr/smilies/ff/f1/angeldark:3.gif "[:angeldark:3]")
Une question te sera alors posée :
" File will be Removed on Reboot, Do you want to reboot now ? "
-- Répond par OUI, un compte à rebours s'enclenche, ton PC va redémarrer.
-- Après redémarrage, relance Killbox puis clique sur le menu : Files -> Logs -> Actions History Log, poste ce rapport ici.
NOTE: Si tu reçois le message "PendingFileRenameOperations Registry Data has been removed by external process!"
Redémarre ton PC manuellement.
AIDE : Tuto sur KillBox (Jesses)
**********
Combofix devrait faire un gros nettoyage.
Quand on aura finit, regarde bien les conseils de protections
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Le log de KillBox :
Pocket Killbox version 2.0.0.648
Running on Windows XP as Elise(Administrator)
was started @ mercredi, février 07, 2007, 5:24 PM
# 1 [Delete on Reboot]
Path = C:\WINDOWS\system32\awfftlk.dll
# 2 [Delete on Reboot]
Path = C:\WINDOWS\system32\wcbhhtk.dll
# 3 [Delete on Reboot]
Path = C:\WINDOWS\system32\bwrfauc.dll
# 4 [Delete on Reboot]
Path = C:\Documents and Settings\Elise\Local Settings\Application Data\wytskbk.dll
# 5 [Delete on Reboot]
Path = C:\Documents and Settings\Elise\Local Settings\Application Data\rkpyvgn.dll
# 6 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM32\winmfu32.dll
I Rebooted @ 5:26:34 PM
Killbox Closed(Exit) @ 5:26:35 PM
Rapport de ComboFix :
C:\Program Files\Fichiers communs\Yazzle1162OinUninstaller.exe
C:\WINDOWS\system32\unsvchosts.lzma
C:\WINDOWS\system32\wnsintsv.exe
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\DOCUME~1
C:\qoobox\purity\DOCUME~1\Elise
C:\qoobox\purity\DOCUME~1\Elise\Mes documents
C:\qoobox\purity\DOCUME~1\Elise\Mes documents\FNTS~1
C:\qoobox\purity\DOCUME~1\Elise\Mes documents\from.txt
C:\qoobox\purity\DOCUME~1\Elise\Mes documents\FNTS~1\F?nts
C:\qoobox\purity\Program Files\SSTEM3~1
C:\qoobox\purity\WINDOWS\system32\SEMBLY~1
((((((((((((((((((((((((((((((( Files Created from 2007-01-07 to 2007-02-07 ))))))))))))))))))))))))))))))))))
2007-02-07 17:24 <REP> d-------- C:\!KillBox
2007-02-07 16:44 <REP> d-------- C:\VundoFix Backups
2007-02-07 15:32 95,232 --a------ C:\WINDOWS\system32\rkpyvgn.dll
2007-02-07 15:32 12,372,231 --------- C:\AVG7QT.DAT
2007-02-07 15:08 95,232 --a------ C:\WINDOWS\system32\ekpyerf.dll
2007-02-07 14:45 <REP> d-------- C:\Program Files\Lavasoft
2007-02-07 14:45 <REP> d-------- C:\DOCUME~1\Elise\Application Data\Lavasoft
2007-02-07 14:44 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-02-07 13:29 <REP> d-------- C:\Program Files\Quark
2007-02-07 13:24 <REP> dr-h----- C:\$VAULT$.AVG
2007-02-07 13:23 <REP> d-------- C:\DOCUME~1\LOCALS~1\Application Data\AVG7
2007-02-07 13:23 <REP> d-------- C:\DOCUME~1\Elise\Application Data\AVG7
2007-02-07 13:22 816,672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2007-02-07 13:22 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2007-02-07 13:22 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2007-02-07 13:22 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2007-02-07 13:22 18,240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2007-02-07 13:22 <REP> d-------- C:\Program Files\Grisoft
2007-02-07 13:22 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Grisoft
2007-02-07 13:22 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\avg7
2007-02-07 13:19 95,232 --a------ C:\WINDOWS\system32\wytskbk.dll
2007-02-07 13:10 <REP> d-------- C:\Program Files\DAEMON Tools
2007-02-07 13:08 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-02-07 13:00 1,168 --a------ C:\WINDOWS\mozver.dat
2007-02-07 12:08 <REP> d-------- C:\Program Files\wamp
2007-02-07 11:54 <REP> d-------- C:\DOCUME~1\Elise\Application Data\Adobe
2007-02-07 11:54 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2007-02-07 11:50 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2007-02-07 11:50 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2007-02-07 11:50 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Macrovision
2007-02-07 10:33 <REP> d-------- C:\Program Files\FileZilla
2007-02-07 10:12 0 --a------ C:\WINDOWS\nsreg.dat
2007-02-07 10:12 <REP> d-------- C:\Program Files\Mozilla Firefox
2007-01-31 09:14 <REP> d-------- C:\WINDOWS\WBEM
2007-01-31 09:14 <REP> d-------- C:\WINDOWS\system32\fr-fr
2007-01-31 09:13 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2007-01-31 09:13 <REP> d--h-c--- C:\WINDOWS\ie7
2007-01-31 09:12 <REP> d-------- C:\WINDOWS\network diagnostic
2007-01-31 09:05 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2007-01-31 09:03 <REP> d--hs---- C:\DOCUME~1\Elise\UserData
2007-01-31 08:57 <REP> d-------- C:\DOCUME~1\Elise\Application Data\Google
2007-01-31 08:53 <REP> d-------- C:\DOCUME~1\Elise\Application Data\ntr
2007-01-31 08:47 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Google
2007-01-31 08:35 <REP> d-------- C:\WINDOWS\system32\PreInstall
2007-01-31 08:33 262,144 --a------ C:\DOCUME~1\ALLUSE~1\NTUSER.DAT
2007-01-31 08:33 2,097,152 --ah----- C:\DOCUME~1\Elise\NTUSER.DAT
2007-01-31 08:33 <REP> dr------- C:\DOCUME~1\Elise\Mes documents
2007-01-31 08:33 <REP> dr------- C:\DOCUME~1\Elise\Menu D‚marrer
2007-01-31 08:33 <REP> dr------- C:\DOCUME~1\Elise\Favoris
2007-01-31 08:33 <REP> d--h----- C:\DOCUME~1\Elise\Voisinage r‚seau
2007-01-31 08:33 <REP> d--h----- C:\DOCUME~1\Elise\Voisinage d'impression
2007-01-31 08:33 <REP> d--h----- C:\DOCUME~1\Elise\ModŠles
2007-01-31 08:33 <REP> d--h----- C:\DOCUME~1\Elise\Application Data\Gtek
2007-01-31 08:33 <REP> d-------- C:\DOCUME~1\Elise\Bureau
2007-01-31 08:32 <REP> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-01-31 08:23 18,432 --a------ C:\WINDOWS\system32\drivers\pmxmouse.sys
2007-01-31 08:23 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-01-31 08:23 14,336 --a------ C:\WINDOWS\system32\drivers\pmxusblf.sys
2007-01-31 08:23 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-01-22 19:59 <REP> d--hs---- C:\RECYCLER
2007-01-22 19:56 33,340 --a------ C:\WINDOWS\system32\dbmsqlgc.dll
2007-01-22 19:56 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-01-22 19:56 24,576 --a------ C:\WINDOWS\system32\dbmsgnet.dll
2007-01-22 19:56 <REP> d-------- C:\Program Files\Microsoft Visual Studio .NET 2003
2007-01-22 19:56 <REP> d-------- C:\Program Files\Microsoft SQL Server
2007-01-22 19:56 <REP> d-------- C:\Program Files\Microsoft Small Business
2007-01-22 19:56 <REP> d-------- C:\Program Files\Fichiers communs\Crystal Decisions
2007-01-22 19:54 <REP> d--h----- C:\DOCUME~1\DEFAUL~1\Application Data\Gtek
2007-01-22 19:54 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Application Data\GTek
2007-01-22 19:54 <REP> d-------- C:\Program Files\Sonic
2007-01-22 19:54 <REP> d-------- C:\Program Files\Google
2007-01-22 19:54 <REP> d-------- C:\Program Files\Dell Support
2007-01-22 19:54 <REP> d-------- C:\Program Files\BAE
2007-01-22 19:54 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\InstallShield
2007-01-22 19:54 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\GTek
2007-01-22 19:53 94,263 --a------ C:\WINDOWS\DLA.EXE
2007-01-22 19:53 89,264 --a------ C:\WINDOWS\system32\drivers\DRVMCDB.SYS
2007-01-22 19:53 61,500 --a------ C:\WINDOWS\system32\DLAAPI_W.DLL
2007-01-22 19:53 5,628 --a------ C:\WINDOWS\system32\drivers\DLACDBHM.SYS
2007-01-22 19:53 40,544 --a------ C:\WINDOWS\system32\drivers\DRVNDDM.SYS
2007-01-22 19:53 24,816 --a------ C:\WINDOWS\system32\mdimon.dll
2007-01-22 19:53 22,684 --a------ C:\WINDOWS\system32\drivers\DLARTL_N.SYS
2007-01-22 19:53 <REP> d-------- C:\WINDOWS\system32\DLA
2007-01-22 19:53 <REP> d-------- C:\Program Files\Roxio
2007-01-22 19:53 <REP> d-------- C:\Program Files\Fichiers communs\Sonic Shared
2007-01-22 19:52 <REP> d-------- C:\WINDOWS\SHELLNEW
2007-01-22 19:52 <REP> d-------- C:\Program Files\Microsoft.NET
2007-01-22 19:52 <REP> d-------- C:\Program Files\Microsoft Works
2007-01-22 19:51 94,208 --a------ C:\WINDOWS\system32\Pelzoom.dll
2007-01-22 19:51 9,600 --a------ C:\WINDOWS\system32\drivers\Hidusb.sys
2007-01-22 19:51 65,536 --a------ C:\WINDOWS\system32\pmxhooks.dll
2007-01-22 19:51 49,152 --a------ C:\WINDOWS\system32\pmxcomm.dll
2007-01-22 19:51 49,152 --a------ C:\WINDOWS\system32\ico.exe
2007-01-22 19:51 47,104 --a------ C:\WINDOWS\system32\ICONSPY.EXE
2007-01-22 19:51 40,960 --a------ C:\WINDOWS\system32\LaunHelp.exe
2007-01-22 19:51 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-01-22 19:51 303,104 --a------ C:\WINDOWS\system32\FontZoom.exe
2007-01-22 19:51 28,672 --a------ C:\WINDOWS\system32\UnInst.exe
2007-01-22 19:51 262,144 --a------ C:\WINDOWS\system32\pmxutil.dll
2007-01-22 19:51 2,277,376 --a------ C:\WINDOWS\system32\DellPM.exe
2007-01-22 19:51 143,360 --a------ C:\WINDOWS\system32\ApSwitch.exe
2007-01-22 19:51 131,072 --a------ C:\WINDOWS\system32\pmxscrll.dll
2007-01-22 19:51 126,976 --a------ C:\WINDOWS\system32\pmxmiced.exe
2007-01-22 19:51 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-01-22 19:51 <REP> d--h----- C:\Program Files\InstallShield Installation Information
2007-01-22 19:51 <REP> d-------- C:\WINDOWS\Downloaded Installations
2007-01-22 19:51 <REP> d-------- C:\Program Files\Fichiers communs\InstallShield
2007-01-22 19:51 <REP> d-------- C:\Program Files\Dell
2007-01-22 19:51 <REP> d-------- C:\Program Files\CyberLink
2007-01-22 19:51 <REP> d-------- C:\Program Files\Broadcom
2007-01-22 19:49 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-01-22 19:49 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-01-22 19:49 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-01-22 19:49 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-01-22 19:49 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-01-22 19:49 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-01-22 19:49 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-01-22 19:49 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-01-22 19:49 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-01-22 19:49 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-01-22 19:49 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-01-22 19:49 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-01-22 19:49 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-01-22 19:49 <REP> d-------- C:\Program Files\Analog Devices
2007-01-22 19:48 28,672 --------- C:\WINDOWS\system32\verclsid.exe
2007-01-22 19:48 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-01-22 19:48 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-01-22 19:46 <REP> d-------- C:\Program Files\Java
2007-01-22 19:46 <REP> d-------- C:\Program Files\Fichiers communs\Java
2007-01-22 19:44 <REP> d--h----- C:\WINDOWS\$hf_mig$
2007-01-22 19:36 167,936 --a------ C:\WINDOWS\system32\igfxres.dll
2007-01-22 19:34 397,312 --a------ C:\WINDOWS\system32\igxpun.exe
2007-01-22 19:34 <REP> d-------- C:\WINDOWS\system32\x64
2007-01-22 19:33 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-01-22 19:33 <REP> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-01-22 19:29 77,824 --a------ C:\WINDOWS\setpwr32.exe
2007-01-22 19:28 98,304 --a------ C:\WINDOWS\system32\igfxtray.exe
2007-01-22 19:28 98,304 --a------ C:\WINDOWS\system32\igfxdo.dll
2007-01-22 19:28 86,016 --a------ C:\WINDOWS\system32\hkcmd.exe
2007-01-22 19:28 81,920 --a------ C:\WINDOWS\system32\igfxpers.exe
2007-01-22 19:28 81,920 --a------ C:\WINDOWS\system32\hccutils.dll
2007-01-22 19:28 765,952 --a------ C:\WINDOWS\system\crlds3d.dll
2007-01-22 19:28 65,536 --a------ C:\WINDOWS\system32\a3d.dll
2007-01-22 19:28 48,128 --a------ C:\WINDOWS\system32\igxprd32.dll
2007-01-22 19:28 450,560 --a------ C:\WINDOWS\system32\igfxcfg.exe
2007-01-22 19:28 41,984 --a------ C:\WINDOWS\system32\igfxsrvc.dll
2007-01-22 19:28 392,960 --a------ C:\WINDOWS\system32\drivers\senfilt.sys
2007-01-22 19:28 348,880 --a------ C:\WINDOWS\system32\igmedkrn.dll
2007-01-22 19:28 309,760 --a------ C:\WINDOWS\system32\difxapi.dll
2007-01-22 19:28 309,760 --a------ C:\WINDOWS\system32\difx32.dll
2007-01-22 19:28 3,276,800 --a------ C:\WINDOWS\system32\igfxress.dll
2007-01-22 19:28 28,160 --a------ C:\WINDOWS\system32\PostProc.dll
2007-01-22 19:28 241,152 --a------ C:\WINDOWS\system32\drivers\ADIHdAud.sys
2007-01-22 19:28 23,552 --a------ C:\WINDOWS\system32\igfxexps.dll
2007-01-22 19:28 2,416,640 --a------ C:\WINDOWS\system32\ig4icd32.dll
2007-01-22 19:28 2,053,120 --a------ C:\WINDOWS\system32\igxpdx32.dll
2007-01-22 19:28 192,512 --a------ C:\WINDOWS\system32\igfxCoIn_v4642.dll
2007-01-22 19:28 188,416 --a------ C:\WINDOWS\system32\igfxsrvc.exe
2007-01-22 19:28 156,160 --a------ C:\WINDOWS\system32\drivers\b57xp32.sys
2007-01-22 19:28 155,648 --a------ C:\WINDOWS\system32\igfxpph.dll
2007-01-22 19:28 147,456 --a------ C:\WINDOWS\system32\igfxdev.dll
2007-01-22 19:28 140,800 --a------ C:\WINDOWS\system32\igxpgd32.dll
2007-01-22 19:28 118,784 --a------ C:\WINDOWS\system32\igfxext.exe
2007-01-22 19:28 106,496 --a------ C:\WINDOWS\system32\igfxzoom.exe
2007-01-22 19:28 1,294,784 --a------ C:\WINDOWS\system32\igxpdv32.dll
2007-01-22 19:28 1,204,224 --a------ C:\WINDOWS\system32\ig4dev32.dll
2007-01-22 19:28 1,095,968 --a------ C:\WINDOWS\system32\drivers\igxpmp32.sys
2007-01-22 19:28 <REP> d-------- C:\drivers
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-02-07 10:25 -------- d-------- C:\DOCUME~1\Elise\Application Data\macromedia
2007-02-07 10:23 -------- d-------- C:\Program Files\Fichiers communs\macromedia
2007-02-07 10:22 -------- d-------- C:\Program Files\macromedia
2007-02-07 10:13 -------- d---s---- C:\DOCUME~1\Elise\Application Data\microsoft
2007-02-07 10:12 -------- d-------- C:\DOCUME~1\Elise\Application Data\mozilla
2007-02-07 10:03 76144 --a------ C:\WINDOWS\system32\perfc00c.dat
2007-02-07 10:03 470624 --a------ C:\WINDOWS\system32\perfh00c.dat
2007-01-22 19:47 -------- d-------- C:\Program Files\messenger
2006-12-07 17:02 2174976 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-08 06:07 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"Persistence"="C:\\WINDOWS\\system32\\igfxpers.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
"PMX Daemon"="ICO.EXE"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"ISUSPM Startup"="C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Fichiers communs\\InstallShield\\UpdateService\\issch.exe\" -start"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"ekpyerf.dll"="C:\\WINDOWS\\system32\\rundll32.exe \"C:\\Documents and Settings\\Elise\\Local Settings\\Application Data\\ekpyerf.dll\",dwdrqp"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{563AF8EA-5807-4FBC-A58E-ED7D9838F9C7}"=""
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmfu32
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
********************************************************************
catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Voilà !
Merci encore![:)]( ":)")
Pocket Killbox version 2.0.0.648
Running on Windows XP as Elise(Administrator)
was started @ mercredi, février 07, 2007, 5:24 PM
# 1 [Delete on Reboot]
Path = C:\WINDOWS\system32\awfftlk.dll
# 2 [Delete on Reboot]
Path = C:\WINDOWS\system32\wcbhhtk.dll
# 3 [Delete on Reboot]
Path = C:\WINDOWS\system32\bwrfauc.dll
# 4 [Delete on Reboot]
Path = C:\Documents and Settings\Elise\Local Settings\Application Data\wytskbk.dll
# 5 [Delete on Reboot]
Path = C:\Documents and Settings\Elise\Local Settings\Application Data\rkpyvgn.dll
# 6 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM32\winmfu32.dll
I Rebooted @ 5:26:34 PM
Killbox Closed(Exit) @ 5:26:35 PM
Rapport de ComboFix :
C:\Program Files\Fichiers communs\Yazzle1162OinUninstaller.exe
C:\WINDOWS\system32\unsvchosts.lzma
C:\WINDOWS\system32\wnsintsv.exe
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\DOCUME~1
C:\qoobox\purity\DOCUME~1\Elise
C:\qoobox\purity\DOCUME~1\Elise\Mes documents
C:\qoobox\purity\DOCUME~1\Elise\Mes documents\FNTS~1
C:\qoobox\purity\DOCUME~1\Elise\Mes documents\from.txt
C:\qoobox\purity\DOCUME~1\Elise\Mes documents\FNTS~1\F?nts
C:\qoobox\purity\Program Files\SSTEM3~1
C:\qoobox\purity\WINDOWS\system32\SEMBLY~1
((((((((((((((((((((((((((((((( Files Created from 2007-01-07 to 2007-02-07 ))))))))))))))))))))))))))))))))))
2007-02-07 17:24 <REP> d-------- C:\!KillBox
2007-02-07 16:44 <REP> d-------- C:\VundoFix Backups
2007-02-07 15:32 95,232 --a------ C:\WINDOWS\system32\rkpyvgn.dll
2007-02-07 15:32 12,372,231 --------- C:\AVG7QT.DAT
2007-02-07 15:08 95,232 --a------ C:\WINDOWS\system32\ekpyerf.dll
2007-02-07 14:45 <REP> d-------- C:\Program Files\Lavasoft
2007-02-07 14:45 <REP> d-------- C:\DOCUME~1\Elise\Application Data\Lavasoft
2007-02-07 14:44 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-02-07 13:29 <REP> d-------- C:\Program Files\Quark
2007-02-07 13:24 <REP> dr-h----- C:\$VAULT$.AVG
2007-02-07 13:23 <REP> d-------- C:\DOCUME~1\LOCALS~1\Application Data\AVG7
2007-02-07 13:23 <REP> d-------- C:\DOCUME~1\Elise\Application Data\AVG7
2007-02-07 13:22 816,672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2007-02-07 13:22 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2007-02-07 13:22 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2007-02-07 13:22 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2007-02-07 13:22 18,240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2007-02-07 13:22 <REP> d-------- C:\Program Files\Grisoft
2007-02-07 13:22 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Grisoft
2007-02-07 13:22 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\avg7
2007-02-07 13:19 95,232 --a------ C:\WINDOWS\system32\wytskbk.dll
2007-02-07 13:10 <REP> d-------- C:\Program Files\DAEMON Tools
2007-02-07 13:08 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-02-07 13:00 1,168 --a------ C:\WINDOWS\mozver.dat
2007-02-07 12:08 <REP> d-------- C:\Program Files\wamp
2007-02-07 11:54 <REP> d-------- C:\DOCUME~1\Elise\Application Data\Adobe
2007-02-07 11:54 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2007-02-07 11:50 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2007-02-07 11:50 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2007-02-07 11:50 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Macrovision
2007-02-07 10:33 <REP> d-------- C:\Program Files\FileZilla
2007-02-07 10:12 0 --a------ C:\WINDOWS\nsreg.dat
2007-02-07 10:12 <REP> d-------- C:\Program Files\Mozilla Firefox
2007-01-31 09:14 <REP> d-------- C:\WINDOWS\WBEM
2007-01-31 09:14 <REP> d-------- C:\WINDOWS\system32\fr-fr
2007-01-31 09:13 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2007-01-31 09:13 <REP> d--h-c--- C:\WINDOWS\ie7
2007-01-31 09:12 <REP> d-------- C:\WINDOWS\network diagnostic
2007-01-31 09:05 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2007-01-31 09:03 <REP> d--hs---- C:\DOCUME~1\Elise\UserData
2007-01-31 08:57 <REP> d-------- C:\DOCUME~1\Elise\Application Data\Google
2007-01-31 08:53 <REP> d-------- C:\DOCUME~1\Elise\Application Data\ntr
2007-01-31 08:47 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Google
2007-01-31 08:35 <REP> d-------- C:\WINDOWS\system32\PreInstall
2007-01-31 08:33 262,144 --a------ C:\DOCUME~1\ALLUSE~1\NTUSER.DAT
2007-01-31 08:33 2,097,152 --ah----- C:\DOCUME~1\Elise\NTUSER.DAT
2007-01-31 08:33 <REP> dr------- C:\DOCUME~1\Elise\Mes documents
2007-01-31 08:33 <REP> dr------- C:\DOCUME~1\Elise\Menu D‚marrer
2007-01-31 08:33 <REP> dr------- C:\DOCUME~1\Elise\Favoris
2007-01-31 08:33 <REP> d--h----- C:\DOCUME~1\Elise\Voisinage r‚seau
2007-01-31 08:33 <REP> d--h----- C:\DOCUME~1\Elise\Voisinage d'impression
2007-01-31 08:33 <REP> d--h----- C:\DOCUME~1\Elise\ModŠles
2007-01-31 08:33 <REP> d--h----- C:\DOCUME~1\Elise\Application Data\Gtek
2007-01-31 08:33 <REP> d-------- C:\DOCUME~1\Elise\Bureau
2007-01-31 08:32 <REP> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-01-31 08:23 18,432 --a------ C:\WINDOWS\system32\drivers\pmxmouse.sys
2007-01-31 08:23 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-01-31 08:23 14,336 --a------ C:\WINDOWS\system32\drivers\pmxusblf.sys
2007-01-31 08:23 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-01-22 19:59 <REP> d--hs---- C:\RECYCLER
2007-01-22 19:56 33,340 --a------ C:\WINDOWS\system32\dbmsqlgc.dll
2007-01-22 19:56 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-01-22 19:56 24,576 --a------ C:\WINDOWS\system32\dbmsgnet.dll
2007-01-22 19:56 <REP> d-------- C:\Program Files\Microsoft Visual Studio .NET 2003
2007-01-22 19:56 <REP> d-------- C:\Program Files\Microsoft SQL Server
2007-01-22 19:56 <REP> d-------- C:\Program Files\Microsoft Small Business
2007-01-22 19:56 <REP> d-------- C:\Program Files\Fichiers communs\Crystal Decisions
2007-01-22 19:54 <REP> d--h----- C:\DOCUME~1\DEFAUL~1\Application Data\Gtek
2007-01-22 19:54 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Application Data\GTek
2007-01-22 19:54 <REP> d-------- C:\Program Files\Sonic
2007-01-22 19:54 <REP> d-------- C:\Program Files\Google
2007-01-22 19:54 <REP> d-------- C:\Program Files\Dell Support
2007-01-22 19:54 <REP> d-------- C:\Program Files\BAE
2007-01-22 19:54 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\InstallShield
2007-01-22 19:54 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\GTek
2007-01-22 19:53 94,263 --a------ C:\WINDOWS\DLA.EXE
2007-01-22 19:53 89,264 --a------ C:\WINDOWS\system32\drivers\DRVMCDB.SYS
2007-01-22 19:53 61,500 --a------ C:\WINDOWS\system32\DLAAPI_W.DLL
2007-01-22 19:53 5,628 --a------ C:\WINDOWS\system32\drivers\DLACDBHM.SYS
2007-01-22 19:53 40,544 --a------ C:\WINDOWS\system32\drivers\DRVNDDM.SYS
2007-01-22 19:53 24,816 --a------ C:\WINDOWS\system32\mdimon.dll
2007-01-22 19:53 22,684 --a------ C:\WINDOWS\system32\drivers\DLARTL_N.SYS
2007-01-22 19:53 <REP> d-------- C:\WINDOWS\system32\DLA
2007-01-22 19:53 <REP> d-------- C:\Program Files\Roxio
2007-01-22 19:53 <REP> d-------- C:\Program Files\Fichiers communs\Sonic Shared
2007-01-22 19:52 <REP> d-------- C:\WINDOWS\SHELLNEW
2007-01-22 19:52 <REP> d-------- C:\Program Files\Microsoft.NET
2007-01-22 19:52 <REP> d-------- C:\Program Files\Microsoft Works
2007-01-22 19:51 94,208 --a------ C:\WINDOWS\system32\Pelzoom.dll
2007-01-22 19:51 9,600 --a------ C:\WINDOWS\system32\drivers\Hidusb.sys
2007-01-22 19:51 65,536 --a------ C:\WINDOWS\system32\pmxhooks.dll
2007-01-22 19:51 49,152 --a------ C:\WINDOWS\system32\pmxcomm.dll
2007-01-22 19:51 49,152 --a------ C:\WINDOWS\system32\ico.exe
2007-01-22 19:51 47,104 --a------ C:\WINDOWS\system32\ICONSPY.EXE
2007-01-22 19:51 40,960 --a------ C:\WINDOWS\system32\LaunHelp.exe
2007-01-22 19:51 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-01-22 19:51 303,104 --a------ C:\WINDOWS\system32\FontZoom.exe
2007-01-22 19:51 28,672 --a------ C:\WINDOWS\system32\UnInst.exe
2007-01-22 19:51 262,144 --a------ C:\WINDOWS\system32\pmxutil.dll
2007-01-22 19:51 2,277,376 --a------ C:\WINDOWS\system32\DellPM.exe
2007-01-22 19:51 143,360 --a------ C:\WINDOWS\system32\ApSwitch.exe
2007-01-22 19:51 131,072 --a------ C:\WINDOWS\system32\pmxscrll.dll
2007-01-22 19:51 126,976 --a------ C:\WINDOWS\system32\pmxmiced.exe
2007-01-22 19:51 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-01-22 19:51 <REP> d--h----- C:\Program Files\InstallShield Installation Information
2007-01-22 19:51 <REP> d-------- C:\WINDOWS\Downloaded Installations
2007-01-22 19:51 <REP> d-------- C:\Program Files\Fichiers communs\InstallShield
2007-01-22 19:51 <REP> d-------- C:\Program Files\Dell
2007-01-22 19:51 <REP> d-------- C:\Program Files\CyberLink
2007-01-22 19:51 <REP> d-------- C:\Program Files\Broadcom
2007-01-22 19:49 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-01-22 19:49 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-01-22 19:49 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-01-22 19:49 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-01-22 19:49 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-01-22 19:49 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-01-22 19:49 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-01-22 19:49 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-01-22 19:49 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-01-22 19:49 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-01-22 19:49 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-01-22 19:49 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-01-22 19:49 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-01-22 19:49 <REP> d-------- C:\Program Files\Analog Devices
2007-01-22 19:48 28,672 --------- C:\WINDOWS\system32\verclsid.exe
2007-01-22 19:48 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-01-22 19:48 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-01-22 19:46 <REP> d-------- C:\Program Files\Java
2007-01-22 19:46 <REP> d-------- C:\Program Files\Fichiers communs\Java
2007-01-22 19:44 <REP> d--h----- C:\WINDOWS\$hf_mig$
2007-01-22 19:36 167,936 --a------ C:\WINDOWS\system32\igfxres.dll
2007-01-22 19:34 397,312 --a------ C:\WINDOWS\system32\igxpun.exe
2007-01-22 19:34 <REP> d-------- C:\WINDOWS\system32\x64
2007-01-22 19:33 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-01-22 19:33 <REP> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-01-22 19:29 77,824 --a------ C:\WINDOWS\setpwr32.exe
2007-01-22 19:28 98,304 --a------ C:\WINDOWS\system32\igfxtray.exe
2007-01-22 19:28 98,304 --a------ C:\WINDOWS\system32\igfxdo.dll
2007-01-22 19:28 86,016 --a------ C:\WINDOWS\system32\hkcmd.exe
2007-01-22 19:28 81,920 --a------ C:\WINDOWS\system32\igfxpers.exe
2007-01-22 19:28 81,920 --a------ C:\WINDOWS\system32\hccutils.dll
2007-01-22 19:28 765,952 --a------ C:\WINDOWS\system\crlds3d.dll
2007-01-22 19:28 65,536 --a------ C:\WINDOWS\system32\a3d.dll
2007-01-22 19:28 48,128 --a------ C:\WINDOWS\system32\igxprd32.dll
2007-01-22 19:28 450,560 --a------ C:\WINDOWS\system32\igfxcfg.exe
2007-01-22 19:28 41,984 --a------ C:\WINDOWS\system32\igfxsrvc.dll
2007-01-22 19:28 392,960 --a------ C:\WINDOWS\system32\drivers\senfilt.sys
2007-01-22 19:28 348,880 --a------ C:\WINDOWS\system32\igmedkrn.dll
2007-01-22 19:28 309,760 --a------ C:\WINDOWS\system32\difxapi.dll
2007-01-22 19:28 309,760 --a------ C:\WINDOWS\system32\difx32.dll
2007-01-22 19:28 3,276,800 --a------ C:\WINDOWS\system32\igfxress.dll
2007-01-22 19:28 28,160 --a------ C:\WINDOWS\system32\PostProc.dll
2007-01-22 19:28 241,152 --a------ C:\WINDOWS\system32\drivers\ADIHdAud.sys
2007-01-22 19:28 23,552 --a------ C:\WINDOWS\system32\igfxexps.dll
2007-01-22 19:28 2,416,640 --a------ C:\WINDOWS\system32\ig4icd32.dll
2007-01-22 19:28 2,053,120 --a------ C:\WINDOWS\system32\igxpdx32.dll
2007-01-22 19:28 192,512 --a------ C:\WINDOWS\system32\igfxCoIn_v4642.dll
2007-01-22 19:28 188,416 --a------ C:\WINDOWS\system32\igfxsrvc.exe
2007-01-22 19:28 156,160 --a------ C:\WINDOWS\system32\drivers\b57xp32.sys
2007-01-22 19:28 155,648 --a------ C:\WINDOWS\system32\igfxpph.dll
2007-01-22 19:28 147,456 --a------ C:\WINDOWS\system32\igfxdev.dll
2007-01-22 19:28 140,800 --a------ C:\WINDOWS\system32\igxpgd32.dll
2007-01-22 19:28 118,784 --a------ C:\WINDOWS\system32\igfxext.exe
2007-01-22 19:28 106,496 --a------ C:\WINDOWS\system32\igfxzoom.exe
2007-01-22 19:28 1,294,784 --a------ C:\WINDOWS\system32\igxpdv32.dll
2007-01-22 19:28 1,204,224 --a------ C:\WINDOWS\system32\ig4dev32.dll
2007-01-22 19:28 1,095,968 --a------ C:\WINDOWS\system32\drivers\igxpmp32.sys
2007-01-22 19:28 <REP> d-------- C:\drivers
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-02-07 10:25 -------- d-------- C:\DOCUME~1\Elise\Application Data\macromedia
2007-02-07 10:23 -------- d-------- C:\Program Files\Fichiers communs\macromedia
2007-02-07 10:22 -------- d-------- C:\Program Files\macromedia
2007-02-07 10:13 -------- d---s---- C:\DOCUME~1\Elise\Application Data\microsoft
2007-02-07 10:12 -------- d-------- C:\DOCUME~1\Elise\Application Data\mozilla
2007-02-07 10:03 76144 --a------ C:\WINDOWS\system32\perfc00c.dat
2007-02-07 10:03 470624 --a------ C:\WINDOWS\system32\perfh00c.dat
2007-01-22 19:47 -------- d-------- C:\Program Files\messenger
2006-12-07 17:02 2174976 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-08 06:07 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"Persistence"="C:\\WINDOWS\\system32\\igfxpers.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
"PMX Daemon"="ICO.EXE"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"ISUSPM Startup"="C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Fichiers communs\\InstallShield\\UpdateService\\issch.exe\" -start"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"ekpyerf.dll"="C:\\WINDOWS\\system32\\rundll32.exe \"C:\\Documents and Settings\\Elise\\Local Settings\\Application Data\\ekpyerf.dll\",dwdrqp"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{563AF8EA-5807-4FBC-A58E-ED7D9838F9C7}"=""
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmfu32
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
********************************************************************
catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Voilà !
Merci encore
Re- rapport combofix :
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\DOCUME~1
C:\qoobox\purity\DOCUME~1\Elise
C:\qoobox\purity\DOCUME~1\Elise\Mes documents
C:\qoobox\purity\DOCUME~1\Elise\Mes documents\FNTS~1
C:\qoobox\purity\DOCUME~1\Elise\Mes documents\from.txt
C:\qoobox\purity\DOCUME~1\Elise\Mes documents\FNTS~1\F?nts
C:\qoobox\purity\Program Files\SSTEM3~1
C:\qoobox\purity\WINDOWS\system32\SEMBLY~1
((((((((((((((((((((((((((((((( Files Created from 2007-01-12 to 2007-02-12 ))))))))))))))))))))))))))))))))))
2007-02-09 18:22 <REP> d-------- C:\WINDOWS\Sun
2007-02-09 18:22 <REP> d-------- C:\DOCUME~1\Elise\Application Data\Sun
2007-02-07 17:24 <REP> d-------- C:\!KillBox
2007-02-07 16:44 <REP> d-------- C:\VundoFix Backups
2007-02-07 15:32 95,232 --a------ C:\WINDOWS\system32\rkpyvgn.dll
2007-02-07 15:32 12,372,231 --------- C:\AVG7QT.DAT
2007-02-07 15:08 95,232 --a------ C:\WINDOWS\system32\ekpyerf.dll
2007-02-07 14:45 <REP> d-------- C:\Program Files\Lavasoft
2007-02-07 14:45 <REP> d-------- C:\DOCUME~1\Elise\Application Data\Lavasoft
2007-02-07 14:44 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-02-07 13:29 <REP> d-------- C:\Program Files\Quark
2007-02-07 13:24 <REP> dr-h----- C:\$VAULT$.AVG
2007-02-07 13:23 <REP> d-------- C:\DOCUME~1\LOCALS~1\Application Data\AVG7
2007-02-07 13:23 <REP> d-------- C:\DOCUME~1\Elise\Application Data\AVG7
2007-02-07 13:22 816,672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2007-02-07 13:22 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2007-02-07 13:22 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2007-02-07 13:22 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2007-02-07 13:22 18,240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2007-02-07 13:22 <REP> d-------- C:\Program Files\Grisoft
2007-02-07 13:22 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Grisoft
2007-02-07 13:22 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\avg7
2007-02-07 13:19 95,232 --a------ C:\WINDOWS\system32\wytskbk.dll
2007-02-07 13:10 <REP> d-------- C:\Program Files\DAEMON Tools
2007-02-07 13:08 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-02-07 13:00 1,168 --a------ C:\WINDOWS\mozver.dat
2007-02-07 12:08 <REP> d-------- C:\Program Files\wamp
2007-02-07 11:54 <REP> d-------- C:\DOCUME~1\Elise\Application Data\Adobe
2007-02-07 11:54 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2007-02-07 11:50 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2007-02-07 11:50 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2007-02-07 11:50 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Macrovision
2007-02-07 10:33 <REP> d-------- C:\Program Files\FileZilla
2007-02-07 10:12 0 --a------ C:\WINDOWS\nsreg.dat
2007-02-07 10:12 <REP> d-------- C:\Program Files\Mozilla Firefox
2007-01-31 09:14 <REP> d-------- C:\WINDOWS\WBEM
2007-01-31 09:14 <REP> d-------- C:\WINDOWS\system32\fr-fr
2007-01-31 09:13 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2007-01-31 09:13 <REP> d--h-c--- C:\WINDOWS\ie7
2007-01-31 09:12 <REP> d-------- C:\WINDOWS\network diagnostic
2007-01-31 09:05 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2007-01-31 09:03 <REP> d--hs---- C:\DOCUME~1\Elise\UserData
2007-01-31 08:57 <REP> d-------- C:\DOCUME~1\Elise\Application Data\Google
2007-01-31 08:53 <REP> d-------- C:\DOCUME~1\Elise\Application Data\ntr
2007-01-31 08:47 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Google
2007-01-31 08:35 <REP> d-------- C:\WINDOWS\system32\PreInstall
2007-01-31 08:33 262,144 --a------ C:\DOCUME~1\ALLUSE~1\NTUSER.DAT
2007-01-31 08:33 2,359,296 --ah----- C:\DOCUME~1\Elise\NTUSER.DAT
2007-01-31 08:33 <REP> dr------- C:\DOCUME~1\Elise\Mes documents
2007-01-31 08:33 <REP> dr------- C:\DOCUME~1\Elise\Menu D‚marrer
2007-01-31 08:33 <REP> dr------- C:\DOCUME~1\Elise\Favoris
2007-01-31 08:33 <REP> d--h----- C:\DOCUME~1\Elise\Voisinage r‚seau
2007-01-31 08:33 <REP> d--h----- C:\DOCUME~1\Elise\Voisinage d'impression
2007-01-31 08:33 <REP> d--h----- C:\DOCUME~1\Elise\ModŠles
2007-01-31 08:33 <REP> d--h----- C:\DOCUME~1\Elise\Application Data\Gtek
2007-01-31 08:33 <REP> d-------- C:\DOCUME~1\Elise\Bureau
2007-01-31 08:32 <REP> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-01-31 08:23 18,432 --a------ C:\WINDOWS\system32\drivers\pmxmouse.sys
2007-01-31 08:23 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-01-31 08:23 14,336 --a------ C:\WINDOWS\system32\drivers\pmxusblf.sys
2007-01-31 08:23 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-01-22 19:59 <REP> d--hs---- C:\RECYCLER
2007-01-22 19:56 33,340 --a------ C:\WINDOWS\system32\dbmsqlgc.dll
2007-01-22 19:56 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-01-22 19:56 24,576 --a------ C:\WINDOWS\system32\dbmsgnet.dll
2007-01-22 19:56 <REP> d-------- C:\Program Files\Microsoft Visual Studio .NET 2003
2007-01-22 19:56 <REP> d-------- C:\Program Files\Microsoft SQL Server
2007-01-22 19:56 <REP> d-------- C:\Program Files\Microsoft Small Business
2007-01-22 19:56 <REP> d-------- C:\Program Files\Fichiers communs\Crystal Decisions
2007-01-22 19:54 <REP> d--h----- C:\DOCUME~1\DEFAUL~1\Application Data\Gtek
2007-01-22 19:54 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Application Data\GTek
2007-01-22 19:54 <REP> d-------- C:\Program Files\Sonic
2007-01-22 19:54 <REP> d-------- C:\Program Files\Google
2007-01-22 19:54 <REP> d-------- C:\Program Files\Dell Support
2007-01-22 19:54 <REP> d-------- C:\Program Files\BAE
2007-01-22 19:54 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\InstallShield
2007-01-22 19:54 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\GTek
2007-01-22 19:53 94,263 --a------ C:\WINDOWS\DLA.EXE
2007-01-22 19:53 89,264 --a------ C:\WINDOWS\system32\drivers\DRVMCDB.SYS
2007-01-22 19:53 61,500 --a------ C:\WINDOWS\system32\DLAAPI_W.DLL
2007-01-22 19:53 5,628 --a------ C:\WINDOWS\system32\drivers\DLACDBHM.SYS
2007-01-22 19:53 40,544 --a------ C:\WINDOWS\system32\drivers\DRVNDDM.SYS
2007-01-22 19:53 24,816 --a------ C:\WINDOWS\system32\mdimon.dll
2007-01-22 19:53 22,684 --a------ C:\WINDOWS\system32\drivers\DLARTL_N.SYS
2007-01-22 19:53 <REP> d-------- C:\WINDOWS\system32\DLA
2007-01-22 19:53 <REP> d-------- C:\Program Files\Roxio
2007-01-22 19:53 <REP> d-------- C:\Program Files\Fichiers communs\Sonic Shared
2007-01-22 19:52 <REP> d-------- C:\WINDOWS\SHELLNEW
2007-01-22 19:52 <REP> d-------- C:\Program Files\Microsoft.NET
2007-01-22 19:52 <REP> d-------- C:\Program Files\Microsoft Works
2007-01-22 19:51 94,208 --a------ C:\WINDOWS\system32\Pelzoom.dll
2007-01-22 19:51 9,600 --a------ C:\WINDOWS\system32\drivers\Hidusb.sys
2007-01-22 19:51 65,536 --a------ C:\WINDOWS\system32\pmxhooks.dll
2007-01-22 19:51 49,152 --a------ C:\WINDOWS\system32\pmxcomm.dll
2007-01-22 19:51 49,152 --a------ C:\WINDOWS\system32\ico.exe
2007-01-22 19:51 47,104 --a------ C:\WINDOWS\system32\ICONSPY.EXE
2007-01-22 19:51 40,960 --a------ C:\WINDOWS\system32\LaunHelp.exe
2007-01-22 19:51 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-01-22 19:51 303,104 --a------ C:\WINDOWS\system32\FontZoom.exe
2007-01-22 19:51 28,672 --a------ C:\WINDOWS\system32\UnInst.exe
2007-01-22 19:51 262,144 --a------ C:\WINDOWS\system32\pmxutil.dll
2007-01-22 19:51 2,277,376 --a------ C:\WINDOWS\system32\DellPM.exe
2007-01-22 19:51 143,360 --a------ C:\WINDOWS\system32\ApSwitch.exe
2007-01-22 19:51 131,072 --a------ C:\WINDOWS\system32\pmxscrll.dll
2007-01-22 19:51 126,976 --a------ C:\WINDOWS\system32\pmxmiced.exe
2007-01-22 19:51 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-01-22 19:51 <REP> d--h----- C:\Program Files\InstallShield Installation Information
2007-01-22 19:51 <REP> d-------- C:\WINDOWS\Downloaded Installations
2007-01-22 19:51 <REP> d-------- C:\Program Files\Fichiers communs\InstallShield
2007-01-22 19:51 <REP> d-------- C:\Program Files\Dell
2007-01-22 19:51 <REP> d-------- C:\Program Files\CyberLink
2007-01-22 19:51 <REP> d-------- C:\Program Files\Broadcom
2007-01-22 19:49 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-01-22 19:49 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-01-22 19:49 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-01-22 19:49 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-01-22 19:49 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-01-22 19:49 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-01-22 19:49 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-01-22 19:49 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-01-22 19:49 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-01-22 19:49 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-01-22 19:49 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-01-22 19:49 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-01-22 19:49 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-01-22 19:49 <REP> d-------- C:\Program Files\Analog Devices
2007-01-22 19:48 28,672 --------- C:\WINDOWS\system32\verclsid.exe
2007-01-22 19:48 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-01-22 19:48 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-01-22 19:46 <REP> d-------- C:\Program Files\Java
2007-01-22 19:46 <REP> d-------- C:\Program Files\Fichiers communs\Java
2007-01-22 19:44 <REP> d--h----- C:\WINDOWS\$hf_mig$
2007-01-22 19:36 167,936 --a------ C:\WINDOWS\system32\igfxres.dll
2007-01-22 19:34 397,312 --a------ C:\WINDOWS\system32\igxpun.exe
2007-01-22 19:34 <REP> d-------- C:\WINDOWS\system32\x64
2007-01-22 19:33 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-01-22 19:33 <REP> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-01-22 19:29 77,824 --a------ C:\WINDOWS\setpwr32.exe
2007-01-22 19:28 98,304 --a------ C:\WINDOWS\system32\igfxtray.exe
2007-01-22 19:28 98,304 --a------ C:\WINDOWS\system32\igfxdo.dll
2007-01-22 19:28 86,016 --a------ C:\WINDOWS\system32\hkcmd.exe
2007-01-22 19:28 81,920 --a------ C:\WINDOWS\system32\igfxpers.exe
2007-01-22 19:28 81,920 --a------ C:\WINDOWS\system32\hccutils.dll
2007-01-22 19:28 765,952 --a------ C:\WINDOWS\system\crlds3d.dll
2007-01-22 19:28 65,536 --a------ C:\WINDOWS\system32\a3d.dll
2007-01-22 19:28 48,128 --a------ C:\WINDOWS\system32\igxprd32.dll
2007-01-22 19:28 450,560 --a------ C:\WINDOWS\system32\igfxcfg.exe
2007-01-22 19:28 41,984 --a------ C:\WINDOWS\system32\igfxsrvc.dll
2007-01-22 19:28 392,960 --a------ C:\WINDOWS\system32\drivers\senfilt.sys
2007-01-22 19:28 348,880 --a------ C:\WINDOWS\system32\igmedkrn.dll
2007-01-22 19:28 309,760 --a------ C:\WINDOWS\system32\difxapi.dll
2007-01-22 19:28 309,760 --a------ C:\WINDOWS\system32\difx32.dll
2007-01-22 19:28 3,276,800 --a------ C:\WINDOWS\system32\igfxress.dll
2007-01-22 19:28 28,160 --a------ C:\WINDOWS\system32\PostProc.dll
2007-01-22 19:28 241,152 --a------ C:\WINDOWS\system32\drivers\ADIHdAud.sys
2007-01-22 19:28 23,552 --a------ C:\WINDOWS\system32\igfxexps.dll
2007-01-22 19:28 2,416,640 --a------ C:\WINDOWS\system32\ig4icd32.dll
2007-01-22 19:28 2,053,120 --a------ C:\WINDOWS\system32\igxpdx32.dll
2007-01-22 19:28 192,512 --a------ C:\WINDOWS\system32\igfxCoIn_v4642.dll
2007-01-22 19:28 188,416 --a------ C:\WINDOWS\system32\igfxsrvc.exe
2007-01-22 19:28 156,160 --a------ C:\WINDOWS\system32\drivers\b57xp32.sys
2007-01-22 19:28 155,648 --a------ C:\WINDOWS\system32\igfxpph.dll
2007-01-22 19:28 147,456 --a------ C:\WINDOWS\system32\igfxdev.dll
2007-01-22 19:28 140,800 --a------ C:\WINDOWS\system32\igxpgd32.dll
2007-01-22 19:28 118,784 --a------ C:\WINDOWS\system32\igfxext.exe
2007-01-22 19:28 106,496 --a------ C:\WINDOWS\system32\igfxzoom.exe
2007-01-22 19:28 1,294,784 --a------ C:\WINDOWS\system32\igxpdv32.dll
2007-01-22 19:28 1,204,224 --a------ C:\WINDOWS\system32\ig4dev32.dll
2007-01-22 19:28 1,095,968 --a------ C:\WINDOWS\system32\drivers\igxpmp32.sys
2007-01-22 19:28 <REP> d-------- C:\drivers
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-02-07 10:25 -------- d-------- C:\DOCUME~1\Elise\Application Data\macromedia
2007-02-07 10:23 -------- d-------- C:\Program Files\Fichiers communs\macromedia
2007-02-07 10:22 -------- d-------- C:\Program Files\macromedia
2007-02-07 10:13 -------- d---s---- C:\DOCUME~1\Elise\Application Data\microsoft
2007-02-07 10:12 -------- d-------- C:\DOCUME~1\Elise\Application Data\mozilla
2007-02-07 10:03 76144 --a------ C:\WINDOWS\system32\perfc00c.dat
2007-02-07 10:03 470624 --a------ C:\WINDOWS\system32\perfh00c.dat
2007-01-22 19:47 -------- d-------- C:\Program Files\messenger
2006-12-07 17:02 2174976 --a------ C:\WINDOWS\system32\wmvcore.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"Persistence"="C:\\WINDOWS\\system32\\igfxpers.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
"PMX Daemon"="ICO.EXE"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"ISUSPM Startup"="C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Fichiers communs\\InstallShield\\UpdateService\\issch.exe\" -start"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"ekpyerf.dll"="C:\\WINDOWS\\system32\\rundll32.exe \"C:\\Documents and Settings\\Elise\\Local Settings\\Application Data\\ekpyerf.dll\",dwdrqp"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{563AF8EA-5807-4FBC-A58E-ED7D9838F9C7}"=""
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmfu32
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
********************************************************************
catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-02-12 9:51:55
C:\ComboFix2.txt ... 07-02-07 17:51
Rapport HijackThis :
Logfile of HijackThis v1.99.1
Scan saved at 09:55:24, on 12/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\Pmxmiced.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Elise\Bureau\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row-rel&channel...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ekpyerf.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Elise\Local Settings\Application Data\ekpyerf.dll",dwdrqp
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - http://www.inquiero.com/inquiero/mod/setup/ntractivex11...
O17 - HKLM\System\CCS\Services\Tcpip\..\{264ABCB4-8792-4BD0-A806-06180BF35A65}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: winmfu32 - winmfu32.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Unknown owner - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: wampapache - Unknown owner - C:\Program Files\wamp\apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\mysql\bin\mysqld-nt.exe" "--defaults-file=C:\Program Files\wamp\mysql\my.ini" wampmysqld (file missing)
Merci![;)]( ";)")
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\DOCUME~1
C:\qoobox\purity\DOCUME~1\Elise
C:\qoobox\purity\DOCUME~1\Elise\Mes documents
C:\qoobox\purity\DOCUME~1\Elise\Mes documents\FNTS~1
C:\qoobox\purity\DOCUME~1\Elise\Mes documents\from.txt
C:\qoobox\purity\DOCUME~1\Elise\Mes documents\FNTS~1\F?nts
C:\qoobox\purity\Program Files\SSTEM3~1
C:\qoobox\purity\WINDOWS\system32\SEMBLY~1
((((((((((((((((((((((((((((((( Files Created from 2007-01-12 to 2007-02-12 ))))))))))))))))))))))))))))))))))
2007-02-09 18:22 <REP> d-------- C:\WINDOWS\Sun
2007-02-09 18:22 <REP> d-------- C:\DOCUME~1\Elise\Application Data\Sun
2007-02-07 17:24 <REP> d-------- C:\!KillBox
2007-02-07 16:44 <REP> d-------- C:\VundoFix Backups
2007-02-07 15:32 95,232 --a------ C:\WINDOWS\system32\rkpyvgn.dll
2007-02-07 15:32 12,372,231 --------- C:\AVG7QT.DAT
2007-02-07 15:08 95,232 --a------ C:\WINDOWS\system32\ekpyerf.dll
2007-02-07 14:45 <REP> d-------- C:\Program Files\Lavasoft
2007-02-07 14:45 <REP> d-------- C:\DOCUME~1\Elise\Application Data\Lavasoft
2007-02-07 14:44 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-02-07 13:29 <REP> d-------- C:\Program Files\Quark
2007-02-07 13:24 <REP> dr-h----- C:\$VAULT$.AVG
2007-02-07 13:23 <REP> d-------- C:\DOCUME~1\LOCALS~1\Application Data\AVG7
2007-02-07 13:23 <REP> d-------- C:\DOCUME~1\Elise\Application Data\AVG7
2007-02-07 13:22 816,672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2007-02-07 13:22 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2007-02-07 13:22 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2007-02-07 13:22 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2007-02-07 13:22 18,240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2007-02-07 13:22 <REP> d-------- C:\Program Files\Grisoft
2007-02-07 13:22 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Grisoft
2007-02-07 13:22 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\avg7
2007-02-07 13:19 95,232 --a------ C:\WINDOWS\system32\wytskbk.dll
2007-02-07 13:10 <REP> d-------- C:\Program Files\DAEMON Tools
2007-02-07 13:08 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-02-07 13:00 1,168 --a------ C:\WINDOWS\mozver.dat
2007-02-07 12:08 <REP> d-------- C:\Program Files\wamp
2007-02-07 11:54 <REP> d-------- C:\DOCUME~1\Elise\Application Data\Adobe
2007-02-07 11:54 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2007-02-07 11:50 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2007-02-07 11:50 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2007-02-07 11:50 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Macrovision
2007-02-07 10:33 <REP> d-------- C:\Program Files\FileZilla
2007-02-07 10:12 0 --a------ C:\WINDOWS\nsreg.dat
2007-02-07 10:12 <REP> d-------- C:\Program Files\Mozilla Firefox
2007-01-31 09:14 <REP> d-------- C:\WINDOWS\WBEM
2007-01-31 09:14 <REP> d-------- C:\WINDOWS\system32\fr-fr
2007-01-31 09:13 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2007-01-31 09:13 <REP> d--h-c--- C:\WINDOWS\ie7
2007-01-31 09:12 <REP> d-------- C:\WINDOWS\network diagnostic
2007-01-31 09:05 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2007-01-31 09:03 <REP> d--hs---- C:\DOCUME~1\Elise\UserData
2007-01-31 08:57 <REP> d-------- C:\DOCUME~1\Elise\Application Data\Google
2007-01-31 08:53 <REP> d-------- C:\DOCUME~1\Elise\Application Data\ntr
2007-01-31 08:47 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Google
2007-01-31 08:35 <REP> d-------- C:\WINDOWS\system32\PreInstall
2007-01-31 08:33 262,144 --a------ C:\DOCUME~1\ALLUSE~1\NTUSER.DAT
2007-01-31 08:33 2,359,296 --ah----- C:\DOCUME~1\Elise\NTUSER.DAT
2007-01-31 08:33 <REP> dr------- C:\DOCUME~1\Elise\Mes documents
2007-01-31 08:33 <REP> dr------- C:\DOCUME~1\Elise\Menu D‚marrer
2007-01-31 08:33 <REP> dr------- C:\DOCUME~1\Elise\Favoris
2007-01-31 08:33 <REP> d--h----- C:\DOCUME~1\Elise\Voisinage r‚seau
2007-01-31 08:33 <REP> d--h----- C:\DOCUME~1\Elise\Voisinage d'impression
2007-01-31 08:33 <REP> d--h----- C:\DOCUME~1\Elise\ModŠles
2007-01-31 08:33 <REP> d--h----- C:\DOCUME~1\Elise\Application Data\Gtek
2007-01-31 08:33 <REP> d-------- C:\DOCUME~1\Elise\Bureau
2007-01-31 08:32 <REP> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-01-31 08:23 18,432 --a------ C:\WINDOWS\system32\drivers\pmxmouse.sys
2007-01-31 08:23 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-01-31 08:23 14,336 --a------ C:\WINDOWS\system32\drivers\pmxusblf.sys
2007-01-31 08:23 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-01-22 19:59 <REP> d--hs---- C:\RECYCLER
2007-01-22 19:56 33,340 --a------ C:\WINDOWS\system32\dbmsqlgc.dll
2007-01-22 19:56 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-01-22 19:56 24,576 --a------ C:\WINDOWS\system32\dbmsgnet.dll
2007-01-22 19:56 <REP> d-------- C:\Program Files\Microsoft Visual Studio .NET 2003
2007-01-22 19:56 <REP> d-------- C:\Program Files\Microsoft SQL Server
2007-01-22 19:56 <REP> d-------- C:\Program Files\Microsoft Small Business
2007-01-22 19:56 <REP> d-------- C:\Program Files\Fichiers communs\Crystal Decisions
2007-01-22 19:54 <REP> d--h----- C:\DOCUME~1\DEFAUL~1\Application Data\Gtek
2007-01-22 19:54 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Application Data\GTek
2007-01-22 19:54 <REP> d-------- C:\Program Files\Sonic
2007-01-22 19:54 <REP> d-------- C:\Program Files\Google
2007-01-22 19:54 <REP> d-------- C:\Program Files\Dell Support
2007-01-22 19:54 <REP> d-------- C:\Program Files\BAE
2007-01-22 19:54 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\InstallShield
2007-01-22 19:54 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\GTek
2007-01-22 19:53 94,263 --a------ C:\WINDOWS\DLA.EXE
2007-01-22 19:53 89,264 --a------ C:\WINDOWS\system32\drivers\DRVMCDB.SYS
2007-01-22 19:53 61,500 --a------ C:\WINDOWS\system32\DLAAPI_W.DLL
2007-01-22 19:53 5,628 --a------ C:\WINDOWS\system32\drivers\DLACDBHM.SYS
2007-01-22 19:53 40,544 --a------ C:\WINDOWS\system32\drivers\DRVNDDM.SYS
2007-01-22 19:53 24,816 --a------ C:\WINDOWS\system32\mdimon.dll
2007-01-22 19:53 22,684 --a------ C:\WINDOWS\system32\drivers\DLARTL_N.SYS
2007-01-22 19:53 <REP> d-------- C:\WINDOWS\system32\DLA
2007-01-22 19:53 <REP> d-------- C:\Program Files\Roxio
2007-01-22 19:53 <REP> d-------- C:\Program Files\Fichiers communs\Sonic Shared
2007-01-22 19:52 <REP> d-------- C:\WINDOWS\SHELLNEW
2007-01-22 19:52 <REP> d-------- C:\Program Files\Microsoft.NET
2007-01-22 19:52 <REP> d-------- C:\Program Files\Microsoft Works
2007-01-22 19:51 94,208 --a------ C:\WINDOWS\system32\Pelzoom.dll
2007-01-22 19:51 9,600 --a------ C:\WINDOWS\system32\drivers\Hidusb.sys
2007-01-22 19:51 65,536 --a------ C:\WINDOWS\system32\pmxhooks.dll
2007-01-22 19:51 49,152 --a------ C:\WINDOWS\system32\pmxcomm.dll
2007-01-22 19:51 49,152 --a------ C:\WINDOWS\system32\ico.exe
2007-01-22 19:51 47,104 --a------ C:\WINDOWS\system32\ICONSPY.EXE
2007-01-22 19:51 40,960 --a------ C:\WINDOWS\system32\LaunHelp.exe
2007-01-22 19:51 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-01-22 19:51 303,104 --a------ C:\WINDOWS\system32\FontZoom.exe
2007-01-22 19:51 28,672 --a------ C:\WINDOWS\system32\UnInst.exe
2007-01-22 19:51 262,144 --a------ C:\WINDOWS\system32\pmxutil.dll
2007-01-22 19:51 2,277,376 --a------ C:\WINDOWS\system32\DellPM.exe
2007-01-22 19:51 143,360 --a------ C:\WINDOWS\system32\ApSwitch.exe
2007-01-22 19:51 131,072 --a------ C:\WINDOWS\system32\pmxscrll.dll
2007-01-22 19:51 126,976 --a------ C:\WINDOWS\system32\pmxmiced.exe
2007-01-22 19:51 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-01-22 19:51 <REP> d--h----- C:\Program Files\InstallShield Installation Information
2007-01-22 19:51 <REP> d-------- C:\WINDOWS\Downloaded Installations
2007-01-22 19:51 <REP> d-------- C:\Program Files\Fichiers communs\InstallShield
2007-01-22 19:51 <REP> d-------- C:\Program Files\Dell
2007-01-22 19:51 <REP> d-------- C:\Program Files\CyberLink
2007-01-22 19:51 <REP> d-------- C:\Program Files\Broadcom
2007-01-22 19:49 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-01-22 19:49 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-01-22 19:49 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-01-22 19:49 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-01-22 19:49 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-01-22 19:49 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-01-22 19:49 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-01-22 19:49 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-01-22 19:49 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-01-22 19:49 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-01-22 19:49 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-01-22 19:49 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-01-22 19:49 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-01-22 19:49 <REP> d-------- C:\Program Files\Analog Devices
2007-01-22 19:48 28,672 --------- C:\WINDOWS\system32\verclsid.exe
2007-01-22 19:48 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-01-22 19:48 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-01-22 19:46 <REP> d-------- C:\Program Files\Java
2007-01-22 19:46 <REP> d-------- C:\Program Files\Fichiers communs\Java
2007-01-22 19:44 <REP> d--h----- C:\WINDOWS\$hf_mig$
2007-01-22 19:36 167,936 --a------ C:\WINDOWS\system32\igfxres.dll
2007-01-22 19:34 397,312 --a------ C:\WINDOWS\system32\igxpun.exe
2007-01-22 19:34 <REP> d-------- C:\WINDOWS\system32\x64
2007-01-22 19:33 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-01-22 19:33 <REP> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-01-22 19:29 77,824 --a------ C:\WINDOWS\setpwr32.exe
2007-01-22 19:28 98,304 --a------ C:\WINDOWS\system32\igfxtray.exe
2007-01-22 19:28 98,304 --a------ C:\WINDOWS\system32\igfxdo.dll
2007-01-22 19:28 86,016 --a------ C:\WINDOWS\system32\hkcmd.exe
2007-01-22 19:28 81,920 --a------ C:\WINDOWS\system32\igfxpers.exe
2007-01-22 19:28 81,920 --a------ C:\WINDOWS\system32\hccutils.dll
2007-01-22 19:28 765,952 --a------ C:\WINDOWS\system\crlds3d.dll
2007-01-22 19:28 65,536 --a------ C:\WINDOWS\system32\a3d.dll
2007-01-22 19:28 48,128 --a------ C:\WINDOWS\system32\igxprd32.dll
2007-01-22 19:28 450,560 --a------ C:\WINDOWS\system32\igfxcfg.exe
2007-01-22 19:28 41,984 --a------ C:\WINDOWS\system32\igfxsrvc.dll
2007-01-22 19:28 392,960 --a------ C:\WINDOWS\system32\drivers\senfilt.sys
2007-01-22 19:28 348,880 --a------ C:\WINDOWS\system32\igmedkrn.dll
2007-01-22 19:28 309,760 --a------ C:\WINDOWS\system32\difxapi.dll
2007-01-22 19:28 309,760 --a------ C:\WINDOWS\system32\difx32.dll
2007-01-22 19:28 3,276,800 --a------ C:\WINDOWS\system32\igfxress.dll
2007-01-22 19:28 28,160 --a------ C:\WINDOWS\system32\PostProc.dll
2007-01-22 19:28 241,152 --a------ C:\WINDOWS\system32\drivers\ADIHdAud.sys
2007-01-22 19:28 23,552 --a------ C:\WINDOWS\system32\igfxexps.dll
2007-01-22 19:28 2,416,640 --a------ C:\WINDOWS\system32\ig4icd32.dll
2007-01-22 19:28 2,053,120 --a------ C:\WINDOWS\system32\igxpdx32.dll
2007-01-22 19:28 192,512 --a------ C:\WINDOWS\system32\igfxCoIn_v4642.dll
2007-01-22 19:28 188,416 --a------ C:\WINDOWS\system32\igfxsrvc.exe
2007-01-22 19:28 156,160 --a------ C:\WINDOWS\system32\drivers\b57xp32.sys
2007-01-22 19:28 155,648 --a------ C:\WINDOWS\system32\igfxpph.dll
2007-01-22 19:28 147,456 --a------ C:\WINDOWS\system32\igfxdev.dll
2007-01-22 19:28 140,800 --a------ C:\WINDOWS\system32\igxpgd32.dll
2007-01-22 19:28 118,784 --a------ C:\WINDOWS\system32\igfxext.exe
2007-01-22 19:28 106,496 --a------ C:\WINDOWS\system32\igfxzoom.exe
2007-01-22 19:28 1,294,784 --a------ C:\WINDOWS\system32\igxpdv32.dll
2007-01-22 19:28 1,204,224 --a------ C:\WINDOWS\system32\ig4dev32.dll
2007-01-22 19:28 1,095,968 --a------ C:\WINDOWS\system32\drivers\igxpmp32.sys
2007-01-22 19:28 <REP> d-------- C:\drivers
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-02-07 10:25 -------- d-------- C:\DOCUME~1\Elise\Application Data\macromedia
2007-02-07 10:23 -------- d-------- C:\Program Files\Fichiers communs\macromedia
2007-02-07 10:22 -------- d-------- C:\Program Files\macromedia
2007-02-07 10:13 -------- d---s---- C:\DOCUME~1\Elise\Application Data\microsoft
2007-02-07 10:12 -------- d-------- C:\DOCUME~1\Elise\Application Data\mozilla
2007-02-07 10:03 76144 --a------ C:\WINDOWS\system32\perfc00c.dat
2007-02-07 10:03 470624 --a------ C:\WINDOWS\system32\perfh00c.dat
2007-01-22 19:47 -------- d-------- C:\Program Files\messenger
2006-12-07 17:02 2174976 --a------ C:\WINDOWS\system32\wmvcore.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"Persistence"="C:\\WINDOWS\\system32\\igfxpers.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
"PMX Daemon"="ICO.EXE"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"ISUSPM Startup"="C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Fichiers communs\\InstallShield\\UpdateService\\issch.exe\" -start"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"ekpyerf.dll"="C:\\WINDOWS\\system32\\rundll32.exe \"C:\\Documents and Settings\\Elise\\Local Settings\\Application Data\\ekpyerf.dll\",dwdrqp"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{563AF8EA-5807-4FBC-A58E-ED7D9838F9C7}"=""
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmfu32
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
********************************************************************
catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-02-12 9:51:55
C:\ComboFix2.txt ... 07-02-07 17:51
Rapport HijackThis :
Logfile of HijackThis v1.99.1
Scan saved at 09:55:24, on 12/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\Pmxmiced.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Elise\Bureau\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row-rel&channel...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ekpyerf.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Elise\Local Settings\Application Data\ekpyerf.dll",dwdrqp
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - http://www.inquiero.com/inquiero/mod/setup/ntractivex11...
O17 - HKLM\System\CCS\Services\Tcpip\..\{264ABCB4-8792-4BD0-A806-06180BF35A65}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: winmfu32 - winmfu32.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Unknown owner - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: wampapache - Unknown owner - C:\Program Files\wamp\apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\mysql\bin\mysqld-nt.exe" "--defaults-file=C:\Program Files\wamp\mysql\my.ini" wampmysqld (file missing)
Merci
Re,
- Lance Hijackthis ->Do a system scan only
->Coche les lignes ci-dessous :
O4 - HKLM\..\Run: [ekpyerf.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Elise\Local Settings\Application Data\ekpyerf.dll",dwdrqp
O20 - Winlogon Notify: winmfu32 - winmfu32.dll (file missing)
Clique sur Fix checked (en bas à gauche)
Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
Double-clique sur OTMoveIt.exe afin de le lancer.
Sélectionne TOUS les emplacements suivants :
C:\Documents and Settings\Elise\Local Settings\Application Data\ekpyerf.dll
C:\WINDOWS\system32\rkpyvgn.dll
C:\WINDOWS\system32\ekpyerf.dll
C:\WINDOWS\system32\wytskbk.dll
---> Clique-droit puis Copier
Retourne sur OTMoveIt, fais un Clique-droit sur le cadre de gauche puis choisis Coller.
Clique maintenant sur [#ff0000]MoveIt![/#f]
!! Si un fichier ou dossier ne peut être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES
Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport est la date de sa création.
- Lance Hijackthis ->Do a system scan only
->Coche les lignes ci-dessous :
O4 - HKLM\..\Run: [ekpyerf.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Elise\Local Settings\Application Data\ekpyerf.dll",dwdrqp
O20 - Winlogon Notify: winmfu32 - winmfu32.dll (file missing)
Clique sur Fix checked (en bas à gauche)
Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
Double-clique sur OTMoveIt.exe afin de le lancer.
Sélectionne TOUS les emplacements suivants :
C:\Documents and Settings\Elise\Local Settings\Application Data\ekpyerf.dll
C:\WINDOWS\system32\rkpyvgn.dll
C:\WINDOWS\system32\ekpyerf.dll
C:\WINDOWS\system32\wytskbk.dll
---> Clique-droit puis Copier
Retourne sur OTMoveIt, fais un Clique-droit sur le cadre de gauche puis choisis Coller.
Clique maintenant sur [#ff0000]MoveIt![/#f]
!! Si un fichier ou dossier ne peut être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES
Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport est la date de sa création.
Merci pour ta réponse
Voilà le rapport d'OTMove It :
DllUnregisterServer procedure not found in C:\Documents and Settings\Elise\Local Settings\Application Data\ekpyerf.dll
C:\Documents and Settings\Elise\Local Settings\Application Data\ekpyerf.dll NOT unregistered.
C:\Documents and Settings\Elise\Local Settings\Application Data\ekpyerf.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\rkpyvgn.dll
C:\WINDOWS\system32\rkpyvgn.dll NOT unregistered.
C:\WINDOWS\system32\rkpyvgn.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ekpyerf.dll
C:\WINDOWS\system32\ekpyerf.dll NOT unregistered.
C:\WINDOWS\system32\ekpyerf.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wytskbk.dll
C:\WINDOWS\system32\wytskbk.dll NOT unregistered.
C:\WINDOWS\system32\wytskbk.dll moved successfully.
Created on 02/12/2007 12:28:08
Voilà le rapport d'OTMove It :
DllUnregisterServer procedure not found in C:\Documents and Settings\Elise\Local Settings\Application Data\ekpyerf.dll
C:\Documents and Settings\Elise\Local Settings\Application Data\ekpyerf.dll NOT unregistered.
C:\Documents and Settings\Elise\Local Settings\Application Data\ekpyerf.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\rkpyvgn.dll
C:\WINDOWS\system32\rkpyvgn.dll NOT unregistered.
C:\WINDOWS\system32\rkpyvgn.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ekpyerf.dll
C:\WINDOWS\system32\ekpyerf.dll NOT unregistered.
C:\WINDOWS\system32\ekpyerf.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wytskbk.dll
C:\WINDOWS\system32\wytskbk.dll NOT unregistered.
C:\WINDOWS\system32\wytskbk.dll moved successfully.
Created on 02/12/2007 12:28:08
Scan ComboFix :
@"Elise" - 07-02-12 15:30:00 Service Pack 2
ComboFix 07-02-07 - Running from: "C:\Documents and Settings\Elise\Bureau"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\DOCUME~1
C:\qoobox\purity\DOCUME~1\Elise
C:\qoobox\purity\DOCUME~1\Elise\Mes documents
C:\qoobox\purity\DOCUME~1\Elise\Mes documents\FNTS~1
C:\qoobox\purity\DOCUME~1\Elise\Mes documents\from.txt
C:\qoobox\purity\DOCUME~1\Elise\Mes documents\FNTS~1\F?nts
C:\qoobox\purity\Program Files\SSTEM3~1
C:\qoobox\purity\WINDOWS\system32\SEMBLY~1
((((((((((((((((((((((((((((((( Files Created from 2007-01-12 to 2007-02-12 ))))))))))))))))))))))))))))))))))
2007-02-12 12:28 <REP> d-------- C:\_OTMoveIt
2007-02-09 18:22 <REP> d-------- C:\WINDOWS\Sun
2007-02-09 18:22 <REP> d-------- C:\DOCUME~1\Elise\Application Data\Sun
2007-02-07 17:24 <REP> d-------- C:\!KillBox
2007-02-07 16:44 <REP> d-------- C:\VundoFix Backups
2007-02-07 15:32 12,372,231 --------- C:\AVG7QT.DAT
2007-02-07 14:45 <REP> d-------- C:\Program Files\Lavasoft
2007-02-07 14:45 <REP> d-------- C:\DOCUME~1\Elise\Application Data\Lavasoft
2007-02-07 14:44 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-02-07 13:29 <REP> d-------- C:\Program Files\Quark
2007-02-07 13:24 <REP> dr-h----- C:\$VAULT$.AVG
2007-02-07 13:23 <REP> d-------- C:\DOCUME~1\LOCALS~1\Application Data\AVG7
2007-02-07 13:23 <REP> d-------- C:\DOCUME~1\Elise\Application Data\AVG7
2007-02-07 13:22 816,672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2007-02-07 13:22 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2007-02-07 13:22 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2007-02-07 13:22 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2007-02-07 13:22 18,240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2007-02-07 13:22 <REP> d-------- C:\Program Files\Grisoft
2007-02-07 13:22 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Grisoft
2007-02-07 13:22 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\avg7
2007-02-07 13:10 <REP> d-------- C:\Program Files\DAEMON Tools
2007-02-07 13:08 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-02-07 13:00 1,168 --a------ C:\WINDOWS\mozver.dat
2007-02-07 12:08 <REP> d-------- C:\Program Files\wamp
2007-02-07 11:54 <REP> d-------- C:\DOCUME~1\Elise\Application Data\Adobe
2007-02-07 11:54 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2007-02-07 11:50 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2007-02-07 11:50 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2007-02-07 11:50 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Macrovision
2007-02-07 10:33 <REP> d-------- C:\Program Files\FileZilla
2007-02-07 10:12 0 --a------ C:\WINDOWS\nsreg.dat
2007-02-07 10:12 <REP> d-------- C:\Program Files\Mozilla Firefox
2007-01-31 09:14 <REP> d-------- C:\WINDOWS\WBEM
2007-01-31 09:14 <REP> d-------- C:\WINDOWS\system32\fr-fr
2007-01-31 09:13 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2007-01-31 09:13 <REP> d--h-c--- C:\WINDOWS\ie7
2007-01-31 09:12 <REP> d-------- C:\WINDOWS\network diagnostic
2007-01-31 09:05 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2007-01-31 09:03 <REP> d--hs---- C:\DOCUME~1\Elise\UserData
2007-01-31 08:57 <REP> d-------- C:\DOCUME~1\Elise\Application Data\Google
2007-01-31 08:53 <REP> d-------- C:\DOCUME~1\Elise\Application Data\ntr
2007-01-31 08:47 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Google
2007-01-31 08:35 <REP> d-------- C:\WINDOWS\system32\PreInstall
2007-01-31 08:33 262,144 --a------ C:\DOCUME~1\ALLUSE~1\NTUSER.DAT
2007-01-31 08:33 2,359,296 --ah----- C:\DOCUME~1\Elise\NTUSER.DAT
2007-01-31 08:33 <REP> dr------- C:\DOCUME~1\Elise\Mes documents
2007-01-31 08:33 <REP> dr------- C:\DOCUME~1\Elise\Menu D‚marrer
2007-01-31 08:33 <REP> dr------- C:\DOCUME~1\Elise\Favoris
2007-01-31 08:33 <REP> d--h----- C:\DOCUME~1\Elise\Voisinage r‚seau
2007-01-31 08:33 <REP> d--h----- C:\DOCUME~1\Elise\Voisinage d'impression
2007-01-31 08:33 <REP> d--h----- C:\DOCUME~1\Elise\ModŠles
2007-01-31 08:33 <REP> d--h----- C:\DOCUME~1\Elise\Application Data\Gtek
2007-01-31 08:33 <REP> d-------- C:\DOCUME~1\Elise\Bureau
2007-01-31 08:32 <REP> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-01-31 08:23 18,432 --a------ C:\WINDOWS\system32\drivers\pmxmouse.sys
2007-01-31 08:23 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-01-31 08:23 14,336 --a------ C:\WINDOWS\system32\drivers\pmxusblf.sys
2007-01-31 08:23 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-01-22 19:59 <REP> d--hs---- C:\RECYCLER
2007-01-22 19:56 33,340 --a------ C:\WINDOWS\system32\dbmsqlgc.dll
2007-01-22 19:56 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-01-22 19:56 24,576 --a------ C:\WINDOWS\system32\dbmsgnet.dll
2007-01-22 19:56 <REP> d-------- C:\Program Files\Microsoft Visual Studio .NET 2003
2007-01-22 19:56 <REP> d-------- C:\Program Files\Microsoft SQL Server
2007-01-22 19:56 <REP> d-------- C:\Program Files\Microsoft Small Business
2007-01-22 19:56 <REP> d-------- C:\Program Files\Fichiers communs\Crystal Decisions
2007-01-22 19:54 <REP> d--h----- C:\DOCUME~1\DEFAUL~1\Application Data\Gtek
2007-01-22 19:54 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Application Data\GTek
2007-01-22 19:54 <REP> d-------- C:\Program Files\Sonic
2007-01-22 19:54 <REP> d-------- C:\Program Files\Google
2007-01-22 19:54 <REP> d-------- C:\Program Files\Dell Support
2007-01-22 19:54 <REP> d-------- C:\Program Files\BAE
2007-01-22 19:54 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\InstallShield
2007-01-22 19:54 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\GTek
2007-01-22 19:53 94,263 --a------ C:\WINDOWS\DLA.EXE
2007-01-22 19:53 89,264 --a------ C:\WINDOWS\system32\drivers\DRVMCDB.SYS
2007-01-22 19:53 61,500 --a------ C:\WINDOWS\system32\DLAAPI_W.DLL
2007-01-22 19:53 5,628 --a------ C:\WINDOWS\system32\drivers\DLACDBHM.SYS
2007-01-22 19:53 40,544 --a------ C:\WINDOWS\system32\drivers\DRVNDDM.SYS
2007-01-22 19:53 24,816 --a------ C:\WINDOWS\system32\mdimon.dll
2007-01-22 19:53 22,684 --a------ C:\WINDOWS\system32\drivers\DLARTL_N.SYS
2007-01-22 19:53 <REP> d-------- C:\WINDOWS\system32\DLA
2007-01-22 19:53 <REP> d-------- C:\Program Files\Roxio
2007-01-22 19:53 <REP> d-------- C:\Program Files\Fichiers communs\Sonic Shared
2007-01-22 19:52 <REP> d-------- C:\WINDOWS\SHELLNEW
2007-01-22 19:52 <REP> d-------- C:\Program Files\Microsoft.NET
2007-01-22 19:52 <REP> d-------- C:\Program Files\Microsoft Works
2007-01-22 19:51 94,208 --a------ C:\WINDOWS\system32\Pelzoom.dll
2007-01-22 19:51 9,600 --a------ C:\WINDOWS\system32\drivers\Hidusb.sys
2007-01-22 19:51 65,536 --a------ C:\WINDOWS\system32\pmxhooks.dll
2007-01-22 19:51 49,152 --a------ C:\WINDOWS\system32\pmxcomm.dll
2007-01-22 19:51 49,152 --a------ C:\WINDOWS\system32\ico.exe
2007-01-22 19:51 47,104 --a------ C:\WINDOWS\system32\ICONSPY.EXE
2007-01-22 19:51 40,960 --a------ C:\WINDOWS\system32\LaunHelp.exe
2007-01-22 19:51 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-01-22 19:51 303,104 --a------ C:\WINDOWS\system32\FontZoom.exe
2007-01-22 19:51 28,672 --a------ C:\WINDOWS\system32\UnInst.exe
2007-01-22 19:51 262,144 --a------ C:\WINDOWS\system32\pmxutil.dll
2007-01-22 19:51 2,277,376 --a------ C:\WINDOWS\system32\DellPM.exe
2007-01-22 19:51 143,360 --a------ C:\WINDOWS\system32\ApSwitch.exe
2007-01-22 19:51 131,072 --a------ C:\WINDOWS\system32\pmxscrll.dll
2007-01-22 19:51 126,976 --a------ C:\WINDOWS\system32\pmxmiced.exe
2007-01-22 19:51 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-01-22 19:51 <REP> d--h----- C:\Program Files\InstallShield Installation Information
2007-01-22 19:51 <REP> d-------- C:\WINDOWS\Downloaded Installations
2007-01-22 19:51 <REP> d-------- C:\Program Files\Fichiers communs\InstallShield
2007-01-22 19:51 <REP> d-------- C:\Program Files\Dell
2007-01-22 19:51 <REP> d-------- C:\Program Files\CyberLink
2007-01-22 19:51 <REP> d-------- C:\Program Files\Broadcom
2007-01-22 19:49 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-01-22 19:49 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-01-22 19:49 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-01-22 19:49 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-01-22 19:49 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-01-22 19:49 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-01-22 19:49 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-01-22 19:49 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-01-22 19:49 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-01-22 19:49 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-01-22 19:49 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-01-22 19:49 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-01-22 19:49 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-01-22 19:49 <REP> d-------- C:\Program Files\Analog Devices
2007-01-22 19:48 28,672 --------- C:\WINDOWS\system32\verclsid.exe
2007-01-22 19:48 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-01-22 19:48 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-01-22 19:46 <REP> d-------- C:\Program Files\Java
2007-01-22 19:46 <REP> d-------- C:\Program Files\Fichiers communs\Java
2007-01-22 19:44 <REP> d--h----- C:\WINDOWS\$hf_mig$
2007-01-22 19:36 167,936 --a------ C:\WINDOWS\system32\igfxres.dll
2007-01-22 19:34 397,312 --a------ C:\WINDOWS\system32\igxpun.exe
2007-01-22 19:34 <REP> d-------- C:\WINDOWS\system32\x64
2007-01-22 19:33 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-01-22 19:33 <REP> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-01-22 19:29 77,824 --a------ C:\WINDOWS\setpwr32.exe
2007-01-22 19:28 98,304 --a------ C:\WINDOWS\system32\igfxtray.exe
2007-01-22 19:28 98,304 --a------ C:\WINDOWS\system32\igfxdo.dll
2007-01-22 19:28 86,016 --a------ C:\WINDOWS\system32\hkcmd.exe
2007-01-22 19:28 81,920 --a------ C:\WINDOWS\system32\igfxpers.exe
2007-01-22 19:28 81,920 --a------ C:\WINDOWS\system32\hccutils.dll
2007-01-22 19:28 765,952 --a------ C:\WINDOWS\system\crlds3d.dll
2007-01-22 19:28 65,536 --a------ C:\WINDOWS\system32\a3d.dll
2007-01-22 19:28 48,128 --a------ C:\WINDOWS\system32\igxprd32.dll
2007-01-22 19:28 450,560 --a------ C:\WINDOWS\system32\igfxcfg.exe
2007-01-22 19:28 41,984 --a------ C:\WINDOWS\system32\igfxsrvc.dll
2007-01-22 19:28 392,960 --a------ C:\WINDOWS\system32\drivers\senfilt.sys
2007-01-22 19:28 348,880 --a------ C:\WINDOWS\system32\igmedkrn.dll
2007-01-22 19:28 309,760 --a------ C:\WINDOWS\system32\difxapi.dll
2007-01-22 19:28 309,760 --a------ C:\WINDOWS\system32\difx32.dll
2007-01-22 19:28 3,276,800 --a------ C:\WINDOWS\system32\igfxress.dll
2007-01-22 19:28 28,160 --a------ C:\WINDOWS\system32\PostProc.dll
2007-01-22 19:28 241,152 --a------ C:\WINDOWS\system32\drivers\ADIHdAud.sys
2007-01-22 19:28 23,552 --a------ C:\WINDOWS\system32\igfxexps.dll
2007-01-22 19:28 2,416,640 --a------ C:\WINDOWS\system32\ig4icd32.dll
2007-01-22 19:28 2,053,120 --a------ C:\WINDOWS\system32\igxpdx32.dll
2007-01-22 19:28 192,512 --a------ C:\WINDOWS\system32\igfxCoIn_v4642.dll
2007-01-22 19:28 188,416 --a------ C:\WINDOWS\system32\igfxsrvc.exe
2007-01-22 19:28 156,160 --a------ C:\WINDOWS\system32\drivers\b57xp32.sys
2007-01-22 19:28 155,648 --a------ C:\WINDOWS\system32\igfxpph.dll
2007-01-22 19:28 147,456 --a------ C:\WINDOWS\system32\igfxdev.dll
2007-01-22 19:28 140,800 --a------ C:\WINDOWS\system32\igxpgd32.dll
2007-01-22 19:28 118,784 --a------ C:\WINDOWS\system32\igfxext.exe
2007-01-22 19:28 106,496 --a------ C:\WINDOWS\system32\igfxzoom.exe
2007-01-22 19:28 1,294,784 --a------ C:\WINDOWS\system32\igxpdv32.dll
2007-01-22 19:28 1,204,224 --a------ C:\WINDOWS\system32\ig4dev32.dll
2007-01-22 19:28 1,095,968 --a------ C:\WINDOWS\system32\drivers\igxpmp32.sys
2007-01-22 19:28 <REP> d-------- C:\drivers
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-02-07 10:25 -------- d-------- C:\DOCUME~1\Elise\Application Data\macromedia
2007-02-07 10:23 -------- d-------- C:\Program Files\Fichiers communs\macromedia
2007-02-07 10:22 -------- d-------- C:\Program Files\macromedia
2007-02-07 10:13 -------- d---s---- C:\DOCUME~1\Elise\Application Data\microsoft
2007-02-07 10:12 -------- d-------- C:\DOCUME~1\Elise\Application Data\mozilla
2007-02-07 10:03 76144 --a------ C:\WINDOWS\system32\perfc00c.dat
2007-02-07 10:03 470624 --a------ C:\WINDOWS\system32\perfh00c.dat
2007-01-22 19:47 -------- d-------- C:\Program Files\messenger
2006-12-07 17:02 2174976 --a------ C:\WINDOWS\system32\wmvcore.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"Persistence"="C:\\WINDOWS\\system32\\igfxpers.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
"PMX Daemon"="ICO.EXE"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"ISUSPM Startup"="C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Fichiers communs\\InstallShield\\UpdateService\\issch.exe\" -start"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{563AF8EA-5807-4FBC-A58E-ED7D9838F9C7}"=""
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b530572-b6a4-11db-8907-0019b913f7d8}]
Shell\AutoRun\command I:\Setup.exe
********************************************************************
catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-02-12 15:30:53
C:\ComboFix2.txt ... 07-02-12 09:51
C:\ComboFix3.txt ... 07-02-07 17:51
Scan HiJack This :
Logfile of HijackThis v1.99.1
Scan saved at 15:32:51, on 12/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\Pmxmiced.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\FileZilla\FileZilla.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Adobe\Photoshop CS\Photoshop.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Elise\Bureau\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row-rel&channel...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - http://www.inquiero.com/inquiero/mod/setup/ntractivex11...
O17 - HKLM\System\CCS\Services\Tcpip\..\{264ABCB4-8792-4BD0-A806-06180BF35A65}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Unknown owner - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: wampapache - Unknown owner - C:\Program Files\wamp\apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\mysql\bin\mysqld-nt.exe" "--defaults-file=C:\Program Files\wamp\mysql\my.ini" wampmysqld (file missing)
@"Elise" - 07-02-12 15:30:00 Service Pack 2
ComboFix 07-02-07 - Running from: "C:\Documents and Settings\Elise\Bureau"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\DOCUME~1
C:\qoobox\purity\DOCUME~1\Elise
C:\qoobox\purity\DOCUME~1\Elise\Mes documents
C:\qoobox\purity\DOCUME~1\Elise\Mes documents\FNTS~1
C:\qoobox\purity\DOCUME~1\Elise\Mes documents\from.txt
C:\qoobox\purity\DOCUME~1\Elise\Mes documents\FNTS~1\F?nts
C:\qoobox\purity\Program Files\SSTEM3~1
C:\qoobox\purity\WINDOWS\system32\SEMBLY~1
((((((((((((((((((((((((((((((( Files Created from 2007-01-12 to 2007-02-12 ))))))))))))))))))))))))))))))))))
2007-02-12 12:28 <REP> d-------- C:\_OTMoveIt
2007-02-09 18:22 <REP> d-------- C:\WINDOWS\Sun
2007-02-09 18:22 <REP> d-------- C:\DOCUME~1\Elise\Application Data\Sun
2007-02-07 17:24 <REP> d-------- C:\!KillBox
2007-02-07 16:44 <REP> d-------- C:\VundoFix Backups
2007-02-07 15:32 12,372,231 --------- C:\AVG7QT.DAT
2007-02-07 14:45 <REP> d-------- C:\Program Files\Lavasoft
2007-02-07 14:45 <REP> d-------- C:\DOCUME~1\Elise\Application Data\Lavasoft
2007-02-07 14:44 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-02-07 13:29 <REP> d-------- C:\Program Files\Quark
2007-02-07 13:24 <REP> dr-h----- C:\$VAULT$.AVG
2007-02-07 13:23 <REP> d-------- C:\DOCUME~1\LOCALS~1\Application Data\AVG7
2007-02-07 13:23 <REP> d-------- C:\DOCUME~1\Elise\Application Data\AVG7
2007-02-07 13:22 816,672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2007-02-07 13:22 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2007-02-07 13:22 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2007-02-07 13:22 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2007-02-07 13:22 18,240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2007-02-07 13:22 <REP> d-------- C:\Program Files\Grisoft
2007-02-07 13:22 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Grisoft
2007-02-07 13:22 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\avg7
2007-02-07 13:10 <REP> d-------- C:\Program Files\DAEMON Tools
2007-02-07 13:08 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-02-07 13:00 1,168 --a------ C:\WINDOWS\mozver.dat
2007-02-07 12:08 <REP> d-------- C:\Program Files\wamp
2007-02-07 11:54 <REP> d-------- C:\DOCUME~1\Elise\Application Data\Adobe
2007-02-07 11:54 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2007-02-07 11:50 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2007-02-07 11:50 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2007-02-07 11:50 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Macrovision
2007-02-07 10:33 <REP> d-------- C:\Program Files\FileZilla
2007-02-07 10:12 0 --a------ C:\WINDOWS\nsreg.dat
2007-02-07 10:12 <REP> d-------- C:\Program Files\Mozilla Firefox
2007-01-31 09:14 <REP> d-------- C:\WINDOWS\WBEM
2007-01-31 09:14 <REP> d-------- C:\WINDOWS\system32\fr-fr
2007-01-31 09:13 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2007-01-31 09:13 <REP> d--h-c--- C:\WINDOWS\ie7
2007-01-31 09:12 <REP> d-------- C:\WINDOWS\network diagnostic
2007-01-31 09:05 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2007-01-31 09:03 <REP> d--hs---- C:\DOCUME~1\Elise\UserData
2007-01-31 08:57 <REP> d-------- C:\DOCUME~1\Elise\Application Data\Google
2007-01-31 08:53 <REP> d-------- C:\DOCUME~1\Elise\Application Data\ntr
2007-01-31 08:47 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Google
2007-01-31 08:35 <REP> d-------- C:\WINDOWS\system32\PreInstall
2007-01-31 08:33 262,144 --a------ C:\DOCUME~1\ALLUSE~1\NTUSER.DAT
2007-01-31 08:33 2,359,296 --ah----- C:\DOCUME~1\Elise\NTUSER.DAT
2007-01-31 08:33 <REP> dr------- C:\DOCUME~1\Elise\Mes documents
2007-01-31 08:33 <REP> dr------- C:\DOCUME~1\Elise\Menu D‚marrer
2007-01-31 08:33 <REP> dr------- C:\DOCUME~1\Elise\Favoris
2007-01-31 08:33 <REP> d--h----- C:\DOCUME~1\Elise\Voisinage r‚seau
2007-01-31 08:33 <REP> d--h----- C:\DOCUME~1\Elise\Voisinage d'impression
2007-01-31 08:33 <REP> d--h----- C:\DOCUME~1\Elise\ModŠles
2007-01-31 08:33 <REP> d--h----- C:\DOCUME~1\Elise\Application Data\Gtek
2007-01-31 08:33 <REP> d-------- C:\DOCUME~1\Elise\Bureau
2007-01-31 08:32 <REP> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-01-31 08:23 18,432 --a------ C:\WINDOWS\system32\drivers\pmxmouse.sys
2007-01-31 08:23 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-01-31 08:23 14,336 --a------ C:\WINDOWS\system32\drivers\pmxusblf.sys
2007-01-31 08:23 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-01-22 19:59 <REP> d--hs---- C:\RECYCLER
2007-01-22 19:56 33,340 --a------ C:\WINDOWS\system32\dbmsqlgc.dll
2007-01-22 19:56 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-01-22 19:56 24,576 --a------ C:\WINDOWS\system32\dbmsgnet.dll
2007-01-22 19:56 <REP> d-------- C:\Program Files\Microsoft Visual Studio .NET 2003
2007-01-22 19:56 <REP> d-------- C:\Program Files\Microsoft SQL Server
2007-01-22 19:56 <REP> d-------- C:\Program Files\Microsoft Small Business
2007-01-22 19:56 <REP> d-------- C:\Program Files\Fichiers communs\Crystal Decisions
2007-01-22 19:54 <REP> d--h----- C:\DOCUME~1\DEFAUL~1\Application Data\Gtek
2007-01-22 19:54 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Application Data\GTek
2007-01-22 19:54 <REP> d-------- C:\Program Files\Sonic
2007-01-22 19:54 <REP> d-------- C:\Program Files\Google
2007-01-22 19:54 <REP> d-------- C:\Program Files\Dell Support
2007-01-22 19:54 <REP> d-------- C:\Program Files\BAE
2007-01-22 19:54 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\InstallShield
2007-01-22 19:54 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\GTek
2007-01-22 19:53 94,263 --a------ C:\WINDOWS\DLA.EXE
2007-01-22 19:53 89,264 --a------ C:\WINDOWS\system32\drivers\DRVMCDB.SYS
2007-01-22 19:53 61,500 --a------ C:\WINDOWS\system32\DLAAPI_W.DLL
2007-01-22 19:53 5,628 --a------ C:\WINDOWS\system32\drivers\DLACDBHM.SYS
2007-01-22 19:53 40,544 --a------ C:\WINDOWS\system32\drivers\DRVNDDM.SYS
2007-01-22 19:53 24,816 --a------ C:\WINDOWS\system32\mdimon.dll
2007-01-22 19:53 22,684 --a------ C:\WINDOWS\system32\drivers\DLARTL_N.SYS
2007-01-22 19:53 <REP> d-------- C:\WINDOWS\system32\DLA
2007-01-22 19:53 <REP> d-------- C:\Program Files\Roxio
2007-01-22 19:53 <REP> d-------- C:\Program Files\Fichiers communs\Sonic Shared
2007-01-22 19:52 <REP> d-------- C:\WINDOWS\SHELLNEW
2007-01-22 19:52 <REP> d-------- C:\Program Files\Microsoft.NET
2007-01-22 19:52 <REP> d-------- C:\Program Files\Microsoft Works
2007-01-22 19:51 94,208 --a------ C:\WINDOWS\system32\Pelzoom.dll
2007-01-22 19:51 9,600 --a------ C:\WINDOWS\system32\drivers\Hidusb.sys
2007-01-22 19:51 65,536 --a------ C:\WINDOWS\system32\pmxhooks.dll
2007-01-22 19:51 49,152 --a------ C:\WINDOWS\system32\pmxcomm.dll
2007-01-22 19:51 49,152 --a------ C:\WINDOWS\system32\ico.exe
2007-01-22 19:51 47,104 --a------ C:\WINDOWS\system32\ICONSPY.EXE
2007-01-22 19:51 40,960 --a------ C:\WINDOWS\system32\LaunHelp.exe
2007-01-22 19:51 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-01-22 19:51 303,104 --a------ C:\WINDOWS\system32\FontZoom.exe
2007-01-22 19:51 28,672 --a------ C:\WINDOWS\system32\UnInst.exe
2007-01-22 19:51 262,144 --a------ C:\WINDOWS\system32\pmxutil.dll
2007-01-22 19:51 2,277,376 --a------ C:\WINDOWS\system32\DellPM.exe
2007-01-22 19:51 143,360 --a------ C:\WINDOWS\system32\ApSwitch.exe
2007-01-22 19:51 131,072 --a------ C:\WINDOWS\system32\pmxscrll.dll
2007-01-22 19:51 126,976 --a------ C:\WINDOWS\system32\pmxmiced.exe
2007-01-22 19:51 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-01-22 19:51 <REP> d--h----- C:\Program Files\InstallShield Installation Information
2007-01-22 19:51 <REP> d-------- C:\WINDOWS\Downloaded Installations
2007-01-22 19:51 <REP> d-------- C:\Program Files\Fichiers communs\InstallShield
2007-01-22 19:51 <REP> d-------- C:\Program Files\Dell
2007-01-22 19:51 <REP> d-------- C:\Program Files\CyberLink
2007-01-22 19:51 <REP> d-------- C:\Program Files\Broadcom
2007-01-22 19:49 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-01-22 19:49 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-01-22 19:49 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-01-22 19:49 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-01-22 19:49 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-01-22 19:49 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-01-22 19:49 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-01-22 19:49 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-01-22 19:49 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-01-22 19:49 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-01-22 19:49 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-01-22 19:49 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-01-22 19:49 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-01-22 19:49 <REP> d-------- C:\Program Files\Analog Devices
2007-01-22 19:48 28,672 --------- C:\WINDOWS\system32\verclsid.exe
2007-01-22 19:48 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-01-22 19:48 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-01-22 19:46 <REP> d-------- C:\Program Files\Java
2007-01-22 19:46 <REP> d-------- C:\Program Files\Fichiers communs\Java
2007-01-22 19:44 <REP> d--h----- C:\WINDOWS\$hf_mig$
2007-01-22 19:36 167,936 --a------ C:\WINDOWS\system32\igfxres.dll
2007-01-22 19:34 397,312 --a------ C:\WINDOWS\system32\igxpun.exe
2007-01-22 19:34 <REP> d-------- C:\WINDOWS\system32\x64
2007-01-22 19:33 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-01-22 19:33 <REP> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-01-22 19:29 77,824 --a------ C:\WINDOWS\setpwr32.exe
2007-01-22 19:28 98,304 --a------ C:\WINDOWS\system32\igfxtray.exe
2007-01-22 19:28 98,304 --a------ C:\WINDOWS\system32\igfxdo.dll
2007-01-22 19:28 86,016 --a------ C:\WINDOWS\system32\hkcmd.exe
2007-01-22 19:28 81,920 --a------ C:\WINDOWS\system32\igfxpers.exe
2007-01-22 19:28 81,920 --a------ C:\WINDOWS\system32\hccutils.dll
2007-01-22 19:28 765,952 --a------ C:\WINDOWS\system\crlds3d.dll
2007-01-22 19:28 65,536 --a------ C:\WINDOWS\system32\a3d.dll
2007-01-22 19:28 48,128 --a------ C:\WINDOWS\system32\igxprd32.dll
2007-01-22 19:28 450,560 --a------ C:\WINDOWS\system32\igfxcfg.exe
2007-01-22 19:28 41,984 --a------ C:\WINDOWS\system32\igfxsrvc.dll
2007-01-22 19:28 392,960 --a------ C:\WINDOWS\system32\drivers\senfilt.sys
2007-01-22 19:28 348,880 --a------ C:\WINDOWS\system32\igmedkrn.dll
2007-01-22 19:28 309,760 --a------ C:\WINDOWS\system32\difxapi.dll
2007-01-22 19:28 309,760 --a------ C:\WINDOWS\system32\difx32.dll
2007-01-22 19:28 3,276,800 --a------ C:\WINDOWS\system32\igfxress.dll
2007-01-22 19:28 28,160 --a------ C:\WINDOWS\system32\PostProc.dll
2007-01-22 19:28 241,152 --a------ C:\WINDOWS\system32\drivers\ADIHdAud.sys
2007-01-22 19:28 23,552 --a------ C:\WINDOWS\system32\igfxexps.dll
2007-01-22 19:28 2,416,640 --a------ C:\WINDOWS\system32\ig4icd32.dll
2007-01-22 19:28 2,053,120 --a------ C:\WINDOWS\system32\igxpdx32.dll
2007-01-22 19:28 192,512 --a------ C:\WINDOWS\system32\igfxCoIn_v4642.dll
2007-01-22 19:28 188,416 --a------ C:\WINDOWS\system32\igfxsrvc.exe
2007-01-22 19:28 156,160 --a------ C:\WINDOWS\system32\drivers\b57xp32.sys
2007-01-22 19:28 155,648 --a------ C:\WINDOWS\system32\igfxpph.dll
2007-01-22 19:28 147,456 --a------ C:\WINDOWS\system32\igfxdev.dll
2007-01-22 19:28 140,800 --a------ C:\WINDOWS\system32\igxpgd32.dll
2007-01-22 19:28 118,784 --a------ C:\WINDOWS\system32\igfxext.exe
2007-01-22 19:28 106,496 --a------ C:\WINDOWS\system32\igfxzoom.exe
2007-01-22 19:28 1,294,784 --a------ C:\WINDOWS\system32\igxpdv32.dll
2007-01-22 19:28 1,204,224 --a------ C:\WINDOWS\system32\ig4dev32.dll
2007-01-22 19:28 1,095,968 --a------ C:\WINDOWS\system32\drivers\igxpmp32.sys
2007-01-22 19:28 <REP> d-------- C:\drivers
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-02-07 10:25 -------- d-------- C:\DOCUME~1\Elise\Application Data\macromedia
2007-02-07 10:23 -------- d-------- C:\Program Files\Fichiers communs\macromedia
2007-02-07 10:22 -------- d-------- C:\Program Files\macromedia
2007-02-07 10:13 -------- d---s---- C:\DOCUME~1\Elise\Application Data\microsoft
2007-02-07 10:12 -------- d-------- C:\DOCUME~1\Elise\Application Data\mozilla
2007-02-07 10:03 76144 --a------ C:\WINDOWS\system32\perfc00c.dat
2007-02-07 10:03 470624 --a------ C:\WINDOWS\system32\perfh00c.dat
2007-01-22 19:47 -------- d-------- C:\Program Files\messenger
2006-12-07 17:02 2174976 --a------ C:\WINDOWS\system32\wmvcore.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"Persistence"="C:\\WINDOWS\\system32\\igfxpers.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
"PMX Daemon"="ICO.EXE"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"ISUSPM Startup"="C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Fichiers communs\\InstallShield\\UpdateService\\issch.exe\" -start"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{563AF8EA-5807-4FBC-A58E-ED7D9838F9C7}"=""
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b530572-b6a4-11db-8907-0019b913f7d8}]
Shell\AutoRun\command I:\Setup.exe
********************************************************************
catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-02-12 15:30:53
C:\ComboFix2.txt ... 07-02-12 09:51
C:\ComboFix3.txt ... 07-02-07 17:51
Scan HiJack This :
Logfile of HijackThis v1.99.1
Scan saved at 15:32:51, on 12/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\Pmxmiced.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\FileZilla\FileZilla.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Adobe\Photoshop CS\Photoshop.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Elise\Bureau\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row-rel&channel...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - http://www.inquiero.com/inquiero/mod/setup/ntractivex11...
O17 - HKLM\System\CCS\Services\Tcpip\..\{264ABCB4-8792-4BD0-A806-06180BF35A65}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Unknown owner - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: wampapache - Unknown owner - C:\Program Files\wamp\apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\mysql\bin\mysqld-nt.exe" "--defaults-file=C:\Program Files\wamp\mysql\my.ini" wampmysqld (file missing)
Re,
Télécharge Clean.zip (de Malekal),
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.
Télécharge Clean.zip (de Malekal),
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.
Re ![:)]( ":)")
Voilà le rapport de Clean :
Rapport clean par Malekal_morte - http://www.malekal.com
Option 1, executee le 14/02/2007 a 10:19:36,00
*** Recherche de fichiers sur C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\mcrh.tmp FOUND
*** Fin du rapport !
Pour une fois ça fait pas 30 000 km de long![;)]( ";)")
C'est peut être bon signe![;)]( ";)")
![:bounce:]( ":bounce:")
Voilà le rapport de Clean :
Rapport clean par Malekal_morte - http://www.malekal.com
Option 1, executee le 14/02/2007 a 10:19:36,00
*** Recherche de fichiers sur C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\mcrh.tmp FOUND
*** Fin du rapport !
Pour une fois ça fait pas 30 000 km de long
C'est peut être bon signe
Re,
On finit le boulot![;)]( ";)")
Redémarre en mode sans échec
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 2 puis patiente.
Redémarre normalement
- Poste le rapport clean : C:\rapport_clean.txt
On finit le boulot
Redémarre en mode sans échec
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 2 puis patiente.
Redémarre normalement
- Poste le rapport clean : C:\rapport_clean.txt
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumComment enlever un spyware de mon pc
- ForumVirus spyware sur pc port
- ForumSpyware infecte mon pc
- articlesNettoyer pc spyware
- ForumPc infecte par un spyware insupprimable
- ForumNettoyage pc spyware
- ForumPc envahit par spyware secure
- ForumPc envahi par un spyware
- ForumPc plein par spyware virus help
- ForumPc infecte par des spyware
- Voir plus
