Waou Ogu je tiens à te dire que t'es vraiment un génie !! au fur et à mesure des manip's je retrouve trop mon ordi c'est extra !!! je te fais suivre les rapports
! ... 1000mercis
****AVEC COMBO:
ComboFix 08-05-12.1 - Mon micro 2008-05-16 22:26:52.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.253 [GMT 2:00]
Endroit: C:\Documents and Settings\Mon micro\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mon micro\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
FILE ::
C:\Documents and Settings\Mon micro\Application Data\EoRezo
C:\WINDOWS\b152.exe
C:\WINDOWS\BM038e6fd2.xml
C:\WINDOWS\mrofinu572.exe.tmp
C:\WINDOWS\system32\{266b9523-6369-9aa3-34da-c9674a2f8eca}.dll-uninst.exe
C:\WINDOWS\system32\ateycyfd.dll
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\awigqkwv.exe
C:\WINDOWS\system32\brhrpiqm.dll
C:\WINDOWS\system32\bsfjjlux.exe
C:\WINDOWS\system32\eabvqduh.dll
C:\WINDOWS\system32\fhvydvas.dll
C:\WINDOWS\system32\fsqmwmhf.dll
C:\WINDOWS\system32\geBtRjHa.dll
C:\WINDOWS\system32\geBuUnop.dll
C:\WINDOWS\system32\gside.exe
C:\WINDOWS\system32\hpbgyfat.dll
C:\WINDOWS\system32\hyxgesbj.dll
C:\WINDOWS\system32\ihmuqess.dll
C:\WINDOWS\system32\jkfauxla.dll
C:\WINDOWS\system32\kchwuwgu.dll
C:\WINDOWS\system32\lhwpmwcs.exe
C:\WINDOWS\system32\mlfcache.dat
C:\WINDOWS\system32\nbaiprae.exe
C:\WINDOWS\system32\nilcilyh.dll
C:\WINDOWS\system32\nnnnLbCr.dll
C:\WINDOWS\system32\ocntkkdm.exe
C:\WINDOWS\system32\oeuoueeq.dll
C:\WINDOWS\system32\phpjgiko.dll
C:\WINDOWS\system32\qnffjtjd.exe
C:\WINDOWS\system32\rwwnw64d.exe
C:\WINDOWS\system32\sebxjjni.exe
C:\WINDOWS\system32\ssqOHyax.dll
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\ufljaqtw.dll
C:\WINDOWS\System32\vvorwrkb.dll
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\xgwsvwib.in
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\uninstall_nmon.vbs
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Mon micro\Menu Démarrer\Programmes\Démarrage\Deewoo.lnk
C:\Documents and Settings\Mon micro\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
C:\Program Files\dbar
C:\Program Files\dbar\dbaruninst.exe
C:\Program Files\dbar\deskbar.dll
C:\Program Files\EoRezo
C:\Program Files\EoRezo\ConfMedia.cyp
C:\Program Files\EoRezo\EoAdv\EoAdv.dll
C:\Program Files\EoRezo\EoAdv\eoAdv.url
C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.1823
C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.4007
C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.5045
C:\Program Files\EoRezo\EoEngine.exe
C:\Program Files\EoRezo\eoEngine.url
C:\Program Files\EoRezo\EoMultiLanguage.dll
C:\Program Files\EoRezo\EoRezoComm.dll
C:\Program Files\EoRezo\EoRezoImg_15.dll
C:\Program Files\EoRezo\EoRezoImg_16.dll
C:\Program Files\EoRezo\EoRezoImg_17.dll
C:\Program Files\EoRezo\EoRezoImg_18.dll
C:\Program Files\EoRezo\EoRezoImg_19.dll
C:\Program Files\EoRezo\EoRezoImg_20.dll
C:\Program Files\EoRezo\EoRezoImg_21.dll
C:\Program Files\EoRezo\EoRezoImg_22.dll
C:\Program Files\EoRezo\EoRezoImg_23.dll
C:\Program Files\EoRezo\EoRezoImg_24.dll
C:\Program Files\EoRezo\EoRezoTools_15.dll
C:\Program Files\EoRezo\EoRezoTools_16.dll
C:\Program Files\EoRezo\EoRezoTools_17.dll
C:\Program Files\EoRezo\EoRezoTools_18.dll
C:\Program Files\EoRezo\EoRezoTools_19.dll
C:\Program Files\EoRezo\EoRezoTools_20.dll
C:\Program Files\EoRezo\EoRezoTools_21.dll
C:\Program Files\EoRezo\EoRezoTools_22.dll
C:\Program Files\EoRezo\EoRezoTools_23.dll
C:\Program Files\EoRezo\EoRezoTools_24.dll
C:\Program Files\EoRezo\EoRezoTools_25.dll
C:\Program Files\EoRezo\FreeImage.dll
C:\Program Files\EoRezo\Host.cyp
C:\Program Files\EoRezo\icon_eo.st.ico
C:\Program Files\EoRezo\lang\ihm_eoclock.xml
C:\Program Files\EoRezo\lang\ihm_eoengine.xml
C:\Program Files\EoRezo\lang\ihm_eonet.xml
C:\Program Files\EoRezo\lang\ihm_eorezotools.xml
C:\Program Files\EoRezo\lang\ihm_eosudoku.xml
C:\Program Files\EoRezo\lang\ihm_eoweather.xml
C:\Program Files\EoRezo\lang\lang_en.xml
C:\Program Files\EoRezo\lang\lang_es.xml
C:\Program Files\EoRezo\lang\lang_fr.xml
C:\Program Files\EoRezo\lang\lang_it.xml
C:\Program Files\EoRezo\MngInstaller.dll
C:\Program Files\EoRezo\unins000.dat
C:\Program Files\EoRezo\unins000.exe
C:\Program Files\EoRezo\user.cyp
C:\Temp
C:\Temp\maxsv15\rLCubd.log
C:\WINDOWS\b152.exe
C:\WINDOWS\BM038e6fd2.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\{266b9523-6369-9aa3-34da-c9674a2f8eca}.dll-uninst.exe
C:\WINDOWS\system32\20467
C:\WINDOWS\system32\20467\bvre32.exe
C:\WINDOWS\system32\aHjRtBeg.ini
C:\WINDOWS\system32\aHjRtBeg.ini2
C:\WINDOWS\system32\ateycyfd.dll
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\bkEur01
C:\WINDOWS\system32\brhrpiqm.dll
C:\WINDOWS\system32\eabvqduh.dll
C:\WINDOWS\system32\fhvydvas.dll
C:\WINDOWS\system32\fsqmwmhf.dll
C:\WINDOWS\system32\geBtRjHa.dll
C:\WINDOWS\system32\geBuUnop.dll
C:\WINDOWS\system32\gside.exe
C:\WINDOWS\system32\hyxgesbj.dll
C:\WINDOWS\system32\ihmuqess.dll
C:\WINDOWS\system32\jkfauxla.dll
C:\WINDOWS\system32\kchwuwgu.dll
C:\WINDOWS\system32\mBL
C:\WINDOWS\system32\mlfcache.dat
C:\WINDOWS\system32\nilcilyh.dll
C:\WINDOWS\system32\nnnnLbCr.dll
C:\WINDOWS\system32\ocntkkdm.exe
C:\WINDOWS\system32\oeuoueeq.dll
C:\WINDOWS\system32\pcrjgtsc.ini
C:\WINDOWS\system32\phpjgiko.dll
C:\WINDOWS\system32\rwwnw64d.exe
C:\WINDOWS\system32\ssqOHyax.dll
C:\WINDOWS\system32\sX1
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\uayennbg.ini
C:\WINDOWS\system32\ufljaqtw.dll
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\wxmmin.dll
C:\WINDOWS\system32\xayHOqss.ini
C:\WINDOWS\system32\xayHOqss.ini2
C:\WINDOWS\system32\zxdnt3d.cfg
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-16 to 2008-05-16 ))))))))))))))))))))))))))))))))))))
.
2008-05-16 21:54 . 2008-05-16 21:54 133,632 --a------ C:\WINDOWS\system32\osbpwghg.dll
2008-05-16 21:52 . 2008-05-16 21:52 115,712 --------- C:\WINDOWS\system32\cstgjrcp.dll
2008-05-16 21:49 . 2008-05-16 21:49 2,048 --a------ C:\WINDOWS\system32\qtijbqxv.exe
2008-05-15 14:36 . 2008-05-15 14:36 134,656 --a------ C:\WINDOWS\system32\vtfmlmpm.dll
2008-05-15 14:28 . 2008-05-15 14:28 125,952 --a------ C:\WINDOWS\system32\fogynklm.dll
2008-05-15 14:19 . 2008-05-15 14:19 294 ---hs---- C:\WINDOWS\system32\tafygbph.ini
2008-05-15 13:18 . 2008-05-15 13:18 294 ---hs---- C:\WINDOWS\system32\xgwsvwib.ini
2008-05-15 12:47 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-15 12:47 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-15 12:47 . 2008-04-24 08:10 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-15 12:47 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-15 12:47 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-15 12:47 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-15 12:47 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-15 12:47 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-14 20:31 . 2008-05-14 20:31 <REP> d-------- C:\Program Files\Trend Micro
2008-05-14 18:20 . 2008-05-14 18:20 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-09 13:52 . 2008-05-09 13:52 <REP> d-------- C:\Documents and Settings\Mon micro\Application Data\Grisoft
2008-05-09 13:52 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-05-09 13:51 . 2008-05-09 13:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-09 13:43 . 2008-05-09 13:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-05-09 13:42 . 2008-05-09 13:43 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-05-09 13:42 . 2008-05-09 13:42 <REP> d-------- C:\Program Files\Zone Labs
2008-05-09 13:42 . 2008-04-02 21:07 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-05-09 13:42 . 2008-05-16 22:32 358,382 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-05-09 13:41 . 2008-05-16 22:35 <REP> d-------- C:\WINDOWS\Internet Logs
2008-05-09 13:35 . 2008-05-16 22:33 <REP> d-------- C:\Program Files\ItsLabel
2008-05-09 13:27 . 2008-05-09 13:27 <REP> d-------- C:\Program Files\Avira
2008-05-09 13:27 . 2008-05-09 13:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-09 11:46 . 2008-05-09 13:27 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-09 10:52 . 2008-05-15 12:03 13,502 --a------ C:\WINDOWS\system32\JambaIconFR.ico
2008-05-08 16:52 . 2008-05-11 20:00 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconFR.ico
2008-05-08 16:41 . 2008-05-08 16:41 401,976 --a------ C:\WINDOWS\system32\g88.exe
2008-05-08 16:35 . 2008-05-08 16:35 <REP> d-------- C:\WINDOWS\Sun
2008-04-27 01:32 . 2008-05-14 17:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-27 01:32 . 2008-04-27 01:32 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-26 13:45 . 2008-04-26 13:45 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-04-26 13:44 . 2008-04-26 13:44 <REP> d-------- C:\Program Files\Real
2008-04-26 13:44 . 2008-04-26 13:45 <REP> d-------- C:\Program Files\Fichiers communs\Real
2008-04-26 13:32 . 2008-04-26 13:32 <REP> d-------- C:\Program Files\Picasa2
2008-04-26 13:32 . 2006-10-05 04:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-04-26 13:32 . 2006-10-05 04:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-04-26 13:29 . 2008-05-16 21:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-19 20:32 . 2008-04-19 20:32 <REP> d-------- C:\Documents and Settings\Mon micro\Application Data\Apple Computer
2008-04-19 19:27 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2008-04-19 19:27 . 2001-08-17 21:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2008-04-19 19:21 . 2006-11-10 18:23 97,184 -ra------ C:\WINDOWS\system32\drivers\SE2Emdm.sys
2008-04-19 19:21 . 2006-11-10 18:24 90,800 -ra------ C:\WINDOWS\system32\drivers\se2Eunic.sys
2008-04-19 19:21 . 2006-11-10 18:23 88,688 -ra------ C:\WINDOWS\system32\drivers\SE2Emgmt.sys
2008-04-19 19:21 . 2006-11-10 18:23 86,560 -ra------ C:\WINDOWS\system32\drivers\SE2Eobex.sys
2008-04-19 19:21 . 2006-11-10 18:23 18,704 -ra------ C:\WINDOWS\system32\drivers\se2End5.sys
2008-04-19 19:21 . 2006-11-10 18:23 9,360 -ra------ C:\WINDOWS\system32\drivers\SE2Emdfl.sys
2008-04-19 19:21 . 2006-11-10 18:23 6,240 -ra------ C:\WINDOWS\system32\drivers\SE2Ecmnt.sys
2008-04-19 19:21 . 2006-11-10 18:23 6,240 -ra------ C:\WINDOWS\system32\drivers\SE2Ecm.sys
2008-04-19 19:21 . 2006-11-10 18:23 4,128 -ra------ C:\WINDOWS\system32\drivers\se2Ecr.sys
2008-04-18 22:39 . 2008-04-18 22:39 <REP> d-------- C:\Documents and Settings\Mon micro\Application Data\InterVideo
2008-04-16 14:36 . 2008-04-16 14:36 170 --a------ C:\WINDOWS\system32\spupdsvc.inf
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 20:15 --------- d-----w C:\Documents and Settings\Mon micro\Application Data\EoRezo
2008-05-16 20:07 71,168 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-05-15 12:06 833,498 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-05-15 12:05 479,232 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-05-09 09:45 --------- d-----w C:\Program Files\Google
2008-04-19 17:22 --------- d-----w C:\Documents and Settings\Mon micro\Application Data\Teleca
2008-04-15 16:20 --------- d-----w C:\Program Files\Music Mixer 4
2008-04-15 15:36 --------- d-----w C:\Program Files\VirtualDJ
2008-04-15 15:29 --------- d-----w C:\Documents and Settings\Mon micro\Application Data\GetRightToGo
2008-04-14 12:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-04-14 12:13 --------- d-----w C:\Program Files\Windows Live
2008-04-14 12:13 --------- d-----w C:\Program Files\MSN Messenger
2008-04-14 12:13 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-04-13 17:04 --------- d-----w C:\Documents and Settings\Mon micro\Application Data\ItsLabel
2008-04-13 14:57 --------- d-----w C:\Program Files\Services en ligne
2008-04-13 14:47 --------- d-----w C:\Program Files\Fichiers communs\logishrd
2008-04-13 14:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-04-13 13:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-13 13:11 --------- d-----w C:\Program Files\QuickTime
2008-04-13 13:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-13 12:33 --------- d-----w C:\Documents and Settings\Mon micro\Application Data\Sony Ericsson
2008-04-13 12:29 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2008-04-13 12:29 --------- d-----w C:\Program Files\Fichiers communs\Sony Ericsson Shared
2008-04-13 12:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
2008-04-13 12:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-04-13 12:27 --------- d-----w C:\Program Files\Sony Ericsson
2008-04-13 12:26 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-04-02 19:08 54,672 ----a-w C:\WINDOWS\system32\vsutil_loc040c.dll
2008-04-02 19:08 42,384 ----a-w C:\WINDOWS\zllsputility_loc040c.dll
2008-04-02 19:08 21,904 ----a-w C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-04-02 19:08 17,808 ----a-w C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-04-02 19:07 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-03-18 07:14 0 --sha-r C:\WINDOWS\system32\drivers\TOSHIBA_TECRA A2_02002000-FR_PTA20E-02T01.MRK
2008-03-18 07:12 --------- d-----w C:\Program Files\Intel
2008-03-18 07:11 14,037 ----a-w C:\WINDOWS\system32\drivers\mdc8021x.sys
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\WINDOWS\system32\GroupPolicy ----
2008-05-14 18:22 8 --a------ C:\WINDOWS\system32\GroupPolicy\User\Registry.pol
2008-05-14 18:22 79 --a------ C:\WINDOWS\system32\GroupPolicy\gpt.ini
2008-05-14 18:20 69 ---h----- C:\WINDOWS\system32\GroupPolicy\Adm\admfiles.ini
2003-04-24 13:00 43054 --a------ C:\WINDOWS\system32\GroupPolicy\Adm\conf.adm
2003-04-24 13:00 38894 --a------ C:\WINDOWS\system32\GroupPolicy\Adm\wmplayer.adm
2003-04-24 13:00 285558 --a------ C:\WINDOWS\system32\GroupPolicy\Adm\inetres.adm
2003-04-24 13:00 1585714 --a------ C:\WINDOWS\system32\GroupPolicy\Adm\system.adm
------- Sigcheck -------
2004-08-04 08:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ip6fw.sys
.
((((((((((((((((((((((((((((( snapshot@2008-05-15_13.17.48.33 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-15 11:05:54 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-16 20:32:46 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0ab4c9b8-9f1f-491b-a51a-b8ec1a14a8d7}]
2008-05-16 21:54 133632 --a------ C:\WINDOWS\System32\osbpwghg.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2003-04-24 13:00 13312]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-15 17:19 65536]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"Dbab"="C:\PROGRA~1\SMBOLS~1\spool32.exe" [ ]
"Thvvsljc"="C:\WINDOWS\?ssembly\??plorer.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-26 13:29 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-04-27 11:10 32881]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-01-26 18:03 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-01-26 18:03 118784]
"00THotkey"="C:\WINDOWS\System32\
00THotkey.exe" [2004-03-29 12:10 253952]
"000StTHK"="000StTHK.exe" [2001-06-23 20:28 24576 C:\WINDOWS\system32\
000StTHK.exe]
"TFNF5"="TFNF5.exe" [2003-12-02 13:15 73728 C:\WINDOWS\system32\TFNF5.exe]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2004-03-30 13:51 118784]
"SigmaTel StacMon"="C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe" [2003-08-03 16:01 86073]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-30 15:46 192512]
"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2003-03-11 13:58 122880]
"LTSMMSG"="LTSMMSG.exe" [2003-04-18 10:06 32768 C:\WINDOWS\ltsmmsg.exe]
"TPSMain"="TPSMain.exe" [2004-04-01 14:20 266240 C:\WINDOWS\system32\TPSMain.exe]
"TMESRV.EXE"="C:\Program Files\TOSHIBA\TME3\TMESRV31.exe" [2004-04-13 12:14 126976]
"TMERzCtl.EXE"="C:\Program Files\TOSHIBA\TME3\TMERzCtl.exe" [2003-10-29 12:12 81920]
"TFncKy"="TFncKy.exe" []
"PRONoMgr.exe"="c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2003-12-10 03:36 86016]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06 487424]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-04-13 15:08 155648]
"ItsTV"="C:\Program Files\ItsLabel\ItsTV.exe" [2007-04-26 16:19 2908160]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-26 13:44 185632]
"dbar_starter"="C:\Documents and Settings\Mon micro\Application Data\Deskbar_{273FE36F-2BE2-453e-8EFF-E48EFCFA8216}\starter.exe" [ ]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 21:07 919016]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2003-04-24 13:00 13312]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
c:\WINDOWS\System32\LgNotify.dll 2003-12-16 17:49 110592 c:\WINDOWS\system32\LgNotify.dll
R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2008-01-21 18:11]
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2008-01-21 18:12]
R1 TMEI3E;TMEI3E;C:\WINDOWS\System32\Drivers\TMEI3E.SYS [2002-09-26 13:15]
R3 TOSHIBASoftModem;TOSHIBA Software Modem;C:\WINDOWS\System32\DRIVERS\LTSM.sys [2002-09-17 16:12]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\System32\DRIVERS\SE2Ebus.sys [2006-11-10 18:23]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\System32\DRIVERS\SE2Emdfl.sys [2006-11-10 18:23]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\System32\DRIVERS\SE2Emdm.sys [2006-11-10 18:23]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\System32\DRIVERS\SE2Emgmt.sys [2006-11-10 18:23]
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\System32\DRIVERS\se2End5.sys [2006-11-10 18:23]
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\System32\DRIVERS\SE2Eobex.sys [2006-11-10 18:23]
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\System32\DRIVERS\se2Eunic.sys [2006-11-10 18:24]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-05-16 22:34:04
Windows 5.1.2600 Service Pack 1 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Toshiba\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\Program Files\Toshiba\TME3\TMEEJME.exe
C:\WINDOWS\system32\1XConfig.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-16 22:40:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-16 20:39:58
ComboFix2.txt 2008-05-15 12:19:56
ComboFix3.txt 2008-05-15 11:18:59
Pre-Run: 21,663,567,872 octets libres
Post-Run: 21,646,860,288 octets libres
359 --- E O F --- 2008-05-11 18:37:29
*****AVEC HIKACKTHIS :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:42:47, on 16/05/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\System32\TPSMain.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\TPSBattM.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://lo.stR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ads.eorezo.com/cgi-bin/advert/ge ... &x_dp_id=9R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://orange.fr/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: {7d8a41a1-ce8b-a15a-b194-f1f98b9c4ba0} - {0ab4c9b8-9f1f-491b-a51a-b8ec1a14a8d7} - C:\WINDOWS\System32\osbpwghg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\ItsLabel\ItsTV.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dbar_starter] C:\Documents and Settings\Mon micro\Application Data\Deskbar_{273FE36F-2BE2-453e-8EFF-E48EFCFA8216}\starter.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Dbab] "C:\PROGRA~1\SMBOLS~1\spool32.exe" -vt ndrv
O4 - HKCU\..\Run: [Thvvsljc] C:\WINDOWS\?ssembly\??plorer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O14 - IERESET.INF: START_PAGE_URL=file:///C:\Program Files\TOSHIBA\Free Update Service\splash.html
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microso ... 8098724230O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 9323 bytes