Virus probable

Slr,

Rapport Malwarebytes :


Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1240
Windows 5.1.2600 Service Pack 2

07/10/2008 22:11:40
mbam-log-2008-10-07 (22-11-40).txt

Type de recherche: Examen rapide
Eléments examinés: 48084
Temps écoulé: 6 minute(s), 13 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 12

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{24311111-1111-1121-1111-111191113457} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{43331111-1111-1111-1111-611111195622} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{64311111-1111-1121-1111-111191113457} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\ (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\ (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssadw.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\TDSSerrors.log (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\tdssinit.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\TDSSl.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdsslog.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssmain.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssserf.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssserf1.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssservers.dat (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\drivers\tdssserv.sys (Rootkit.Agent) -> Delete on reboot.

Rapport :Lop S&D


--------------------\\ Lop S&D 4.2.4-5 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.80GHz )
BIOS : 786B2 v2.18
USER : Ludovic ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 081005-0] 4.8.1229 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total : 149 Go Free : 91 Go
D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 02-10-2008|23:42 )
Option : [1] ( 07/10/2008|22:15 )

--------------------\\ Listing des dossiers dans APPLIC~1

[05/11/2007|20:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ACD Systems
[07/10/2008|18:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg7
[07/10/2008|17:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BitDefender
[26/04/2006|08:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
[08/12/2006|19:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
[07/10/2007|18:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[15/08/2008|15:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[19/08/2007|17:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak
[07/10/2008|22:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[05/10/2008|17:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[02/05/2008|19:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
[04/03/2007|20:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
[05/07/2006|11:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[15/08/2008|15:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
[09/03/2007|18:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[03/10/2005|22:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
[18/02/2006|09:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[21/06/2005|04:39] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[21/06/2005|04:39] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[20/06/2005|19:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun

[07/10/2008|18:06] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[05/11/2007|20:33] C:\DOCUME~1\Ludovic\APPLIC~1\ACD Systems
[16/01/2008|22:43] C:\DOCUME~1\Ludovic\APPLIC~1\Adobe
[29/06/2005|11:34] C:\DOCUME~1\Ludovic\APPLIC~1\Ahead
[28/10/2006|14:28] C:\DOCUME~1\Ludovic\APPLIC~1\Azureus
[15/05/2008|20:06] C:\DOCUME~1\Ludovic\APPLIC~1\BitTorrent
[07/10/2008|17:56] C:\DOCUME~1\Ludovic\APPLIC~1\EoRezo
[18/08/2005|11:22] C:\DOCUME~1\Ludovic\APPLIC~1\Google
[22/06/2005|17:11] C:\DOCUME~1\Ludovic\APPLIC~1\Help
[21/06/2005|04:39] C:\DOCUME~1\Ludovic\APPLIC~1\Identities
[07/08/2005|17:58] C:\DOCUME~1\Ludovic\APPLIC~1\InterTrust
[23/06/2005|16:41] C:\DOCUME~1\Ludovic\APPLIC~1\InterVideo
[05/10/2008|17:01] C:\DOCUME~1\Ludovic\APPLIC~1\Lavasoft
[28/11/2005|16:34] C:\DOCUME~1\Ludovic\APPLIC~1\Macromedia
[07/10/2008|22:03] C:\DOCUME~1\Ludovic\APPLIC~1\Malwarebytes
[09/05/2007|10:57] C:\DOCUME~1\Ludovic\APPLIC~1\Microsoft
[02/05/2008|19:57] C:\DOCUME~1\Ludovic\APPLIC~1\Motive
[15/08/2008|15:49] C:\DOCUME~1\Ludovic\APPLIC~1\ScanSoft
[06/10/2008|21:07] C:\DOCUME~1\Ludovic\APPLIC~1\Shareaza
[20/06/2005|19:48] C:\DOCUME~1\Ludovic\APPLIC~1\Sun

[07/10/2008|18:06] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[07/10/2008 21:22][--ah-----] C:\WINDOWS\tasks\SA.DAT
[24/04/2003 04:00][-rah-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[05/11/2007|20:16] C:\Program Files\ACD Systems
[15/11/2005|12:47] C:\Program Files\Activision
[09/05/2007|23:48] C:\Program Files\Adobe
[21/06/2005|20:40] C:\Program Files\Agfa
[29/06/2005|11:32] C:\Program Files\Ahead
[06/10/2008|17:55] C:\Program Files\Alwil Software
[20/06/2005|19:50] C:\Program Files\Analog Devices
[06/03/2007|17:51] C:\Program Files\Azureus
[07/10/2008|17:55] C:\Program Files\BitTorrent
[18/05/2006|20:16] C:\Program Files\Codemasters
[20/06/2005|19:45] C:\Program Files\Common Files
[05/03/2007|17:40] C:\Program Files\Compaq
[21/06/2005|04:39] C:\Program Files\ComPlus Applications
[07/07/2007|18:27] C:\Program Files\DIFX
[29/06/2005|11:47] C:\Program Files\DVD Shrink
[07/10/2008|17:56] C:\Program Files\EoRezo
[07/10/2008|17:58] C:\Program Files\Fichiers communs
[09/03/2008|12:19] C:\Program Files\Free Audio Pack
[06/09/2006|11:23] C:\Program Files\Geneatique2006
[08/10/2007|14:06] C:\Program Files\Google
[07/10/2008|18:07] C:\Program Files\Grisoft
[22/01/2006|18:14] C:\Program Files\IncrediMail
[07/09/2008|23:19] C:\Program Files\InstallShield Installation Information
[18/08/2008|06:52] C:\Program Files\Internet Explorer
[07/09/2008|23:19] C:\Program Files\InterVideo
[20/11/2007|17:34] C:\Program Files\Inventel
[10/06/2008|21:32] C:\Program Files\Java
[19/08/2007|17:26] C:\Program Files\Kodak
[05/10/2008|17:01] C:\Program Files\Lavasoft
[07/10/2008|17:58] C:\Program Files\Logitech
[07/10/2008|17:58] C:\Program Files\ltmoh
[07/10/2008|22:03] C:\Program Files\Malwarebytes' Anti-Malware
[29/09/2008|18:55] C:\Program Files\Messenger
[10/05/2007|12:55] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[21/06/2005|04:39] C:\Program Files\microsoft frontpage
[22/06/2005|20:35] C:\Program Files\Microsoft Office
[30/03/2006|12:04] C:\Program Files\mobile PhoneTools
[29/09/2008|18:23] C:\Program Files\Movie Maker
[21/06/2005|04:39] C:\Program Files\MSN
[21/06/2005|04:39] C:\Program Files\MSN Gaming Zone
[23/08/2005|20:27] C:\Program Files\MSN Messenger
[15/11/2006|12:42] C:\Program Files\MSXML 4.0
[29/09/2008|18:23] C:\Program Files\NetMeeting
[20/02/2006|17:48] C:\Program Files\NoAdware4
[22/06/2005|20:39] C:\Program Files\OfficeUpdate11
[15/08/2008|15:42] C:\Program Files\Olivetti
[02/05/2008|19:56] C:\Program Files\Orange
[02/05/2008|19:54] C:\Program Files\OrangeHSS
[29/09/2008|18:23] C:\Program Files\Outlook Express
[15/09/2006|17:36] C:\Program Files\Protectis
[05/07/2006|11:56] C:\Program Files\QuickTime
[20/06/2005|20:31] C:\Program Files\Raccourcis de programmes
[15/08/2008|15:48] C:\Program Files\ScanSoft
[20/11/2007|17:41] C:\Program Files\Securitoo
[21/06/2005|04:39] C:\Program Files\Services en ligne
[07/10/2008|17:55] C:\Program Files\Softwin
[09/03/2007|18:52] C:\Program Files\Spybot - Search & Destroy
[06/09/2006|10:23] C:\Program Files\Tracker Software
[07/10/2008|21:16] C:\Program Files\Trend Micro
[03/11/2005|01:08] C:\Program Files\Twins Video Player
[20/06/2005|19:45] C:\Program Files\Uninstall Information
[03/10/2005|22:27] C:\Program Files\Viewpoint
[02/05/2008|19:53] C:\Program Files\Wanadoo
[19/11/2007|22:48] C:\Program Files\Wanadoo Messager
[28/10/2007|22:25] C:\Program Files\Windows Media Connect 2
[29/09/2008|18:23] C:\Program Files\Windows Media Player
[29/09/2008|18:23] C:\Program Files\Windows NT
[21/06/2005|20:29] C:\Program Files\WindowsUpdate
[11/06/2008|07:32] C:\Program Files\WinRAR
[21/06/2005|04:39] C:\Program Files\xerox
[12/11/2005|15:47] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[05/11/2007|20:16] C:\Program Files\Fichiers communs\ACD Systems
[07/08/2005|17:59] C:\Program Files\Fichiers communs\Adobe
[29/06/2005|11:31] C:\Program Files\Fichiers communs\Ahead
[06/03/2007|20:31] C:\Program Files\Fichiers communs\DESIGNER
[04/03/2007|18:51] C:\Program Files\Fichiers communs\France Telecom
[15/08/2008|15:48] C:\Program Files\Fichiers communs\InstallShield
[20/06/2005|19:48] C:\Program Files\Fichiers communs\Java
[19/11/2007|23:02] C:\Program Files\Fichiers communs\Logitech
[18/08/2008|06:48] C:\Program Files\Fichiers communs\Microsoft Shared
[02/05/2008|19:56] C:\Program Files\Fichiers communs\Motive
[21/06/2005|04:39] C:\Program Files\Fichiers communs\MSSoap
[21/06/2005|04:39] C:\Program Files\Fichiers communs\ODBC
[15/08/2008|15:48] C:\Program Files\Fichiers communs\Scansoft Shared
[21/06/2005|04:39] C:\Program Files\Fichiers communs\Services
[07/10/2008|17:54] C:\Program Files\Fichiers communs\Softwin
[21/06/2005|04:39] C:\Program Files\Fichiers communs\SpeechEngines
[29/09/2008|18:23] C:\Program Files\Fichiers communs\System

--------------------\\ Process

( 54 Processes )

iexplore.exe ~ [PID:768]
Iexplore.exe ~ [PID:3440]

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-07 22:16:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
disk error: C:\WINDOWS\System32\
please note that you need administrator rights to perform deep scan

--------------------\\ Recherche d'autres infections

--------------------\\ ROOTKIT !!

Rootkit Tibs ! .. [HKLM\..\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV]
Rootkit Tibs ! .. [HKLM\..\CurrentControlSet\Enum\Root\tdssserv]
Rootkit Tibs ! .. [HKLM\..\ControlSet001\Enum\Root\LEGACY_TDSSSERV]
Rootkit Tibs ! .. [HKLM\..\ControlSet001\Enum\Root\tdssserv]
Rootkit Tibs ! .. [HKLM\..\ControlSet003\Enum\Root\LEGACY_TDSSSERV]
Rootkit Tibs ! .. [HKLM\..\ControlSet003\Enum\Root\tdssserv]


Trojan ! .. C:\WINDOWS\system32\drivers\tdssserv.sys
Trojan ! .. C:\WINDOWS\system32\tdssservers.dat
Trojan ! .. C:\WINDOWS\system32\tdssserf.dll
Trojan ! .. C:\WINDOWS\system32\tdssmain.dll
Trojan ! .. C:\WINDOWS\system32\tdssinit.dll
Trojan ! .. C:\WINDOWS\system32\tdssadw.dll
Trojan ! .. C:\WINDOWS\system32\tdsslog.dll
Trojan ! .. C:\WINDOWS\system32\tdssl.dll



[F:1670][D:442]-> C:\DOCUME~1\Ludovic\LOCALS~1\Temp
[F:59][D:0]-> C:\DOCUME~1\Ludovic\Cookies
[F:1023][D:4]-> C:\DOCUME~1\Ludovic\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 07/10/2008|22:17 - Option : [1]

--------------------\\ Fin du rapport a 22:17:50



Je redemarre?

Salut,
J'ai apparement retrouvé toutes les fonctionnalités d'internet.
Dois-je faire ta derniere manip combofix.
Bye

Voici le rapport :

Lancé depuis: C:\Documents and Settings\Ludovic\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Ludovic\Application Data\Install.dat
C:\Program Files\INSTALL.LOG
C:\WINDOWS\system32\_003506_.tmp.dll
C:\WINDOWS\system32\_003507_.tmp.dll
C:\WINDOWS\system32\_003508_.tmp.dll
C:\WINDOWS\system32\_003509_.tmp.dll
C:\WINDOWS\system32\_003516_.tmp.dll
C:\WINDOWS\system32\_003517_.tmp.dll
C:\WINDOWS\system32\_003518_.tmp.dll
C:\WINDOWS\system32\_003519_.tmp.dll
C:\WINDOWS\system32\_003520_.tmp.dll
C:\WINDOWS\system32\_003521_.tmp.dll
C:\WINDOWS\system32\_003522_.tmp.dll
C:\WINDOWS\system32\_003523_.tmp.dll
C:\WINDOWS\system32\_003524_.tmp.dll
C:\WINDOWS\system32\_003525_.tmp.dll
C:\WINDOWS\system32\_003526_.tmp.dll
C:\WINDOWS\system32\_003527_.tmp.dll
C:\WINDOWS\system32\_003528_.tmp.dll
C:\WINDOWS\system32\_003529_.tmp.dll
C:\WINDOWS\system32\_003530_.tmp.dll
C:\WINDOWS\system32\_003531_.tmp.dll
C:\WINDOWS\system32\_003532_.tmp.dll
C:\WINDOWS\system32\_003533_.tmp.dll
C:\WINDOWS\system32\_003534_.tmp.dll
C:\WINDOWS\system32\_003535_.tmp.dll
C:\WINDOWS\system32\_003536_.tmp.dll
C:\WINDOWS\system32\_003537_.tmp.dll
C:\WINDOWS\system32\_003538_.tmp.dll
C:\WINDOWS\system32\_003539_.tmp.dll
C:\WINDOWS\system32\_003540_.tmp.dll
C:\WINDOWS\system32\_003541_.tmp.dll
C:\WINDOWS\system32\_003542_.tmp.dll
C:\WINDOWS\system32\_003543_.tmp.dll
C:\WINDOWS\system32\_003544_.tmp.dll
C:\WINDOWS\system32\_003545_.tmp.dll
C:\WINDOWS\system32\_003546_.tmp.dll
C:\WINDOWS\system32\_003547_.tmp.dll
C:\WINDOWS\system32\_003548_.tmp.dll
C:\WINDOWS\system32\_003549_.tmp.dll
C:\WINDOWS\system32\_003550_.tmp.dll
C:\WINDOWS\system32\_003551_.tmp.dll
C:\WINDOWS\system32\_003552_.tmp.dll
C:\WINDOWS\system32\_003553_.tmp.dll
C:\WINDOWS\system32\_003554_.tmp.dll
C:\WINDOWS\system32\_003555_.tmp.dll
C:\WINDOWS\system32\_003556_.tmp.dll
C:\WINDOWS\system32\_003557_.tmp.dll
C:\WINDOWS\system32\_003558_.tmp.dll
C:\WINDOWS\system32\_003559_.tmp.dll
C:\WINDOWS\system32\_003561_.tmp.dll
C:\WINDOWS\system32\_003562_.tmp.dll
C:\WINDOWS\system32\_003563_.tmp.dll
C:\WINDOWS\system32\_003564_.tmp.dll
C:\WINDOWS\system32\_003566_.tmp.dll
C:\WINDOWS\system32\_003567_.tmp.dll
C:\WINDOWS\system32\_003568_.tmp.dll
C:\WINDOWS\system32\_003569_.tmp.dll
C:\WINDOWS\system32\_003570_.tmp.dll
C:\WINDOWS\system32\_003571_.tmp.dll
C:\WINDOWS\system32\_003572_.tmp.dll
C:\WINDOWS\system32\_003573_.tmp.dll
C:\WINDOWS\system32\_003574_.tmp.dll
C:\WINDOWS\system32\_003575_.tmp.dll
C:\WINDOWS\system32\_003577_.tmp.dll
C:\WINDOWS\system32\_003578_.tmp.dll
C:\WINDOWS\system32\_003579_.tmp.dll
C:\WINDOWS\system32\_003580_.tmp.dll
C:\WINDOWS\system32\_003581_.tmp.dll
C:\WINDOWS\system32\_003584_.tmp.dll
C:\WINDOWS\system32\_003585_.tmp.dll
C:\WINDOWS\system32\_003586_.tmp.dll
C:\WINDOWS\system32\_003587_.tmp.dll
C:\WINDOWS\system32\_003588_.tmp.dll
C:\WINDOWS\system32\_003589_.tmp.dll
C:\WINDOWS\system32\_003590_.tmp.dll
C:\WINDOWS\system32\_003592_.tmp.dll
C:\WINDOWS\system32\_003593_.tmp.dll
C:\WINDOWS\system32\_003594_.tmp.dll
C:\WINDOWS\system32\_003595_.tmp.dll
C:\WINDOWS\system32\_003596_.tmp.dll
C:\WINDOWS\system32\_003597_.tmp.dll
C:\WINDOWS\system32\_003598_.tmp.dll
C:\WINDOWS\system32\_003599_.tmp.dll
C:\WINDOWS\system32\_003600_.tmp.dll
C:\WINDOWS\system32\_003601_.tmp.dll
C:\WINDOWS\system32\_003602_.tmp.dll
C:\WINDOWS\system32\_003603_.tmp.dll
C:\WINDOWS\system32\_003604_.tmp.dll
C:\WINDOWS\system32\_003605_.tmp.dll
C:\WINDOWS\system32\_003606_.tmp.dll
C:\WINDOWS\system32\_003607_.tmp.dll
C:\WINDOWS\system32\_003608_.tmp.dll
C:\WINDOWS\system32\_003610_.tmp.dll
C:\WINDOWS\system32\_003611_.tmp.dll
C:\WINDOWS\system32\_003612_.tmp.dll
C:\WINDOWS\system32\_003613_.tmp.dll
C:\WINDOWS\system32\_003614_.tmp.dll
C:\WINDOWS\system32\_003617_.tmp.dll
C:\WINDOWS\system32\_003618_.tmp.dll
C:\WINDOWS\system32\_003619_.tmp.dll
C:\WINDOWS\system32\_003620_.tmp.dll
C:\WINDOWS\system32\_003621_.tmp.dll
C:\WINDOWS\system32\_003622_.tmp.dll
C:\WINDOWS\system32\_003623_.tmp.dll
C:\WINDOWS\system32\_003625_.tmp.dll
C:\WINDOWS\system32\_003626_.tmp.dll
C:\WINDOWS\system32\_003627_.tmp.dll
C:\WINDOWS\system32\_003628_.tmp.dll
C:\WINDOWS\system32\_003629_.tmp.dll
C:\WINDOWS\system32\_003630_.tmp.dll
C:\WINDOWS\system32\_003631_.tmp.dll
C:\WINDOWS\system32\_003632_.tmp.dll
C:\WINDOWS\system32\_003633_.tmp.dll
C:\WINDOWS\system32\_003634_.tmp.dll
C:\WINDOWS\system32\_003635_.tmp.dll
C:\WINDOWS\system32\_003636_.tmp.dll
C:\WINDOWS\system32\_003639_.tmp.dll
C:\WINDOWS\system32\_003640_.tmp.dll
C:\WINDOWS\system32\_003644_.tmp.dll
C:\WINDOWS\system32\_003645_.tmp.dll
C:\WINDOWS\system32\_003647_.tmp.dll
C:\WINDOWS\system32\_003650_.tmp.dll
C:\WINDOWS\system32\_003652_.tmp.dll
C:\WINDOWS\system32\_003653_.tmp.dll
C:\WINDOWS\system32\_003654_.tmp.dll
C:\WINDOWS\system32\_003655_.tmp.dll
C:\WINDOWS\system32\_003658_.tmp.dll
C:\WINDOWS\system32\_003659_.tmp.dll
C:\WINDOWS\system32\_003660_.tmp.dll
C:\WINDOWS\system32\_003661_.tmp.dll
C:\WINDOWS\system32\_003662_.tmp.dll
C:\WINDOWS\system32\_003667_.tmp.dll
C:\WINDOWS\system32\_003669_.tmp.dll
C:\WINDOWS\system32\_005680_.tmp.dll
C:\WINDOWS\system32\_005681_.tmp.dll
C:\WINDOWS\system32\_005682_.tmp.dll
C:\WINDOWS\system32\_005683_.tmp.dll
C:\WINDOWS\system32\_005690_.tmp.dll
C:\WINDOWS\system32\_005691_.tmp.dll
C:\WINDOWS\system32\_005692_.tmp.dll
C:\WINDOWS\system32\_005693_.tmp.dll
C:\WINDOWS\system32\_005695_.tmp.dll
C:\WINDOWS\system32\_005696_.tmp.dll
C:\WINDOWS\system32\_005699_.tmp.dll
C:\WINDOWS\system32\_005700_.tmp.dll
C:\WINDOWS\system32\_005702_.tmp.dll
C:\WINDOWS\system32\_005703_.tmp.dll
C:\WINDOWS\system32\_005704_.tmp.dll
C:\WINDOWS\system32\_005705_.tmp.dll
C:\WINDOWS\system32\_005706_.tmp.dll
C:\WINDOWS\system32\_005709_.tmp.dll
C:\WINDOWS\system32\_005710_.tmp.dll
C:\WINDOWS\system32\_005714_.tmp.dll
C:\WINDOWS\system32\_005715_.tmp.dll
C:\WINDOWS\system32\_005717_.tmp.dll
C:\WINDOWS\system32\_005720_.tmp.dll
C:\WINDOWS\system32\_005722_.tmp.dll
C:\WINDOWS\system32\_005723_.tmp.dll
C:\WINDOWS\system32\_005724_.tmp.dll
C:\WINDOWS\system32\_005725_.tmp.dll
C:\WINDOWS\system32\_005726_.tmp.dll
C:\WINDOWS\system32\_005729_.tmp.dll
C:\WINDOWS\system32\_005730_.tmp.dll
C:\WINDOWS\system32\_005731_.tmp.dll
C:\WINDOWS\system32\_005732_.tmp.dll
C:\WINDOWS\system32\_005733_.tmp.dll
C:\WINDOWS\system32\_005738_.tmp.dll
C:\WINDOWS\system32\_005740_.tmp.dll
C:\WINDOWS\system32\drivers\fad.sys

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV
-------\Service_TDSSserv


((((((((((((((((((((((((((((( Fichiers créés du 2008-09-09 au 2008-10-09 ))))))))))))))))))))))))))))))))))))
.

2008-10-07 22:15 . 2008-10-07 22:17 <REP> d-------- C:\Lop SD
2008-10-07 22:03 . 2008-10-07 22:03 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-07 22:03 . 2008-10-07 22:03 <REP> d-------- C:\Documents and Settings\Ludovic\Application Data\Malwarebytes
2008-10-07 22:03 . 2008-10-07 22:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-07 22:03 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-07 22:03 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-07 21:16 . 2008-10-07 21:16 <REP> d-------- C:\Program Files\Trend Micro
2008-10-07 18:07 . 2008-10-07 18:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-10-07 17:55 . 2008-10-09 20:56 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-07 17:55 . 2008-10-09 20:54 1,409 --a------ C:\WINDOWS\QTFont.for
2008-10-06 20:00 . 2008-10-07 17:54 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-10-06 19:54 . 2008-10-07 17:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-10-06 17:55 . 2008-10-06 17:55 <REP> d-------- C:\Program Files\Alwil Software
2008-10-05 17:02 . 2008-10-07 17:56 <REP> d-------- C:\Program Files\EoRezo
2008-10-05 17:02 . 2008-10-07 17:56 <REP> d-------- C:\Documents and Settings\Ludovic\Application Data\EoRezo
2008-10-04 20:43 . 2008-10-05 17:01 <REP> d-------- C:\Program Files\Lavasoft
2008-09-30 21:23 . 2008-09-30 21:23 40 --a------ C:\Auth.prof
2008-09-29 18:09 . 2007-10-25 18:43 8,516,608 --a------ C:\WINDOWS\system32\dllcache\shell32.dll
2008-09-29 18:08 . 2007-02-28 18:02 2,182,400 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2008-09-24 22:12 . 2008-04-13 11:36 2,986,496 --a------ C:\WINDOWS\system32\SET10FC.tmp
2008-09-24 22:12 . 2008-04-13 19:33 539,136 --a------ C:\WINDOWS\system32\SET1122.tmp
2008-09-24 22:12 . 2008-04-13 19:33 354,304 --a------ C:\WINDOWS\system32\SET10EE.tmp
2008-09-24 22:12 . 2008-04-13 19:31 177,152 --a------ C:\WINDOWS\system32\SET1124.tmp
2008-09-24 22:12 . 2008-04-13 19:33 80,896 --a------ C:\WINDOWS\system32\SET10E9.tmp
2008-09-24 22:12 . 2008-04-13 19:33 75,776 --a------ C:\WINDOWS\system32\SET10F9.tmp
2008-09-24 22:12 . 2008-04-13 19:33 50,176 --a------ C:\WINDOWS\system32\SET10E3.tmp
2008-09-24 22:12 . 2008-04-13 19:33 24,576 --a------ C:\WINDOWS\system32\SET1148.tmp
2008-09-24 22:12 . 2008-04-13 19:33 15,872 --a------ C:\WINDOWS\system32\SET10F2.tmp
2008-09-24 22:12 . 2008-04-13 19:33 6,656 --a------ C:\WINDOWS\system32\SET10E6.tmp
2008-09-24 22:07 . 2008-04-13 19:33 8,517,632 --a------ C:\WINDOWS\system32\SET386.tmp
2008-09-24 22:06 . 2008-04-13 19:33 734,720 --a------ C:\WINDOWS\system32\SET24F.tmp
2008-09-24 22:04 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\[u]0[/u]03205_.tmp
2008-09-24 22:00 . 2004-08-04 08:00 71,040 --------- C:\WINDOWS\system32\drivers\_003512_.tmp.dll
2008-09-24 20:49 . 2004-08-04 08:00 71,040 --------- C:\WINDOWS\system32\drivers\_003502_.tmp.dll
2008-09-24 19:25 . 2004-08-04 08:00 71,040 --------- C:\WINDOWS\system32\drivers\_003492_.tmp.dll
2008-09-24 18:14 . 2008-09-29 18:22 <REP> d-------- C:\WINDOWS\system32\fr
2008-09-24 18:14 . 2008-09-29 18:22 <REP> d-------- C:\WINDOWS\l2schemas
2008-09-24 18:04 . 2004-08-04 08:00 71,040 --------- C:\WINDOWS\system32\drivers\_003482_.tmp.dll
2008-09-22 23:47 . 2008-04-14 04:33 8,517,632 --a------ C:\WINDOWS\system32\SET47B.tmp
2008-09-22 23:46 . 2008-04-14 04:33 2,843,136 --a------ C:\WINDOWS\system32\SET62C.tmp
2008-09-22 23:45 . 2008-04-14 04:33 1,267,200 --a------ C:\WINDOWS\system32\SET76D.tmp
2008-09-22 20:49 . 2008-09-29 19:12 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-07 15:58 --------- d-----w C:\Program Files\ltmoh
2008-10-07 15:58 --------- d-----w C:\Program Files\Logitech
2008-10-07 15:55 --------- d-----w C:\Program Files\Softwin
2008-10-07 15:55 --------- d-----w C:\Program Files\BitTorrent
2008-10-07 15:54 --------- d-----w C:\Program Files\Fichiers communs\Softwin
2008-10-06 20:13 90,112 ----a-w C:\WINDOWS\DUMP3b24.tmp
2008-10-06 19:07 --------- d-----w C:\Documents and Settings\Ludovic\Application Data\Shareaza
2008-10-05 15:01 --------- d-----w C:\Documents and Settings\Ludovic\Application Data\Lavasoft
2008-09-07 21:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-07 21:19 --------- d-----w C:\Program Files\InterVideo
2008-08-15 13:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-08-15 13:49 --------- d-----w C:\Documents and Settings\Ludovic\Application Data\ScanSoft
2008-08-15 13:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-08-15 13:48 --------- d-----w C:\Program Files\ScanSoft
2008-08-15 13:48 --------- d-----w C:\Program Files\Fichiers communs\Scansoft Shared
2008-08-15 13:48 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-08-15 13:42 --------- d-----w C:\Program Files\Olivetti
2008-07-30 20:05 71,848 ----a-w C:\WINDOWS\UnInstall.exe
2007-11-20 15:34 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
1999-06-30 13:06 151,552 ----a-w C:\WINDOWS\inf\AGFA\message.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 15360]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-10-08 196608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-07-28 4841472]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"DrvLsnr"="C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
"srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-24 36864]
"SetRefresh"="C:\Program Files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 217088]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-25 282624]
"SystrayORAHSS"="C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" [2008-01-22 94208]
"ORAHSSSessionManager"="C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe" [2008-01-22 107248]
"Orange_McciTrayApp"="C:\Program Files\Orange\LiveAssistant.exe" [2007-12-21 1476608]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe" [2007-05-02 75520]
"OlStatusMon"="C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe" [2006-06-28 106496]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"OpwareSE3"="C:\Program Files\ScanSoft\OmniPageSE3.0\OpwareSE3.exe" [2005-05-23 57344]
"OPSE3 Reminder"="C:\Program Files\ScanSoft\OmniPageSE3.0\EregFre\Ereg.exe" [2004-10-27 729088]
"LTWinModem1"="ltmsg.exe" [2001-04-03 C:\WINDOWS\system32\ltmsg.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 McciCMService;McciCMService;C:\Program Files\Fichiers communs\Motive\McciCMService.exe [2007-10-23 303104]
R2 olMntrService;olMntrService;C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe [2006-06-28 86016]
R3 msloop;Pilote de carte de bouclage Microsoft;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 4992]
R3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 215040]
S3 AtmElan;Réseau émulant ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2004-08-04 55936]
S3 AtmLane;Émulation réseau ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2004-08-04 55936]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\FICHIE~1\Motive\MREMP50.SYS [2008-03-09 21248]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\FICHIE~1\Motive\MREMP50a64.SYS [ ]
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\FICHIE~1\Motive\MRESP50.SYS [2008-03-09 20096]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\FICHIE~1\Motive\MRESP50a64.SYS [ ]
S3 optousb;OPTO ELECTRONICS optousb;C:\WINDOWS\system32\DRIVERS\optousb.sys [2006-10-18 18560]
S3 optovcm;OPTO ELECTRONICS optovcm;C:\WINDOWS\system32\DRIVERS\optovcm.sys [2006-10-19 25344]
S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2004-09-17 52384]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2004-09-17 6064]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2004-09-17 84512]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-BitTorrent - C:\Program Files\BitTorrent\bittorrent.exe
HKLM-Run-WinampAgent - C:\Program Files\Winamp\winampa.exe
HKLM-Run-EoEngine - (no file)
Notify-dimsntfy - (no file)


.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.lo.st
R0 -: HKLM-Main,Search Bar = hxxp://go.compaq.com/1Q00CDT/040C/bl8.asp
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O16 -: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
C:\WINDOWS\Downloaded Program Files\start.INF

O16 -: {3A226D85-574D-4272-B73C-DBCAECF709B3} - hxxp://www.consoclicker.com/TNSClickrb.CAB
C:\WINDOWS\Downloaded Program Files\TNSClickrb.INF
C:\WINDOWS\system32\Csp2a.dll
C:\WINDOWS\system32\MSVBVM60.DLL
C:\WINDOWS\system32\oleaut32.dll
C:\WINDOWS\system32\olepro32.dll
C:\WINDOWS\system32\asycfilt.dll
C:\WINDOWS\system32\stdole2.tlb
C:\WINDOWS\system32\comcat.dll
C:\WINDOWS\Downloaded Program Files\TNSClickrb.dll

O16 -: {6DB731A3-B074-4118-8B1C-32511C65D836} - hxxp://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
C:\WINDOWS\Downloaded Program Files\fpu.inf
C:\WINDOWS\System32\OLEAUT32.DLL
C:\WINDOWS\System32\OLEPRO32.DLL
C:\WINDOWS\System32\ASYCFILT.DLL
C:\WINDOWS\System32\STDOLE2.TLB
C:\WINDOWS\System32\COMCAT.DLL
C:\WINDOWS\System32\ccrpftv6.ocx
C:\WINDOWS\System32\XceedFtp.dll
C:\WINDOWS\Downloaded Program Files\fpu.ocx

O16 -: {70A5EBDC-3EA6-464A-9FF7-084BC150C417} - hxxp://www.consoclicker.com/TNSClickra.CAB
C:\WINDOWS\Downloaded Program Files\TNSClickra.INF
C:\WINDOWS\system32\MSVBVM60.DLL
C:\WINDOWS\system32\oleaut32.dll
C:\WINDOWS\system32\olepro32.dll
C:\WINDOWS\system32\asycfilt.dll
C:\WINDOWS\system32\stdole2.tlb
C:\WINDOWS\system32\comcat.dll
C:\WINDOWS\system32\Csp2a.dll
C:\WINDOWS\Downloaded Program Files\TNSClickra.dll

O16 -: {7DA181BB-EF8D-4A7E-8C53-7BFC718EF71D} - hxxp://photos.orange.fr/resources/activex/Ephoto.cab
C:\WINDOWS\Downloaded Program Files\Ephoto.inf
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.10.0_x-ww_712befd8\gdiplus.dll
C:\WINDOWS\Downloaded Program Files\EphotoAxRes.dll
C:\WINDOWS\Downloaded Program Files\EphotoAx.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\GdiPlus.dll
C:\WINDOWS\Downloaded Program Files\EphotoAxResES.dll
C:\WINDOWS\Downloaded Program Files\EphotoAxResNL.dll
C:\WINDOWS\Downloaded Program Files\EphotoAxResFR.dll
C:\WINDOWS\Downloaded Program Files\EphotoAxResEN.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-09 20:56:50
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\OrangeHSS\Deskboard\Deskboard.exe
C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\[u]0[/u]\AlertModule.exe
C:\Program Files\OrangeHSS\Connectivity\corecom\CoreCom.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\OrangeHSS\Connectivity\corecom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\[u]0[/u]\FTCOMModule.exe
.
**************************************************************************
.
Heure de fin: 2008-10-09 21:03:08 - La machine a redémarré [Ludovic]
ComboFix-quarantined-files.txt 2008-10-09 19:03:04

Avant-CF: 97 768 157 184 octets libres
Après-CF: 98,606,268,416 octets libres

399 --- E O F --- 2008-09-29 16:55:39

rapport hijakchits

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:28:03, on 10/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Program Files\Orange\LiveAssistant.exe
C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe
C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe
C:\Program Files\ScanSoft\OmniPageSE3.0\OpwareSE3.exe
C:\WINDOWS\system32\ltmsg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
C:\Program Files\Fichiers communs\Motive\McciCMService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail?kw=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/040C/bl8.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Orange_McciTrayApp] C:\Program Files\Orange\LiveAssistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe"
O4 - HKLM\..\Run: [OlStatusMon] "C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe" dvcStatusMinimize
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE3] "C:\Program Files\ScanSoft\OmniPageSE3.0\OpwareSE3.exe"
O4 - HKLM\..\Run: [OPSE3 Reminder] "C:\Program Files\ScanSoft\OmniPageSE3.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE3.0\EregFre\ereg.ini"
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O15 - Trusted Zone: https://www.consoclicker.com/
O15 - Trusted Zone: http://pfttbc.ft.motive.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
O16 - DPF: {3A226D85-574D-4272-B73C-DBCAECF709B3} (TNSClickerb.Clicker) - http://www.consoclicker.com/TNSClickrb.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O16 - DPF: {70A5EBDC-3EA6-464A-9FF7-084BC150C417} (TNSClickera.Clicker) - http://www.consoclicker.com/TNSClickra.CAB
O16 - DPF: {7DA181BB-EF8D-4A7E-8C53-7BFC718EF71D} (Upload Class) - http://photoservice.photos.orange.fr/migrationorange/index.cfm
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/...
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Fichiers communs\Motive\McciCMService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: olMntrService - Olivetti - C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe