Cette date de dis quelque chose ?? >>> Wed May 14 00:32:24 2008
As-tu réaliser quelque chose à ce moment ??
Tu es connecté par quelle moyen ??
Quel type ?? ( Usb ethernet )
Ta carte réseau c'est quoi ??

Note :
# Ne pas cliquer dans la fenêtre de combofix durant le passage de l'outils.
# Le rapport se trouve également ici : C:\Combofix.txt
# N'oublie pas de réactiver tes protections !!!

ComboFix 08-05-12.1 - mellah 2008-05-14 15:39:04.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.472 [GMT 2:00]
Endroit: C:\Documents and Settings\mellah\Bureau\ComboFix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\tcpsr.sys
C:\WINDOWS\system32\WinData.cab
C:\WINDOWS\system32\WinNt32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TCPSR
-------\Service_tcpsr


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-14 to 2008-05-14 ))))))))))))))))))))))))))))))))))))
.

2008-05-14 08:32 . 2008-05-14 13:08 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-05-14 01:09 . 2008-05-14 01:09 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-14 01:09 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-14 01:09 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-13 23:26 . 2008-05-13 23:26 2 --a------ C:\WINDOWS\msoffice.ini
2008-05-13 23:13 . 2008-05-13 23:13 361 --a------ C:\WINDOWS\system32\QuickTime.qtp
2008-05-13 23:05 . 2008-05-13 23:05 <REP> d-------- C:\Program Files\Trend Micro
2008-05-13 21:02 . 2008-05-13 21:02 <REP> d-------- C:\Documents and Settings\mellah\Application Data\Malwarebytes
2008-05-13 21:01 . 2008-05-13 21:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-12 17:00 . 2008-05-12 17:00 1,505,643 ---hs---- C:\WINDOWS\system32\rvkhlnwo.tmp
2008-05-12 02:00 . 2008-05-12 02:00 2 --a------ C:\1959894386
2008-05-12 01:59 . 2008-05-14 15:06 27,136 --a------ C:\WINDOWS\system32\drivers\Ttm85.sys
2008-05-12 01:59 . 2008-05-12 01:59 1 --a------ C:\WINDOWS\system32\kr_done1de
2008-05-09 16:52 . 2008-05-09 16:52 268 --ah----- C:\sqmdata03.sqm
2008-05-09 16:52 . 2008-05-09 16:52 244 --ah----- C:\sqmnoopt03.sqm
2008-05-08 16:20 . 2004-08-03 23:10 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2008-05-08 16:20 . 2004-08-03 23:10 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2008-05-08 16:20 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2008-05-08 16:20 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-05-08 16:19 . 2004-08-03 23:10 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2008-05-08 16:18 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-05-06 11:07 . 2008-05-06 11:07 <REP> d-------- C:\Documents and Settings\mellah\Application Data\TaoUSign
2008-04-19 19:24 . 2008-04-19 19:25 <REP> d-------- C:\Program Files\Controle Parental
2008-04-19 19:24 . 2006-12-19 13:47 228,648 --a------ C:\WINDOWS\OptChecker.exe
2008-04-19 19:24 . 2006-12-19 13:34 163,120 --a------ C:\WINDOWS\OptRemove.exe
2008-04-19 19:24 . 2006-02-08 17:30 8,464 --------- C:\WINDOWS\sporder.dll
2008-04-19 19:24 . 2006-11-08 11:46 3,224 --------- C:\WINDOWS\sporder.zip

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-14 00:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-13 21:26 --------- d-----w C:\Program Files\Fichiers communs\AOL
2008-05-13 21:26 --------- d-----w C:\Documents and Settings\mellah\Application Data\AOL
2008-05-13 21:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-05-13 21:26 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\AOL
2008-05-13 20:47 --------- d-----w C:\Documents and Settings\mellah\Application Data\OpenOffice.org2
2008-05-13 20:44 --------- d-----w C:\Program Files\Google
2008-05-13 20:41 --------- d-----w C:\Program Files\Java
2008-05-13 20:23 --------- d-----w C:\Program Files\Alwil Software
2008-05-13 17:49 --------- d-----w C:\Program Files\Yahoo!
2008-05-13 17:43 --------- d-----w C:\Program Files\Everest Poker
2008-05-13 17:42 --------- d-----w C:\Program Files\Creative
2008-05-13 17:07 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-13 17:07 --------- d-----w C:\Program Files\Spyware Doctor
2008-05-13 17:07 --------- d-----w C:\Documents and Settings\mellah\Application Data\PC Tools
2008-05-13 16:47 --------- d-----w C:\Program Files\Norton Security Scan
2008-05-12 21:02 --------- d-----w C:\Documents and Settings\mellah\Application Data\LimeWire
2008-05-12 18:40 --------- d-----w C:\Program Files\eMule
2008-05-11 20:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-08 14:17 --------- d-----w C:\Program Files\Fichiers communs\logishrd
2008-05-04 09:48 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-05-01 10:19 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-04-21 18:16 --------- d-----w C:\Program Files\Picasa2
2008-04-19 17:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-09 12:57 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-04-05 07:41 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-04-05 06:59 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-02-07 09:17 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-11 19:40 480,848 ----a-w C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe
2008-02-06 12:56 88 --sh--r C:\WINDOWS\system32\C9C08C5A8C.sys
2008-02-06 12:56 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

md5deep: C:\WINDOWS\system32\svchost.exe: error at offset 0: Permission denied

2006-03-24 14:00 82944 bc41f51a39d3b255805fdb759b7814ae C:\WINDOWS\system32\ws2_32.dll
2006-03-24 14:00 82944 bc41f51a39d3b255805fdb759b7814ae C:\WINDOWS\system32\dllcache\ws2_32.dll

md5deep: C:\WINDOWS\system32\winlogon.exe: error at offset 0: Permission denied

2006-03-24 14:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\dllcache\ndis.sys
2006-03-24 14:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2006-03-24 14:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\dllcache\ip6fw.sys
2006-03-24 14:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

md5deep: C:\WINDOWS\explorer.exe: error at offset 0: Permission denied
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2006-03-24 14:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

md5deep: C:\WINDOWS\system32\services.exe: error at offset 0: Permission denied

md5deep: C:\WINDOWS\system32\lsass.exe: error at offset 0: Permission denied

2006-03-24 14:00 15360 5584247b568c2e53934873f4b655fe6a C:\WINDOWS\system32\ctfmon.exe
2006-03-24 14:00 15360 5584247b568c2e53934873f4b655fe6a C:\WINDOWS\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-05-14_ 1.19.55.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-23 04:56:21 554,008 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\dao360.dll
+ 2007-12-10 12:41:11 518,944 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexch40.dll
+ 2007-12-10 12:41:11 326,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexcl40.dll
+ 2007-12-10 12:41:11 1,516,568 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjet40.dll
+ 2007-12-10 12:41:11 355,112 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjetol1.dll
+ 2008-03-25 06:56:31 194,144 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjint40.dll
+ 2007-12-10 12:41:12 60,192 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjter40.dll
+ 2007-12-10 12:41:12 248,608 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjtes40.dll
+ 2007-12-10 12:41:12 219,936 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msltus40.dll
+ 2007-12-10 12:41:12 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mspbde40.dll
+ 2007-12-10 12:41:13 432,928 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll
+ 2007-12-10 12:41:13 322,336 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll
+ 2007-12-10 12:41:13 559,904 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrepl40.dll
+ 2007-12-10 12:41:13 264,992 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mstext40.dll
+ 2007-12-10 12:41:13 838,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswdat10.dll
+ 2007-11-01 05:15:27 621,344 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswstr10.dll
+ 2007-12-10 12:41:14 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msxbde40.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\updspapi.dll
+ 2008-05-14 06:32:15 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2008-05-14 06:32:15 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2008-05-14 06:32:16 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2008-05-14 06:32:18 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2008-01-09 13:01:48 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2008-01-09 13:01:48 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2008-05-14 06:32:19 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2008-05-14 06:32:16 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
+ 2008-01-09 13:01:48 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
- 2008-05-13 23:16:25 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-14 13:42:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-01-09 13:01:48 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2008-01-09 13:01:48 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
+ 2006-10-27 14:04:08 497,504 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MORPH9.DLL
+ 2006-10-27 14:04:10 9,581,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSPUB.EXE
+ 2006-10-26 19:09:36 136,008 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\PRTF9.DLL
+ 2006-10-27 14:04:06 624,456 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\PTXT9.DLL
+ 2006-10-26 19:09:44 590,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\PUBCONV.DLL
+ 2006-10-27 14:23:04 347,432 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\WINWORD.EXE
+ 2006-10-27 14:11:38 4,235,560 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\WRD12CNV.DLL
+ 2006-10-27 14:11:36 21,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\WRD12EXE.EXE
+ 2006-10-27 14:23:08 17,483,560 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\WWLIB.DLL
- 2008-04-11 01:01:01 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-05-14 00:07:40 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
- 2008-04-11 01:01:02 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-05-14 00:07:40 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-04-11 01:01:01 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-05-14 00:07:40 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2008-04-11 01:01:01 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2008-05-14 00:07:40 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2008-04-11 01:01:02 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-05-14 00:07:40 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-04-11 01:01:02 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-05-14 00:07:40 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-04-11 01:01:01 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-05-14 00:07:40 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2008-04-11 01:01:01 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-05-14 00:07:40 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2008-04-11 01:01:02 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-05-14 00:07:40 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2008-04-11 01:01:02 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-05-14 00:07:40 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-04-11 01:01:01 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-05-14 00:07:40 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-05-13 23:09:55 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-05-14 13:39:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-05-13 23:09:55 65,536 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-05-14 13:39:07 98,304 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-05-13 23:09:55 49,152 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008051420080515\index.dat
+ 2008-05-14 13:29:14 49,152 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008051420080515\index.dat
+ 2008-05-14 13:39:07 147,456 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-03-24 12:00:00 561,179 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
+ 2008-03-25 04:50:25 554,008 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
- 2006-03-24 12:00:00 512,029 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
+ 2008-03-25 04:50:28 518,944 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
- 2006-03-24 12:00:00 319,517 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
- 2006-03-24 12:00:00 1,507,356 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
- 2006-03-24 12:00:00 358,976 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
+ 2008-03-25 04:50:40 355,112 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
- 2006-03-24 12:00:00 184,351 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
+ 2008-03-25 04:51:08 194,144 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
- 2006-03-24 12:00:00 53,279 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
+ 2008-03-25 04:50:42 60,192 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
- 2006-03-24 12:00:00 241,693 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
- 2006-03-24 12:00:00 213,023 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
+ 2008-03-25 04:50:44 219,936 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
- 2006-03-24 12:00:00 348,189 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
- 2006-03-24 12:00:00 421,919 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
- 2006-03-24 12:00:00 315,423 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
- 2006-03-24 12:00:00 552,989 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
- 2006-03-24 12:00:00 258,077 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll
+ 2008-03-25 04:50:55 264,992 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll
- 2006-03-24 12:00:00 831,519 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
- 2006-03-24 12:00:00 614,429 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
+ 2008-03-25 04:51:09 621,344 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
- 2006-03-24 12:00:00 348,189 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
- 2006-03-24 12:00:00 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll
- 2006-03-24 12:00:00 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll
- 2006-03-24 12:00:00 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll
- 2006-03-24 12:00:00 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
- 2006-03-24 12:00:00 184,351 ----a-w C:\WINDOWS\system32\msjint40.dll
+ 2008-03-25 04:51:08 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
- 2006-03-24 12:00:00 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll
- 2006-03-24 12:00:00 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll
- 2006-03-24 12:00:00 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll
+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
- 2006-03-24 12:00:00 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll
- 2006-03-24 12:00:00 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll
- 2006-03-24 12:00:00 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll
- 2006-03-24 12:00:00 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll
- 2006-03-24 12:00:00 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll
+ 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll
- 2006-03-24 12:00:00 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll
- 2006-03-24 12:00:00 614,429 ----a-w C:\WINDOWS\system32\mswstr10.dll
+ 2008-03-25 04:51:09 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
- 2006-03-24 12:00:00 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 14:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 01:24 1694208]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 12:03 868352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-04 17:08 68856]
"EPSON Stylus DX7400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.exe" [2007-04-12 08:00 182272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:34 64512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-09-16 04:19 7630848]
"nwiz"="nwiz.exe" [2006-09-16 04:19 1617920 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-09-16 04:19 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-24 03:08 16050688 C:\WINDOWS\RTHDCPL.exe]
"DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 13:15 102400]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 23:50 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 23:50 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Vade Retro Outlook Express"="C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 20:03 310272]
"ORAHSSSessionManager"="C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe" [2007-06-12 20:12 94208]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-09 13:30 98304]
"IS CfgWiz"="C:\Program Files\Norton Internet Security\cfgwiz.exe" [ ]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 02:12 488984]
"LVCOMSX"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe" [2007-02-06 18:43 252704]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 02:13 774168]
"EverioService"="C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" [2006-11-22 22:10 151552]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"OPTENET_GUI"="C:\PROGRA~1\CONTRO~1\bin\optgui.exe" [2006-12-20 10:14 404536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-24 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"yMnZzDdChGiRSE"= {74D19D73-DE7B-37D9-8390-0E5683FED18B} - C:\WINDOWS\system32\hhnd.dll [2007-04-16 17:53 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ttm85.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"C:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Ttm85;Ttm85;C:\WINDOWS\system32\Drivers\Ttm85.sys [2008-05-14 15:06]
R2 OPTENET_FILTER;Orange Contrôle Parental;C:\Program Files\Controle Parental\bin\optproxy.exe [2006-12-21 19:15]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 13:50]
S3 lredbooo;lredbooo;C:\DOCUME~1\mellah\LOCALS~1\Temp\lredbooo.sys []
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-05 20:46]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5609270f-d0b2-11dc-9004-00038a000015}]
\Shell\AutoRun\command - K:\RavMon.exe
\Shell\explore\Command - K:\RavMon.exe -e
\Shell\open\Command - K:\RavMon.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-09 13:00:06 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-14 15:43:03
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\tcpsr]
"ImagePath"="\??\C:\WINDOWS\System32\drivers\tcpsr.sys"
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\WinNt32.dll
-> C:\Program Files\Controle Parental\bin\lsp.dll
.
Temps d'accomplissement: 2008-05-14 15:45:55
ComboFix-quarantined-files.txt 2008-05-14 13:45:51
ComboFix2.txt 2008-05-13 23:20:11

Pre-Run: 216,245,035,008 octets libres
Post-Run: 216,201,949,184 octets libres

342 --- E O F --- 2008-05-14 00:07:43

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:48:58, on 14/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\CONTRO~1\bin\optgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\mellah\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OPTENET_GUI] C:\PROGRA~1\CONTRO~1\bin\optgui.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\WINDOWS\TEMP\E_S174.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WinNt32 - C:\WINDOWS\SYSTEM32\WinNt32.dll
O21 - SSODL: yMnZzDdChGiRSE - {74D19D73-DE7B-37D9-8390-0E5683FED18B} - C:\WINDOWS\System32\hhnd.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Orange Contrôle Parental (OPTENET_FILTER) - Orange - C:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O24 - Desktop Component 0: (no name) - http://www.t45ol.com/img/logo.gif

--
End of file - 9592 bytes

ComboFix 08-05-12.1 - mellah 2008-05-14 16:21:28.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.438 [GMT 2:00]
Endroit: C:\Documents and Settings\mellah\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\mellah\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE ::
C:\WINDOWS\system32\hhnd.dll
C:\WINDOWS\system32\kr_done1de
C:\WINDOWS\system32\rvkhlnwo.tmp
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\tcpsr.sys
C:\WINDOWS\system32\hhnd.dll
C:\WINDOWS\system32\kr_done1de
C:\WINDOWS\system32\rvkhlnwo.tmp
C:\WINDOWS\system32\WinNt32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TCPSR
-------\Service_tcpsr


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-14 to 2008-05-14 ))))))))))))))))))))))))))))))))))))
.

2008-05-14 08:32 . 2008-05-14 13:08 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-05-14 01:09 . 2008-05-14 01:09 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-14 01:09 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-14 01:09 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-13 23:26 . 2008-05-13 23:26 2 --a------ C:\WINDOWS\msoffice.ini
2008-05-13 23:13 . 2008-05-13 23:13 361 --a------ C:\WINDOWS\system32\QuickTime.qtp
2008-05-13 23:05 . 2008-05-13 23:05 <REP> d-------- C:\Program Files\Trend Micro
2008-05-13 21:02 . 2008-05-13 21:02 <REP> d-------- C:\Documents and Settings\mellah\Application Data\Malwarebytes
2008-05-13 21:01 . 2008-05-13 21:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-12 02:00 . 2008-05-12 02:00 2 --a------ C:\1959894386
2008-05-12 01:59 . 2008-05-14 16:16 27,136 --a------ C:\WINDOWS\system32\drivers\Ttm85.sys
2008-05-09 16:52 . 2008-05-09 16:52 268 --ah----- C:\sqmdata03.sqm
2008-05-09 16:52 . 2008-05-09 16:52 244 --ah----- C:\sqmnoopt03.sqm
2008-05-08 16:20 . 2004-08-03 23:10 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2008-05-08 16:20 . 2004-08-03 23:10 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2008-05-08 16:20 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2008-05-08 16:20 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-05-08 16:19 . 2004-08-03 23:10 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2008-05-08 16:18 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-05-06 11:07 . 2008-05-06 11:07 <REP> d-------- C:\Documents and Settings\mellah\Application Data\TaoUSign
2008-04-19 19:24 . 2008-04-19 19:25 <REP> d-------- C:\Program Files\Controle Parental
2008-04-19 19:24 . 2006-12-19 13:47 228,648 --a------ C:\WINDOWS\OptChecker.exe
2008-04-19 19:24 . 2006-12-19 13:34 163,120 --a------ C:\WINDOWS\OptRemove.exe
2008-04-19 19:24 . 2006-02-08 17:30 8,464 --------- C:\WINDOWS\sporder.dll
2008-04-19 19:24 . 2006-11-08 11:46 3,224 --------- C:\WINDOWS\sporder.zip

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-14 00:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-13 21:26 --------- d-----w C:\Program Files\Fichiers communs\AOL
2008-05-13 21:26 --------- d-----w C:\Documents and Settings\mellah\Application Data\AOL
2008-05-13 21:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-05-13 21:26 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\AOL
2008-05-13 20:47 --------- d-----w C:\Documents and Settings\mellah\Application Data\OpenOffice.org2
2008-05-13 20:44 --------- d-----w C:\Program Files\Google
2008-05-13 20:41 --------- d-----w C:\Program Files\Java
2008-05-13 20:23 --------- d-----w C:\Program Files\Alwil Software
2008-05-13 17:49 --------- d-----w C:\Program Files\Yahoo!
2008-05-13 17:43 --------- d-----w C:\Program Files\Everest Poker
2008-05-13 17:42 --------- d-----w C:\Program Files\Creative
2008-05-13 17:07 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-13 17:07 --------- d-----w C:\Program Files\Spyware Doctor
2008-05-13 17:07 --------- d-----w C:\Documents and Settings\mellah\Application Data\PC Tools
2008-05-13 16:47 --------- d-----w C:\Program Files\Norton Security Scan
2008-05-12 21:02 --------- d-----w C:\Documents and Settings\mellah\Application Data\LimeWire
2008-05-12 18:40 --------- d-----w C:\Program Files\eMule
2008-05-11 20:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-08 14:17 --------- d-----w C:\Program Files\Fichiers communs\logishrd
2008-05-04 09:48 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-05-01 10:19 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-04-21 18:16 --------- d-----w C:\Program Files\Picasa2
2008-04-19 17:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-09 12:57 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-04-05 07:41 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-04-05 06:59 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-02-07 09:17 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-11 19:40 480,848 ----a-w C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe
2008-02-06 12:56 88 --sh--r C:\WINDOWS\system32\C9C08C5A8C.sys
2008-02-06 12:56 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2006-03-24 14:00 17408 d2c98db0c0b48cd1c73279c84377d1bb C:\WINDOWS\system32\svchost.exe

2006-03-24 14:00 82944 bc41f51a39d3b255805fdb759b7814ae C:\WINDOWS\system32\ws2_32.dll
2006-03-24 14:00 82944 bc41f51a39d3b255805fdb759b7814ae C:\WINDOWS\system32\dllcache\ws2_32.dll

2006-03-24 14:00 510464 b2cb311da8e0d5ef82e5be91d5d3c993 C:\WINDOWS\system32\winlogon.exe

2006-03-24 14:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\dllcache\ndis.sys
2006-03-24 14:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2006-03-24 14:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\dllcache\ip6fw.sys
2006-03-24 14:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2007-06-13 15:22 1039872 a73985457c4e4763abdcecc5aef336a3 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2006-03-24 14:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

2006-03-24 14:00 110592 870c3ca4565d0b4c8199430de70d3596 C:\WINDOWS\system32\services.exe

2006-03-24 14:00 14848 d8b6e7a918b25f46d5f33e525c3d2f71 C:\WINDOWS\system32\lsass.exe

2006-03-24 14:00 15360 5584247b568c2e53934873f4b655fe6a C:\WINDOWS\system32\ctfmon.exe
2006-03-24 14:00 15360 5584247b568c2e53934873f4b655fe6a C:\WINDOWS\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot_2008-05-14_15.45.44.15 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-14 13:42:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-14 14:25:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-14 13:39:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-05-14 14:21:13 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-05-14 13:39:07 98,304 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-05-14 14:21:13 98,304 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-05-14 13:29:14 49,152 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008051420080515\index.dat
+ 2008-05-14 14:16:14 65,536 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008051420080515\index.dat
- 2008-05-14 13:39:07 147,456 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-14 14:21:13 98,304 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 14:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 01:24 1694208]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 12:03 868352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-04 17:08 68856]
"EPSON Stylus DX7400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.exe" [2007-04-12 08:00 182272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:34 64512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-09-16 04:19 7630848]
"nwiz"="nwiz.exe" [2006-09-16 04:19 1617920 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-09-16 04:19 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-24 03:08 16050688 C:\WINDOWS\RTHDCPL.exe]
"DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 13:15 102400]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 23:50 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 23:50 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Vade Retro Outlook Express"="C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 20:03 310272]
"ORAHSSSessionManager"="C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe" [2007-06-12 20:12 94208]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-09 13:30 98304]
"IS CfgWiz"="C:\Program Files\Norton Internet Security\cfgwiz.exe" [ ]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 02:12 488984]
"LVCOMSX"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe" [2007-02-06 18:43 252704]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 02:13 774168]
"EverioService"="C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" [2006-11-22 22:10 151552]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"OPTENET_GUI"="C:\PROGRA~1\CONTRO~1\bin\optgui.exe" [2006-12-20 10:14 404536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-24 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ttm85.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"C:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Ttm85;Ttm85;C:\WINDOWS\system32\Drivers\Ttm85.sys [2008-05-14 16:16]
R2 OPTENET_FILTER;Orange Contrôle Parental;C:\Program Files\Controle Parental\bin\optproxy.exe [2006-12-21 19:15]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 13:50]
S3 lredbooo;lredbooo;C:\DOCUME~1\mellah\LOCALS~1\Temp\lredbooo.sys []
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-05 20:46]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5609270f-d0b2-11dc-9004-00038a000015}]
\Shell\AutoRun\command - K:\RavMon.exe
\Shell\explore\Command - K:\RavMon.exe -e
\Shell\open\Command - K:\RavMon.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-09 13:00:06 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-14 16:25:27
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\WinNt32.dll
-> C:\Program Files\Controle Parental\bin\lsp.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Fichiers communs\logishrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe
C:\Program Files\OrangeHSS\Connectivity\corecom\CoreCom.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\OrangeHSS\Connectivity\corecom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Fichiers communs\logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-14 16:28:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-14 14:28:17
ComboFix2.txt 2008-05-14 13:45:56
ComboFix3.txt 2008-05-13 23:20:11

Pre-Run: 216,170,582,016 octets libres
Post-Run: 216,207,769,600 octets libres

241 --- E O F --- 2008-05-14 00:07:43

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:32:44, on 14/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\PROGRA~1\CONTRO~1\bin\optgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\TEMP\BN2.tmp
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\mellah\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OPTENET_GUI] C:\PROGRA~1\CONTRO~1\bin\optgui.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\WINDOWS\TEMP\E_S174.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WinNt32 - C:\WINDOWS\SYSTEM32\WinNt32.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Orange Contrôle Parental (OPTENET_FILTER) - Orange - C:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O24 - Desktop Component 0: (no name) - http://www.t45ol.com/img/logo.gif

--
End of file - 9640 bytes

Malwarebytes' Anti-Malware 1.12
Version de la base de données: 746

Type de recherche: Examen complet (C:\|)
Eléments examinés: 130727
Temps écoulé: 34 minute(s), 37 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 6

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\WinNt32.dll (Trojan.Agent) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\tcpsr (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpsr (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winnt32 (Trojan.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\tcpsr.sys.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C370A3D6-7A0C-4DE3-89DA-0B58CEBE3529}\RP284\A0152648.sys (Tr