Aller au contenu

olympiquedemars

Membres
  • Compteur de contenus

    21
  • Inscription

  • Dernière visite

olympiquedemars's Achievements

Member

Member (4/12)

0

Réputation sur la communauté

  1. Bonsoir et merci pour ton intervention, J'ai fait ce que tu m'as demandé de faire, les rapport sont les suivants: Malware rapport: Malwarebytes' Anti-Malware 1.28 Version de la base de données: 1225 Windows 5.1.2600 Service Pack 2 29/09/2008 17:00:25 mbam-log-2008-09-29 (17-00-25).txt Type de recherche: Examen complet (A:\|C:\|D:\|E:\|F:\|) Eléments examinés: 157629 Temps écoulé: 4 hour(s), 53 minute(s), 42 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Et move it rapport: < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSjcxe.sys > Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSjcxe.sys\\ deleted successfully. OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09292008_115011 Sinon j'ai un probleme avec antivir il me detecte chaque jour un virus parfois meme plus par jour. Merci d'avance.
  2. Bonsoir, en faite j'ai deja fait la manip., et quand antivir m'avait signalé les virus j'ai tout simplement cliqué sur quarantaine. :P Mais bon j'avais pas pensé à désactiver antivir, mais j'ai envoyé le fichier avec succes malgré ce petit probleme.
  3. Bonjour, je l'ai fait mais pendant l'envoi vers l'archive, antivir m'a signalé 4 virus. Merci d'avance.
  4. Salut et merci, les rapports sont les suivants: Combo: ComboFix 08-09-20.05 - Utilisateur1 2008-09-21 19:00:04.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.42 [GMT 2:00] Lancé depuis: C:\Documents and Settings\Utilisateur1\Bureau\ComboFix.exe Commutateurs utilisés :: C:\Documents and Settings\Utilisateur1\Bureau\CFScript.txt * Un nouveau point de restauration a été créé FILE :: C:\WINDOWS\system32\Smab.dll H:\fooool.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\drivers\TDSSjcxe.sys C:\WINDOWS\system32\Smab.dll C:\WINDOWS\system32\TDSSevri.dll C:\WINDOWS\system32\TDSShpue.dll C:\WINDOWS\system32\TDSSjjsm.dll C:\WINDOWS\system32\TDSSjmle.dll G:\Autorun.inf . ((((((((((((((((((((((((((((( Fichiers créés du 2008-08-21 au 2008-09-21 )))))))))))))))))))))))))))))))))))) . 2008-09-24 00:02 . 2008-09-24 00:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG 2008-09-24 00:00 . 2008-09-24 00:05 <REP> d-------- C:\Documents and Settings\Utilisateur1\Application Data\HP 2008-09-23 23:55 . 2008-09-23 23:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard 2008-09-23 23:53 . 2007-03-15 15:32 118,272 --a------ C:\WINDOWS\system32\hpz3l5ha.dll 2008-09-23 23:40 . 2008-09-23 23:40 <REP> d-------- C:\Program Files\Hewlett-Packard 2008-09-23 23:40 . 2008-09-23 23:40 <REP> d-------- C:\Program Files\Fichiers communs\Hewlett-Packard 2008-09-23 23:40 . 2008-09-23 23:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant 2008-09-23 23:40 . 2008-09-23 23:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HP 2008-09-23 23:39 . 2008-09-23 23:39 <REP> d-------- C:\Program Files\Fichiers communs\HP 2008-09-23 23:38 . 2007-12-07 17:55 271,704 --a------ C:\WINDOWS\system32\hpzids01.dll 2008-09-23 23:38 . 2007-11-02 04:28 49,920 --a------ C:\WINDOWS\system32\drivers\HPZid412.sys 2008-09-23 23:38 . 2007-11-02 04:28 16,496 --a------ C:\WINDOWS\system32\drivers\HPZipr12.sys 2008-09-23 23:37 . 2007-11-02 04:28 970,752 --a------ C:\WINDOWS\system32\hpotiop5.dll 2008-09-23 23:37 . 2007-11-02 04:28 729,088 --a------ C:\WINDOWS\system32\hpowiax5.dll 2008-09-23 23:37 . 2007-11-02 04:28 303,104 --a------ C:\WINDOWS\system32\hpovst12.dll 2008-09-23 23:36 . 2008-09-23 23:40 <REP> d-------- C:\Program Files\HP 2008-09-23 23:34 . 2008-09-24 00:01 185,317 --a------ C:\WINDOWS\hpoins21.dat 2008-09-23 23:34 . 2008-02-15 05:48 7,262 --------- C:\WINDOWS\hpomdl21.dat 2008-09-23 22:54 . 2008-09-23 22:54 <REP> d-------- C:\Program Files\Roxio 2008-09-23 22:54 . 2008-09-23 22:54 <REP> d-------- C:\Program Files\Fichiers communs\SureThing Shared 2008-09-21 20:50 . 2008-09-21 20:50 <REP> d-------- C:\Program Files\Avira 2008-09-21 20:50 . 2008-09-21 20:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-09-21 11:31 . 2008-09-21 11:31 <REP> d-------- C:\WINDOWS\ERUNT 2008-09-21 11:30 . 2008-09-21 18:38 <REP> d-------- C:\SDFix 2008-09-09 20:11 . 2008-09-09 20:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Mediafour 2008-09-09 19:35 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-09-09 19:35 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys 2008-09-06 19:13 . 2008-09-07 17:30 <REP> d-------- C:\Program Files\Navilog1 2008-09-06 19:06 . 2008-09-07 17:21 2,732 --a------ C:\Documents and Settings\Orph.egd 2008-09-06 19:05 . 2008-09-07 17:21 <REP> d-------- C:\ToolBar SD 2008-08-26 00:19 . 2008-08-26 07:03 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-23 19:08 --------- d-----w C:\Program Files\MSN Messenger 2008-09-21 16:56 --------- d-----w C:\Program Files\Soulseek 2008-09-20 19:45 --------- d-----w C:\Program Files\Best_Security_Tips 2008-09-09 18:12 --------- d-----w C:\Program Files\Fichiers communs\Mediafour 2008-09-09 18:10 --------- d-----w C:\Program Files\Mediafour 2008-08-31 18:34 --------- d-----w C:\Program Files\VideoLAN 2008-08-20 08:42 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-08-20 08:42 --------- d-----w C:\Program Files\Téléchargeur de Beijing 2008 2008-08-12 17:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-07-31 04:17 --------- d-----w C:\Program Files\Replay Media Catcher 2008-07-28 15:00 --------- d-----w C:\Documents and Settings\Utilisateur1\Application Data\Orbit 2008-07-28 14:57 --------- d-----w C:\Documents and Settings\Utilisateur1\Application Data\GrabPro 2008-07-28 10:58 --------- d-----w C:\Documents and Settings\Utilisateur1\Application Data\Xi 2008-07-28 07:15 --------- d-----w C:\Program Files\QuickTime 2008-07-28 07:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-07-28 07:07 --------- d-----w C:\Program Files\Apple Software Update 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-24 16:12 295,936 ----a-w C:\WINDOWS\system32\wmpeffects.dll 2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2007-10-23 17:02 56,568 -c--a-w C:\Documents and Settings\Utilisateur1\Application Data\GDIPFONTCACHEV1.DAT 2005-05-13 16:12 217,073 --sha-r C:\WINDOWS\meta4.exe 2005-10-24 10:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe 2005-10-13 20:27 422,400 --sha-r C:\WINDOWS\x2.64.exe 2005-10-07 18:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll 2005-07-14 11:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll 2005-06-26 14:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll 2005-06-21 21:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll 2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll 2007-12-20 03:53 10,856 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2005-02-28 12:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe 2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll . ((((((((((((((((((((((((((((( snapshot@2008-09-21_18.46.50.07 ))))))))))))))))))))))))))))))))))))))))) . + 2008-09-23 21:48:15 65,536 ----a-r C:\WINDOWS\Installer\{11B83AD3-7A46-4C2E-A568-9505981D4C6F}\ARPPRODUCTICON.exe + 2008-09-23 21:48:15 689,456 ----a-r C:\WINDOWS\Installer\{11B83AD3-7A46-4C2E-A568-9505981D4C6F}\HPSUShortcut_BB85ED9CAFC943BDB8DC258C3C7DF72E.exe + 2008-09-23 21:49:46 25,214 ----a-r C:\WINDOWS\Installer\{34BFB099-07B2-4E95-A673-7362D60866A2}\ARPPRODUCTICON.exe + 2008-09-23 21:43:12 65,536 ----a-r C:\WINDOWS\Installer\{5ACE69F0-A3E8-44eb-88C1-0A841E700180}\NewShortcut1.A6CC6977_F7B4_4C0B_9510_BCD847D4BDB2.exe + 2008-09-23 20:55:12 1,342,368 ----a-r C:\WINDOWS\Installer\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}\staxIcon.exe + 2008-09-23 21:47:43 25,214 ----a-r C:\WINDOWS\Installer\{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}\NewShortcut1.E6275AC6_5F4F_4F0B_987B_C7E51AB63AA0.exe + 2008-09-23 21:47:43 25,214 ----a-r C:\WINDOWS\Installer\{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}\NewShortcut11.E6275AC6_5F4F_4F0B_987B_C7E51AB63AA0.exe + 2008-09-23 21:50:06 25,214 ----a-r C:\WINDOWS\Installer\{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}\ARPPRODUCTICON.exe + 2008-09-23 21:50:06 25,214 ----a-r C:\WINDOWS\Installer\{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}\NewShortcut1_8CEA85DE955B4BF487F20BAA62821633.exe + 2008-09-23 21:50:06 25,214 ----a-r C:\WINDOWS\Installer\{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}\NewShortcut2_8CEA85DE955B4BF487F20BAA62821633.exe - 2007-09-16 09:54:36 29,926 -c--a-r C:\WINDOWS\Installer\{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}\MsblIco.Exe + 2008-09-23 19:08:11 29,926 ----a-r C:\WINDOWS\Installer\{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}\MsblIco.Exe + 2007-08-22 14:34:26 287,256 ----a-r C:\WINDOWS\system32\AbaleZip.dll + 2005-01-23 21:42:34 45,056 ----a-w C:\WINDOWS\system32\cdral.dll + 2005-01-23 21:42:34 61,440 ----a-w C:\WINDOWS\system32\cdrtc.dll + 2007-07-06 03:34:32 309,760 ----a-w C:\WINDOWS\system32\difxapi.dll + 2008-05-09 11:15:51 45,376 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys + 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys + 2008-06-27 13:03:55 75,072 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys + 2007-07-06 03:34:34 21,568 ----a-w C:\WINDOWS\system32\drivers\HPZius12.sys + 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys + 2007-12-07 15:55:31 271,704 -c--a-w C:\WINDOWS\system32\DRVSTORE\hpohsla_1F214374B1716048FBFF63827D9E01DBD35928C9\hpzids01.dll + 2007-11-02 02:28:04 309,760 -c--a-w C:\WINDOWS\system32\DRVSTORE\hposcu12_2EE2235FE88C2F49077C4C82E0EC22D7DFE78B19\drivers\dot4\Win2000\difxapi.dll + 2007-11-02 02:28:05 364,544 -c--a-w C:\WINDOWS\system32\DRVSTORE\hposcu12_2EE2235FE88C2F49077C4C82E0EC22D7DFE78B19\drivers\dot4\Win2000\hppldcoi.dll + 2007-11-02 02:28:09 970,752 -c--a-w C:\WINDOWS\system32\DRVSTORE\hposcu12_2EE2235FE88C2F49077C4C82E0EC22D7DFE78B19\drivers\scanner\x32\hpotiop5.dll + 2007-11-02 02:28:10 229,376 -c--a-w C:\WINDOWS\system32\DRVSTORE\hposcu12_2EE2235FE88C2F49077C4C82E0EC22D7DFE78B19\drivers\scanner\x32\hpotsti1.dll + 2007-11-02 02:28:10 303,104 -c--a-w C:\WINDOWS\system32\DRVSTORE\hposcu12_2EE2235FE88C2F49077C4C82E0EC22D7DFE78B19\drivers\scanner\x32\hpovst12.dll + 2007-11-02 02:28:11 729,088 -c--a-w C:\WINDOWS\system32\DRVSTORE\hposcu12_2EE2235FE88C2F49077C4C82E0EC22D7DFE78B19\drivers\scanner\x32\hpowiax5.dll + 2007-11-02 02:28:06 49,920 -c--a-w C:\WINDOWS\system32\DRVSTORE\hpzid413_F75AD070CF6AC37359152FFE52115AEC89378C94\drivers\dot4\Win2000\HPZid412.sys + 2007-11-02 02:28:04 309,760 -c--a-w C:\WINDOWS\system32\DRVSTORE\hpzipa13_DB40AE39DB38AD8D2AF2D8E4340ABA1C191DE2CE\drivers\dot4\Win2000\difxapi.dll + 2007-11-02 02:28:05 364,544 -c--a-w C:\WINDOWS\system32\DRVSTORE\hpzipa13_DB40AE39DB38AD8D2AF2D8E4340ABA1C191DE2CE\drivers\dot4\Win2000\hppldcoi.dll + 2007-11-02 02:28:06 49,920 -c--a-w C:\WINDOWS\system32\DRVSTORE\hpzipa13_DB40AE39DB38AD8D2AF2D8E4340ABA1C191DE2CE\drivers\dot4\Win2000\HPZid412.sys + 2007-11-02 02:28:06 16,496 -c--a-w C:\WINDOWS\system32\DRVSTORE\hpzipa13_DB40AE39DB38AD8D2AF2D8E4340ABA1C191DE2CE\drivers\dot4\Win2000\HPzipr12.sys + 2007-11-02 02:28:07 21,568 -c--a-w C:\WINDOWS\system32\DRVSTORE\hpzipa13_DB40AE39DB38AD8D2AF2D8E4340ABA1C191DE2CE\drivers\dot4\Win2000\HPZius12.sys + 2007-11-02 02:27:48 282,624 -c--a-w C:\WINDOWS\system32\DRVSTORE\hpzipa13_DB40AE39DB38AD8D2AF2D8E4340ABA1C191DE2CE\HPZc3212.dll + 2007-11-02 02:28:06 16,496 -c--a-w C:\WINDOWS\system32\DRVSTORE\hpzipr13_9B62D8E7E43E761D5D4A9F1967C0FC868E8BC390\drivers\dot4\Win2000\HPZipr12.sys + 2007-11-02 02:28:04 309,760 -c--a-w C:\WINDOWS\system32\DRVSTORE\hpzius13_9B9B07948B5298EA9F9D379B539EC8677D74FF6B\drivers\dot4\Win2000\difxapi.dll + 2007-11-02 02:28:05 364,544 -c--a-w C:\WINDOWS\system32\DRVSTORE\hpzius13_9B9B07948B5298EA9F9D379B539EC8677D74FF6B\drivers\dot4\Win2000\hppldcoi.dll + 2007-11-02 02:28:06 49,920 -c--a-w C:\WINDOWS\system32\DRVSTORE\hpzius13_9B9B07948B5298EA9F9D379B539EC8677D74FF6B\drivers\dot4\Win2000\hpzid412.sys + 2007-11-02 02:28:06 16,496 -c--a-w C:\WINDOWS\system32\DRVSTORE\hpzius13_9B9B07948B5298EA9F9D379B539EC8677D74FF6B\drivers\dot4\Win2000\hpzipr12.sys + 2007-11-02 02:28:07 21,568 -c--a-w C:\WINDOWS\system32\DRVSTORE\hpzius13_9B9B07948B5298EA9F9D379B539EC8677D74FF6B\drivers\dot4\Win2000\HPZius12.sys + 2007-11-02 02:28:07 16,800 -c--a-w C:\WINDOWS\system32\DRVSTORE\hpzius13_9B9B07948B5298EA9F9D379B539EC8677D74FF6B\drivers\dot4\WinxP\Hppaufd0.sys + 2007-11-02 02:27:48 282,624 -c--a-w C:\WINDOWS\system32\DRVSTORE\hpzius13_9B9B07948B5298EA9F9D379B539EC8677D74FF6B\HPZc3212.dll + 2007-12-20 09:05:58 1,645,320 ----a-w C:\WINDOWS\system32\gdiplus.dll + 2007-08-24 15:37:30 51,712 ----a-w C:\WINDOWS\system32\hpbmiapi.dll + 2007-08-24 15:37:38 45,568 ----a-w C:\WINDOWS\system32\hpboid.dll + 2007-08-24 15:37:40 7,680 ----a-w C:\WINDOWS\system32\hpboidps.dll + 2007-08-24 15:37:36 89,088 ----a-w C:\WINDOWS\system32\hpbpro.dll + 2007-08-24 15:37:34 7,680 ----a-w C:\WINDOWS\system32\hpbprops.dll + 2007-04-24 08:33:00 114,688 ----a-w C:\WINDOWS\system32\hplbdchn.dll + 2007-11-02 02:28:05 364,544 ----a-w C:\WINDOWS\system32\hppldcoi.dll + 2008-01-16 17:14:18 49,152 ----a-w C:\WINDOWS\system32\HPZidr12.dll + 2008-01-16 17:14:18 43,520 ----a-w C:\WINDOWS\system32\HPZinw12.dll + 2008-01-16 17:14:20 53,760 ----a-w C:\WINDOWS\system32\HPZipm12.dll + 2008-01-16 17:14:20 33,280 ----a-w C:\WINDOWS\system32\HPZipr12.dll + 2008-01-16 17:14:22 29,696 ----a-w C:\WINDOWS\system32\hpzipt12.dll + 2008-01-16 17:14:22 20,480 ----a-w C:\WINDOWS\system32\hpzisn12.dll + 2007-10-19 18:37:06 190,072 ----a-w C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe + 2007-11-02 16:44:18 3,072 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dm_fx_drvr32.dll + 2007-11-02 16:44:18 3,072 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dm_fx_gpd.dll + 2007-11-02 16:44:18 3,072 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\dm_fx_ini.dll + 2007-11-02 16:44:18 155,648 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpaiounifax.dll + 2007-03-07 13:02:58 2,856,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpbcfgre.dll + 2006-11-30 09:14:06 671,816 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpcdmc32.dll + 2007-02-22 17:35:00 314,880 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpfie5ha.dll + 2007-02-20 09:29:02 337,920 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpfig5ha.dll + 2006-12-06 14:31:56 113,152 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpfrs5ha.dll + 2007-03-15 13:32:42 1,584,640 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpz3a5ha.dll + 2007-03-15 13:15:26 977,920 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpz3c5ha.dll + 2007-03-15 13:33:40 1,739,264 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpz3r5ha.dll + 2007-03-15 13:33:14 233,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzc35ha.dll + 2007-03-15 13:32:16 446,976 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzev5ha.dll + 2007-03-15 13:32:30 299,520 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzpr5ha.dll + 2007-03-15 13:24:18 670,208 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzss5ha.dll + 2007-03-15 13:16:26 8,602,112 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzst5ha.dll + 2007-03-16 08:10:40 3,291,648 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzui5ha.dll + 2007-03-15 13:15:24 3,419,648 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzur5ha.dll + 2006-12-20 10:50:04 269,824 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRV.DLL + 2006-12-20 10:48:34 208,384 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL + 2006-12-20 10:48:32 620,544 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIRES.DLL + 2007-03-07 13:02:58 2,856,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c5200_sc56c\hpbcfgre.dll + 2006-11-30 09:14:06 671,816 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c5200_sc56c\hpcdmc32.dll + 2007-02-22 17:35:00 314,880 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c5200_sc56c\hpfie5ha.dll + 2007-02-20 09:29:02 337,920 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c5200_sc56c\hpfig5ha.dll + 2006-12-06 14:31:56 113,152 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c5200_sc56c\hpfrs5ha.dll + 2007-03-15 13:32:42 1,584,640 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c5200_sc56c\hpz3a5ha.dll + 2007-03-15 13:15:26 977,920 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c5200_sc56c\hpz3c5ha.dll + 2007-03-15 13:33:40 1,739,264 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c5200_sc56c\hpz3r5ha.dll + 2007-03-15 13:33:14 233,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c5200_sc56c\hpzc35ha.dll + 2007-03-15 13:32:16 446,976 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c5200_sc56c\hpzev5ha.dll + 2007-03-15 13:32:30 299,520 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c5200_sc56c\hpzpr5ha.dll + 2007-03-15 13:24:18 670,208 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c5200_sc56c\hpzss5ha.dll + 2007-03-15 13:16:26 8,602,112 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c5200_sc56c\hpzst5ha.dll + 2007-03-16 08:10:40 3,291,648 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c5200_sc56c\hpzui5ha.dll + 2007-03-15 13:15:24 3,419,648 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c5200_sc56c\hpzur5ha.dll + 2006-12-20 10:50:04 269,824 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c5200_sc56c\UNIDRV.DLL + 2006-12-20 10:48:34 208,384 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c5200_sc56c\UNIDRVUI.DLL + 2006-12-20 10:48:32 620,544 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c5200_sc56c\UNIRES.DLL + 2007-03-15 13:32:10 274,944 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5ha.dll + 2007-10-31 12:45:34 12,288 ----a-r C:\WINDOWS\Twunk_16.dll + 2007-10-31 12:45:34 12,288 ----a-r C:\WINDOWS\Twunk_32.dll + 2008-09-23 21:40:07 1,230,336 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\msxml4.dll + 2008-09-23 21:40:08 82,432 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll + 2007-09-12 09:23:20 96,256 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_6e85597b\ATL80.dll + 2007-05-08 12:19:08 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcm80.dll + 2007-05-08 12:19:08 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcp80.dll + 2007-05-08 12:19:08 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcr80.dll + 2007-05-08 12:19:10 1,093,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfc80.dll + 2007-05-08 12:19:10 1,079,808 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfc80u.dll + 2007-05-08 12:19:10 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfcm80.dll + 2007-05-08 12:19:10 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfcm80u.dll + 2007-10-19 18:46:08 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80CHS.dll + 2007-10-19 18:46:08 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80CHT.dll + 2007-10-19 18:46:08 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80DEU.dll + 2007-10-19 18:46:08 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80ENU.dll + 2007-10-19 18:46:08 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80ESP.dll + 2007-10-19 18:46:08 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80FRA.dll + 2007-10-19 18:46:08 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80ITA.dll + 2007-10-19 18:46:08 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80JPN.dll + 2007-10-19 18:46:08 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80KOR.dll . -- Instantané actualisé -- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VisualTaskTips"="C:\Program Files\VisualTaskTips\VisualTaskTips.exe" [2006-07-31 36864] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312] "{B179023B-6238-4499-8F26-CD73E9D90E0A}"="C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe" [2007-07-12 179288] "MDGetStarted.exe"="C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe" [2007-06-13 139264] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "HP Software Update"="D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152] "hpqSRMon"="D:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= i420vfw.dll "vidc.yv12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSjcxe.sys] @="driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Utilisateur1^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk] path=C:\Documents and Settings\Utilisateur1\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Configuration de la neuf Box] --------- 2005-12-13 15:19 389120 C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-05 14:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] ---hs---- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a------ 2003-08-15 00:34 57344 C:\WINDOWS\SOUNDMAN.EXE [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "D:\\eMule\\emule.exe"= "C:\\Program Files\\Soulseek\\slsk.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "D:\\soulseek\\slsk.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "D:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "D:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "D:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "D:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "D:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "D:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "13851:TCP"= 13851:TCP:NortonAV "14814:TCP"= 14814:TCP:NortonAV "16082:TCP"= 16082:TCP:NortonAV "17760:TCP"= 17760:TCP:NortonAV R0 MDFSYSNT;MacDrive file system driver;C:\WINDOWS\system32\drivers\MDFSYSNT.sys [2007-07-31 276352] R0 MDPMGRNT;MDPMGRNT;C:\WINDOWS\system32\drivers\MDPMGRNT.sys [2007-02-28 19072] R2 MacDriveService;MacDriveService;C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe [2007-05-01 143360] S3 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2007-10-10 69120] S3 ovt530;Dual Mode USB Camera OV530;C:\WINDOWS\system32\Drivers\ov530vid.sys [ ] S3 RDID1057;EDIROL UA-1EX;C:\WINDOWS\system32\Drivers\rdwm1057.sys [2005-07-04 140930] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contenu du dossier 'Tâches planifiées' . - - - - ORPHELINS SUPPRIMES - - - - MSConfigStartUp-avast! - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe . ------- Examen supplémentaire ------- . FireFox -: Profile - C:\Documents and Settings\Utilisateur1\Application Data\Mozilla\Firefox\Profiles\f5v4rrrw.default\ . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-21 19:07:27 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... C:\WINDOWS\explorer.exe [1764] 0x81D163C0 Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- PROCESSUS: C:\WINDOWS\explorer.exe -> C:\Program Files\VisualTaskTips\VttHooks.dll . ------------------------ Autres processus actifs ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\MDM.EXE C:\WINDOWS\system32\ati2evxx.exe D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe D:\Program Files\HP\Digital Imaging\bin\hpqste08.exe D:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe D:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe . ************************************************************************** . Heure de fin: 2008-09-21 19:15:04 - La machine a redémarré [utilisateur1] ComboFix-quarantined-files.txt 2008-09-21 17:14:56 ComboFix2.txt 2008-09-21 16:47:22 Avant-CF: 1ÿ521ÿ344ÿ512 octets libres Après-CF: 2,338,549,760 octets libres 334 --- E O F --- 2008-09-10 13:07:56 Et hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:18:13, on 21/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe D:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\VisualTaskTips\VisualTaskTips.exe C:\WINDOWS\system32\ctfmon.exe D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe D:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe D:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Utilisateur1\Bureau\Stage de Sabah\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - D:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - D:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [{B179023B-6238-4499-8F26-CD73E9D90E0A}] "C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe" O4 - HKLM\..\Run: [MDGetStarted.exe] "C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe" /auto O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpqSRMon] D:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - D:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: MacDriveService - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe O24 - Desktop Component 0: (no name) - http://www.inter.it/aas/img/89936.jpg O24 - Desktop Component 1: (no name) - http://fr.uefa.com/ml/images/logos/players/50138.jpg O24 - Desktop Component 10: (no name) - http://fr.uefa.com/ml/images/Logos/70X70/43.gif O24 - Desktop Component 11: (no name) - http://fr.uefa.com/MultimediaFiles/Photo/E...186_400X600.jpg O24 - Desktop Component 12: (no name) - http://www.uefa.com/MultimediaFiles/Photo/...IGLANDSCAPE.jpg O24 - Desktop Component 13: (no name) - http://www.uefa.com/MultimediaFiles/Photo/...BIGPORTRAIT.jpg O24 - Desktop Component 14: (no name) - http://s.om.net/om/image/phototheque/g/54/10715.jpg O24 - Desktop Component 15: (no name) - http://www.uefa.com/MultimediaFiles/Photo/...UMLANDSCAPE.jpg O24 - Desktop Component 16: (no name) - http://www.futura-sciences.com/img/orage.jpg O24 - Desktop Component 17: (no name) - http://www.lequipe.fr/Football/img/carton_jaune_22.gif O24 - Desktop Component 18: (no name) - http://www.lequipe.fr/Football/img/carton_rouge_22.gif O24 - Desktop Component 19: (no name) - http://www.lequipe.fr/Football/img/flags/flag_BOS.gif O24 - Desktop Component 2: (no name) - http://fr.uefa.com/ml/images/Players/UCL/400X600/4065.jpg O24 - Desktop Component 20: (no name) - http://www.madeinsport.com/photos/OM_REP2_NEW_CLEU_PE2.jpg O24 - Desktop Component 21: (no name) - http://s.om.net/om/image/article/illustrat...g/206/41063.jpg O24 - Desktop Component 22: (no name) - http://s.om.net/om/file/200608/calendrier.gif O24 - Desktop Component 23: (no name) - http://images.metacafe.com/i/shadow.gif O24 - Desktop Component 24: (no name) - http://foot-mercato.blogs.francefootball.c...um_logo_psg.gif O24 - Desktop Component 25: (no name) - http://images.google.fr/images?q=tbn:wZmX4...67179_small.jpg O24 - Desktop Component 26: (no name) - http://images.google.fr/images?q=tbn:Ph_1E...peau_france.JPG O24 - Desktop Component 27: (no name) - http://www.om.net/image/site/fr/layout/h_logo01.gif O24 - Desktop Component 28: (no name) - http://www.alhoceima.com/logo_1.JPG O24 - Desktop Component 29: (no name) - http://www.adidas.com/global/common_images/p.gif O24 - Desktop Component 3: (no name) - http://fr.uefa.com/ml/images/Players/UCL/400X600/23073.jpg O24 - Desktop Component 30: (no name) - http://us.i1.yimg.com/us.yimg.com/i/fifa/0...p07ausrus_l.jpg O24 - Desktop Component 31: (no name) - http://www.lequipe.fr/Football/img/flags/flag_POR.gif O24 - Desktop Component 32: (no name) - http://www.inter.it/media/IC/000734.gif O24 - Desktop Component 33: (no name) - http://www.inter.it/webtemplate/it/stagione/pattern.gif O24 - Desktop Component 34: (no name) - http://www.lequipe.fr/Football/logos/FootballLogo427.gif O24 - Desktop Component 35: (no name) - http://www.inter.it/aas/sponsor/sponsorimg?ID=12 O24 - Desktop Component 36: (no name) - http://www.inter.it/img/headers/eng/header-2007_en.jpg O24 - Desktop Component 37: (no name) - http://www.lequipe.fr/Football/photos/FootballImage21423.jpg O24 - Desktop Component 38: (no name) - http://samiat01.skyblog.com/pics/118355147_small.jpg O24 - Desktop Component 39: (no name) - http://www.uefa.com/MultimediaFiles/Photo/...BIGPORTRAIT.jpg O24 - Desktop Component 4: (no name) - http://www.inter.it/media/IS/000814.jpg O24 - Desktop Component 40: (no name) - http://fr.uefa.com/ml/images/clubphoto/250X167/50138.jpg O24 - Desktop Component 41: (no name) - http://www.inter.it/webtemplate/it/stagion...ive_sponsor.jpg O24 - Desktop Component 42: (no name) - http://www.svbredevoort.nl/knvb.gif O24 - Desktop Component 43: (no name) - http://www.uefa.com/MultimediaFiles/Photo/...UMLANDSCAPE.jpg O24 - Desktop Component 44: (no name) - http://files.datawire.nl/uploads/images/aY...w/knvb_logo.png O24 - Desktop Component 45: (no name) - http://www.lequipe.fr/Football/photos/Foot...00000011405.jpg O24 - Desktop Component 46: (no name) - http://www.inter.it/img/flags/spagna2014.gif O24 - Desktop Component 47: (no name) - http://www.olweb.fr/image/site/fr/home/logo_ol.gif O24 - Desktop Component 48: (no name) - http://www.olweb.fr/image/site/fr/header/b_ligue1a.gif O24 - Desktop Component 49: (no name) - http://www.om.net/image/site/fr/layout/h_logo02.gif O24 - Desktop Component 5: (no name) - http://www.inter.it/media/IS/086297.jpg O24 - Desktop Component 50: (no name) - http://www.om.net/image/site/fr/no_photo_joueur_180.jpg O24 - Desktop Component 51: (no name) - http://pics.mediaplazza.com/t_24/64x64/anim_logo2004_o0.gif O24 - Desktop Component 52: (no name) - http://pics.mediaplazza.com/t_24/64x64/om_00011.gif O24 - Desktop Component 53: (no name) - http://www.lequipe.fr/Football/logos/FootballLogo6.gif O24 - Desktop Component 54: (no name) - http://upload.wikimedia.org/wikipedia/comm...Morocco.svg.png O24 - Desktop Component 55: (no name) - http://uranoscope.free.fr/bestof/couchers_...se_mbesnier.JPG O24 - Desktop Component 56: (no name) - http://fr.uefa.com/ml/images/clubphoto/600x400/50138.jpg O24 - Desktop Component 57: (no name) - http://wallpapers.soccerfansnetwork.com/wa...nter4.sized.jpg O24 - Desktop Component 58: (no name) - file:///C:/Documents%20and%20Settings/Utilisateur1/Local%20Settings/Temporary%20Internet%20Files/Content.IE5/8ZN76GD1/609710887%5B1%5D.jpg O24 - Desktop Component 59: (no name) - file:///C:/Documents%20and%20Settings/Utilisateur1/Local%20Settings/Temporary%20Internet%20Files/Content.IE5/IX7G54JA/526601813%5B1%5D.jpg O24 - Desktop Component 6: (no name) - http://www.arsenal.com/images/pics/splash/splash_badge.gif O24 - Desktop Component 60: (no name) - http://images.google.fr/images?q=tbn:JP9Jb...b%2520badge.JPG O24 - Desktop Component 61: (no name) - file:///C:/Documents%20and%20Settings/Utilisateur1/Local%20Settings/Temporary%20Internet%20Files/Content.IE5/4XYV8P6N/613720771%5B1%5D.jpg O24 - Desktop Component 62: (no name) - http://fr.uefa.com/MultimediaFiles/Photo/c...EDIUMSQUARE.jpg O24 - Desktop Component 63: (no name) - http://www.inter.it/aas/img/88284.jpg O24 - Desktop Component 64: (no name) - http://images.google.fr/images?q=tbn:ZXP-X...20-%2520Mer.jpg O24 - Desktop Component 65: (no name) - http://www.sitanous.com/images.de.reve/cou...soleil_0003.jpg O24 - Desktop Component 66: (no name) - http://www.rippingthrash.com/FCR011%20cover.JPG O24 - Desktop Component 67: (no name) - http://images.google.fr/images?q=tbn:cmc35...le/FuckNazi.gif O24 - Desktop Component 68: (no name) - http://images.google.fr/images?q=tbn:Qxg7x...ks-fuck-off.jpg O24 - Desktop Component 69: (no name) - http://www.defjay.com/img/top_cover.jpg O24 - Desktop Component 7: (no name) - http://www.inter.it/img/home/logo.gif O24 - Desktop Component 70: (no name) - file:///C:/Documents%20and%20Settings/Utilisateur1/Local%20Settings/Temporary%20Internet%20Files/Content.IE5/IPGFQBGB/88633%5B1%5D.jpg O24 - Desktop Component 71: (no name) - http://images.google.fr/images?q=tbn:QMqgq...ck.ee/logo1.gif O24 - Desktop Component 72: (no name) - http://images.google.fr/images?q=tbn:Fjk3u...08.MZZZZZZZ.jpg O24 - Desktop Component 73: (no name) - http://www.ac-reims.fr/datice/ecole/ia08/c...2/mange_moi.jpg O24 - Desktop Component 74: (no name) - http://www.ac-reims.fr/datice/ecole/ia08/c.../hollandais.jpg O24 - Desktop Component 75: (no name) - http://www.parlonsfoot.com/images/user/champions1.gif O24 - Desktop Component 76: (no name) - http://images.google.fr/images?q=tbn:8njBB...om/i/150/54.jpg O24 - Desktop Component 77: (no name) - http://www.quid.fr/qm/dp_etats/ma_dp.gif O24 - Desktop Component 78: (no name) - http://arifiano.canalblog.com/albums/al_ho...alhoceima13.JPG O24 - Desktop Component 79: (no name) - http://images.google.fr/images?q=tbn:jxr1R...708/logo4zm.jpg O24 - Desktop Component 8: (no name) - http://fr.uefa.com/ml/images/Players/UCL/400X600/24057.jpg O24 - Desktop Component 80: (no name) - http://www.gallimard-jeunesse.fr/encyclope..._pirate007.jpeg O24 - Desktop Component 81: (no name) - http://images.google.fr/images?q=tbn:FjAlw...lle,%2520OM.jpg O24 - Desktop Component 82: (no name) - http://www.quid.fr/qm/dp_etats/ar_dp.gif O24 - Desktop Component 83: (no name) - http://www.uefa.com/MultimediaFiles/Photo/...IGLANDSCAPE.jpg O24 - Desktop Component 84: (no name) - http://fr.uefa.com/ml/images/Players/UCL/400X600/61659.jpg O24 - Desktop Component 85: (no name) - file:///C:/Documents%20and%20Settings/Utilisateur1/Local%20Settings/Temporary%20Internet%20Files/Content.IE5/W43C78MC/612212050%5B1%5D.jpg O24 - Desktop Component 86: (no name) - http://www.om.net/image/site/fr/layout/f_bg.jpg O24 - Desktop Component 87: (no name) - http://thumbs.ebaystatic.com/pict/3200086602388080_0.jpg O24 - Desktop Component 88: (no name) - http://www.footmercato.net/IMG/cache-225x2...047-225x252.jpg O24 - Desktop Component 89: (no name) - http://www.jeunesdumaroc.com/IMG/deadmanschest.jpg O24 - Desktop Component 9: (no name) - http://images.google.fr/images?q=tbn:XLcNt...ori/livorno.gif -- End of file - 16767 bytes
  5. Salut j'ai fait ce tu as demandé, j'ai un petit rapport à te poster: WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect Merci bien.
  6. Salut en faite j'ai commencé la premiere etape qui consistait à reunir les icones, ensuite je n'ai pas accepté la licence. Faut il l'accepter?
  7. Salut bon beh j'ai mis non. Donc j'abandonne la manip combo? C'est bien ca. :P Merci encore.
  8. Ok, sinon je 't'informes que windows a enfin démarré normalement mais la connexion est lente, bref j'attendrais ta réponse avec patience.
  9. Bonsoir, voici les deux rapports: Combo: ComboFix 08-09-20.05 - Utilisateur1 2008-09-21 18:40:14.1 - NTFSx86 MINIMAL Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.85 [GMT 2:00] Lancé depuis: C:\Documents and Settings\Utilisateur1\Bureau\ComboFix.exe AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Utilisateur1\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\WINDOWS\system32\actskn43.ocx . ((((((((((((((((((((((((((((( Fichiers créés du 2008-08-21 au 2008-09-21 )))))))))))))))))))))))))))))))))))) . 2008-09-21 13:31 . 2008-09-21 13:31 55,296 --a------ C:\WINDOWS\system32\drivers\TDSSjcxe.sys 2008-09-21 13:31 . 2008-09-21 13:31 11,264 --a------ C:\WINDOWS\system32\TDSShpue.dll 2008-09-21 13:31 . 2008-09-21 13:31 10,240 --a------ C:\WINDOWS\system32\TDSSevri.dll 2008-09-21 11:31 . 2008-09-21 11:31 <REP> d-------- C:\WINDOWS\ERUNT 2008-09-21 11:30 . 2008-09-21 18:38 <REP> d-------- C:\SDFix 2008-09-20 21:16 . 2008-09-21 13:31 77,824 --a------ C:\WINDOWS\system32\TDSSvfdd.dll 2008-09-20 21:16 . 2008-09-21 13:32 29,184 --a------ C:\WINDOWS\system32\TDSSjmle.dll 2008-09-20 21:14 . 2008-09-21 13:31 36,352 --a------ C:\WINDOWS\system32\TDSSjjsm.dll 2008-09-09 20:20 . 2008-09-09 20:20 <REP> d-------- C:\Program Files\Hp photo 2008-09-09 20:11 . 2008-09-09 20:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Mediafour 2008-09-09 19:35 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-09-09 19:35 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys 2008-09-06 19:13 . 2008-09-07 17:30 <REP> d-------- C:\Program Files\Navilog1 2008-09-06 19:06 . 2008-09-07 17:21 2,732 --a------ C:\Documents and Settings\Orph.egd 2008-09-06 19:05 . 2008-09-07 17:21 <REP> d-------- C:\ToolBar SD 2008-08-26 00:19 . 2008-08-26 07:03 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-20 19:48 --------- d-----w C:\Program Files\Soulseek 2008-09-20 19:45 --------- d-----w C:\Program Files\Best_Security_Tips 2008-09-09 18:12 --------- d-----w C:\Program Files\Fichiers communs\Mediafour 2008-09-09 18:10 --------- d-----w C:\Program Files\Mediafour 2008-08-31 18:34 --------- d-----w C:\Program Files\VideoLAN 2008-08-20 08:42 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-08-20 08:42 --------- d-----w C:\Program Files\Téléchargeur de Beijing 2008 2008-08-12 17:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-07-31 04:17 --------- d-----w C:\Program Files\Replay Media Catcher 2008-07-28 15:00 --------- d-----w C:\Documents and Settings\Utilisateur1\Application Data\Orbit 2008-07-28 14:57 --------- d-----w C:\Documents and Settings\Utilisateur1\Application Data\GrabPro 2008-07-28 10:58 --------- d-----w C:\Documents and Settings\Utilisateur1\Application Data\Xi 2008-07-28 07:15 --------- d-----w C:\Program Files\QuickTime 2008-07-28 07:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-07-28 07:07 --------- d-----w C:\Program Files\Apple Software Update 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-24 16:12 295,936 ----a-w C:\WINDOWS\system32\wmpeffects.dll 2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2007-10-23 17:02 56,568 -c--a-w C:\Documents and Settings\Utilisateur1\Application Data\GDIPFONTCACHEV1.DAT 2005-05-13 16:12 217,073 --sha-r C:\WINDOWS\meta4.exe 2005-10-24 10:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe 2005-10-13 20:27 422,400 --sha-r C:\WINDOWS\x2.64.exe 2005-10-07 18:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll 2005-07-14 11:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll 2005-06-26 14:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll 2005-06-21 21:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll 2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll 2007-12-20 03:53 10,856 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2006-04-27 09:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll 2005-02-28 12:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe 2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VisualTaskTips"="C:\Program Files\VisualTaskTips\VisualTaskTips.exe" [2006-07-31 36864] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 79224] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312] "{B179023B-6238-4499-8F26-CD73E9D90E0A}"="C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe" [2007-07-12 179288] "MDGetStarted.exe"="C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe" [2007-06-13 139264] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= i420vfw.dll "vidc.yv12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSjcxe.sys] @="driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Utilisateur1^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk] path=C:\Documents and Settings\Utilisateur1\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!] --a------ 2008-05-16 01:19 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Configuration de la neuf Box] --------- 2005-12-13 15:19 389120 C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-05 14:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] ---hs---- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a------ 2003-08-15 00:34 57344 C:\WINDOWS\SOUNDMAN.EXE [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "D:\\eMule\\emule.exe"= "C:\\Program Files\\Soulseek\\slsk.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "D:\\soulseek\\slsk.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "13851:TCP"= 13851:TCP:NortonAV "14814:TCP"= 14814:TCP:NortonAV "16082:TCP"= 16082:TCP:NortonAV "17760:TCP"= 17760:TCP:NortonAV S0 MDFSYSNT;MacDrive file system driver;C:\WINDOWS\system32\drivers\MDFSYSNT.sys [2007-07-31 276352] S0 MDPMGRNT;MDPMGRNT;C:\WINDOWS\system32\drivers\MDPMGRNT.sys [2007-02-28 19072] S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 78416] S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 20560] S2 MacDriveService;MacDriveService;C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe [2007-05-01 143360] S3 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2007-10-10 69120] S3 ovt530;Dual Mode USB Camera OV530;C:\WINDOWS\system32\Drivers\ov530vid.sys [ ] S3 RDID1057;EDIROL UA-1EX;C:\WINDOWS\system32\Drivers\rdwm1057.sys [2005-07-04 140930] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16a477a9-c0be-11dc-8369-000c7649993e}] \Shell\AutoRun\command - H:\fooool.exe \Shell\explore\Command - H:\fooool.exe \Shell\open\Command - H:\fooool.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28359b04-c58b-11dc-8375-000c7649993e}] \Shell\AutoRun\command - fooool.exe \Shell\explore\Command - fooool.exe \Shell\open\Command - fooool.exe . Contenu du dossier 'Tâches planifiées' . - - - - ORPHELINS SUPPRIMES - - - - URLSearchHooks-{da30eff8-ccc6-4162-a20d-67402a26a215} - (no file) WebBrowser-{DA30EFF8-CCC6-4162-A20D-67402A26A215} - (no file) ShellIconOverlayIdentifiers-MacDrive Volume Icons - (no file) . ------- Examen supplémentaire ------- . FireFox -: Profile - C:\Documents and Settings\Utilisateur1\Application Data\Mozilla\Firefox\Profiles\f5v4rrrw.default\ . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-21 18:43:17 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- PROCESSUS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\tsd32.dll . Heure de fin: 2008-09-21 18:47:21 ComboFix-quarantined-files.txt 2008-09-21 16:47:16 Avant-CF: 1ÿ586ÿ946ÿ048 octets libres Après-CF: 1,610,694,656 octets libres 167 --- E O F --- 2008-09-10 13:07:56 Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:54:52, on 21/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Utilisateur1\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [{B179023B-6238-4499-8F26-CD73E9D90E0A}] "C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe" O4 - HKLM\..\Run: [MDGetStarted.exe] "C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe" /auto O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: MacDriveService - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O24 - Desktop Component 0: (no name) - http://www.inter.it/aas/img/89936.jpg O24 - Desktop Component 1: (no name) - http://fr.uefa.com/ml/images/logos/players/50138.jpg O24 - Desktop Component 10: (no name) - http://fr.uefa.com/ml/images/Logos/70X70/43.gif O24 - Desktop Component 11: (no name) - http://fr.uefa.com/MultimediaFiles/Photo/E...186_400X600.jpg O24 - Desktop Component 12: (no name) - http://www.uefa.com/MultimediaFiles/Photo/...IGLANDSCAPE.jpg O24 - Desktop Component 13: (no name) - http://www.uefa.com/MultimediaFiles/Photo/...BIGPORTRAIT.jpg O24 - Desktop Component 14: (no name) - http://s.om.net/om/image/phototheque/g/54/10715.jpg O24 - Desktop Component 15: (no name) - http://www.uefa.com/MultimediaFiles/Photo/...UMLANDSCAPE.jpg O24 - Desktop Component 16: (no name) - http://www.futura-sciences.com/img/orage.jpg O24 - Desktop Component 17: (no name) - http://www.lequipe.fr/Football/img/carton_jaune_22.gif O24 - Desktop Component 18: (no name) - http://www.lequipe.fr/Football/img/carton_rouge_22.gif O24 - Desktop Component 19: (no name) - http://www.lequipe.fr/Football/img/flags/flag_BOS.gif O24 - Desktop Component 2: (no name) - http://fr.uefa.com/ml/images/Players/UCL/400X600/4065.jpg O24 - Desktop Component 20: (no name) - http://www.madeinsport.com/photos/OM_REP2_NEW_CLEU_PE2.jpg O24 - Desktop Component 21: (no name) - http://s.om.net/om/image/article/illustrat...g/206/41063.jpg O24 - Desktop Component 22: (no name) - http://s.om.net/om/file/200608/calendrier.gif O24 - Desktop Component 23: (no name) - http://images.metacafe.com/i/shadow.gif O24 - Desktop Component 24: (no name) - http://foot-mercato.blogs.francefootball.c...um_logo_psg.gif O24 - Desktop Component 25: (no name) - http://images.google.fr/images?q=tbn:wZmX4...67179_small.jpg O24 - Desktop Component 26: (no name) - http://images.google.fr/images?q=tbn:Ph_1E...peau_france.JPG O24 - Desktop Component 27: (no name) - http://www.om.net/image/site/fr/layout/h_logo01.gif O24 - Desktop Component 28: (no name) - http://www.alhoceima.com/logo_1.JPG O24 - Desktop Component 29: (no name) - http://www.adidas.com/global/common_images/p.gif O24 - Desktop Component 3: (no name) - http://fr.uefa.com/ml/images/Players/UCL/400X600/23073.jpg O24 - Desktop Component 30: (no name) - http://us.i1.yimg.com/us.yimg.com/i/fifa/0...p07ausrus_l.jpg O24 - Desktop Component 31: (no name) - http://www.lequipe.fr/Football/img/flags/flag_POR.gif O24 - Desktop Component 32: (no name) - http://www.inter.it/media/IC/000734.gif O24 - Desktop Component 33: (no name) - http://www.inter.it/webtemplate/it/stagione/pattern.gif O24 - Desktop Component 34: (no name) - http://www.lequipe.fr/Football/logos/FootballLogo427.gif O24 - Desktop Component 35: (no name) - http://www.inter.it/aas/sponsor/sponsorimg?ID=12 O24 - Desktop Component 36: (no name) - http://www.inter.it/img/headers/eng/header-2007_en.jpg O24 - Desktop Component 37: (no name) - http://www.lequipe.fr/Football/photos/FootballImage21423.jpg O24 - Desktop Component 38: (no name) - http://samiat01.skyblog.com/pics/118355147_small.jpg O24 - Desktop Component 39: (no name) - http://www.uefa.com/MultimediaFiles/Photo/...BIGPORTRAIT.jpg O24 - Desktop Component 4: (no name) - http://www.inter.it/media/IS/000814.jpg O24 - Desktop Component 40: (no name) - http://fr.uefa.com/ml/images/clubphoto/250X167/50138.jpg O24 - Desktop Component 41: (no name) - http://www.inter.it/webtemplate/it/stagion...ive_sponsor.jpg O24 - Desktop Component 42: (no name) - http://www.svbredevoort.nl/knvb.gif O24 - Desktop Component 43: (no name) - http://www.uefa.com/MultimediaFiles/Photo/...UMLANDSCAPE.jpg O24 - Desktop Component 44: (no name) - http://files.datawire.nl/uploads/images/aY...w/knvb_logo.png O24 - Desktop Component 45: (no name) - http://www.lequipe.fr/Football/photos/Foot...00000011405.jpg O24 - Desktop Component 46: (no name) - http://www.inter.it/img/flags/spagna2014.gif O24 - Desktop Component 47: (no name) - http://www.olweb.fr/image/site/fr/home/logo_ol.gif O24 - Desktop Component 48: (no name) - http://www.olweb.fr/image/site/fr/header/b_ligue1a.gif O24 - Desktop Component 49: (no name) - http://www.om.net/image/site/fr/layout/h_logo02.gif O24 - Desktop Component 5: (no name) - http://www.inter.it/media/IS/086297.jpg O24 - Desktop Component 50: (no name) - http://www.om.net/image/site/fr/no_photo_joueur_180.jpg O24 - Desktop Component 51: (no name) - http://pics.mediaplazza.com/t_24/64x64/anim_logo2004_o0.gif O24 - Desktop Component 52: (no name) - http://pics.mediaplazza.com/t_24/64x64/om_00011.gif O24 - Desktop Component 53: (no name) - http://www.lequipe.fr/Football/logos/FootballLogo6.gif O24 - Desktop Component 54: (no name) - http://upload.wikimedia.org/wikipedia/comm...Morocco.svg.png O24 - Desktop Component 55: (no name) - http://uranoscope.free.fr/bestof/couchers_...se_mbesnier.JPG O24 - Desktop Component 56: (no name) - http://fr.uefa.com/ml/images/clubphoto/600x400/50138.jpg O24 - Desktop Component 57: (no name) - http://wallpapers.soccerfansnetwork.com/wa...nter4.sized.jpg O24 - Desktop Component 58: (no name) - file:///C:/Documents%20and%20Settings/Utilisateur1/Local%20Settings/Temporary%20Internet%20Files/Content.IE5/8ZN76GD1/609710887%5B1%5D.jpg O24 - Desktop Component 59: (no name) - file:///C:/Documents%20and%20Settings/Utilisateur1/Local%20Settings/Temporary%20Internet%20Files/Content.IE5/IX7G54JA/526601813%5B1%5D.jpg O24 - Desktop Component 6: (no name) - http://www.arsenal.com/images/pics/splash/splash_badge.gif O24 - Desktop Component 60: (no name) - http://images.google.fr/images?q=tbn:JP9Jb...b%2520badge.JPG O24 - Desktop Component 61: (no name) - file:///C:/Documents%20and%20Settings/Utilisateur1/Local%20Settings/Temporary%20Internet%20Files/Content.IE5/4XYV8P6N/613720771%5B1%5D.jpg O24 - Desktop Component 62: (no name) - http://fr.uefa.com/MultimediaFiles/Photo/c...EDIUMSQUARE.jpg O24 - Desktop Component 63: (no name) - http://www.inter.it/aas/img/88284.jpg O24 - Desktop Component 64: (no name) - http://images.google.fr/images?q=tbn:ZXP-X...20-%2520Mer.jpg O24 - Desktop Component 65: (no name) - http://www.sitanous.com/images.de.reve/cou...soleil_0003.jpg O24 - Desktop Component 66: (no name) - http://www.rippingthrash.com/FCR011%20cover.JPG O24 - Desktop Component 67: (no name) - http://images.google.fr/images?q=tbn:cmc35...le/FuckNazi.gif O24 - Desktop Component 68: (no name) - http://images.google.fr/images?q=tbn:Qxg7x...ks-fuck-off.jpg O24 - Desktop Component 69: (no name) - http://www.defjay.com/img/top_cover.jpg O24 - Desktop Component 7: (no name) - http://www.inter.it/img/home/logo.gif O24 - Desktop Component 70: (no name) - file:///C:/Documents%20and%20Settings/Utilisateur1/Local%20Settings/Temporary%20Internet%20Files/Content.IE5/IPGFQBGB/88633%5B1%5D.jpg O24 - Desktop Component 71: (no name) - http://images.google.fr/images?q=tbn:QMqgq...ck.ee/logo1.gif O24 - Desktop Component 72: (no name) - http://images.google.fr/images?q=tbn:Fjk3u...08.MZZZZZZZ.jpg O24 - Desktop Component 73: (no name) - http://www.ac-reims.fr/datice/ecole/ia08/c...2/mange_moi.jpg O24 - Desktop Component 74: (no name) - http://www.ac-reims.fr/datice/ecole/ia08/c.../hollandais.jpg O24 - Desktop Component 75: (no name) - http://www.parlonsfoot.com/images/user/champions1.gif O24 - Desktop Component 76: (no name) - http://images.google.fr/images?q=tbn:8njBB...om/i/150/54.jpg O24 - Desktop Component 77: (no name) - http://www.quid.fr/qm/dp_etats/ma_dp.gif O24 - Desktop Component 78: (no name) - http://arifiano.canalblog.com/albums/al_ho...alhoceima13.JPG O24 - Desktop Component 79: (no name) - http://images.google.fr/images?q=tbn:jxr1R...708/logo4zm.jpg O24 - Desktop Component 8: (no name) - http://fr.uefa.com/ml/images/Players/UCL/400X600/24057.jpg O24 - Desktop Component 80: (no name) - http://www.gallimard-jeunesse.fr/encyclope..._pirate007.jpeg O24 - Desktop Component 81: (no name) - http://images.google.fr/images?q=tbn:FjAlw...lle,%2520OM.jpg O24 - Desktop Component 82: (no name) - http://www.quid.fr/qm/dp_etats/ar_dp.gif O24 - Desktop Component 83: (no name) - http://www.uefa.com/MultimediaFiles/Photo/...IGLANDSCAPE.jpg O24 - Desktop Component 84: (no name) - http://fr.uefa.com/ml/images/Players/UCL/400X600/61659.jpg O24 - Desktop Component 85: (no name) - file:///C:/Documents%20and%20Settings/Utilisateur1/Local%20Settings/Temporary%20Internet%20Files/Content.IE5/W43C78MC/612212050%5B1%5D.jpg O24 - Desktop Component 86: (no name) - http://www.om.net/image/site/fr/layout/f_bg.jpg O24 - Desktop Component 87: (no name) - http://thumbs.ebaystatic.com/pict/3200086602388080_0.jpg O24 - Desktop Component 88: (no name) - http://www.footmercato.net/IMG/cache-225x2...047-225x252.jpg O24 - Desktop Component 89: (no name) - http://www.jeunesdumaroc.com/IMG/deadmanschest.jpg O24 - Desktop Component 9: (no name) - http://images.google.fr/images?q=tbn:XLcNt...ori/livorno.gif -- End of file - 14777 bytes
  10. Le pc bloque toujours, il n'y a pas de possibilité de voir lancer sdfix, malgré que je l'ai lancé, cette fois ci il y a rien, et en mode sans echec ca ne marche pas, il n'y a que le debut qui marche mais le finished n'apparait pas. Merci d'avance.
  11. Re, Bon maintenant ca a marché, j'ai les deux rapports: Sdfix: SDFix: Version 1.227 Run by Utilisateur1 on 21/09/2008 at 13:18 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Checking Services : Name : tdssserv tdssserv Path : \systemroot\system32\drivers\TDSSjcxe.sys tdssserv - Deleted tdssserv - Deleted Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: Could Not Remove C:\WINDOWS\system32\tdssinit.dll Could Not Remove C:\WINDOWS\system32\tdssservers.dat Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-21 13:34:57 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSjcxe.sys] @="driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDSSjcxe.sys] @="driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv] "start"=dword:00000001 "type"=dword:00000001 "imagepath"=str(2):"\systemroot\system32\drivers\TDSSjcxe.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv\modules] "TDSSserv"="\systemroot\system32\drivers\TDSSjcxe.sys" "TDSSl"="\systemroot\system32\TDSSjjsm.dll" "tdssmain"="\systemroot\system32\TDSSevri.dll" "tdsslog"="\systemroot\system32\TDSShpue.dll" "tdssadw"="\systemroot\system32\TDSSvfdd.dll" "tdssserf"="\systemroot\system32\TDSSjmle.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\TDSSjcxe.sys] @="driver" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\TDSSjcxe.sys] @="driver" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TDSSserv] "start"=dword:00000001 "type"=dword:00000001 "imagepath"=str(2):"\systemroot\system32\drivers\TDSSjcxe.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TDSSserv\modules] "TDSSserv"="\systemroot\system32\drivers\TDSSjcxe.sys" "TDSSl"="\systemroot\system32\TDSSjjsm.dll" "tdssmain"="\systemroot\system32\TDSSevri.dll" "tdsslog"="\systemroot\system32\TDSShpue.dll" "tdssadw"="\systemroot\system32\TDSSvfdd.dll" "tdssserf"="\systemroot\system32\TDSSjmle.dll" scanning hidden registry entries ... scanning hidden files ... C:\WINDOWS\system32\TDSSevri.dll 10240 bytes executable C:\WINDOWS\system32\TDSShpue.dll 11264 bytes executable C:\WINDOWS\system32\tdssinit.dll 53367 bytes C:\WINDOWS\system32\TDSSjjsm.dll 36352 bytes executable C:\WINDOWS\system32\TDSSjmle.dll 29184 bytes executable C:\WINDOWS\system32\tdssservers.dat 254 bytes C:\WINDOWS\system32\TDSSvfdd.dll 77824 bytes executable C:\WINDOWS\system32\drivers\TDSSjcxe.sys 55296 bytes executable C:\WINDOWS\Temp\TDSS37fe.tmp 37376 bytes executable C:\WINDOWS\Temp\TDSS575d.tmp 77824 bytes executable C:\WINDOWS\Temp\TDSS6298.tmp 29696 bytes executable C:\WINDOWS\Temp\TDSScbe6.tmp 57344 bytes executable scan completed successfully hidden processes: 0 hidden services: 1 hidden files: 12 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger" "D:\\eMule\\emule.exe"="D:\\eMule\\emule.exe:*:Enabled:eMule" "C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Disabled:Windows Live Call" "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer" "D:\\soulseek\\slsk.exe"="D:\\soulseek\\slsk.exe:*:Enabled:SoulSeek" "C:\\WINDOWS\\system32\\drivers\\svchost.exe"="C:\\WINDOWS\\system32\\drivers\\svchost.exe:*:Disabled:svchost" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files : C:\WINDOWS\system32\tdssinit.dll Found C:\WINDOWS\system32\tdssservers.dat Found File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Fri 13 May 2005 217,073 A.SHR --- "C:\WINDOWS\meta4.exe" Mon 24 Oct 2005 66,560 A.SHR --- "C:\WINDOWS\MOTA113.exe" Thu 13 Oct 2005 422,400 A.SHR --- "C:\WINDOWS\x2.64.exe" Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe" Wed 22 Jun 2005 45,568 A.SHR --- "C:\Program Files\Replay Converter\cygz.dll" Fri 7 Oct 2005 308,224 A.SHR --- "C:\WINDOWS\system32\avisynth.dll" Thu 14 Jul 2005 27,648 A.SHR --- "C:\WINDOWS\system32\AVSredirect.dll" Sun 26 Jun 2005 616,448 A.SHR --- "C:\WINDOWS\system32\cygwin1.dll" Tue 21 Jun 2005 45,568 A.SHR --- "C:\WINDOWS\system32\cygz.dll" Sun 25 Jan 2004 70,656 A.SHR --- "C:\WINDOWS\system32\i420vfw.dll" Thu 20 Dec 2007 10,856 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys" Thu 27 Apr 2006 2,945,024 A.SHR --- "C:\WINDOWS\system32\Smab.dll" Wed 8 Nov 2006 9 A..H. --- "C:\WINDOWS\system32\wxmmin.dll" Mon 28 Feb 2005 240,128 A.SHR --- "C:\WINDOWS\system32\x.264.exe" Sun 25 Jan 2004 70,656 A.SHR --- "C:\WINDOWS\system32\yv12vfw.dll" Sun 16 Jul 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Sat 2 Dec 2006 24,064 ...H. --- "C:\Documents and Settings\Utilisateur1\Mes documents\~WRL0001.tmp" Sat 17 Mar 2007 30,208 ...H. --- "C:\Documents and Settings\Utilisateur1\Mes documents\~WRL0002.tmp" Fri 22 Dec 2006 24,064 ...H. --- "C:\Documents and Settings\Utilisateur1\Mes documents\~WRL0003.tmp" Sat 17 Mar 2007 30,208 ...H. --- "C:\Documents and Settings\Utilisateur1\Mes documents\~WRL0005.tmp" Sat 17 Mar 2007 33,280 ...H. --- "C:\Documents and Settings\Utilisateur1\Mes documents\~WRL0127.tmp" Sat 17 Mar 2007 31,232 ...H. --- "C:\Documents and Settings\Utilisateur1\Mes documents\~WRL0211.tmp" Sat 17 Mar 2007 31,232 ...H. --- "C:\Documents and Settings\Utilisateur1\Mes documents\~WRL1424.tmp" Sat 17 Mar 2007 34,304 ...H. --- "C:\Documents and Settings\Utilisateur1\Mes documents\~WRL2087.tmp" Sat 17 Mar 2007 33,792 ...H. --- "C:\Documents and Settings\Utilisateur1\Mes documents\~WRL2864.tmp" Sat 17 Mar 2007 31,744 ...H. --- "C:\Documents and Settings\Utilisateur1\Mes documents\~WRL2931.tmp" Sat 17 Mar 2007 32,256 ...H. --- "C:\Documents and Settings\Utilisateur1\Mes documents\~WRL3973.tmp" Thu 28 Dec 2006 72,192 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe" Wed 11 Jan 2006 15,872 A.SHR --- "C:\Program Files\eRightSoft\SUPER\_Setup.dll" Mon 11 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp" Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll" Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll" Tue 10 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll" Tue 10 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll" Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll" Tue 10 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll" Tue 10 Dec 2002 94,208 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll" Tue 10 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll" Sun 4 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll" Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll" Fri 20 Feb 2004 548,940 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll" Tue 10 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll" Tue 9 Sep 2008 8,434,443 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f2e9882b3dda82dfeae7b459bacb35bb\BIT4D5.tmp" Wed 20 Aug 2008 444 ...HR --- "C:\Documents and Settings\Utilisateur1\Application Data\SecuROM\UserData\securom_v7_01.bak" Sun 16 Jul 2006 4,348 ...H. --- "C:\Documents and Settings\Utilisateur1\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak" Sun 16 Jul 2006 20 A..H. --- "C:\Documents and Settings\Utilisateur1\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak" Mon 10 Jul 2006 312 A.SH. --- "C:\Documents and Settings\Utilisateur1\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak" Finished! Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:48:37, on 21/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Utilisateur1\Bureau\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {da30eff8-ccc6-4162-a20d-67402a26a215} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [{B179023B-6238-4499-8F26-CD73E9D90E0A}] "C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe" O4 - HKLM\..\Run: [MDGetStarted.exe] "C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe" /auto O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: MacDriveService - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O24 - Desktop Component 0: (no name) - http://www.inter.it/aas/img/89936.jpg O24 - Desktop Component 1: (no name) - http://fr.uefa.com/ml/images/logos/players/50138.jpg O24 - Desktop Component 10: (no name) - http://fr.uefa.com/ml/images/Logos/70X70/43.gif O24 - Desktop Component 11: (no name) - http://fr.uefa.com/MultimediaFiles/Photo/E...186_400X600.jpg O24 - Desktop Component 12: (no name) - http://www.uefa.com/MultimediaFiles/Photo/...IGLANDSCAPE.jpg O24 - Desktop Component 13: (no name) - http://www.uefa.com/MultimediaFiles/Photo/...BIGPORTRAIT.jpg O24 - Desktop Component 14: (no name) - http://s.om.net/om/image/phototheque/g/54/10715.jpg O24 - Desktop Component 15: (no name) - http://www.uefa.com/MultimediaFiles/Photo/...UMLANDSCAPE.jpg O24 - Desktop Component 16: (no name) - http://www.futura-sciences.com/img/orage.jpg O24 - Desktop Component 17: (no name) - http://www.lequipe.fr/Football/img/carton_jaune_22.gif O24 - Desktop Component 18: (no name) - http://www.lequipe.fr/Football/img/carton_rouge_22.gif O24 - Desktop Component 19: (no name) - http://www.lequipe.fr/Football/img/flags/flag_BOS.gif O24 - Desktop Component 2: (no name) - http://fr.uefa.com/ml/images/Players/UCL/400X600/4065.jpg O24 - Desktop Component 20: (no name) - http://www.madeinsport.com/photos/OM_REP2_NEW_CLEU_PE2.jpg O24 - Desktop Component 21: (no name) - http://s.om.net/om/image/article/illustrat...g/206/41063.jpg O24 - Desktop Component 22: (no name) - http://s.om.net/om/file/200608/calendrier.gif O24 - Desktop Component 23: (no name) - http://images.metacafe.com/i/shadow.gif O24 - Desktop Component 24: (no name) - http://foot-mercato.blogs.francefootball.c...um_logo_psg.gif O24 - Desktop Component 25: (no name) - http://images.google.fr/images?q=tbn:wZmX4...67179_small.jpg O24 - Desktop Component 26: (no name) - http://images.google.fr/images?q=tbn:Ph_1E...peau_france.JPG O24 - Desktop Component 27: (no name) - http://www.om.net/image/site/fr/layout/h_logo01.gif O24 - Desktop Component 28: (no name) - http://www.alhoceima.com/logo_1.JPG O24 - Desktop Component 29: (no name) - http://www.adidas.com/global/common_images/p.gif O24 - Desktop Component 3: (no name) - http://fr.uefa.com/ml/images/Players/UCL/400X600/23073.jpg O24 - Desktop Component 30: (no name) - http://us.i1.yimg.com/us.yimg.com/i/fifa/0...p07ausrus_l.jpg O24 - Desktop Component 31: (no name) - http://www.lequipe.fr/Football/img/flags/flag_POR.gif O24 - Desktop Component 32: (no name) - http://www.inter.it/media/IC/000734.gif O24 - Desktop Component 33: (no name) - http://www.inter.it/webtemplate/it/stagione/pattern.gif O24 - Desktop Component 34: (no name) - http://www.lequipe.fr/Football/logos/FootballLogo427.gif O24 - Desktop Component 35: (no name) - http://www.inter.it/aas/sponsor/sponsorimg?ID=12 O24 - Desktop Component 36: (no name) - http://www.inter.it/img/headers/eng/header-2007_en.jpg O24 - Desktop Component 37: (no name) - http://www.lequipe.fr/Football/photos/FootballImage21423.jpg O24 - Desktop Component 38: (no name) - http://samiat01.skyblog.com/pics/118355147_small.jpg O24 - Desktop Component 39: (no name) - http://www.uefa.com/MultimediaFiles/Photo/...BIGPORTRAIT.jpg O24 - Desktop Component 4: (no name) - http://www.inter.it/media/IS/000814.jpg O24 - Desktop Component 40: (no name) - http://fr.uefa.com/ml/images/clubphoto/250X167/50138.jpg O24 - Desktop Component 41: (no name) - http://www.inter.it/webtemplate/it/stagion...ive_sponsor.jpg O24 - Desktop Component 42: (no name) - http://www.svbredevoort.nl/knvb.gif O24 - Desktop Component 43: (no name) - http://www.uefa.com/MultimediaFiles/Photo/...UMLANDSCAPE.jpg O24 - Desktop Component 44: (no name) - http://files.datawire.nl/uploads/images/aY...w/knvb_logo.png O24 - Desktop Component 45: (no name) - http://www.lequipe.fr/Football/photos/Foot...00000011405.jpg O24 - Desktop Component 46: (no name) - http://www.inter.it/img/flags/spagna2014.gif O24 - Desktop Component 47: (no name) - http://www.olweb.fr/image/site/fr/home/logo_ol.gif O24 - Desktop Component 48: (no name) - http://www.olweb.fr/image/site/fr/header/b_ligue1a.gif O24 - Desktop Component 49: (no name) - http://www.om.net/image/site/fr/layout/h_logo02.gif O24 - Desktop Component 5: (no name) - http://www.inter.it/media/IS/086297.jpg O24 - Desktop Component 50: (no name) - http://www.om.net/image/site/fr/no_photo_joueur_180.jpg O24 - Desktop Component 51: (no name) - http://pics.mediaplazza.com/t_24/64x64/anim_logo2004_o0.gif O24 - Desktop Component 52: (no name) - http://pics.mediaplazza.com/t_24/64x64/om_00011.gif O24 - Desktop Component 53: (no name) - http://www.lequipe.fr/Football/logos/FootballLogo6.gif O24 - Desktop Component 54: (no name) - http://upload.wikimedia.org/wikipedia/comm...Morocco.svg.png O24 - Desktop Component 55: (no name) - http://uranoscope.free.fr/bestof/couchers_...se_mbesnier.JPG O24 - Desktop Component 56: (no name) - http://fr.uefa.com/ml/images/clubphoto/600x400/50138.jpg O24 - Desktop Component 57: (no name) - http://wallpapers.soccerfansnetwork.com/wa...nter4.sized.jpg O24 - Desktop Component 58: (no name) - file:///C:/Documents%20and%20Settings/Utilisateur1/Local%20Settings/Temporary%20Internet%20Files/Content.IE5/8ZN76GD1/609710887%5B1%5D.jpg O24 - Desktop Component 59: (no name) - file:///C:/Documents%20and%20Settings/Utilisateur1/Local%20Settings/Temporary%20Internet%20Files/Content.IE5/IX7G54JA/526601813%5B1%5D.jpg O24 - Desktop Component 6: (no name) - http://www.arsenal.com/images/pics/splash/splash_badge.gif O24 - Desktop Component 60: (no name) - http://images.google.fr/images?q=tbn:JP9Jb...b%2520badge.JPG O24 - Desktop Component 61: (no name) - file:///C:/Documents%20and%20Settings/Utilisateur1/Local%20Settings/Temporary%20Internet%20Files/Content.IE5/4XYV8P6N/613720771%5B1%5D.jpg O24 - Desktop Component 62: (no name) - http://fr.uefa.com/MultimediaFiles/Photo/c...EDIUMSQUARE.jpg O24 - Desktop Component 63: (no name) - http://www.inter.it/aas/img/88284.jpg O24 - Desktop Component 64: (no name) - http://images.google.fr/images?q=tbn:ZXP-X...20-%2520Mer.jpg O24 - Desktop Component 65: (no name) - http://www.sitanous.com/images.de.reve/cou...soleil_0003.jpg O24 - Desktop Component 66: (no name) - http://www.rippingthrash.com/FCR011%20cover.JPG O24 - Desktop Component 67: (no name) - http://images.google.fr/images?q=tbn:cmc35...le/FuckNazi.gif O24 - Desktop Component 68: (no name) - http://images.google.fr/images?q=tbn:Qxg7x...ks-fuck-off.jpg O24 - Desktop Component 69: (no name) - http://www.defjay.com/img/top_cover.jpg O24 - Desktop Component 7: (no name) - http://www.inter.it/img/home/logo.gif O24 - Desktop Component 70: (no name) - file:///C:/Documents%20and%20Settings/Utilisateur1/Local%20Settings/Temporary%20Internet%20Files/Content.IE5/IPGFQBGB/88633%5B1%5D.jpg O24 - Desktop Component 71: (no name) - http://images.google.fr/images?q=tbn:QMqgq...ck.ee/logo1.gif O24 - Desktop Component 72: (no name) - http://images.google.fr/images?q=tbn:Fjk3u...08.MZZZZZZZ.jpg O24 - Desktop Component 73: (no name) - http://www.ac-reims.fr/datice/ecole/ia08/c...2/mange_moi.jpg O24 - Desktop Component 74: (no name) - http://www.ac-reims.fr/datice/ecole/ia08/c.../hollandais.jpg O24 - Desktop Component 75: (no name) - http://www.parlonsfoot.com/images/user/champions1.gif O24 - Desktop Component 76: (no name) - http://images.google.fr/images?q=tbn:8njBB...om/i/150/54.jpg O24 - Desktop Component 77: (no name) - http://www.quid.fr/qm/dp_etats/ma_dp.gif O24 - Desktop Component 78: (no name) - http://arifiano.canalblog.com/albums/al_ho...alhoceima13.JPG O24 - Desktop Component 79: (no name) - http://images.google.fr/images?q=tbn:jxr1R...708/logo4zm.jpg O24 - Desktop Component 8: (no name) - http://fr.uefa.com/ml/images/Players/UCL/400X600/24057.jpg O24 - Desktop Component 80: (no name) - http://www.gallimard-jeunesse.fr/encyclope..._pirate007.jpeg O24 - Desktop Component 81: (no name) - http://images.google.fr/images?q=tbn:FjAlw...lle,%2520OM.jpg O24 - Desktop Component 82: (no name) - http://www.quid.fr/qm/dp_etats/ar_dp.gif O24 - Desktop Component 83: (no name) - http://www.uefa.com/MultimediaFiles/Photo/...IGLANDSCAPE.jpg O24 - Desktop Component 84: (no name) - http://fr.uefa.com/ml/images/Players/UCL/400X600/61659.jpg O24 - Desktop Component 85: (no name) - file:///C:/Documents%20and%20Settings/Utilisateur1/Local%20Settings/Temporary%20Internet%20Files/Content.IE5/W43C78MC/612212050%5B1%5D.jpg O24 - Desktop Component 86: (no name) - http://www.om.net/image/site/fr/layout/f_bg.jpg O24 - Desktop Component 87: (no name) - http://thumbs.ebaystatic.com/pict/3200086602388080_0.jpg O24 - Desktop Component 88: (no name) - http://www.footmercato.net/IMG/cache-225x2...047-225x252.jpg O24 - Desktop Component 89: (no name) - http://www.jeunesdumaroc.com/IMG/deadmanschest.jpg O24 - Desktop Component 9: (no name) - http://images.google.fr/images?q=tbn:XLcNt...ori/livorno.gif -- End of file - 14953 bytes Merci d'avance.
  12. Salut ca fait deux fois que je redémarre en mode sans echec mais il ne se lance pas!!! :P Sinon j'ai trouvé ca: SDFix: Version 1.227 Run by Utilisateur1 on 21/09/2008 at 11:34 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Checking Services : Name : tdssserv Path : \systemroot\system32\drivers\TDSSjcxe.sys tdssserv - Deleted Restoring Default Security Values Restoring Default Hosts File Restoring Default Desktop Wallpaper
  13. Bonjour, j'ai pas compris ce que tu as voulu dire pour la <ré infection" cotton">. Bon je poste les deux rapports, par contre sdefix me pond un rapport catch me et le redémarrage sans échec s'est fait rapidement que prevu sans me m'informer du finish: Sdfix: file copied: C:\WINDOWS\system32\upnpui.dll -> C:\WINDOWS\temp\SDFix_Filecheck\upnpui.dll ( 240128 bytes ) file copied: C:\WINDOWS\explorer.exe -> C:\WINDOWS\temp\SDFix_Filecheck\SF\explorer.exe ( 1037312 bytes ) file copied: C:\WINDOWS\system32\lsass.exe -> C:\WINDOWS\temp\SDFix_Filecheck\SF\lsass.exe ( 13312 bytes ) file copied: C:\WINDOWS\system32\services.exe -> C:\WINDOWS\temp\SDFix_Filecheck\SF\services.exe ( 108544 bytes ) file copied: C:\WINDOWS\system32\spoolsv.exe -> C:\WINDOWS\temp\SDFix_Filecheck\SF\spoolsv.exe ( 57856 bytes ) file copied: C:\WINDOWS\system32\svchost.exe -> C:\WINDOWS\temp\SDFix_Filecheck\SF\svchost.exe ( 14336 bytes ) file copied: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\temp\SDFix_Filecheck\SF\winlogon.exe ( 506368 bytes ) Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:45:11, on 21/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Utilisateur1\Bureau\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {da30eff8-ccc6-4162-a20d-67402a26a215} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [{B179023B-6238-4499-8F26-CD73E9D90E0A}] "C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe" O4 - HKLM\..\Run: [MDGetStarted.exe] "C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe" /auto O4 - HKLM\..\Run: [sDFix] C:\SDFix\RunThis.bat /second O4 - HKLM\..\RunOnce: [sDFix] C:\SDFix\RunThis.bat /second O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: MacDriveService - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O24 - Desktop Component 0: (no name) - http://www.inter.it/aas/img/89936.jpg O24 - Desktop Component 1: (no name) - http://fr.uefa.com/ml/images/logos/players/50138.jpg O24 - Desktop Component 10: (no name) - http://fr.uefa.com/ml/images/Logos/70X70/43.gif O24 - Desktop Component 11: (no name) - http://fr.uefa.com/MultimediaFiles/Photo/E...186_400X600.jpg O24 - Desktop Component 12: (no name) - http://www.uefa.com/MultimediaFiles/Photo/...IGLANDSCAPE.jpg O24 - Desktop Component 13: (no name) - http://www.uefa.com/MultimediaFiles/Photo/...BIGPORTRAIT.jpg O24 - Desktop Component 14: (no name) - http://s.om.net/om/image/phototheque/g/54/10715.jpg O24 - Desktop Component 15: (no name) - http://www.uefa.com/MultimediaFiles/Photo/...UMLANDSCAPE.jpg O24 - Desktop Component 16: (no name) - http://www.futura-sciences.com/img/orage.jpg O24 - Desktop Component 17: (no name) - http://www.lequipe.fr/Football/img/carton_jaune_22.gif O24 - Desktop Component 18: (no name) - http://www.lequipe.fr/Football/img/carton_rouge_22.gif O24 - Desktop Component 19: (no name) - http://www.lequipe.fr/Football/img/flags/flag_BOS.gif O24 - Desktop Component 2: (no name) - http://fr.uefa.com/ml/images/Players/UCL/400X600/4065.jpg O24 - Desktop Component 20: (no name) - http://www.madeinsport.com/photos/OM_REP2_NEW_CLEU_PE2.jpg O24 - Desktop Component 21: (no name) - http://s.om.net/om/image/article/illustrat...g/206/41063.jpg O24 - Desktop Component 22: (no name) - http://s.om.net/om/file/200608/calendrier.gif O24 - Desktop Component 23: (no name) - http://images.metacafe.com/i/shadow.gif O24 - Desktop Component 24: (no name) - http://foot-mercato.blogs.francefootball.c...um_logo_psg.gif O24 - Desktop Component 25: (no name) - http://images.google.fr/images?q=tbn:wZmX4...67179_small.jpg O24 - Desktop Component 26: (no name) - http://images.google.fr/images?q=tbn:Ph_1E...peau_france.JPG O24 - Desktop Component 27: (no name) - http://www.om.net/image/site/fr/layout/h_logo01.gif O24 - Desktop Component 28: (no name) - http://www.alhoceima.com/logo_1.JPG O24 - Desktop Component 29: (no name) - http://www.adidas.com/global/common_images/p.gif O24 - Desktop Component 3: (no name) - http://fr.uefa.com/ml/images/Players/UCL/400X600/23073.jpg O24 - Desktop Component 30: (no name) - http://us.i1.yimg.com/us.yimg.com/i/fifa/0...p07ausrus_l.jpg O24 - Desktop Component 31: (no name) - http://www.lequipe.fr/Football/img/flags/flag_POR.gif O24 - Desktop Component 32: (no name) - http://www.inter.it/media/IC/000734.gif O24 - Desktop Component 33: (no name) - http://www.inter.it/webtemplate/it/stagione/pattern.gif O24 - Desktop Component 34: (no name) - http://www.lequipe.fr/Football/logos/FootballLogo427.gif O24 - Desktop Component 35: (no name) - http://www.inter.it/aas/sponsor/sponsorimg?ID=12 O24 - Desktop Component 36: (no name) - http://www.inter.it/img/headers/eng/header-2007_en.jpg O24 - Desktop Component 37: (no name) - http://www.lequipe.fr/Football/photos/FootballImage21423.jpg O24 - Desktop Component 38: (no name) - http://samiat01.skyblog.com/pics/118355147_small.jpg O24 - Desktop Component 39: (no name) - http://www.uefa.com/MultimediaFiles/Photo/...BIGPORTRAIT.jpg O24 - Desktop Component 4: (no name) - http://www.inter.it/media/IS/000814.jpg O24 - Desktop Component 40: (no name) - http://fr.uefa.com/ml/images/clubphoto/250X167/50138.jpg O24 - Desktop Component 41: (no name) - http://www.inter.it/webtemplate/it/stagion...ive_sponsor.jpg O24 - Desktop Component 42: (no name) - http://www.svbredevoort.nl/knvb.gif O24 - Desktop Component 43: (no name) - http://www.uefa.com/MultimediaFiles/Photo/...UMLANDSCAPE.jpg O24 - Desktop Component 44: (no name) - http://files.datawire.nl/uploads/images/aY...w/knvb_logo.png O24 - Desktop Component 45: (no name) - http://www.lequipe.fr/Football/photos/Foot...00000011405.jpg O24 - Desktop Component 46: (no name) - http://www.inter.it/img/flags/spagna2014.gif O24 - Desktop Component 47: (no name) - http://www.olweb.fr/image/site/fr/home/logo_ol.gif O24 - Desktop Component 48: (no name) - http://www.olweb.fr/image/site/fr/header/b_ligue1a.gif O24 - Desktop Component 49: (no name) - http://www.om.net/image/site/fr/layout/h_logo02.gif O24 - Desktop Component 5: (no name) - http://www.inter.it/media/IS/086297.jpg O24 - Desktop Component 50: (no name) - http://www.om.net/image/site/fr/no_photo_joueur_180.jpg O24 - Desktop Component 51: (no name) - http://pics.mediaplazza.com/t_24/64x64/anim_logo2004_o0.gif O24 - Desktop Component 52: (no name) - http://pics.mediaplazza.com/t_24/64x64/om_00011.gif O24 - Desktop Component 53: (no name) - http://www.lequipe.fr/Football/logos/FootballLogo6.gif O24 - Desktop Component 54: (no name) - http://upload.wikimedia.org/wikipedia/comm...Morocco.svg.png O24 - Desktop Component 55: (no name) - http://uranoscope.free.fr/bestof/couchers_...se_mbesnier.JPG O24 - Desktop Component 56: (no name) - http://fr.uefa.com/ml/images/clubphoto/600x400/50138.jpg O24 - Desktop Component 57: (no name) - http://wallpapers.soccerfansnetwork.com/wa...nter4.sized.jpg O24 - Desktop Component 58: (no name) - file:///C:/Documents%20and%20Settings/Utilisateur1/Local%20Settings/Temporary%20Internet%20Files/Content.IE5/8ZN76GD1/609710887%5B1%5D.jpg O24 - Desktop Component 59: (no name) - file:///C:/Documents%20and%20Settings/Utilisateur1/Local%20Settings/Temporary%20Internet%20Files/Content.IE5/IX7G54JA/526601813%5B1%5D.jpg O24 - Desktop Component 6: (no name) - http://www.arsenal.com/images/pics/splash/splash_badge.gif O24 - Desktop Component 60: (no name) - http://images.google.fr/images?q=tbn:JP9Jb...b%2520badge.JPG O24 - Desktop Component 61: (no name) - file:///C:/Documents%20and%20Settings/Utilisateur1/Local%20Settings/Temporary%20Internet%20Files/Content.IE5/4XYV8P6N/613720771%5B1%5D.jpg O24 - Desktop Component 62: (no name) - http://fr.uefa.com/MultimediaFiles/Photo/c...EDIUMSQUARE.jpg O24 - Desktop Component 63: (no name) - http://www.inter.it/aas/img/88284.jpg O24 - Desktop Component 64: (no name) - http://images.google.fr/images?q=tbn:ZXP-X...20-%2520Mer.jpg O24 - Desktop Component 65: (no name) - http://www.sitanous.com/images.de.reve/cou...soleil_0003.jpg O24 - Desktop Component 66: (no name) - http://www.rippingthrash.com/FCR011%20cover.JPG O24 - Desktop Component 67: (no name) - http://images.google.fr/images?q=tbn:cmc35...le/FuckNazi.gif O24 - Desktop Component 68: (no name) - http://images.google.fr/images?q=tbn:Qxg7x...ks-fuck-off.jpg O24 - Desktop Component 69: (no name) - http://www.defjay.com/img/top_cover.jpg O24 - Desktop Component 7: (no name) - http://www.inter.it/img/home/logo.gif O24 - Desktop Component 70: (no name) - file:///C:/Documents%20and%20Settings/Utilisateur1/Local%20Settings/Temporary%20Internet%20Files/Content.IE5/IPGFQBGB/88633%5B1%5D.jpg O24 - Desktop Component 71: (no name) - http://images.google.fr/images?q=tbn:QMqgq...ck.ee/logo1.gif O24 - Desktop Component 72: (no name) - http://images.google.fr/images?q=tbn:Fjk3u...08.MZZZZZZZ.jpg O24 - Desktop Component 73: (no name) - http://www.ac-reims.fr/datice/ecole/ia08/c...2/mange_moi.jpg O24 - Desktop Component 74: (no name) - http://www.ac-reims.fr/datice/ecole/ia08/c.../hollandais.jpg O24 - Desktop Component 75: (no name) - http://www.parlonsfoot.com/images/user/champions1.gif O24 - Desktop Component 76: (no name) - http://images.google.fr/images?q=tbn:8njBB...om/i/150/54.jpg O24 - Desktop Component 77: (no name) - http://www.quid.fr/qm/dp_etats/ma_dp.gif O24 - Desktop Component 78: (no name) - http://arifiano.canalblog.com/albums/al_ho...alhoceima13.JPG O24 - Desktop Component 79: (no name) - http://images.google.fr/images?q=tbn:jxr1R...708/logo4zm.jpg O24 - Desktop Component 8: (no name) - http://fr.uefa.com/ml/images/Players/UCL/400X600/24057.jpg O24 - Desktop Component 80: (no name) - http://www.gallimard-jeunesse.fr/encyclope..._pirate007.jpeg O24 - Desktop Component 81: (no name) - http://images.google.fr/images?q=tbn:FjAlw...lle,%2520OM.jpg O24 - Desktop Component 82: (no name) - http://www.quid.fr/qm/dp_etats/ar_dp.gif O24 - Desktop Component 83: (no name) - http://www.uefa.com/MultimediaFiles/Photo/...IGLANDSCAPE.jpg O24 - Desktop Component 84: (no name) - http://fr.uefa.com/ml/images/Players/UCL/400X600/61659.jpg O24 - Desktop Component 85: (no name) - file:///C:/Documents%20and%20Settings/Utilisateur1/Local%20Settings/Temporary%20Internet%20Files/Content.IE5/W43C78MC/612212050%5B1%5D.jpg O24 - Desktop Component 86: (no name) - http://www.om.net/image/site/fr/layout/f_bg.jpg O24 - Desktop Component 87: (no name) - http://thumbs.ebaystatic.com/pict/3200086602388080_0.jpg O24 - Desktop Component 88: (no name) - http://www.footmercato.net/IMG/cache-225x2...047-225x252.jpg O24 - Desktop Component 89: (no name) - http://www.jeunesdumaroc.com/IMG/deadmanschest.jpg O24 - Desktop Component 9: (no name) - http://images.google.fr/images?q=tbn:XLcNt...ori/livorno.gif -- End of file - 15135 bytes
×
×
  • Créer...