Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Virus et publicités

olympiquedemars
 Partager

Messages recommandés

Le sioux Full Patch Member

Le sioux

Posté(e)
Posté(e)

Bonjour olympiquedemars

 

OK, je comprends mieux tout cela, tu peux ajouter par la dessus une ré infection "cotton" :P

 

J'attends de tes nouvelles.

 

@ plus.

olympiquedemars Member

olympiquedemars

Posté(e)
  • Auteur
Posté(e) (modifié)

Bonjour, j'ai pas compris ce que tu as voulu dire pour la <ré infection" cotton">.

 

 

Bon je poste les deux rapports, par contre sdefix me pond un rapport catch me et le redémarrage sans échec s'est fait rapidement que prevu sans me m'informer du finish:

 

 

Sdfix:

 

file copied: C:\WINDOWS\system32\upnpui.dll -> C:\WINDOWS\temp\SDFix_Filecheck\upnpui.dll ( 240128 bytes )

file copied: C:\WINDOWS\explorer.exe -> C:\WINDOWS\temp\SDFix_Filecheck\SF\explorer.exe ( 1037312 bytes )

file copied: C:\WINDOWS\system32\lsass.exe -> C:\WINDOWS\temp\SDFix_Filecheck\SF\lsass.exe ( 13312 bytes )

file copied: C:\WINDOWS\system32\services.exe -> C:\WINDOWS\temp\SDFix_Filecheck\SF\services.exe ( 108544 bytes )

file copied: C:\WINDOWS\system32\spoolsv.exe -> C:\WINDOWS\temp\SDFix_Filecheck\SF\spoolsv.exe ( 57856 bytes )

file copied: C:\WINDOWS\system32\svchost.exe -> C:\WINDOWS\temp\SDFix_Filecheck\SF\svchost.exe ( 14336 bytes )

file copied: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\temp\SDFix_Filecheck\SF\winlogon.exe ( 506368 bytes )

 

Hijackthis:

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:45:11, on 21/09/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

Boot mode: Safe mode

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Utilisateur1\Bureau\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {da30eff8-ccc6-4162-a20d-67402a26a215} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [{B179023B-6238-4499-8F26-CD73E9D90E0A}] "C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe"

O4 - HKLM\..\Run: [MDGetStarted.exe] "C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe" /auto

O4 - HKLM\..\Run: [sDFix] C:\SDFix\RunThis.bat /second

O4 - HKLM\..\RunOnce: [sDFix] C:\SDFix\RunThis.bat /second

O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: MacDriveService - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe

O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE

O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

O24 - Desktop Component 0: (no name) - http://www.inter.it/aas/img/89936.jpg

O24 - Desktop Component 1: (no name) - http://fr.uefa.com/ml/images/logos/players/50138.jpg

O24 - Desktop Component 10: (no name) - http://fr.uefa.com/ml/images/Logos/70X70/43.gif

O24 - Desktop Component 11: (no name) - http://fr.uefa.com/MultimediaFiles/Photo/E...186_400X600.jpg

O24 - Desktop Component 12: (no name) - http://www.uefa.com/MultimediaFiles/Photo/...IGLANDSCAPE.jpg

O24 - Desktop Component 13: (no name) - http://www.uefa.com/MultimediaFiles/Photo/...BIGPORTRAIT.jpg

O24 - Desktop Component 14: (no name) - http://s.om.net/om/image/phototheque/g/54/10715.jpg

O24 - Desktop Component 15: (no name) - http://www.uefa.com/MultimediaFiles/Photo/...UMLANDSCAPE.jpg

O24 - Desktop Component 16: (no name) - http://www.futura-sciences.com/img/orage.jpg

O24 - Desktop Component 17: (no name) - http://www.lequipe.fr/Football/img/carton_jaune_22.gif

O24 - Desktop Component 18: (no name) - http://www.lequipe.fr/Football/img/carton_rouge_22.gif

O24 - Desktop Component 19: (no name) - http://www.lequipe.fr/Football/img/flags/flag_BOS.gif

O24 - Desktop Component 2: (no name) - http://fr.uefa.com/ml/images/Players/UCL/400X600/4065.jpg

O24 - Desktop Component 20: (no name) - http://www.madeinsport.com/photos/OM_REP2_NEW_CLEU_PE2.jpg

O24 - Desktop Component 21: (no name) - http://s.om.net/om/image/article/illustrat...g/206/41063.jpg

O24 - Desktop Component 22: (no name) - http://s.om.net/om/file/200608/calendrier.gif

O24 - Desktop Component 23: (no name) - http://images.metacafe.com/i/shadow.gif

O24 - Desktop Component 24: (no name) - http://foot-mercato.blogs.francefootball.c...um_logo_psg.gif

O24 - Desktop Component 25: (no name) - http://images.google.fr/images?q=tbn:wZmX4...67179_small.jpg

O24 - Desktop Component 26: (no name) - http://images.google.fr/images?q=tbn:Ph_1E...peau_france.JPG

O24 - Desktop Component 27: (no name) - http://www.om.net/image/site/fr/layout/h_logo01.gif

O24 - Desktop Component 28: (no name) - http://www.alhoceima.com/logo_1.JPG

O24 - Desktop Component 29: (no name) - http://www.adidas.com/global/common_images/p.gif

O24 - Desktop Component 3: (no name) - http://fr.uefa.com/ml/images/Players/UCL/400X600/23073.jpg

O24 - Desktop Component 30: (no name) - http://us.i1.yimg.com/us.yimg.com/i/fifa/0...p07ausrus_l.jpg

O24 - Desktop Component 31: (no name) - http://www.lequipe.fr/Football/img/flags/flag_POR.gif

O24 - Desktop Component 32: (no name) - http://www.inter.it/media/IC/000734.gif

O24 - Desktop Component 33: (no name) - http://www.inter.it/webtemplate/it/stagione/pattern.gif

O24 - Desktop Component 34: (no name) - http://www.lequipe.fr/Football/logos/FootballLogo427.gif

O24 - Desktop Component 35: (no name) - http://www.inter.it/aas/sponsor/sponsorimg?ID=12

O24 - Desktop Component 36: (no name) - http://www.inter.it/img/headers/eng/header-2007_en.jpg

O24 - Desktop Component 37: (no name) - http://www.lequipe.fr/Football/photos/FootballImage21423.jpg

O24 - Desktop Component 38: (no name) - http://samiat01.skyblog.com/pics/118355147_small.jpg

O24 - Desktop Component 39: (no name) - http://www.uefa.com/MultimediaFiles/Photo/...BIGPORTRAIT.jpg

O24 - Desktop Component 4: (no name) - http://www.inter.it/media/IS/000814.jpg

O24 - Desktop Component 40: (no name) - http://fr.uefa.com/ml/images/clubphoto/250X167/50138.jpg

O24 - Desktop Component 41: (no name) - http://www.inter.it/webtemplate/it/stagion...ive_sponsor.jpg

O24 - Desktop Component 42: (no name) - http://www.svbredevoort.nl/knvb.gif

O24 - Desktop Component 43: (no name) - http://www.uefa.com/MultimediaFiles/Photo/...UMLANDSCAPE.jpg

O24 - Desktop Component 44: (no name) - http://files.datawire.nl/uploads/images/aY...w/knvb_logo.png

O24 - Desktop Component 45: (no name) - http://www.lequipe.fr/Football/photos/Foot...00000011405.jpg

O24 - Desktop Component 46: (no name) - http://www.inter.it/img/flags/spagna2014.gif

O24 - Desktop Component 47: (no name) - http://www.olweb.fr/image/site/fr/home/logo_ol.gif

O24 - Desktop Component 48: (no name) - http://www.olweb.fr/image/site/fr/header/b_ligue1a.gif

O24 - Desktop Component 49: (no name) - http://www.om.net/image/site/fr/layout/h_logo02.gif

O24 - Desktop Component 5: (no name) - http://www.inter.it/media/IS/086297.jpg

O24 - Desktop Component 50: (no name) - http://www.om.net/image/site/fr/no_photo_joueur_180.jpg

O24 - Desktop Component 51: (no name) - http://pics.mediaplazza.com/t_24/64x64/anim_logo2004_o0.gif

O24 - Desktop Component 52: (no name) - http://pics.mediaplazza.com/t_24/64x64/om_00011.gif

O24 - Desktop Component 53: (no name) - http://www.lequipe.fr/Football/logos/FootballLogo6.gif

O24 - Desktop Component 54: (no name) - http://upload.wikimedia.org/wikipedia/comm...Morocco.svg.png

O24 - Desktop Component 55: (no name) - http://uranoscope.free.fr/bestof/couchers_...se_mbesnier.JPG

O24 - Desktop Component 56: (no name) - http://fr.uefa.com/ml/images/clubphoto/600x400/50138.jpg

O24 - Desktop Component 57: (no name) - http://wallpapers.soccerfansnetwork.com/wa...nter4.sized.jpg

O24 - Desktop Component 58: (no name) - file:///C:/Documents%20and%20Settings/Utilisateur1/Local%20Settings/Temporary%20Internet%20Files/Content.IE5/8ZN76GD1/609710887%5B1%5D.jpg

O24 - Desktop Component 59: (no name) - file:///C:/Documents%20and%20Settings/Utilisateur1/Local%20Settings/Temporary%20Internet%20Files/Content.IE5/IX7G54JA/526601813%5B1%5D.jpg

O24 - Desktop Component 6: (no name) - http://www.arsenal.com/images/pics/splash/splash_badge.gif

O24 - Desktop Component 60: (no name) - http://images.google.fr/images?q=tbn:JP9Jb...b%2520badge.JPG

O24 - Desktop Component 61: (no name) - file:///C:/Documents%20and%20Settings/Utilisateur1/Local%20Settings/Temporary%20Internet%20Files/Content.IE5/4XYV8P6N/613720771%5B1%5D.jpg

O24 - Desktop Component 62: (no name) - http://fr.uefa.com/MultimediaFiles/Photo/c...EDIUMSQUARE.jpg

O24 - Desktop Component 63: (no name) - http://www.inter.it/aas/img/88284.jpg

O24 - Desktop Component 64: (no name) - http://images.google.fr/images?q=tbn:ZXP-X...20-%2520Mer.jpg

O24 - Desktop Component 65: (no name) - http://www.sitanous.com/images.de.reve/cou...soleil_0003.jpg

O24 - Desktop Component 66: (no name) - http://www.rippingthrash.com/FCR011%20cover.JPG

O24 - Desktop Component 67: (no name) - http://images.google.fr/images?q=tbn:cmc35...le/FuckNazi.gif

O24 - Desktop Component 68: (no name) - http://images.google.fr/images?q=tbn:Qxg7x...ks-fuck-off.jpg

O24 - Desktop Component 69: (no name) - http://www.defjay.com/img/top_cover.jpg

O24 - Desktop Component 7: (no name) - http://www.inter.it/img/home/logo.gif

O24 - Desktop Component 70: (no name) - file:///C:/Documents%20and%20Settings/Utilisateur1/Local%20Settings/Temporary%20Internet%20Files/Content.IE5/IPGFQBGB/88633%5B1%5D.jpg

O24 - Desktop Component 71: (no name) - http://images.google.fr/images?q=tbn:QMqgq...ck.ee/logo1.gif

O24 - Desktop Component 72: (no name) - http://images.google.fr/images?q=tbn:Fjk3u...08.MZZZZZZZ.jpg

O24 - Desktop Component 73: (no name) - http://www.ac-reims.fr/datice/ecole/ia08/c...2/mange_moi.jpg

O24 - Desktop Component 74: (no name) - http://www.ac-reims.fr/datice/ecole/ia08/c.../hollandais.jpg

O24 - Desktop Component 75: (no name) - http://www.parlonsfoot.com/images/user/champions1.gif

O24 - Desktop Component 76: (no name) - http://images.google.fr/images?q=tbn:8njBB...om/i/150/54.jpg

O24 - Desktop Component 77: (no name) - http://www.quid.fr/qm/dp_etats/ma_dp.gif

O24 - Desktop Component 78: (no name) - http://arifiano.canalblog.com/albums/al_ho...alhoceima13.JPG

O24 - Desktop Component 79: (no name) - http://images.google.fr/images?q=tbn:jxr1R...708/logo4zm.jpg

O24 - Desktop Component 8: (no name) - http://fr.uefa.com/ml/images/Players/UCL/400X600/24057.jpg

O24 - Desktop Component 80: (no name) - http://www.gallimard-jeunesse.fr/encyclope..._pirate007.jpeg

O24 - Desktop Component 81: (no name) - http://images.google.fr/images?q=tbn:FjAlw...lle,%2520OM.jpg

O24 - Desktop Component 82: (no name) - http://www.quid.fr/qm/dp_etats/ar_dp.gif

O24 - Desktop Component 83: (no name) - http://www.uefa.com/MultimediaFiles/Photo/...IGLANDSCAPE.jpg

O24 - Desktop Component 84: (no name) - http://fr.uefa.com/ml/images/Players/UCL/400X600/61659.jpg

O24 - Desktop Component 85: (no name) - file:///C:/Documents%20and%20Settings/Utilisateur1/Local%20Settings/Temporary%20Internet%20Files/Content.IE5/W43C78MC/612212050%5B1%5D.jpg

O24 - Desktop Component 86: (no name) - http://www.om.net/image/site/fr/layout/f_bg.jpg

O24 - Desktop Component 87: (no name) - http://thumbs.ebaystatic.com/pict/3200086602388080_0.jpg

O24 - Desktop Component 88: (no name) - http://www.footmercato.net/IMG/cache-225x2...047-225x252.jpg

O24 - Desktop Component 89: (no name) - http://www.jeunesdumaroc.com/IMG/deadmanschest.jpg

O24 - Desktop Component 9: (no name) - http://images.google.fr/images?q=tbn:XLcNt...ori/livorno.gif

 

--

End of file - 15135 bytes

Modifié par olympiquedemars
Le sioux Full Patch Member

Le sioux

Posté(e)
Posté(e) (modifié)

Re

 

Pour SDFix, ce n'est pas le rapport attendu, fais redémarrer ton PC , SDFix devrait se relancer au prochain démarrage, vu les lignes présentes dans ton rapport HijackThis :

 

O4 - HKLM\..\Run: [sDFix] C:\SDFix\RunThis.bat /second

O4 - HKLM\..\RunOnce: [sDFix] C:\SDFix\RunThis.bat /second

 

Fais cela et poste les deux nouveaux rapports demandés précédemment stp.

 

@ plus.

Modifié par Le sioux
olympiquedemars Member

olympiquedemars

Posté(e)
  • Auteur
Posté(e) (modifié)
Re

 

Pour SDFix, ce n'est pas le rapport attendu, fais redémarrer ton PC , SDFix devrait se relancer au prochain démarrage, vu les lignes présentes dans ton rapport HijackThis :

 

O4 - HKLM\..\Run: [sDFix] C:\SDFix\RunThis.bat /second

O4 - HKLM\..\RunOnce: [sDFix] C:\SDFix\RunThis.bat /second

 

Fais cela et poste les deux nouveaux rapports demandés précédemment stp.

 

@ plus.

 

 

Salut ca fait deux fois que je redémarre en mode sans echec mais il ne se lance pas!!!

:P :P

 

 

Sinon j'ai trouvé ca:

 

 

SDFix: Version 1.227

Run by Utilisateur1 on 21/09/2008 at 11:34

 

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

Name :

tdssserv

 

Path :

\systemroot\system32\drivers\TDSSjcxe.sys

 

tdssserv - Deleted

 

 

 

Restoring Default Security Values

Restoring Default Hosts File

Restoring Default Desktop Wallpaper

Modifié par olympiquedemars
Le sioux Full Patch Member

Le sioux

Posté(e)
Posté(e)

Re

 

Ce coup la , c'est le bon rapport, mais pas en intégralité .

 

Peux tu re-poster ce rapport en entier stp, ainsi qu'un nouveau rapport HijackThis que l'on continu.

 

@ suivre

olympiquedemars Member

olympiquedemars

Posté(e)
  • Auteur
Posté(e)

Re,

 

Bon maintenant ca a marché, j'ai les deux rapports:

 

 

Sdfix:

 

SDFix: Version 1.227

Run by Utilisateur1 on 21/09/2008 at 13:18

 

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

Name :

tdssserv

tdssserv

 

Path :

\systemroot\system32\drivers\TDSSjcxe.sys

 

tdssserv - Deleted

tdssserv - Deleted

 

 

 

Restoring Default Security Values

Restoring Default Hosts File

 

Rebooting

 

 

Checking Files :

 

Trojan Files Found:

 

 

 

Could Not Remove C:\WINDOWS\system32\tdssinit.dll

Could Not Remove C:\WINDOWS\system32\tdssservers.dat

 

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-21 13:34:57

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSjcxe.sys]

@="driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDSSjcxe.sys]

@="driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv]

"start"=dword:00000001

"type"=dword:00000001

"imagepath"=str(2):"\systemroot\system32\drivers\TDSSjcxe.sys"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv\modules]

"TDSSserv"="\systemroot\system32\drivers\TDSSjcxe.sys"

"TDSSl"="\systemroot\system32\TDSSjjsm.dll"

"tdssmain"="\systemroot\system32\TDSSevri.dll"

"tdsslog"="\systemroot\system32\TDSShpue.dll"

"tdssadw"="\systemroot\system32\TDSSvfdd.dll"

"tdssserf"="\systemroot\system32\TDSSjmle.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\TDSSjcxe.sys]

@="driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\TDSSjcxe.sys]

@="driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TDSSserv]

"start"=dword:00000001

"type"=dword:00000001

"imagepath"=str(2):"\systemroot\system32\drivers\TDSSjcxe.sys"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TDSSserv\modules]

"TDSSserv"="\systemroot\system32\drivers\TDSSjcxe.sys"

"TDSSl"="\systemroot\system32\TDSSjjsm.dll"

"tdssmain"="\systemroot\system32\TDSSevri.dll"

"tdsslog"="\systemroot\system32\TDSShpue.dll"

"tdssadw"="\systemroot\system32\TDSSvfdd.dll"

"tdssserf"="\systemroot\system32\TDSSjmle.dll"

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

C:\WINDOWS\system32\TDSSevri.dll 10240 bytes executable

C:\WINDOWS\system32\TDSShpue.dll 11264 bytes executable

C:\WINDOWS\system32\tdssinit.dll 53367 bytes

C:\WINDOWS\system32\TDSSjjsm.dll 36352 bytes executable

C:\WINDOWS\system32\TDSSjmle.dll 29184 bytes executable

C:\WINDOWS\system32\tdssservers.dat 254 bytes

C:\WINDOWS\system32\TDSSvfdd.dll 77824 bytes executable

C:\WINDOWS\system32\drivers\TDSSjcxe.sys 55296 bytes executable

C:\WINDOWS\Temp\TDSS37fe.tmp 37376 bytes executable

C:\WINDOWS\Temp\TDSS575d.tmp 77824 bytes executable

C:\WINDOWS\Temp\TDSS6298.tmp 29696 bytes executable

C:\WINDOWS\Temp\TDSScbe6.tmp 57344 bytes executable

 

scan completed successfully

hidden processes: 0

hidden services: 1

hidden files: 12

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"

"D:\\eMule\\emule.exe"="D:\\eMule\\emule.exe:*:Enabled:eMule"

"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Disabled:Windows Live Call"

"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"

"D:\\soulseek\\slsk.exe"="D:\\soulseek\\slsk.exe:*:Enabled:SoulSeek"

"C:\\WINDOWS\\system32\\drivers\\svchost.exe"="C:\\WINDOWS\\system32\\drivers\\svchost.exe:*:Disabled:svchost"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

 

Remaining Files :

 

C:\WINDOWS\system32\tdssinit.dll Found

C:\WINDOWS\system32\tdssservers.dat Found

 

File Backups: - C:\SDFix\backups\backups.zip

 

Files with Hidden Attributes :

 

Fri 13 May 2005 217,073 A.SHR --- "C:\WINDOWS\meta4.exe"

Mon 24 Oct 2005 66,560 A.SHR --- "C:\WINDOWS\MOTA113.exe"

Thu 13 Oct 2005 422,400 A.SHR --- "C:\WINDOWS\x2.64.exe"

Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"

Wed 22 Jun 2005 45,568 A.SHR --- "C:\Program Files\Replay Converter\cygz.dll"

Fri 7 Oct 2005 308,224 A.SHR --- "C:\WINDOWS\system32\avisynth.dll"

Thu 14 Jul 2005 27,648 A.SHR --- "C:\WINDOWS\system32\AVSredirect.dll"

Sun 26 Jun 2005 616,448 A.SHR --- "C:\WINDOWS\system32\cygwin1.dll"

Tue 21 Jun 2005 45,568 A.SHR --- "C:\WINDOWS\system32\cygz.dll"

Sun 25 Jan 2004 70,656 A.SHR --- "C:\WINDOWS\system32\i420vfw.dll"

Thu 20 Dec 2007 10,856 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"

Thu 27 Apr 2006 2,945,024 A.SHR --- "C:\WINDOWS\system32\Smab.dll"

Wed 8 Nov 2006 9 A..H. --- "C:\WINDOWS\system32\wxmmin.dll"

Mon 28 Feb 2005 240,128 A.SHR --- "C:\WINDOWS\system32\x.264.exe"

Sun 25 Jan 2004 70,656 A.SHR --- "C:\WINDOWS\system32\yv12vfw.dll"

Sun 16 Jul 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Sat 2 Dec 2006 24,064 ...H. --- "C:\Documents and Settings\Utilisateur1\Mes documents\~WRL0001.tmp"

Sat 17 Mar 2007 30,208 ...H. --- "C:\Documents and Settings\Utilisateur1\Mes documents\~WRL0002.tmp"

Fri 22 Dec 2006 24,064 ...H. --- "C:\Documents and Settings\Utilisateur1\Mes documents\~WRL0003.tmp"

Sat 17 Mar 2007 30,208 ...H. --- "C:\Documents and Settings\Utilisateur1\Mes documents\~WRL0005.tmp"

Sat 17 Mar 2007 33,280 ...H. --- "C:\Documents and Settings\Utilisateur1\Mes documents\~WRL0127.tmp"

Sat 17 Mar 2007 31,232 ...H. --- "C:\Documents and Settings\Utilisateur1\Mes documents\~WRL0211.tmp"

Sat 17 Mar 2007 31,232 ...H. --- "C:\Documents and Settings\Utilisateur1\Mes documents\~WRL1424.tmp"

Sat 17 Mar 2007 34,304 ...H. --- "C:\Documents and Settings\Utilisateur1\Mes documents\~WRL2087.tmp"

Sat 17 Mar 2007 33,792 ...H. --- "C:\Documents and Settings\Utilisateur1\Mes documents\~WRL2864.tmp"

Sat 17 Mar 2007 31,744 ...H. --- "C:\Documents and Settings\Utilisateur1\Mes documents\~WRL2931.tmp"

Sat 17 Mar 2007 32,256 ...H. --- "C:\Documents and Settings\Utilisateur1\Mes documents\~WRL3973.tmp"

Thu 28 Dec 2006 72,192 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"

Wed 11 Jan 2006 15,872 A.SHR --- "C:\Program Files\eRightSoft\SUPER\_Setup.dll"

Mon 11 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"

Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"

Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"

Tue 10 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"

Tue 10 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"

Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"

Tue 10 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"

Tue 10 Dec 2002 94,208 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"

Tue 10 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"

Sun 4 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"

Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"

Fri 20 Feb 2004 548,940 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"

Tue 10 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"

Tue 9 Sep 2008 8,434,443 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f2e9882b3dda82dfeae7b459bacb35bb\BIT4D5.tmp"

Wed 20 Aug 2008 444 ...HR --- "C:\Documents and Settings\Utilisateur1\Application Data\SecuROM\UserData\securom_v7_01.bak"

Sun 16 Jul 2006 4,348 ...H. --- "C:\Documents and Settings\Utilisateur1\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"

Sun 16 Jul 2006 20 A..H. --- "C:\Documents and Settings\Utilisateur1\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"

Mon 10 Jul 2006 312 A.SH. --- "C:\Documents and Settings\Utilisateur1\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"

 

Finished!

 

Hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:48:37, on 21/09/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

Boot mode: Safe mode

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Utilisateur1\Bureau\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {da30eff8-ccc6-4162-a20d-67402a26a215} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [{B179023B-6238-4499-8F26-CD73E9D90E0A}] "C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe"

O4 - HKLM\..\Run: [MDGetStarted.exe] "C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe" /auto

O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: MacDriveService - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe

O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE

O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

O24 - Desktop Component 0: (no name) - http://www.inter.it/aas/img/89936.jpg

O24 - Desktop Component 1: (no name) - http://fr.uefa.com/ml/images/logos/players/50138.jpg

O24 - Desktop Component 10: (no name) - http://fr.uefa.com/ml/images/Logos/70X70/43.gif

O24 - Desktop Component 11: (no name) - http://fr.uefa.com/MultimediaFiles/Photo/E...186_400X600.jpg

O24 - Desktop Component 12: (no name) - http://www.uefa.com/MultimediaFiles/Photo/...IGLANDSCAPE.jpg

O24 - Desktop Component 13: (no name) - http://www.uefa.com/MultimediaFiles/Photo/...BIGPORTRAIT.jpg

O24 - Desktop Component 14: (no name) - http://s.om.net/om/image/phototheque/g/54/10715.jpg

O24 - Desktop Component 15: (no name) - http://www.uefa.com/MultimediaFiles/Photo/...UMLANDSCAPE.jpg

O24 - Desktop Component 16: (no name) - http://www.futura-sciences.com/img/orage.jpg

O24 - Desktop Component 17: (no name) - http://www.lequipe.fr/Football/img/carton_jaune_22.gif

O24 - Desktop Component 18: (no name) - http://www.lequipe.fr/Football/img/carton_rouge_22.gif

O24 - Desktop Component 19: (no name) - http://www.lequipe.fr/Football/img/flags/flag_BOS.gif

O24 - Desktop Component 2: (no name) - http://fr.uefa.com/ml/images/Players/UCL/400X600/4065.jpg

O24 - Desktop Component 20: (no name) - http://www.madeinsport.com/photos/OM_REP2_NEW_CLEU_PE2.jpg

O24 - Desktop Component 21: (no name) - http://s.om.net/om/image/article/illustrat...g/206/41063.jpg

O24 - Desktop Component 22: (no name) - http://s.om.net/om/file/200608/calendrier.gif

O24 - Desktop Component 23: (no name) - http://images.metacafe.com/i/shadow.gif

O24 - Desktop Component 24: (no name) - http://foot-mercato.blogs.francefootball.c...um_logo_psg.gif

O24 - Desktop Component 25: (no name) - http://images.google.fr/images?q=tbn:wZmX4...67179_small.jpg

O24 - Desktop Component 26: (no name) - http://images.google.fr/images?q=tbn:Ph_1E...peau_france.JPG

O24 - Desktop Component 27: (no name) - http://www.om.net/image/site/fr/layout/h_logo01.gif

O24 - Desktop Component 28: (no name) - http://www.alhoceima.com/logo_1.JPG

O24 - Desktop Component 29: (no name) - http://www.adidas.com/global/common_images/p.gif

O24 - Desktop Component 3: (no name) - http://fr.uefa.com/ml/images/Players/UCL/400X600/23073.jpg

O24 - Desktop Component 30: (no name) - http://us.i1.yimg.com/us.yimg.com/i/fifa/0...p07ausrus_l.jpg

O24 - Desktop Component 31: (no name) - http://www.lequipe.fr/Football/img/flags/flag_POR.gif

O24 - Desktop Component 32: (no name) - http://www.inter.it/media/IC/000734.gif

O24 - Desktop Component 33: (no name) - http://www.inter.it/webtemplate/it/stagione/pattern.gif

O24 - Desktop Component 34: (no name) - http://www.lequipe.fr/Football/logos/FootballLogo427.gif

O24 - Desktop Component 35: (no name) - http://www.inter.it/aas/sponsor/sponsorimg?ID=12

O24 - Desktop Component 36: (no name) - http://www.inter.it/img/headers/eng/header-2007_en.jpg

O24 - Desktop Component 37: (no name) - http://www.lequipe.fr/Football/photos/FootballImage21423.jpg

O24 - Desktop Component 38: (no name) - http://samiat01.skyblog.com/pics/118355147_small.jpg

O24 - Desktop Component 39: (no name) - http://www.uefa.com/MultimediaFiles/Photo/...BIGPORTRAIT.jpg

O24 - Desktop Component 4: (no name) - http://www.inter.it/media/IS/000814.jpg

O24 - Desktop Component 40: (no name) - http://fr.uefa.com/ml/images/clubphoto/250X167/50138.jpg

O24 - Desktop Component 41: (no name) - http://www.inter.it/webtemplate/it/stagion...ive_sponsor.jpg

O24 - Desktop Component 42: (no name) - http://www.svbredevoort.nl/knvb.gif

O24 - Desktop Component 43: (no name) - http://www.uefa.com/MultimediaFiles/Photo/...UMLANDSCAPE.jpg

O24 - Desktop Component 44: (no name) - http://files.datawire.nl/uploads/images/aY...w/knvb_logo.png

O24 - Desktop Component 45: (no name) - http://www.lequipe.fr/Football/photos/Foot...00000011405.jpg

O24 - Desktop Component 46: (no name) - http://www.inter.it/img/flags/spagna2014.gif

O24 - Desktop Component 47: (no name) - http://www.olweb.fr/image/site/fr/home/logo_ol.gif

O24 - Desktop Component 48: (no name) - http://www.olweb.fr/image/site/fr/header/b_ligue1a.gif

O24 - Desktop Component 49: (no name) - http://www.om.net/image/site/fr/layout/h_logo02.gif

O24 - Desktop Component 5: (no name) - http://www.inter.it/media/IS/086297.jpg

O24 - Desktop Component 50: (no name) - http://www.om.net/image/site/fr/no_photo_joueur_180.jpg

O24 - Desktop Component 51: (no name) - http://pics.mediaplazza.com/t_24/64x64/anim_logo2004_o0.gif

O24 - Desktop Component 52: (no name) - http://pics.mediaplazza.com/t_24/64x64/om_00011.gif

O24 - Desktop Component 53: (no name) - http://www.lequipe.fr/Football/logos/FootballLogo6.gif

O24 - Desktop Component 54: (no name) - http://upload.wikimedia.org/wikipedia/comm...Morocco.svg.png

O24 - Desktop Component 55: (no name) - http://uranoscope.free.fr/bestof/couchers_...se_mbesnier.JPG

O24 - Desktop Component 56: (no name) - http://fr.uefa.com/ml/images/clubphoto/600x400/50138.jpg

O24 - Desktop Component 57: (no name) - http://wallpapers.soccerfansnetwork.com/wa...nter4.sized.jpg

O24 - Desktop Component 58: (no name) - file:///C:/Documents%20and%20Settings/Utilisateur1/Local%20Settings/Temporary%20Internet%20Files/Content.IE5/8ZN76GD1/609710887%5B1%5D.jpg

O24 - Desktop Component 59: (no name) - file:///C:/Documents%20and%20Settings/Utilisateur1/Local%20Settings/Temporary%20Internet%20Files/Content.IE5/IX7G54JA/526601813%5B1%5D.jpg

O24 - Desktop Component 6: (no name) - http://www.arsenal.com/images/pics/splash/splash_badge.gif

O24 - Desktop Component 60: (no name) - http://images.google.fr/images?q=tbn:JP9Jb...b%2520badge.JPG

O24 - Desktop Component 61: (no name) - file:///C:/Documents%20and%20Settings/Utilisateur1/Local%20Settings/Temporary%20Internet%20Files/Content.IE5/4XYV8P6N/613720771%5B1%5D.jpg

O24 - Desktop Component 62: (no name) - http://fr.uefa.com/MultimediaFiles/Photo/c...EDIUMSQUARE.jpg

O24 - Desktop Component 63: (no name) - http://www.inter.it/aas/img/88284.jpg

O24 - Desktop Component 64: (no name) - http://images.google.fr/images?q=tbn:ZXP-X...20-%2520Mer.jpg

O24 - Desktop Component 65: (no name) - http://www.sitanous.com/images.de.reve/cou...soleil_0003.jpg

O24 - Desktop Component 66: (no name) - http://www.rippingthrash.com/FCR011%20cover.JPG

O24 - Desktop Component 67: (no name) - http://images.google.fr/images?q=tbn:cmc35...le/FuckNazi.gif

O24 - Desktop Component 68: (no name) - http://images.google.fr/images?q=tbn:Qxg7x...ks-fuck-off.jpg

O24 - Desktop Component 69: (no name) - http://www.defjay.com/img/top_cover.jpg

O24 - Desktop Component 7: (no name) - http://www.inter.it/img/home/logo.gif

O24 - Desktop Component 70: (no name) - file:///C:/Documents%20and%20Settings/Utilisateur1/Local%20Settings/Temporary%20Internet%20Files/Content.IE5/IPGFQBGB/88633%5B1%5D.jpg

O24 - Desktop Component 71: (no name) - http://images.google.fr/images?q=tbn:QMqgq...ck.ee/logo1.gif

O24 - Desktop Component 72: (no name) - http://images.google.fr/images?q=tbn:Fjk3u...08.MZZZZZZZ.jpg

O24 - Desktop Component 73: (no name) - http://www.ac-reims.fr/datice/ecole/ia08/c...2/mange_moi.jpg

O24 - Desktop Component 74: (no name) - http://www.ac-reims.fr/datice/ecole/ia08/c.../hollandais.jpg

O24 - Desktop Component 75: (no name) - http://www.parlonsfoot.com/images/user/champions1.gif

O24 - Desktop Component 76: (no name) - http://images.google.fr/images?q=tbn:8njBB...om/i/150/54.jpg

O24 - Desktop Component 77: (no name) - http://www.quid.fr/qm/dp_etats/ma_dp.gif

O24 - Desktop Component 78: (no name) - http://arifiano.canalblog.com/albums/al_ho...alhoceima13.JPG

O24 - Desktop Component 79: (no name) - http://images.google.fr/images?q=tbn:jxr1R...708/logo4zm.jpg

O24 - Desktop Component 8: (no name) - http://fr.uefa.com/ml/images/Players/UCL/400X600/24057.jpg

O24 - Desktop Component 80: (no name) - http://www.gallimard-jeunesse.fr/encyclope..._pirate007.jpeg

O24 - Desktop Component 81: (no name) - http://images.google.fr/images?q=tbn:FjAlw...lle,%2520OM.jpg

O24 - Desktop Component 82: (no name) - http://www.quid.fr/qm/dp_etats/ar_dp.gif

O24 - Desktop Component 83: (no name) - http://www.uefa.com/MultimediaFiles/Photo/...IGLANDSCAPE.jpg

O24 - Desktop Component 84: (no name) - http://fr.uefa.com/ml/images/Players/UCL/400X600/61659.jpg

O24 - Desktop Component 85: (no name) - file:///C:/Documents%20and%20Settings/Utilisateur1/Local%20Settings/Temporary%20Internet%20Files/Content.IE5/W43C78MC/612212050%5B1%5D.jpg

O24 - Desktop Component 86: (no name) - http://www.om.net/image/site/fr/layout/f_bg.jpg

O24 - Desktop Component 87: (no name) - http://thumbs.ebaystatic.com/pict/3200086602388080_0.jpg

O24 - Desktop Component 88: (no name) - http://www.footmercato.net/IMG/cache-225x2...047-225x252.jpg

O24 - Desktop Component 89: (no name) - http://www.jeunesdumaroc.com/IMG/deadmanschest.jpg

O24 - Desktop Component 9: (no name) - http://images.google.fr/images?q=tbn:XLcNt...ori/livorno.gif

 

--

End of file - 14953 bytes

 

 

 

Merci d'avance. :P

Le sioux Full Patch Member

Le sioux

Posté(e)
Posté(e) (modifié)

Re

 

Ton PC est infecté par un rootkit que SDFix n'a pas réussi à supprimer intégralement :

 

Could Not Remove C:\WINDOWS\system32\tdssinit.dll

Could Not Remove C:\WINDOWS\system32\tdssservers.dat

 

Pourrais tu lancer SDFix à nouveau, laisse redémarrer ton PC quand il te le "dira" puis poste son nouveau rapport stp.

 

Si cela bloque toujours, on essaiera un autre outil.

 

@ plus.

Modifié par Le sioux
Le sioux Full Patch Member

Le sioux

Posté(e)
Posté(e)

Re

 

OK, on va essayer autrement :

 

/ !\Avis aux lecteurs : Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil. Ne pas utiliser en dehors de ce cas de figure : dangereux! / !\

 

Tuto http://www.bleepingcomputer.com/combofix/f...iliser-combofix

 

Télécharge ComboFix.exe de sUBs sur ton Bureau.

 

Vu que tu as accès à ton PC uniquement en mode sans échec, cela ne sera donc pas nécessaire de te déconnecter du net et de désactiver ton antivirus (afin que ComboFix puisse s'exécuter normalement) puisque cela est deja fait si l'on peut dire.

  • Double-clique sur ComboFix.exe
  • Un "pop-up" va apparaître qui dit que "la version ComboFix est utilisé à vos risques et avec aucune garantie..".
  • Accepte en cliquant sur "Oui"
  • Mets le en langue française F
  • Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé./!\

  • En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisses-le faire.
  • Une fois le scan achevé, un rapport va s'afficher : Poste son contenu, ainsi qu’un nouveau rapport HijackThis.
  • Note : Le rapport se trouve également là : C:\ComboFix.txt

@ suivre.

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...