Tdssadw.dll
setric
-
Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention -
Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention -
Bonjour,
Depuis deux jours, chaque fois que j'ouvre WinXP ou n'importe quel programme, j'ai une fenêtre qui s'ouvre qui mentionne: '' L'application ou la DLL:C:\windows\sytem32±tdssadw.dll n'est pas une image windows valide. Vérifier à l'aide de votre disquette d'installation.''
J'ai vérifiez sur l'ensemble de l'ordinateur mais je n'ai rien trouvez avec tdssadw.dll.
La dite fenêtre s'ouvre pour tout programme que j'ouvre, j'acc`de au programme mais je dois toujours passé par cette fenêtre.
Aussi, dans IE7, lorsque j'ouvre une autre fenêtre, j'ai un avertssement: Insecure Internet activity. Threat of virus attack et il essaie de m'envoyer à ''kvmsecure''.
Voici mon rapport HijackThis, ca devrais aider mais je n'y comprend rien.
Logfile of HijackThis v1.99.1
Scan saved at 07:02:13, on 2008-09-02
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
E:\Logiciels Entretien\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
E:\Logiciels Entretien\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.microsoft.com/fr-fr/security/?rtc=1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - F:\Logiciels Utilités\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\LogicielsMédia\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: QXK Olive - {26027218-80B3-40FA-9FA1-70FD56AA5328} - C:\WINDOWS\rodqgpvldbv.dll
O2 - BHO: (no name) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - F:\Logiciels Utilités\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {51D81DD5-55B7-497F-95DB-D356429BB54E} - (no file)
O3 - Toolbar: (no name) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - (no file)
O3 - Toolbar: (no name) - {5371FF76-9602-4029-9626-BE8CD757EB36} - (no file)
O4 - HKLM\..\Run: [AVP] "E:\Logiciels Entretien\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [NBKeyScan] "D:\LogicielsMédia\Nero 8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\QuickCam\ISStart.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\LogicielsMédia\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Eraser] E:\Logiciels Entretien\Eraser\eraser.exe -hide
O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Fichiers communs\Nero\Lib\NMFirstStart.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Logiciels Entretien\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\LogicielsMédia\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.dwnldietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.dwnldietool.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/MyFunCardsFWBInitialSetup1.0.1.0.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.systemrequirementslab.com/cyri
O16 - DPF: {4D054067-DE3A-48F9-B19B-BCD229B9AE8D} (PrinterHelpEtcActiveX Control) - http://www.samsungdp.com/printerhelp/ActiveX/DrPrinter.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - https://www.eset.com/
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/fr-CA/TSEasyInstallX.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: LBTWlgn - c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - E:\Logiciels Entretien\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DVDneXtCOPYService - DVD neXt COPY - D:\LogicielsMédia\DVDneXtCOPY2\DVDneXtCOPY Virtual Drive\DVDneXtCOPYService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Windows CardSpace (idsvc) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\LogicielsMédia\Nero 8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: SUGE1 Status Monitor Service (SM_SUGE1_FUService) - Unknown owner - C:\Program.exe (file missing)
De l'aide svp
Setric
Depuis deux jours, chaque fois que j'ouvre WinXP ou n'importe quel programme, j'ai une fenêtre qui s'ouvre qui mentionne: '' L'application ou la DLL:C:\windows\sytem32±tdssadw.dll n'est pas une image windows valide. Vérifier à l'aide de votre disquette d'installation.''
J'ai vérifiez sur l'ensemble de l'ordinateur mais je n'ai rien trouvez avec tdssadw.dll.
La dite fenêtre s'ouvre pour tout programme que j'ouvre, j'acc`de au programme mais je dois toujours passé par cette fenêtre.
Aussi, dans IE7, lorsque j'ouvre une autre fenêtre, j'ai un avertssement: Insecure Internet activity. Threat of virus attack et il essaie de m'envoyer à ''kvmsecure''.
Voici mon rapport HijackThis, ca devrais aider mais je n'y comprend rien.
Logfile of HijackThis v1.99.1
Scan saved at 07:02:13, on 2008-09-02
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
E:\Logiciels Entretien\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
E:\Logiciels Entretien\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.microsoft.com/fr-fr/security/?rtc=1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - F:\Logiciels Utilités\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\LogicielsMédia\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: QXK Olive - {26027218-80B3-40FA-9FA1-70FD56AA5328} - C:\WINDOWS\rodqgpvldbv.dll
O2 - BHO: (no name) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - F:\Logiciels Utilités\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {51D81DD5-55B7-497F-95DB-D356429BB54E} - (no file)
O3 - Toolbar: (no name) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - (no file)
O3 - Toolbar: (no name) - {5371FF76-9602-4029-9626-BE8CD757EB36} - (no file)
O4 - HKLM\..\Run: [AVP] "E:\Logiciels Entretien\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [NBKeyScan] "D:\LogicielsMédia\Nero 8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\QuickCam\ISStart.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\LogicielsMédia\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Eraser] E:\Logiciels Entretien\Eraser\eraser.exe -hide
O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Fichiers communs\Nero\Lib\NMFirstStart.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Logiciels Entretien\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\LogicielsMédia\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.dwnldietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.dwnldietool.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/MyFunCardsFWBInitialSetup1.0.1.0.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.systemrequirementslab.com/cyri
O16 - DPF: {4D054067-DE3A-48F9-B19B-BCD229B9AE8D} (PrinterHelpEtcActiveX Control) - http://www.samsungdp.com/printerhelp/ActiveX/DrPrinter.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - https://www.eset.com/
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/fr-CA/TSEasyInstallX.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: LBTWlgn - c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - E:\Logiciels Entretien\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DVDneXtCOPYService - DVD neXt COPY - D:\LogicielsMédia\DVDneXtCOPY2\DVDneXtCOPY Virtual Drive\DVDneXtCOPYService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Windows CardSpace (idsvc) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\LogicielsMédia\Nero 8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: SUGE1 Status Monitor Service (SM_SUGE1_FUService) - Unknown owner - C:\Program.exe (file missing)
De l'aide svp
Setric
Configuration: Windows XP Internet Explorer 7.0
3 réponses
-
Salut,
* Télécharge SDFix (par Andy Manchesta) et sauvegarde-le sur ton bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
* Double-clique sur SDFix.exe et choisis Install pour l'extraire dans son dossier sur le bureau.
* Redémarre le PC en mode sans échec :
https://www.malekal.com/demarrer-windows-mode-sans-echec/
* Choisis ton compte.
Déroule la liste des instructions ci-dessous :
* Ouvre le dossier SDFix qui vient d'être créé sur le bureau et double-clique sur RunThis.bat pour lancer le script.
* Appuie sur Y pour commencer le nettoyage.
* Quand il te le demandera, appuie sur une touche pour redémarrer le PC.
* Ton système sera plus long à redémarrer car l'outil va continuer à s'exécuter et supprimer des fichiers.
* Après le chargement du bureau, l'outil aura terminé et affichera Finished.
* Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton bureau.
* Le rapport SDFix s'ouvrira et il sera enregistré dans le dossier SDFix sous le nom Report.txt.
* Enfin, copie/colle le rapport du fichier Report.txt. -
Malekal est un très bon site.
tdssadw.dll fait partie d'un rootkit à la mode en moment et SDFix le supprime. Peux-tu poster le rapport ?
Je te conseille de faire un scan avec MBAM, de supprimer tout ce qu'il trouve et de poster le rapport généré :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm-
Destrio5
Voici le rapport SDFix
[b]SDFix: Version 1.220 [/b]
Run by Administrateur on 2008-09-02 at 20:22
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\WINDOWS\EAXF.EXE - Deleted
C:\WINDOWS\rodqgpvldbv.dll - Deleted
C:\WINDOWS\system32\drivers\tdssserv.sys - Deleted
C:\WINDOWS\system32\tdssadw.dll - Deleted
C:\WINDOWS\system32\tdssl.dll - Deleted
C:\WINDOWS\system32\tdsslog.dll - Deleted
C:\WINDOWS\system32\tdssmain.dll - Deleted
C:\WINDOWS\system32\tdssservers.dat - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-02 20:39:01
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TDSSserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:000000e8
"TracesSuccessful"=dword:00000010
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\\Logiciels Entretien\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe"="E:\\Logiciels Entretien\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"D:\\LogicielsM‚dia\\Azureus\\Azureus.exe"="D:\\LogicielsM‚dia\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"D:\\LogicielsM‚dia\\Nero 8\\Nero Home\\NeroHome.exe"="D:\\LogicielsM‚dia\\Nero 8\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home"
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"="C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe:*:Enabled:Programme d'installation de Kaspersky Anti-Virus 7.0"
"E:\\Logiciels Entretien\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"="E:\\Logiciels Entretien\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\\LogicielsM‚dia\\BitTorrent\\bittorrent.exe"="D:\\LogicielsM‚dia\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"D:\\LogicielsM‚dia\\iTunes\\iTunes.exe"="D:\\LogicielsM‚dia\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"D:\\LogicielsM‚dia\\Skype\\Phone\\Skype.exe"="D:\\LogicielsM‚dia\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"="C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe:*:Enabled:javaw"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Sat 31 May 2008 0 A..H. --- "C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\tw7.tmp"
Tue 22 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 2 Sep 2008 65,536 A..H. --- "C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Microsoft\Outlook\~Outlook.pst.tmp"
[b]Finished![/b]
Voici le rapport MBAM-scan rapide [est-ce un anti-spyware comme spybot]+[est-ce convivial a AV et/ou autre spyware]
Malwarebytes' Anti-Malware 1.26
Version de la base de données: 1106
Windows 5.1.2600 Service Pack 3
2008-09-02 23:15:18
mbam-log-2008-09-02 (23-15-13).txt
Type de recherche: Examen rapide
Eléments examinés: 73407
Temps écoulé: 7 minute(s), 22 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 13
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 36
Fichier(s) infecté(s): 69
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} (Adware.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Documents and Settings\Utilisateur\Application Data\alot (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_0 (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_1 (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_10 (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_11 (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_2 (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_3 (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_4 (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_5 (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_6 (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_7 (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_8 (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_9 (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\configurator (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\products (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_0 (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_0\images (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_1 (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_1\images (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_2 (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_2\images (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_3 (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_3\images (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_4 (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_4\images (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_5 (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_5\images (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_6 (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_6\images (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Shared (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Shared\images (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\TimerManager (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\ToolbarSearch (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Updater (Adware.BHO) -> No action taken.
Fichier(s) infecté(s):
C:\Documents and Settings\Chantal\Application Data\alot\toolbar.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_0\Button_0.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_0\Button_0.xml.backup (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_1\Button_1.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_1\Button_1.xml.backup (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_10\Button_10.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_10\Button_10.xml.backup (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_11\Button_11.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_11\Button_11.xml.backup (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_2\Button_2.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_2\Button_2.xml.backup (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_3\Button_3.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_3\Button_3.xml.backup (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_4\Button_4.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_4\Button_4.xml.backup (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_5\Button_5.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_5\Button_5.xml.backup (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_6\Button_6.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_6\Button_6.xml.backup (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_7\Button_7.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_7\Button_7.xml.backup (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_8\Button_8.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_8\Button_8.xml.backup (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_9\Button_9.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_9\Button_9.xml.backup (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\configurator\configurator.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\configurator\configurator.xml.backup (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\products\products.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\products\products.xml.backup (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_0\images\alot_icon_35x16.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_1\images\alot_search_24x16.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_2\images\default_282_alot_map_widget_default.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_3\images\default_244_alot_maps_tools.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_4\images\cloudy.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_4\images\default_283_alot_maps_weather.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_4\images\foggy.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_4\images\IMG4CB.tmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_4\images\mcloud.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_4\images\nclear.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_4\images\ncloudy.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_4\images\nfoggy.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_4\images\nmcloud.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_4\images\npcloud.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_4\images\nshower.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_4\images\pcloud.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_4\images\rain.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_4\images\shower.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_4\images\tstorm.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_5\images\default_225_alot_maps_mrkt_maps.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_6\images\default_452_alot_mrkt_180.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Shared\domains.dat (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Shared\images\alot_brand.png (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Shared\images\spinner.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Shared\images\widget_bottom.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Shared\images\widget_btnmin0.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Shared\images\widget_btnmin1.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Shared\images\widget_caption.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Shared\images\widget_error_close.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\TimerManager\TimerManager.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\TimerManager\TimerManager.xml.backup (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\ToolbarSearch\ToolbarSearch.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\ToolbarSearch\ToolbarSearch.xml.backup (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Updater\Updater.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Updater\Updater.xml.backup (Adware.BHO) -> No action taken.
C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> No action taken.
Dois-je garder SDFix - kaspersky me demande de faire quelques chose avec ces ''trajan''
Comment enlever MyWebSearch..
Merci encore -
Destrio5
Voici le rapport SDFix
[b]SDFix: Version 1.220 [/b]
Run by Administrateur on 2008-09-02 at 20:22
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\WINDOWS\EAXF.EXE - Deleted
C:\WINDOWS\rodqgpvldbv.dll - Deleted
C:\WINDOWS\system32\drivers\tdssserv.sys - Deleted
C:\WINDOWS\system32\tdssadw.dll - Deleted
C:\WINDOWS\system32\tdssl.dll - Deleted
C:\WINDOWS\system32\tdsslog.dll - Deleted
C:\WINDOWS\system32\tdssmain.dll - Deleted
C:\WINDOWS\system32\tdssservers.dat - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-02 20:39:01
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TDSSserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:000000e8
"TracesSuccessful"=dword:00000010
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\\Logiciels Entretien\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe"="E:\\Logiciels Entretien\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"D:\\LogicielsM‚dia\\Azureus\\Azureus.exe"="D:\\LogicielsM‚dia\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"D:\\LogicielsM‚dia\\Nero 8\\Nero Home\\NeroHome.exe"="D:\\LogicielsM‚dia\\Nero 8\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home"
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"="C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe:*:Enabled:Programme d'installation de Kaspersky Anti-Virus 7.0"
"E:\\Logiciels Entretien\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"="E:\\Logiciels Entretien\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\\LogicielsM‚dia\\BitTorrent\\bittorrent.exe"="D:\\LogicielsM‚dia\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"D:\\LogicielsM‚dia\\iTunes\\iTunes.exe"="D:\\LogicielsM‚dia\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"D:\\LogicielsM‚dia\\Skype\\Phone\\Skype.exe"="D:\\LogicielsM‚dia\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"="C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe:*:Enabled:javaw"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Sat 31 May 2008 0 A..H. --- "C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\tw7.tmp"
Tue 22 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 2 Sep 2008 65,536 A..H. --- "C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Microsoft\Outlook\~Outlook.pst.tmp"
[b]Finished![/b]
Voici le rapport MBAM-scan rapide [est-ce un anti-spyware comme spybot]+[est-ce convivial a AV et/ou autre spyware]
Malwarebytes' Anti-Malware 1.26
Version de la base de données: 1106
Windows 5.1.2600 Service Pack 3
2008-09-02 23:15:18
mbam-log-2008-09-02 (23-15-13).txt
Type de recherche: Examen rapide
Eléments examinés: 73407
Temps écoulé: 7 minute(s), 22 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 13
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 36
Fichier(s) infecté(s): 69
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} (Adware.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Documents and Settings\Utilisateur\Application Data\alot (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_0 (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_1 (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_10 (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_11 (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_2 (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_3 (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_4 (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_5 (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_6 (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_7 (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_8 (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_9 (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\configurator (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\products (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_0 (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_0\images (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_1 (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_1\images (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_2 (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_2\images (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_3 (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_3\images (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_4 (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_4\images (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_5 (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_5\images (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_6 (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_6\images (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Shared (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Shared\images (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\TimerManager (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\ToolbarSearch (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Updater (Adware.BHO) -> No action taken.
Fichier(s) infecté(s):
C:\Documents and Settings\Chantal\Application Data\alot\toolbar.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_0\Button_0.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_0\Button_0.xml.backup (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_1\Button_1.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_1\Button_1.xml.backup (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_10\Button_10.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_10\Button_10.xml.backup (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_11\Button_11.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_11\Button_11.xml.backup (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_2\Button_2.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_2\Button_2.xml.backup (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_3\Button_3.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_3\Button_3.xml.backup (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_4\Button_4.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_4\Button_4.xml.backup (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_5\Button_5.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_5\Button_5.xml.backup (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_6\Button_6.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_6\Button_6.xml.backup (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_7\Button_7.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_7\Button_7.xml.backup (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_8\Button_8.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_8\Button_8.xml.backup (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_9\Button_9.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Button_9\Button_9.xml.backup (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\configurator\configurator.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\configurator\configurator.xml.backup (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\products\products.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\products\products.xml.backup (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_0\images\alot_icon_35x16.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_1\images\alot_search_24x16.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_2\images\default_282_alot_map_widget_default.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_3\images\default_244_alot_maps_tools.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_4\images\cloudy.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_4\images\default_283_alot_maps_weather.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_4\images\foggy.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_4\images\IMG4CB.tmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_4\images\mcloud.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_4\images\nclear.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_4\images\ncloudy.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_4\images\nfoggy.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_4\images\nmcloud.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_4\images\npcloud.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_4\images\nshower.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_4\images\pcloud.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_4\images\rain.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_4\images\shower.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_4\images\tstorm.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_5\images\default_225_alot_maps_mrkt_maps.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Button_6\images\default_452_alot_mrkt_180.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Shared\domains.dat (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Shared\images\alot_brand.png (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Shared\images\spinner.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Shared\images\widget_bottom.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Shared\images\widget_btnmin0.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Shared\images\widget_btnmin1.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Shared\images\widget_caption.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Shared\images\widget_error_close.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\TimerManager\TimerManager.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\TimerManager\TimerManager.xml.backup (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\ToolbarSearch\ToolbarSearch.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\ToolbarSearch\ToolbarSearch.xml.backup (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Updater\Updater.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Chantal\Application Data\alot\Updater\Updater.xml.backup (Adware.BHO) -> No action taken.
C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> No action taken.
Dois-je garder SDFix - kaspersky me demande de faire quelques chose avec ces ''trajan''
Comment enlever MyWebSearch..
Merci encore
-
-
Tu peux supprimer SDFix.
Tu peux cliquer sur Supprimer la sélection pour MBAM.