Sujet Précédent Sujet Suivant

URGENT new virus plz aider moi

SAMY90 Messages postés 14 Statut Membre -  
 francko225 -
Bonjour tout le monde j'ai un virus que je narrive pas a supprimer car en me dit que je n'ai pas l'autorisation de le supprimer et ces fout ce que j'ai esser de le supprimer avec un aniti-maware et NOD32 et même en mode sans échec et je n'arrive pas et cont j'esser d'entre dans le "C" ou le "E"je n'arrive pas et NOD32 me dit sa http://nsa05.casimages.com/img/2009/02/23//090223123914466413.jpg et sa revien a chaque fois que s'esser d'entre dan mon dics dure sauf que je entre avec bouton droit ->ouvrire
comment faire alors plz hellllllllllllllllllllllllllllp me
A voir également:

18 réponses

Réponse 1 / 18
totobetourne Messages postés 5677 Statut Membre 65
 
bonjour

telecharge cela:util pour voir ce que peut etre l infection et agir ensuite.

http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

installe le normallement comme tout autre programme dans c/programme/...............
clique sur do a scan and save a logfile, tu obtiens un rapport que tu colles.

0
Réponse 2 / 18
SAMY90 Messages postés 14 Statut Membre
 
merci totobetourne de me repandre aussi rapid le voila le raport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:42:38, on 23/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3Trayp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Styler\Styler.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wscript.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13728&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=13728&gct=&gc=1&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIso1.dll
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIso1.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIso1.dll
O3 - Toolbar: The Wisdom-Soft Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3Trayp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Cloneur Expert Monitor] "C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Hiyo] C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup
O4 - HKLM\..\Run: [VIPv3_Auto_Update] C:\WINDOWS\VIPv3\CheckForUpdates.exe
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O5 "LPT1:" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P33 "EPSON Stylus C45 Series (Copie 1)" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CTFMON] C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\winjpg.jpg
O4 - HKLM\..\Run: [regdiit] C:\WINDOWS\system32\winxp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [L08FXLRD_681078] "C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [bdeaadxa] "c:\documents and settings\gm_mcis\local settings\application data\bdeaadxa.exe" bdeaadxa
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Styler.lnk = ?
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &T&élécharger &avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &T&élécharger tout avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &T&élécharger toute vidéo avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4872AC7D-F468-4606-81AB-67EA8BBAF34C}: NameServer = 4.2.2.2 4.2.2.1
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
0
Réponse 3 / 18
SAMY90 Messages postés 14 Statut Membre
 
et pour vous dire je n'arrive même pas a exécuter le gestionnaire de tach + le registre windows + la retoration systeme
0
Réponse 4 / 18
totobetourne Messages postés 5677 Statut Membre 65
 
merci de faire ce que je te demande ne touche pas a la restauration et aux reste .il y a quelques infections.

1)Télécharge ToolBar-S&D ( Merci à Eric_71, Angeldark, Sham_Rock et XmichouX )
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

lors du scan coupe ta connection internet.

* Double-clique sur ToolBar-SD afin de lancer l'installation, un raccourci sera ajouté sur le Bureau.
* Double-clique dessus pour démarrer l'outil; choisis la langue.
* Sous Vista, faire un clic droit et "Exécuter en tant qu'administrateur" (Elévation des privilèges), puis -> Continuer.
* Tape 1 puis sur la touche [Entrée] afin de lancer la suppression.
* Patiente jusqu'à la fin de la recherche.
* À la fin du scan, le rapport s'ouvrira dans le Bloc-notes.
* Poste ce rapport, par copier/coller, dans ta prochaine réponse.
* Le rapport se trouve également sous : C:\TB.txt

2)relance toolbar mais la appuie sur l option 2. tu obtiens un rapport que tu colles.si toolbar n a pas tout supprime relance une 2 eme fois en option 2 . colle tout les rapports. merci .

colle moi les differents rapports en meme temps
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 18
SAMY90 Messages postés 14 Statut Membre
 
voila pour le premier :

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : Default System BIOS
USER : GM_MCIS ( Administrator )
BOOT : Normal boot
Antivirus : ESET NOD32 Antivirus 3.0 3.0 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:39 Go (Free:7 Go)
D:\ (CD or DVD)
E:\ (Local Disk) - NTFS - Total:35 Go (Free:1 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 23/02/2009|14:49 )

-----------\\ Recherche de Fichiers / Dossiers ...

[Service] ASKUpgrade
C:\Program Files\AskBarDis
C:\Program Files\AskBarDis\bar
C:\Program Files\AskBarDis\unins000.dat
C:\Program Files\AskBarDis\unins000.exe
C:\Program Files\AskBarDis\bar\bin
C:\Program Files\AskBarDis\bar\Cache
C:\Program Files\AskBarDis\bar\History
C:\Program Files\AskBarDis\bar\Settings
C:\Program Files\AskBarDis\bar\bin\askBar.dll
C:\Program Files\AskBarDis\bar\bin\askPopStp.dll
C:\Program Files\AskBarDis\bar\bin\AskSplash.exe
C:\Program Files\AskBarDis\bar\bin\AskTBApp.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\AskBarDis\bar\bin\psvince.dll
C:\Program Files\AskBarDis\bar\Cache\00ED3C0E
C:\Program Files\AskBarDis\bar\Cache\00ED7118.bin
C:\Program Files\AskBarDis\bar\Cache\00ED9AD7.bin
C:\Program Files\AskBarDis\bar\Cache\00EDB228.bin
C:\Program Files\AskBarDis\bar\Cache\00EDBB02.bin
C:\Program Files\AskBarDis\bar\Cache\00EDC3EB.bin
C:\Program Files\AskBarDis\bar\Cache\00EDC727.bin
C:\Program Files\AskBarDis\bar\Cache\00EDCAC1.bin
C:\Program Files\AskBarDis\bar\Cache\00EDCEE8.bin
C:\Program Files\AskBarDis\bar\Cache\files.ini
C:\Program Files\AskBarDis\bar\History\search
C:\Program Files\AskBarDis\bar\Settings\AskLogo.ico
C:\Program Files\AskBarDis\bar\Settings\config.dat
C:\Program Files\AskBarDis\bar\Settings\config.dat.bak
C:\Program Files\AskBarDis\bar\Settings\prevcfg.htm
C:\Program Files\AskBarDis\bar\Settings\prevCfg2.htm
C:\DOCUME~1\GM_MCIS\LOCALS~1\Temp\nshADB.tmp
C:\DOCUME~1\GM_MCIS\LOCALS~1\Temp\nss18.tmp
C:\DOCUME~1\GM_MCIS\LOCALS~1\Temp\nsu14.tmp
C:\DOCUME~1\GM_MCIS\LOCALS~1\Temp\nsw4F4.tmp

-----------\\ Extensions

(GM_MCIS) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(GM_MCIS) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar
(GM_MCIS) - {f592709f-ff4a-4862-b659-4afabda56312} => mininova

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.01net.com/telecharger/"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page Restore"="about:blank"
"SearchMigratedDefaultURL"="https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\GM_MCIS\DwnlData\GM_MCIS\crack-20+-20keygen_1034
C:\DOCUME~1\GM_MCIS\DwnlData\GM_MCIS\crack-20+-20keygen_1034\crack-20+-20keygen_1034.log
C:\DOCUME~1\GM_MCIS\Recent\crack + keygen.lnk

1 - "C:\ToolBar SD\TB_1.txt" - 23/02/2009|14:50 - Option : [1]

-----------\\ Fin du rapport a 14:50:15,87
--------------------------------------------------------------------------------------------------------------------------

et voici pour le 2 eme :
ca me mais sa est sa rest comsa http://nsa05.casimages.com/img/2009/02/23//090223031239554848.jpg

PS: tu peut me dire quelson ces infection et est ce que je peut récuperet mon pc et merci pour tout
0
Réponse 6 / 18
totobetourne Messages postés 5677 Statut Membre 65
 
j attend la suite de tes rapports.

vire cela:C:\DOCUME~1\GM_MCIS\DwnlData\GM_MCIS\crack-20+-20keygen_1034
C:\DOCUME~1\GM_MCIS\DwnlData\GM_MCIS\crack-20+-20keygen_1034\crack-20+-20keygen_1034.log
C:\DOCUME~1\GM_MCIS\Recent\crack + keygen.lnk
0
Réponse 7 / 18
SAMY90 Messages postés 14 Statut Membre
 
ops j'ai oublier quelque chose lors du 1 scan je nais pas couper la connexion durant le scan oh pardonne le voila (en coupant la conextion) :

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : Default System BIOS
USER : GM_MCIS ( Administrator )
BOOT : Normal boot
Antivirus : ESET NOD32 Antivirus 3.0 3.0 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:39 Go (Free:7 Go)
D:\ (CD or DVD)
E:\ (Local Disk) - NTFS - Total:35 Go (Free:1 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 23/02/2009|15:35 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\AskBarDis
C:\Program Files\AskBarDis\bar
C:\Program Files\AskBarDis\unins000.dat
C:\Program Files\AskBarDis\unins000.exe
C:\Program Files\AskBarDis\bar\bin
C:\Program Files\AskBarDis\bar\Cache
C:\Program Files\AskBarDis\bar\History
C:\Program Files\AskBarDis\bar\Settings
C:\Program Files\AskBarDis\bar\bin\askBar.dll
C:\Program Files\AskBarDis\bar\bin\askPopStp.dll
C:\Program Files\AskBarDis\bar\bin\AskSplash.exe
C:\Program Files\AskBarDis\bar\bin\AskTBApp.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\AskBarDis\bar\bin\psvince.dll
C:\Program Files\AskBarDis\bar\Cache\00ED3C0E
C:\Program Files\AskBarDis\bar\Cache\00ED7118.bin
C:\Program Files\AskBarDis\bar\Cache\00ED9AD7.bin
C:\Program Files\AskBarDis\bar\Cache\00EDB228.bin
C:\Program Files\AskBarDis\bar\Cache\00EDBB02.bin
C:\Program Files\AskBarDis\bar\Cache\00EDC3EB.bin
C:\Program Files\AskBarDis\bar\Cache\00EDC727.bin
C:\Program Files\AskBarDis\bar\Cache\00EDCAC1.bin
C:\Program Files\AskBarDis\bar\Cache\00EDCEE8.bin
C:\Program Files\AskBarDis\bar\Cache\files.ini
C:\Program Files\AskBarDis\bar\History\search
C:\Program Files\AskBarDis\bar\Settings\AskLogo.ico
C:\Program Files\AskBarDis\bar\Settings\config.dat
C:\Program Files\AskBarDis\bar\Settings\config.dat.bak
C:\Program Files\AskBarDis\bar\Settings\prevcfg.htm
C:\Program Files\AskBarDis\bar\Settings\prevCfg2.htm
C:\DOCUME~1\GM_MCIS\LOCALS~1\Temp\nshADB.tmp
C:\DOCUME~1\GM_MCIS\LOCALS~1\Temp\nss18.tmp
C:\DOCUME~1\GM_MCIS\LOCALS~1\Temp\nsu14.tmp
C:\DOCUME~1\GM_MCIS\LOCALS~1\Temp\nsw4F4.tmp

-----------\\ Extensions

(GM_MCIS) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(GM_MCIS) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar
(GM_MCIS) - {f592709f-ff4a-4862-b659-4afabda56312} => mininova

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.01net.com/telecharger/"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page Restore"="about:blank"
"SearchMigratedDefaultURL"="https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\GM_MCIS\Recent\crack + keygen.lnk

1 - "C:\ToolBar SD\TB_1.txt" - 23/02/2009|14:50 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 23/02/2009|15:17 - Option : [1]
3 - "C:\ToolBar SD\TB_3.txt" - 23/02/2009|15:36 - Option : [1]

-----------\\ Fin du rapport a 15:36:26,32

----------------------------------------------------------------------------------------------------------------

et pour le 2 eme ca done sa http://nsa05.casimages.com/img/2009/02/23//090223031239554848.jpg et ces constand !?
0
Réponse 8 / 18
totobetourne Messages postés 5677 Statut Membre 65
 
comprend pas reesaye donc en option 2 internet coupe et internet non coupe.

car j ai "toujours" eu un rapport dans ce cas.
0
Réponse 9 / 18
SAMY90 Messages postés 14 Statut Membre
 
j'ai essayer et sa donne toujours rien ta vue le screenshout ou pas ?
petaitre a cause du virus je lais neutraliser il s'appelle "winxp" il se trouve dans C:/WINDOWS/systeme32/winxp mais "fichier cacher" je ne peut pas le supprimer shittttttttt , alors qu'est ce que je peut faire
0
Réponse 10 / 18
totobetourne Messages postés 5677 Statut Membre 65
 
pour winxp je l avai vu , il apparait sur ton hijack , on fera apres toolbar . d autres infections l empeche de fonctionner.

passe cela
pour voir télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
Réponse 11 / 18
SAMY90 Messages postés 14 Statut Membre
 
voila pour le rapport :

ComboFix 09-02-24.02 - GM_MCIS 2009-02-25 14:37:46.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.894.479 [GMT 1:00]
Lancé depuis: c:\documents and settings\GM_MCIS\Bureau\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
.
[color=purple]Les fichiers ci-dessous ont été désactivés pendant l'exécution:[/color]
c:\program files\SuperCopier2\SC2Hook.dll

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\windows\msnimport.exe
E:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-25 au 2009-02-25 ))))))))))))))))))))))))))))))))))))
.

2009-02-24 18:05 . 2009-02-24 18:05 <REP> d-------- c:\program files\AMX Mod X
2009-02-24 13:10 . 2009-02-24 14:41 364 --a------ c:\windows\system32\winxp
2009-02-23 14:48 . 2009-02-24 23:47 <REP> d-------- C:\ToolBar SD
2009-02-23 14:16 . 2009-02-23 14:16 0 --a------ C:\_@119C.tmp
2009-02-23 14:16 . 2009-02-23 14:16 0 --a------ C:\_@1191.tmp
2009-02-23 14:15 . 2004-08-04 05:54 1,036,288 --a------ c:\windows\explorer.backup
2009-02-23 14:05 . 2009-02-23 14:40 <REP> d-------- c:\program files\Download Direct
2009-02-23 12:42 . 2009-02-23 12:42 <REP> d-------- c:\program files\Trend Micro
2009-02-22 17:56 . 2009-02-22 17:56 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-02-22 17:00 . 2009-02-22 17:00 <REP> d-------- c:\program files\Valve
2009-02-22 13:18 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-22 13:15 . 2009-02-22 13:18 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-22 13:15 . 2009-02-22 13:15 <REP> d-------- c:\documents and settings\GM_MCIS\Application Data\Malwarebytes
2009-02-22 13:15 . 2009-02-22 13:15 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-22 13:15 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-21 22:10 . 2009-02-23 14:34 937,705,472 --a------ c:\windows\MEMORY.DMP
2009-02-21 21:36 . 2002-09-07 01:00 10,096,640 --a--c--- c:\windows\system32\dllcache\hwxcht.dll
2009-02-21 21:35 . 2004-08-04 05:54 2,134,528 --a--c--- c:\windows\system32\dllcache\smtpsnap.dll
2009-02-21 21:34 . 2009-02-21 21:34 488 -rah----- c:\windows\system32\logonui.exe.manifest
2009-02-21 21:33 . 2002-09-07 01:00 16,384 --a--c--- c:\windows\system32\dllcache\isignup.exe
2009-02-21 21:33 . 2009-02-21 21:33 749 -rah----- c:\windows\WindowsShell.Manifest
2009-02-21 21:33 . 2009-02-21 21:33 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2009-02-21 21:33 . 2009-02-21 21:33 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2009-02-21 21:33 . 2009-02-21 21:33 749 -rah----- c:\windows\system32\nwc.cpl.manifest
2009-02-21 21:33 . 2009-02-21 21:33 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2009-02-21 21:19 . 2002-09-07 01:00 24,661 --a------ c:\windows\system32\spxcoins.dll
2009-02-21 21:19 . 2002-09-07 01:00 24,661 --a--c--- c:\windows\system32\dllcache\spxcoins.dll
2009-02-21 21:19 . 2002-09-07 01:00 13,312 --a------ c:\windows\system32\irclass.dll
2009-02-21 21:19 . 2002-09-07 01:00 13,312 --a--c--- c:\windows\system32\dllcache\irclass.dll
2009-02-21 17:53 . 2009-02-21 17:54 <REP> d-------- c:\documents and settings\Administrateur\Application Data\vlc
2009-02-21 17:10 . 2009-02-21 17:10 664 --a------ c:\windows\system32\d3d9caps.dat
2009-02-21 17:03 . 2008-07-07 23:26 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2009-02-21 17:03 . 2008-07-07 23:26 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2009-02-21 17:03 . 2008-07-07 21:31 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2009-02-21 17:03 . 2009-02-21 17:10 <REP> d-------- c:\documents and settings\Administrateur\Mes documents
2009-02-21 17:03 . 2008-07-07 23:26 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2009-02-21 17:03 . 2008-07-07 23:26 <REP> d-------- c:\documents and settings\Administrateur\Favoris
2009-02-21 17:03 . 2009-02-22 18:32 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2009-02-21 17:03 . 2009-02-21 17:03 <REP> d-------- c:\documents and settings\Administrateur
2009-02-21 12:16 . 2009-02-25 14:37 43,500 -rahs---- C:\winfile.jpg
2009-02-21 12:16 . 2009-02-25 12:54 43,500 -rahs---- c:\windows\system32\winjpg.jpg
2009-02-20 14:22 . 2009-02-20 14:58 <REP> d-------- c:\program files\GameSpy Arcade
2009-02-20 14:22 . 2009-02-20 14:22 <REP> d-------- c:\documents and settings\All Users\Application Data\Trymedia
2009-02-20 14:12 . 2009-02-20 14:12 <REP> d-------- c:\program files\Sierra
2009-02-19 22:38 . 2009-02-24 23:50 <REP> d-------- C:\$STURMBOT_TEMP$
2009-02-19 17:25 . 2009-02-19 17:25 <REP> d-------- c:\program files\AC3Filter
2009-02-19 17:25 . 2008-07-09 09:05 421,888 --a------ c:\windows\system32\ac3filter.acm
2009-02-18 18:44 . 2009-02-18 18:44 <REP> d-------- c:\documents and settings\All Users\Application Data\UDL
2009-02-18 18:43 . 2003-07-02 01:00 131,072 --a------ c:\windows\system32\Epcmlib.dll
2009-02-18 18:42 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-02-18 18:41 . 2009-02-18 18:45 <REP> d-------- c:\program files\EPSON
2009-02-18 18:41 . 2003-05-29 01:01 91,648 --a------ c:\windows\system32\E_SAGSET.DLL
2009-02-18 18:41 . 2003-12-10 01:13 76,054 --a------ c:\windows\system32\EBPMON24.DLL
2009-02-18 18:41 . 2003-05-21 02:27 64,000 --a------ c:\windows\system32\ECBTEG.DLL
2009-02-18 18:41 . 2000-06-07 01:01 34,304 --a------ c:\windows\system32\EBPCHP.DLL
2009-02-18 18:41 . 2003-07-16 13:14 31,744 --a------ c:\windows\system32\E_DCINST.DLL
2009-02-18 18:41 . 2001-09-04 02:04 182 --a------ c:\windows\system32\EBPPORT4.DAT
2009-02-18 18:40 . 2009-02-18 18:40 25 --a------ c:\windows\CDEC45Euro.ini
2009-02-18 17:33 . 2009-02-19 12:10 <REP> d-------- c:\windows\SxsCaPendDel
2009-02-18 16:54 . 2009-02-18 16:54 <REP> d--h----- c:\windows\msdownld.tmp
2009-02-18 16:18 . 2009-02-18 16:18 <REP> d-------- c:\windows\Math_3.A.S
2009-02-18 16:18 . 2009-02-18 16:19 <REP> d-------- c:\program files\Math_3.A.S
2009-02-18 12:24 . 2009-02-18 18:37 <REP> d-------- c:\program files\eMule
2009-02-17 12:49 . 2009-02-17 12:49 <REP> d-------- c:\program files\Inno Setup 5
2009-02-13 13:17 . 2009-02-13 13:17 <REP> d-------- c:\program files\RocketDock
2009-02-13 12:48 . 2009-02-25 09:06 <REP> d--h----- c:\windows\FlyakiteOSX
2009-02-10 17:37 . 2009-02-10 17:40 <REP> d-------- c:\program files\Sib Cursor Editor
2009-02-09 17:07 . 2009-02-10 12:48 <REP> d-------- c:\program files\Half-Life 2 Deathmatch
2009-02-09 12:23 . 2009-02-20 02:47 <REP> d-------- c:\program files\Steam
2009-02-08 15:06 . 2009-02-08 15:14 <REP> d-------- c:\documents and settings\All Users\Application Data\WinZip
2009-02-08 14:11 . 2009-02-21 21:33 107 --a------ c:\windows\win.ini
2009-02-07 21:38 . 2009-02-07 21:38 <REP> d-------- c:\program files\CCleaner
2009-02-07 19:27 . 2009-02-07 19:27 <REP> d-------- c:\documents and settings\GM_MCIS\Application Data\Media Player Classic
2009-02-07 19:10 . 2009-02-13 12:44 <REP> d-------- c:\program files\Gabest
2009-02-07 19:10 . 2009-02-18 18:37 <REP> d-------- c:\program files\AviSynth 2.5
2009-02-07 19:09 . 2009-02-07 19:10 <REP> d-------- c:\program files\AutoGK
2009-02-07 16:44 . 2009-02-07 17:03 <REP> d-------- c:\documents and settings\GM_MCIS\Application Data\MilkShape 3D 1.x.x
2009-02-07 16:42 . 2009-02-07 16:42 <REP> d-------- c:\documents and settings\GM_MCIS\Application Data\LicamTools
2009-02-07 15:14 . 2009-02-23 14:35 666 --a------ c:\windows\VisualTooltip.ini
2009-02-07 12:31 . 2004-08-19 16:09 8,440,320 --a------ c:\windows\system32\shell32.backup
2009-02-07 12:30 . 2004-08-19 16:09 1,003,520 --a------ c:\windows\system32\setupapi.backup
2009-02-07 12:30 . 2004-08-19 16:09 685,056 --a------ c:\windows\system32\rasdlg.backup
2009-02-07 12:30 . 2004-08-19 16:09 352,256 --a------ c:\windows\system32\cmdial32.backup
2009-02-07 12:30 . 2004-08-19 16:09 165,888 --a------ c:\windows\system32\credui.backup
2009-02-07 12:30 . 2004-08-19 16:09 31,744 --a------ c:\windows\hh.backup
2009-02-07 12:26 . 2009-02-23 14:22 <REP> d-------- c:\windows\VIPv3
2009-02-07 12:26 . 2009-02-23 14:22 7,176,120 --a------ c:\windows\system32\VIPv3_EXT.dll
2009-02-07 12:26 . 2003-06-22 12:31 65,536 --a------ c:\windows\system32\vbalProgBar6.ocx
2009-02-07 12:26 . 2006-08-15 23:19 97 --a------ c:\documents and settings\win.ini
2009-02-07 12:26 . 2006-08-15 23:21 96 --a------ c:\windows\docs.ini
2009-02-06 12:44 . 2009-02-10 18:59 10,022 --ahs---- c:\windows\system32\KGyGaAvL.sys
2009-02-05 20:33 . 2009-02-07 19:10 <REP> d-------- c:\program files\Xvid
2009-02-05 20:30 . 2009-02-05 22:01 <REP> d-------- c:\program files\ZD Soft
2009-02-04 17:24 . 2009-02-19 23:10 <REP> d-------- c:\program files\QuickTime
2009-02-04 17:24 . 2009-02-19 23:10 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-03 17:16 . 2009-02-13 15:58 <REP> d-------- c:\program files\CSS
2009-02-03 17:01 . 2009-02-06 21:32 <REP> d-------- c:\program files\DivX
2009-02-03 13:20 . 2009-02-03 13:20 <REP> d-------- c:\program files\VideoMach-2.7.2
2009-02-03 12:18 . 2009-02-08 15:05 <REP> d-------- c:\program files\CodeBlocks
2009-02-03 12:18 . 2009-02-25 14:21 <REP> d-------- c:\documents and settings\GM_MCIS\Application Data\codeblocks
2009-02-02 17:31 . 2009-02-02 17:31 119 --a------ c:\windows\AutoScreenRecorder.INI
2009-02-02 17:24 . 2009-02-02 17:24 <REP> d-------- c:\program files\AskSearch
2009-02-02 17:24 . 2009-02-02 17:24 <REP> d-------- c:\program files\AskBarDis
2009-02-02 17:23 . 2009-02-02 17:24 <REP> d-------- c:\program files\Wisdom-soft AutoScreenRecorder 3 Free
2009-01-26 17:43 . 2006-08-09 19:58 218,624 --a------ c:\windows\system32\uxtheme.backup
2009-01-26 13:45 . 2009-02-02 12:21 38 --a------ c:\windows\camcodec100.ini
2009-01-25 22:10 . 2009-01-25 22:10 179,200 --a------ c:\windows\system32\xvidvfw.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-25 13:37 --------- d-----w c:\documents and settings\GM_MCIS\Application Data\DMCache
2009-02-25 13:31 --------- d-----w c:\program files\SuperCopier2
2009-02-23 20:06 --------- d-----w c:\documents and settings\GM_MCIS\Application Data\uTorrent
2009-02-22 17:32 --------- d-----w c:\documents and settings\GM_MCIS\Application Data\Desktopicon
2009-02-21 16:04 --------- d-----w c:\program files\Unlocker
2009-02-21 15:17 --------- d-----w c:\program files\Stardock
2009-02-18 17:45 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-18 16:40 --------- d-----w c:\program files\Microsoft Visual Studio 9.0
2009-02-18 16:40 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-16 16:12 --------- d-----w c:\program files\IsoBuster
2009-02-15 16:48 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-06 12:37 --------- d-----w c:\program files\CamStudio
2009-02-01 16:11 --------- d-----w c:\program files\MTA San Andreas
2009-01-29 19:29 --------- d-----w c:\program files\Fraps
2009-01-29 16:25 407,047 ----a-w c:\windows\system32\mioengine.exe
2009-01-25 11:58 --------- d-----w c:\program files\Fichiers communs\Adobe
2009-01-24 11:43 --------- d-----w c:\program files\Fichiers communs\fwc
2009-01-24 11:43 --------- d-----w c:\program files\Fake Webcam
2009-01-23 17:45 --------- d-----w c:\documents and settings\All Users\Application Data\TechSmith
2009-01-23 17:44 --------- d-----w c:\program files\Fichiers communs\TechSmith Shared
2009-01-23 17:30 --------- d-----w c:\documents and settings\GM_MCIS\Application Data\Apple Computer
2009-01-22 16:37 --------- d-----w c:\program files\VirtualDJ
2009-01-22 16:16 --------- d-----w c:\program files\Apple Software Update
2009-01-22 16:16 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-01-22 10:53 --------- d-----w c:\program files\TechSmith
2009-01-20 15:50 --------- d-----w c:\program files\San Andreas Mod Installer
2009-01-17 09:16 --------- d-----w c:\program files\Internet Download Manager
2009-01-15 10:51 --------- d-----w c:\documents and settings\GM_MCIS\Application Data\SystemRequirementsLab
2009-01-11 20:53 --------- d-----w c:\documents and settings\GM_MCIS\Application Data\dvdcss
2009-01-11 20:40 --------- d-----w c:\documents and settings\GM_MCIS\Application Data\vlc
2009-01-10 11:26 --------- d-----w c:\program files\Lavalys
2009-01-09 18:35 --------- d-----w c:\program files\Electronic Arts
2009-01-08 23:01 629,760 ----a-w c:\windows\system32\xvidcore.dll
2009-01-08 11:38 --------- d-----w c:\documents and settings\GM_MCIS\Application Data\IDM
2009-01-02 18:43 --------- d-----w c:\documents and settings\GM_MCIS\Application Data\Talkback
2009-01-02 11:42 271,360 ----a-w c:\windows\system32\drivers\atksgt.sys
2009-01-02 11:42 18,048 ----a-w c:\windows\system32\drivers\lirsgt.sys
2009-01-02 11:41 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-01-02 11:41 --------- d-----w c:\program files\AGEIA Technologies
2009-01-02 11:36 --------- d-----w c:\program files\Playlogic
2009-01-02 11:29 --------- d-----w c:\program files\Conduit
2009-01-02 11:28 --------- d-----w c:\program files\Smart Projects
2009-01-01 20:08 --------- d-----w c:\program files\HiYo
2009-01-01 20:08 --------- d-----w c:\documents and settings\GM_MCIS\Application Data\HiYo
2009-01-01 20:08 --------- d-----w c:\documents and settings\All Users\Application Data\HiYo
2008-12-30 12:15 --------- d-----w c:\program files\Loop12 V2
2008-12-28 10:58 --------- d-----w c:\documents and settings\GM_MCIS\Application Data\Publish Providers
2008-12-27 21:11 --------- d-----w c:\program files\Autodesk
2008-12-27 17:36 --------- d-----w c:\program files\AMT
2008-12-27 11:40 --------- d-----w c:\documents and settings\All Users\Application Data\Sony
2008-12-27 11:31 --------- d-----w c:\program files\Microsoft.NET
2008-12-27 11:31 --------- d-----w c:\program files\Microsoft SQL Server
2008-12-27 11:27 --------- d-----w c:\program files\Sony Setup
2008-12-27 01:21 --------- d-----w c:\program files\Modules VST
2008-12-27 01:21 --------- d-----w c:\documents and settings\GM_MCIS\Application Data\Sony
2008-12-27 01:16 --------- d-----w c:\program files\Sony
2008-12-26 21:58 --------- d-----w c:\program files\Styler
2008-12-25 15:17 --------- d-----w c:\program files\Surreal
2008-12-19 23:30 81,920 ----a-w c:\windows\system32\frapsvid.dll
2008-12-08 11:06 410,984 ----a-w c:\windows\system32\deploytk.dll
.

------- Sigcheck -------

2004-08-19 16:09 578048 61c8c283ad063bb697ae61a155c64a5a c:\windows\FlyakiteOSX\Backup\user32.dll
2008-04-14 03:33 579584 e853f84d3ce2faa2a802e33cf89ac023 c:\windows\SoftwareDistribution\Download\d43a20c40794c502928d4b7d8ff0ea20\user32.dll
2004-08-19 16:09 578048 61c8c283ad063bb697ae61a155c64a5a c:\windows\system32\user32.dll
2004-08-19 16:09 578048 61c8c283ad063bb697ae61a155c64a5a c:\windows\system32\dllcache\user32.dll

2004-08-19 16:09 1475072 95456dcab44486a09c8b8e63da423004 c:\windows\explorer.exe
2004-08-04 05:54 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa c:\windows\FlyakiteOSX\Backup\explorer.exe
2008-04-14 03:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd c:\windows\SoftwareDistribution\Download\d43a20c40794c502928d4b7d8ff0ea20\explorer.exe
2004-08-19 16:09 1475072 95456dcab44486a09c8b8e63da423004 c:\windows\system32\dllcache\explorer.exe
2004-08-19 16:09 1475072 95456dcab44486a09c8b8e63da423004 c:\windows\VIPv3\backup\explorer.exe
2004-08-19 16:09 1407488 f044c0b9dfdff1900f2a022639bb7cdf c:\windows\VIPv3\resources\explorer.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}"= "c:\program files\IsoBuster\tbIso1.dll" [2009-02-16 1881624]

[HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-12-09 18:40 333192 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]
2009-02-16 17:13 1881624 --a------ c:\program files\IsoBuster\tbIso1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}"= "c:\program files\IsoBuster\tbIso1.dll" [2009-02-16 1881624]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

[HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{266FCDCA-7BB3-4DA7-B3BF-F845DEA2EBD6}"= "c:\program files\IsoBuster\tbIso1.dll" [2009-02-16 1881624]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

[HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2005-03-14 1057280]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-05-04 149040]
"LightScribe Control Panel"="c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"L08FXLRD_681078"="c:\program files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" [2007-06-12 351000]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-01-08 2606512]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"DLD.EXE"="c:\program files\Download Direct\DLD.exe" [2007-09-17 1343488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"Cloneur Expert Monitor"="c:\program files\Micro Application\Cloneur Expert\TrueImageMonitor.exe" [2008-07-07 439211]
"Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2008-07-07 69632]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2007-06-29 811008]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-08 136600]
"Hiyo"="c:\program files\HiYo\bin\HiYo.exe" [2008-12-23 300336]
"VIPv3_Auto_Update"="c:\windows\VIPv3\CheckForUpdates.exe" [2006-09-08 23723]
"System Files Updater"="c:\windows\FlyakiteOSX\Tools\System Files Updater.exe" [2006-02-26 118485]
"EPSON Stylus C45 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE" [2004-01-14 99840]
"EPSON Stylus C45 Series (Copie 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE" [2004-01-14 99840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"CTFMON"="c:\windows\system32\wscript.exe" [2004-08-04 114688]
"VTTimer"="VTTimer.exe" [2006-09-21 c:\windows\system32\VTTimer.exe]
"S3Trayp"="S3Trayp.exe" [2007-06-11 c:\windows\system32\S3Trayp.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\GM_MCIS\Menu D‚marrer\Programmes\D‚marrage\
Styler.lnk - c:\documents and settings\GM_MCIS\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2008-12-26 15086]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-01-14 525664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"VIDC.CSCD"= camcodec.dll
"MSVideo"= CSvidcap.dll
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drwtsn32.exe]
"Debugger"=c:\windows\system32\wscript.exe /E:vbs c:\windows\system32\winjpg.jpg

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dwwinxp.exe]
"Debugger"=c:\windows\system32\winxp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
--a------ 2008-11-12 10:30 2511672 c:\program files\BitComet\BitComet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:55 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-05-04 09:59 161328 c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 16:18 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Valve\\CStrike_1.6\\hl.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"e:\\M.SAMY\\Logiciel\\Msn\\WLM Lite 8.5.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"=
"c:\\Program Files\\CSS\\hl2.exe"=
"c:\\Program Files\\Half-Life 2 Deathmatch\\hl2.exe"=
"c:\\Program Files\\Valve\\CStrike_1.6\\hltv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8732:TCP"= 8732:TCP:BitComet 8732 TCP
"8732:UDP"= 8732:UDP:BitComet 8732 UDP

R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [2008-07-07 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [2008-07-07 52224]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-02-20 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]
R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2008-07-07 714240]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2002-09-07 3584]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mchInjDrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45f0f767-d425-11dd-a3e9-001bb9b23cf0}]
\Shell\AutoRun\command - F:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72267f52-fb51-11dd-a495-001bb9b23cf0}]
\Shell\AutoRun\command - F:\s39tg.cmd
\Shell\open\Command - F:\s39tg.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c139bdbe-0008-11de-a4a6-001bb9b23cf0}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'

2009-02-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-bdeaadxa - c:\documents and settings\gm_mcis\local settings\application data\bdeaadxa.exe
HKLM-Run-MSPY2002 - c:\windows\system32\IME\PINTLGNT\ImScInst.exe
HKLM-Run-PHIME2002ASync - c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
HKLM-Run-PHIME2002A - c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
HKLM-Run-regdiit - c:\windows\system32\winxp.exe
MSConfigStartUp-Camfrog - c:\program files\Camfrog\Camfrog Video Chat\CamfrogNet.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.01net.com/telecharger/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13728&gct=&gc=1&q=%s
IE: &T&élécharger &avec BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &T&élécharger tout avec BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &T&élécharger toute vidéo avec BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\GM_MCIS\Application Data\Mozilla\Firefox\Profiles\589mm6vd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1396957&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Mininova Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.dz/firefox
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1396957&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 1
FF - component: c:\documents and settings\GM_MCIS\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\documents and settings\GM_MCIS\Application Data\Mozilla\Firefox\Profiles\589mm6vd.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - component: c:\documents and settings\GM_MCIS\Application Data\Mozilla\Firefox\Profiles\589mm6vd.default\extensions\{f592709f-ff4a-4862-b659-4afabda56312}\components\FFAlert.dll
FF - component: c:\documents and settings\GM_MCIS\Application Data\Mozilla\Firefox\Profiles\589mm6vd.default\extensions\glasser@sixxgate.com\components\dwmxpcom.dll
FF - plugin: c:\program files\Microsoft Silverlight\npctrl.1.0.20926.0.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll

---- PARAMETRES FIREFOX ----
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-25 14:38:53
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\GM_MCIS\LOCALS~1\Temp\mc227.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3306ac1c-9d14-49c4-ad8a-18b959e28621}]
@Denied: (Full) (Everyone)
"Model"=dword:00000020
"Therad"=dword:0000000a
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,d3,29,1b,b2,88,bc,31,89,c9,b1,6a,0f,69,58,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):a3,cb,66,39,cb,dc,16,23,3f,70,19,49,7b,55,b2,59,31,9b,23,5f,85,
01,d8,97,36,6a,05,99,90,42,75,da,72,af,3a,85,55,3a,fb,55,00,00,00,00,00,00,\
.
Heure de fin: 2009-02-25 14:40:11
ComboFix-quarantined-files.txt 2009-02-25 13:40:09

Avant-CF: 7 528 456 192 octets libres
Après-CF: 9,461,673,984 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

395 --- E O F --- 2008-12-24 10:47:14

-------------------------------------------------------------------------------------------------------------------------

PS:juste une petit presision lors du démarrage de Comebofix il ma demander de télécharger la console de récupération windows et j'ai accepter -> et aussi il ma dit que un fichier a tenter de ce concter a lui "C:/Programme files/SuperCopier2/SC2Hoot"
ET mercccccccccci bcp pour tout ce que tu fait pour moi
0
Réponse 12 / 18
totobetourne Messages postés 5677 Statut Membre 65
 
1)fait cela

/!\ Manip crée spécialement pour cet utilisateur , ne pas reproduire chez soi ... /!\

Ouvre le Bloc-Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)

Copie ce texte ( en gras )d'une traite ( CTRL+C pour copier ) puis colle-le ( CTRL+V dans le bloc-note )

Kill all::

File:
c:\windows\system32\winxp.exe
F:\start.exe
F:\s39tg.cmd

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dwwinxp.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drwtsn32.exe]
"Debugger"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45f0f767-d425-11dd-a3e9-001bb9b23cf0}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72267f52-fb51-11dd-a495-001bb9b23cf0}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c139bdbe-0008-11de-a4a6-001bb9b23cf0}]

Sauvegarde ce fichier sur ton bureau sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
0
Réponse 13 / 18
SAMY90 Messages postés 14 Statut Membre
 
j'ai bien fait la manipulation mais j'ai pas u le message "Type 1 to continue, or 2 to abort" il a fait la meme chose q'avant et voila le raport du scane :

ComboFix 09-02-24.02 - GM_MCIS 2009-02-25 18:05:33.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.894.523 [GMT 1:00]
Lancé depuis: c:\documents and settings\GM_MCIS\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\GM_MCIS\Bureau\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.
[color=purple]Les fichiers ci-dessous ont été désactivés pendant l'exécution:[/color]
c:\program files\SuperCopier2\SC2Hook.dll

((((((((((((((((((((((((((((( Fichiers créés du 2009-01-25 au 2009-02-25 ))))))))))))))))))))))))))))))))))))
.

2009-02-24 18:05 . 2009-02-24 18:05 <REP> d-------- c:\program files\AMX Mod X
2009-02-24 13:10 . 2009-02-24 14:41 364 --a------ c:\windows\system32\winxp
2009-02-23 14:48 . 2009-02-24 23:47 <REP> d-------- C:\ToolBar SD
2009-02-23 14:16 . 2009-02-23 14:16 0 --a------ C:\_@119C.tmp
2009-02-23 14:16 . 2009-02-23 14:16 0 --a------ C:\_@1191.tmp
2009-02-23 14:15 . 2004-08-04 05:54 1,036,288 --a------ c:\windows\explorer.backup
2009-02-23 14:05 . 2009-02-23 14:40 <REP> d-------- c:\program files\Download Direct
2009-02-23 12:42 . 2009-02-23 12:42 <REP> d-------- c:\program files\Trend Micro
2009-02-22 17:56 . 2009-02-22 17:56 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-02-22 17:00 . 2009-02-22 17:00 <REP> d-------- c:\program files\Valve
2009-02-22 13:18 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-22 13:15 . 2009-02-22 13:18 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-22 13:15 . 2009-02-22 13:15 <REP> d-------- c:\documents and settings\GM_MCIS\Application Data\Malwarebytes
2009-02-22 13:15 . 2009-02-22 13:15 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-22 13:15 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-21 22:10 . 2009-02-23 14:34 937,705,472 --a------ c:\windows\MEMORY.DMP
2009-02-21 21:36 . 2002-09-07 01:00 10,096,640 --a--c--- c:\windows\system32\dllcache\hwxcht.dll
2009-02-21 21:35 . 2004-08-04 05:54 2,134,528 --a--c--- c:\windows\system32\dllcache\smtpsnap.dll
2009-02-21 21:34 . 2009-02-21 21:34 488 -rah----- c:\windows\system32\logonui.exe.manifest
2009-02-21 21:33 . 2002-09-07 01:00 16,384 --a--c--- c:\windows\system32\dllcache\isignup.exe
2009-02-21 21:33 . 2009-02-21 21:33 749 -rah----- c:\windows\WindowsShell.Manifest
2009-02-21 21:33 . 2009-02-21 21:33 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2009-02-21 21:33 . 2009-02-21 21:33 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2009-02-21 21:33 . 2009-02-21 21:33 749 -rah----- c:\windows\system32\nwc.cpl.manifest
2009-02-21 21:33 . 2009-02-21 21:33 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2009-02-21 21:19 . 2002-09-07 01:00 24,661 --a------ c:\windows\system32\spxcoins.dll
2009-02-21 21:19 . 2002-09-07 01:00 24,661 --a--c--- c:\windows\system32\dllcache\spxcoins.dll
2009-02-21 21:19 . 2002-09-07 01:00 13,312 --a------ c:\windows\system32\irclass.dll
2009-02-21 21:19 . 2002-09-07 01:00 13,312 --a--c--- c:\windows\system32\dllcache\irclass.dll
2009-02-21 17:53 . 2009-02-21 17:54 <REP> d-------- c:\documents and settings\Administrateur\Application Data\vlc
2009-02-21 17:10 . 2009-02-21 17:10 664 --a------ c:\windows\system32\d3d9caps.dat
2009-02-21 17:03 . 2008-07-07 23:26 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2009-02-21 17:03 . 2008-07-07 23:26 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2009-02-21 17:03 . 2008-07-07 21:31 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2009-02-21 17:03 . 2009-02-21 17:10 <REP> d-------- c:\documents and settings\Administrateur\Mes documents
2009-02-21 17:03 . 2008-07-07 23:26 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2009-02-21 17:03 . 2008-07-07 23:26 <REP> d-------- c:\documents and settings\Administrateur\Favoris
2009-02-21 17:03 . 2009-02-22 18:32 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2009-02-21 17:03 . 2009-02-21 17:03 <REP> d-------- c:\documents and settings\Administrateur
2009-02-21 12:16 . 2009-02-25 14:37 43,500 -rahs---- C:\winfile.jpg
2009-02-21 12:16 . 2009-02-25 12:54 43,500 -rahs---- c:\windows\system32\winjpg.jpg
2009-02-20 14:22 . 2009-02-20 14:58 <REP> d-------- c:\program files\GameSpy Arcade
2009-02-20 14:22 . 2009-02-20 14:22 <REP> d-------- c:\documents and settings\All Users\Application Data\Trymedia
2009-02-20 14:12 . 2009-02-20 14:12 <REP> d-------- c:\program files\Sierra
2009-02-19 22:38 . 2009-02-24 23:50 <REP> d-------- C:\$STURMBOT_TEMP$
2009-02-19 17:25 . 2009-02-19 17:25 <REP> d-------- c:\program files\AC3Filter
2009-02-19 17:25 . 2008-07-09 09:05 421,888 --a------ c:\windows\system32\ac3filter.acm
2009-02-18 18:44 . 2009-02-18 18:44 <REP> d-------- c:\documents and settings\All Users\Application Data\UDL
2009-02-18 18:43 . 2003-07-02 01:00 131,072 --a------ c:\windows\system32\Epcmlib.dll
2009-02-18 18:42 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-02-18 18:41 . 2009-02-18 18:45 <REP> d-------- c:\program files\EPSON
2009-02-18 18:41 . 2003-05-29 01:01 91,648 --a------ c:\windows\system32\E_SAGSET.DLL
2009-02-18 18:41 . 2003-12-10 01:13 76,054 --a------ c:\windows\system32\EBPMON24.DLL
2009-02-18 18:41 . 2003-05-21 02:27 64,000 --a------ c:\windows\system32\ECBTEG.DLL
2009-02-18 18:41 . 2000-06-07 01:01 34,304 --a------ c:\windows\system32\EBPCHP.DLL
2009-02-18 18:41 . 2003-07-16 13:14 31,744 --a------ c:\windows\system32\E_DCINST.DLL
2009-02-18 18:41 . 2001-09-04 02:04 182 --a------ c:\windows\system32\EBPPORT4.DAT
2009-02-18 18:40 . 2009-02-18 18:40 25 --a------ c:\windows\CDEC45Euro.ini
2009-02-18 17:33 . 2009-02-19 12:10 <REP> d-------- c:\windows\SxsCaPendDel
2009-02-18 16:54 . 2009-02-18 16:54 <REP> d--h----- c:\windows\msdownld.tmp
2009-02-18 16:18 . 2009-02-18 16:18 <REP> d-------- c:\windows\Math_3.A.S
2009-02-18 16:18 . 2009-02-18 16:19 <REP> d-------- c:\program files\Math_3.A.S
2009-02-18 12:24 . 2009-02-18 18:37 <REP> d-------- c:\program files\eMule
2009-02-17 12:49 . 2009-02-17 12:49 <REP> d-------- c:\program files\Inno Setup 5
2009-02-13 13:17 . 2009-02-13 13:17 <REP> d-------- c:\program files\RocketDock
2009-02-13 12:48 . 2009-02-25 09:06 <REP> d--h----- c:\windows\FlyakiteOSX
2009-02-10 17:37 . 2009-02-10 17:40 <REP> d-------- c:\program files\Sib Cursor Editor
2009-02-09 17:07 . 2009-02-10 12:48 <REP> d-------- c:\program files\Half-Life 2 Deathmatch
2009-02-09 12:23 . 2009-02-20 02:47 <REP> d-------- c:\program files\Steam
2009-02-08 15:06 . 2009-02-08 15:14 <REP> d-------- c:\documents and settings\All Users\Application Data\WinZip
2009-02-08 14:11 . 2009-02-21 21:33 107 --a------ c:\windows\win.ini
2009-02-07 21:38 . 2009-02-07 21:38 <REP> d-------- c:\program files\CCleaner
2009-02-07 19:27 . 2009-02-07 19:27 <REP> d-------- c:\documents and settings\GM_MCIS\Application Data\Media Player Classic
2009-02-07 19:10 . 2009-02-13 12:44 <REP> d-------- c:\program files\Gabest
2009-02-07 19:10 . 2009-02-18 18:37 <REP> d-------- c:\program files\AviSynth 2.5
2009-02-07 19:09 . 2009-02-07 19:10 <REP> d-------- c:\program files\AutoGK
2009-02-07 16:44 . 2009-02-07 17:03 <REP> d-------- c:\documents and settings\GM_MCIS\Application Data\MilkShape 3D 1.x.x
2009-02-07 16:42 . 2009-02-07 16:42 <REP> d-------- c:\documents and settings\GM_MCIS\Application Data\LicamTools
2009-02-07 15:14 . 2009-02-23 14:35 666 --a------ c:\windows\VisualTooltip.ini
2009-02-07 12:31 . 2004-08-19 16:09 8,440,320 --a------ c:\windows\system32\shell32.backup
2009-02-07 12:30 . 2004-08-19 16:09 1,003,520 --a------ c:\windows\system32\setupapi.backup
2009-02-07 12:30 . 2004-08-19 16:09 685,056 --a------ c:\windows\system32\rasdlg.backup
2009-02-07 12:30 . 2004-08-19 16:09 352,256 --a------ c:\windows\system32\cmdial32.backup
2009-02-07 12:30 . 2004-08-19 16:09 165,888 --a------ c:\windows\system32\credui.backup
2009-02-07 12:30 . 2004-08-19 16:09 31,744 --a------ c:\windows\hh.backup
2009-02-07 12:26 . 2009-02-23 14:22 <REP> d-------- c:\windows\VIPv3
2009-02-07 12:26 . 2009-02-23 14:22 7,176,120 --a------ c:\windows\system32\VIPv3_EXT.dll
2009-02-07 12:26 . 2003-06-22 12:31 65,536 --a------ c:\windows\system32\vbalProgBar6.ocx
2009-02-07 12:26 . 2006-08-15 23:19 97 --a------ c:\documents and settings\win.ini
2009-02-07 12:26 . 2006-08-15 23:21 96 --a------ c:\windows\docs.ini
2009-02-06 12:44 . 2009-02-10 18:59 10,022 --ahs---- c:\windows\system32\KGyGaAvL.sys
2009-02-05 20:33 . 2009-02-07 19:10 <REP> d-------- c:\program files\Xvid
2009-02-05 20:30 . 2009-02-05 22:01 <REP> d-------- c:\program files\ZD Soft
2009-02-04 17:24 . 2009-02-19 23:10 <REP> d-------- c:\program files\QuickTime
2009-02-04 17:24 . 2009-02-19 23:10 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-03 17:16 . 2009-02-13 15:58 <REP> d-------- c:\program files\CSS
2009-02-03 17:01 . 2009-02-06 21:32 <REP> d-------- c:\program files\DivX
2009-02-03 13:20 . 2009-02-03 13:20 <REP> d-------- c:\program files\VideoMach-2.7.2
2009-02-03 12:18 . 2009-02-08 15:05 <REP> d-------- c:\program files\CodeBlocks
2009-02-03 12:18 . 2009-02-25 17:30 <REP> d-------- c:\documents and settings\GM_MCIS\Application Data\codeblocks
2009-02-02 17:31 . 2009-02-02 17:31 119 --a------ c:\windows\AutoScreenRecorder.INI
2009-02-02 17:24 . 2009-02-02 17:24 <REP> d-------- c:\program files\AskSearch
2009-02-02 17:24 . 2009-02-02 17:24 <REP> d-------- c:\program files\AskBarDis
2009-02-02 17:23 . 2009-02-02 17:24 <REP> d-------- c:\program files\Wisdom-soft AutoScreenRecorder 3 Free
2009-01-26 17:43 . 2006-08-09 19:58 218,624 --a------ c:\windows\system32\uxtheme.backup
2009-01-26 13:45 . 2009-02-02 12:21 38 --a------ c:\windows\camcodec100.ini
2009-01-25 22:10 . 2009-01-25 22:10 179,200 --a------ c:\windows\system32\xvidvfw.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-25 17:05 --------- d-----w c:\documents and settings\GM_MCIS\Application Data\DMCache
2009-02-25 17:04 --------- d-----w c:\program files\SuperCopier2
2009-02-23 20:06 --------- d-----w c:\documents and settings\GM_MCIS\Application Data\uTorrent
2009-02-22 17:32 --------- d-----w c:\documents and settings\GM_MCIS\Application Data\Desktopicon
2009-02-21 16:04 --------- d-----w c:\program files\Unlocker
2009-02-21 15:17 --------- d-----w c:\program files\Stardock
2009-02-18 17:45 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-18 16:40 --------- d-----w c:\program files\Microsoft Visual Studio 9.0
2009-02-18 16:40 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-16 16:12 --------- d-----w c:\program files\IsoBuster
2009-02-15 16:48 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-06 12:37 --------- d-----w c:\program files\CamStudio
2009-02-01 16:11 --------- d-----w c:\program files\MTA San Andreas
2009-01-29 19:29 --------- d-----w c:\program files\Fraps
2009-01-29 16:25 407,047 ----a-w c:\windows\system32\mioengine.exe
2009-01-25 11:58 --------- d-----w c:\program files\Fichiers communs\Adobe
2009-01-24 11:43 --------- d-----w c:\program files\Fichiers communs\fwc
2009-01-24 11:43 --------- d-----w c:\program files\Fake Webcam
2009-01-23 17:45 --------- d-----w c:\documents and settings\All Users\Application Data\TechSmith
2009-01-23 17:44 --------- d-----w c:\program files\Fichiers communs\TechSmith Shared
2009-01-23 17:30 --------- d-----w c:\documents and settings\GM_MCIS\Application Data\Apple Computer
2009-01-22 16:37 --------- d-----w c:\program files\VirtualDJ
2009-01-22 16:16 --------- d-----w c:\program files\Apple Software Update
2009-01-22 16:16 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-01-22 10:53 --------- d-----w c:\program files\TechSmith
2009-01-20 15:50 --------- d-----w c:\program files\San Andreas Mod Installer
2009-01-17 09:16 --------- d-----w c:\program files\Internet Download Manager
2009-01-15 10:51 --------- d-----w c:\documents and settings\GM_MCIS\Application Data\SystemRequirementsLab
2009-01-11 20:53 --------- d-----w c:\documents and settings\GM_MCIS\Application Data\dvdcss
2009-01-11 20:40 --------- d-----w c:\documents and settings\GM_MCIS\Application Data\vlc
2009-01-10 11:26 --------- d-----w c:\program files\Lavalys
2009-01-09 18:35 --------- d-----w c:\program files\Electronic Arts
2009-01-08 23:01 629,760 ----a-w c:\windows\system32\xvidcore.dll
2009-01-08 11:38 --------- d-----w c:\documents and settings\GM_MCIS\Application Data\IDM
2009-01-02 18:43 --------- d-----w c:\documents and settings\GM_MCIS\Application Data\Talkback
2009-01-02 11:42 271,360 ----a-w c:\windows\system32\drivers\atksgt.sys
2009-01-02 11:42 18,048 ----a-w c:\windows\system32\drivers\lirsgt.sys
2009-01-02 11:41 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-01-02 11:41 --------- d-----w c:\program files\AGEIA Technologies
2009-01-02 11:36 --------- d-----w c:\program files\Playlogic
2009-01-02 11:29 --------- d-----w c:\program files\Conduit
2009-01-02 11:28 --------- d-----w c:\program files\Smart Projects
2009-01-01 20:08 --------- d-----w c:\program files\HiYo
2009-01-01 20:08 --------- d-----w c:\documents and settings\GM_MCIS\Application Data\HiYo
2009-01-01 20:08 --------- d-----w c:\documents and settings\All Users\Application Data\HiYo
2008-12-30 12:15 --------- d-----w c:\program files\Loop12 V2
2008-12-28 10:58 --------- d-----w c:\documents and settings\GM_MCIS\Application Data\Publish Providers
2008-12-27 21:11 --------- d-----w c:\program files\Autodesk
2008-12-27 17:36 --------- d-----w c:\program files\AMT
2008-12-27 11:40 --------- d-----w c:\documents and settings\All Users\Application Data\Sony
2008-12-27 11:31 --------- d-----w c:\program files\Microsoft.NET
2008-12-27 11:31 --------- d-----w c:\program files\Microsoft SQL Server
2008-12-27 11:27 --------- d-----w c:\program files\Sony Setup
2008-12-27 01:21 --------- d-----w c:\program files\Modules VST
2008-12-27 01:21 --------- d-----w c:\documents and settings\GM_MCIS\Application Data\Sony
2008-12-27 01:16 --------- d-----w c:\program files\Sony
2008-12-26 21:58 --------- d-----w c:\program files\Styler
2008-12-25 15:17 --------- d-----w c:\program files\Surreal
2008-12-19 23:30 81,920 ----a-w c:\windows\system32\frapsvid.dll
2008-12-08 11:06 410,984 ----a-w c:\windows\system32\deploytk.dll
.

------- Sigcheck -------

2004-08-19 16:09 578048 61c8c283ad063bb697ae61a155c64a5a c:\windows\FlyakiteOSX\Backup\user32.dll
2008-04-14 03:33 579584 e853f84d3ce2faa2a802e33cf89ac023 c:\windows\SoftwareDistribution\Download\d43a20c40794c502928d4b7d8ff0ea20\user32.dll
2004-08-19 16:09 578048 61c8c283ad063bb697ae61a155c64a5a c:\windows\system32\user32.dll
2004-08-19 16:09 578048 61c8c283ad063bb697ae61a155c64a5a c:\windows\system32\dllcache\user32.dll

2004-08-19 16:09 1475072 95456dcab44486a09c8b8e63da423004 c:\windows\explorer.exe
2004-08-04 05:54 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa c:\windows\FlyakiteOSX\Backup\explorer.exe
2008-04-14 03:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd c:\windows\SoftwareDistribution\Download\d43a20c40794c502928d4b7d8ff0ea20\explorer.exe
2004-08-19 16:09 1475072 95456dcab44486a09c8b8e63da423004 c:\windows\system32\dllcache\explorer.exe
2004-08-19 16:09 1475072 95456dcab44486a09c8b8e63da423004 c:\windows\VIPv3\backup\explorer.exe
2004-08-19 16:09 1407488 f044c0b9dfdff1900f2a022639bb7cdf c:\windows\VIPv3\resources\explorer.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}"= "c:\program files\IsoBuster\tbIso1.dll" [2009-02-16 1881624]

[HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-12-09 18:40 333192 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]
2009-02-16 17:13 1881624 --a------ c:\program files\IsoBuster\tbIso1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}"= "c:\program files\IsoBuster\tbIso1.dll" [2009-02-16 1881624]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

[HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{266FCDCA-7BB3-4DA7-B3BF-F845DEA2EBD6}"= "c:\program files\IsoBuster\tbIso1.dll" [2009-02-16 1881624]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

[HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2005-03-14 1057280]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-05-04 149040]
"LightScribe Control Panel"="c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"L08FXLRD_681078"="c:\program files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" [2007-06-12 351000]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-01-08 2606512]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"DLD.EXE"="c:\program files\Download Direct\DLD.exe" [2007-09-17 1343488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"Cloneur Expert Monitor"="c:\program files\Micro Application\Cloneur Expert\TrueImageMonitor.exe" [2008-07-07 439211]
"Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2008-07-07 69632]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2007-06-29 811008]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-08 136600]
"Hiyo"="c:\program files\HiYo\bin\HiYo.exe" [2008-12-23 300336]
"VIPv3_Auto_Update"="c:\windows\VIPv3\CheckForUpdates.exe" [2006-09-08 23723]
"System Files Updater"="c:\windows\FlyakiteOSX\Tools\System Files Updater.exe" [2006-02-26 118485]
"EPSON Stylus C45 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE" [2004-01-14 99840]
"EPSON Stylus C45 Series (Copie 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE" [2004-01-14 99840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"CTFMON"="c:\windows\system32\wscript.exe" [2004-08-04 114688]
"VTTimer"="VTTimer.exe" [2006-09-21 c:\windows\system32\VTTimer.exe]
"S3Trayp"="S3Trayp.exe" [2007-06-11 c:\windows\system32\S3Trayp.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\GM_MCIS\Menu D‚marrer\Programmes\D‚marrage\
Styler.lnk - c:\documents and settings\GM_MCIS\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2008-12-26 15086]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-01-14 525664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"VIDC.CSCD"= camcodec.dll
"MSVideo"= CSvidcap.dll
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
--a------ 2008-11-12 10:30 2511672 c:\program files\BitComet\BitComet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:55 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-05-04 09:59 161328 c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 16:18 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Valve\\CStrike_1.6\\hl.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"e:\\M.SAMY\\Logiciel\\Msn\\WLM Lite 8.5.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"=
"c:\\Program Files\\CSS\\hl2.exe"=
"c:\\Program Files\\Half-Life 2 Deathmatch\\hl2.exe"=
"c:\\Program Files\\Valve\\CStrike_1.6\\hltv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8732:TCP"= 8732:TCP:BitComet 8732 TCP
"8732:UDP"= 8732:UDP:BitComet 8732 UDP

R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [2008-07-07 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [2008-07-07 52224]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-02-20 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]
R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2008-07-07 714240]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2002-09-07 3584]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mchInjDrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45f0f767-d425-11dd-a3e9-001bb9b23cf0}]
\Shell\AutoRun\command - F:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72267f52-fb51-11dd-a495-001bb9b23cf0}]
\Shell\AutoRun\command - F:\s39tg.cmd
\Shell\open\Command - F:\s39tg.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c139bdbe-0008-11de-a4a6-001bb9b23cf0}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'

2009-02-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.01net.com/telecharger/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13728&gct=&gc=1&q=%s
IE: &T&élécharger &avec BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &T&élécharger tout avec BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &T&élécharger toute vidéo avec BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\GM_MCIS\Application Data\Mozilla\Firefox\Profiles\589mm6vd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1396957&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Mininova Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.dz/firefox
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13728&gct=&gc=1&q=
FF - prefs.js: network.proxy.type - 1
FF - component: c:\documents and settings\GM_MCIS\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\documents and settings\GM_MCIS\Application Data\Mozilla\Firefox\Profiles\589mm6vd.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - component: c:\documents and settings\GM_MCIS\Application Data\Mozilla\Firefox\Profiles\589mm6vd.default\extensions\{f592709f-ff4a-4862-b659-4afabda56312}\components\FFAlert.dll
FF - component: c:\documents and settings\GM_MCIS\Application Data\Mozilla\Firefox\Profiles\589mm6vd.default\extensions\glasser@sixxgate.com\components\dwmxpcom.dll
FF - plugin: c:\program files\Microsoft Silverlight\npctrl.1.0.20926.0.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll

---- PARAMETRES FIREFOX ----
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-25 18:06:22
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\GM_MCIS\LOCALS~1\Temp\mc227.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3306ac1c-9d14-49c4-ad8a-18b959e28621}]
@Denied: (Full) (Everyone)
"Model"=dword:00000020
"Therad"=dword:0000000a
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,d3,29,1b,b2,88,bc,31,89,c9,b1,6a,0f,69,58,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):a3,cb,66,39,cb,dc,16,23,3f,70,19,49,7b,55,b2,59,31,9b,23,5f,85,
01,d8,97,36,6a,05,99,90,42,75,da,72,af,3a,85,55,3a,fb,55,00,00,00,00,00,00,\
.
Heure de fin: 2009-02-25 18:07:34
ComboFix-quarantined-files.txt 2009-02-25 17:07:32
ComboFix2.txt 2009-02-25 16:55:53
ComboFix3.txt 2009-02-25 16:44:36
ComboFix4.txt 2009-02-25 13:40:12

Avant-CF: 9 403 047 936 octets libres
Après-CF: 9,390,718,976 octets libres

374 --- E O F --- 2008-12-24 10:47:14

------------------------------------------------------------------------------------------------------------------------------

et pour le hickjack this le voila :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:11:36, on 25/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3Trayp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Download Direct\DLD.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Styler\Styler.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13728&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=13728&gct=&gc=1&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIso1.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIso1.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIso1.dll
O3 - Toolbar: The Wisdom-Soft Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3Trayp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Cloneur Expert Monitor] "C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Hiyo] C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup
O4 - HKLM\..\Run: [VIPv3_Auto_Update] C:\WINDOWS\VIPv3\CheckForUpdates.exe
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O5 "LPT1:" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P33 "EPSON Stylus C45 Series (Copie 1)" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CTFMON] C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\winjpg.jpg
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [L08FXLRD_681078] "C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DLD.EXE] C:\Program Files\Download Direct\DLD.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Styler.lnk = ?
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &T&élécharger &avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &T&élécharger tout avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &T&élécharger toute vidéo avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4872AC7D-F468-4606-81AB-67EA8BBAF34C}: NameServer = 4.2.2.2 4.2.2.1
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
0
Réponse 14 / 18
SAMY90 Messages postés 14 Statut Membre
 
pour le raport de navilog1 :

Search Navipromo version 3.7.4 commencé le 25/02/2009 à 20:42:44,26

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 16.02.2009 à 18h00 par IL-MAFIOSO

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : Default System BIOS
USER : GM_MCIS ( Administrator )
BOOT : Normal boot

Antivirus : ESET NOD32 Antivirus 3.0 3.0 (Activated)

A:\ (USB)
C:\ (Local Disk) - NTFS - Total:39 Go (Free:8 Go)
D:\ (CD or DVD)
E:\ (Local Disk) - NTFS - Total:35 Go (Free:1 Go)

Recherche executé en mode normal

*** Recherche Programmes installés ***

Favorit

*** Recherche dossiers dans "C:\WINDOWS" ***

*** Recherche dossiers dans "C:\Program Files" ***

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***

*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\GM_MCIS\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\GM_MCIS\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\GM_MCIS\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\GM_MCIS\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

*** Recherche fichiers ***

*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :

* Dans "C:\Documents and Settings\GM_MCIS\locals~1\applic~1" :

* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :

3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche autres dossiers et fichiers connus :

*** Analyse terminée le 25/02/2009 à 20:43:44,84 ***
0
Réponse 15 / 18
SAMY90 Messages postés 14 Statut Membre
 
j'ai refait la 2 eme manipulation du "toolbar" et sa marcher et voila le raport :

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : Default System BIOS
USER : GM_MCIS ( Administrator )
BOOT : Normal boot
Antivirus : ESET NOD32 Antivirus 3.0 3.0 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:39 Go (Free:8 Go)
D:\ (CD or DVD)
E:\ (Local Disk) - NTFS - Total:35 Go (Free:1 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 26/02/2009| 9:34 )

-----------\\ SUPPRESSION

Supprime! - [Service] ASKUpgrade
Supprime! - C:\Program Files\AskBarDis\bar
Supprime! - C:\Program Files\AskBarDis\unins000.dat
Supprime! - C:\Program Files\AskBarDis\unins000.exe
Supprime! - C:\Program Files\AskBarDis

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ Extensions

(GM_MCIS) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar
(GM_MCIS) - {f592709f-ff4a-4862-b659-4afabda56312} => mininova

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.01net.com/telecharger/"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page Restore"="about:blank"
"SearchMigratedDefaultURL"="https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

1 - "C:\ToolBar SD\TB_1.txt" - 23/02/2009|14:50 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 23/02/2009|15:17 - Option : [1]
3 - "C:\ToolBar SD\TB_3.txt" - 23/02/2009|15:36 - Option : [1]
4 - "C:\ToolBar SD\TB_4.txt" - 26/02/2009| 9:35 - Option : [2]

-----------\\ Fin du rapport a 9:35:21,50

------------------------------------------------------------------------------------------------------------------------------
PS: mercipour le detait mais je sais comment faire copier/coller avec le clavier lol (je programme un peut avec du C++ ces jour si si tu veux savoir).
0
Réponse 16 / 18
manyase Messages postés 6 Statut Membre 3
 
Bonjour,
quelqu'un a-t-il déja réussi a enlever le virus nommé "winfile.jpg"??? (il se trouve sur différents systèmes windows)
0
Réponse 17 / 18
totobetourne Messages postés 5677 Statut Membre 65
 
ton probleme est resolu mais il y a de nombreux point sur lesquelles tu pourrais ameliorer la securite de ton ordi.
si cela t interesse . fait signe.

pourquoi?
voila ce qui arrive tres souvent:

on desinfecte et la personne revient quelques temps apres et entre temps elle a rechoppee des merdes, parceque son systeme de securite est rester le meme donc on passe du temps pour rien.
si cela t interesse de revenir moin souvent pour une infection fait signe.

autre chose(ce n est pas une critique envers toi) il faut reflechir avant de cliquer sur n importe quoi et pas l inverse.

aussi eviter les cracks.
0
Réponse 18 / 18
francko225
 
salut j avais le mème blèm voilà ma soluce

1)télécharge usbfix
2) installe le
3)branche une clé usb
4)lance usbfix et attend le rapoort
5)sur le rapport t veras les éléments infectueux alors la tape sur demarrer ensuite exécuter et rentre regedit et va dans le dossier ou st les elements infectueux par exemple HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe et supprime le

voila ton gestionnaire de taches fonctionnera comme avant et cette clé infectueuse disparaitra
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
new tab impossible à supprimer
cjmlandes -
Paulooo -

13 réponses
Supprimer NEW TAB dans Google Chrome.
Rasta_Pocchollas -
bazfile -

45 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses