A voir également:
- Pc infecté
- Test performance pc - Guide
- Reinitialiser pc - Guide
- Pc lent - Guide
- Whatsapp pc - Télécharger - Messagerie
- Audacity enregistrer son pc - Guide
28 réponses
oui, le téléchargement se fait, puis une fois dézippé dans C: , je double clique sur l'icone et rien ne se passe !
Bonjour,
Aujourd'hui miraculeusement Hijackthis marche, voici le rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:18:12, on 04/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\braviax.exe
C:\Program Files\Menara\dslmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB950569-03DC-42FD-97B2-96AF8A39A6D0}: NameServer = 196.217.246.210 212.217.0.13
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: karina.dat
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
Aujourd'hui miraculeusement Hijackthis marche, voici le rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:18:12, on 04/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\braviax.exe
C:\Program Files\Menara\dslmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB950569-03DC-42FD-97B2-96AF8A39A6D0}: NameServer = 196.217.246.210 212.217.0.13
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: karina.dat
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Merci énormément pour ton aide et ta patiente, je vais essayer ce que tu viens de me dire !
Encore merci !
Encore merci !
Bonjour,
Désolé du retard, voici le rapport :
ComboFix 08-08-03.05 - Zaïd 2008-08-04 16:54:27.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1699 [GMT 2:00]
Endroit: C:\Documents and Settings\Zaïd\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\InfoSat.txt
C:\WINDOWS\buritos.exe
C:\WINDOWS\system32\braviax.exe
C:\WINDOWS\system32\buritos.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-04 to 2008-08-04 ))))))))))))))))))))))))))))))))))))
.
2008-08-04 16:33 . 2008-08-04 16:33 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-03 18:17 . 2007-06-28 14:36 401,720 --a------ C:\HijackThis.exe
2008-08-03 17:45 . 2008-08-03 17:45 <REP> d-------- C:\Program Files\Avira
2008-08-03 17:45 . 2008-08-03 17:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-08-03 16:38 . 2008-08-04 16:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-03 16:24 . 2008-08-03 16:24 <REP> d-------- C:\Program Files\AVG
2008-08-03 16:24 . 2008-08-03 17:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-03 03:50 . 2008-08-03 03:50 17,437 --a------ C:\WINDOWS\uloruvig.dl
2008-08-03 03:50 . 2008-08-03 03:50 17,240 --a------ C:\WINDOWS\ryzu.inf
2008-08-03 03:50 . 2008-08-03 03:50 16,382 --a------ C:\Documents and Settings\All Users\Application Data\igawy.pif
2008-08-03 03:50 . 2008-08-03 03:50 14,734 --a------ C:\WINDOWS\wodecupeb.bat
2008-08-03 03:50 . 2008-08-03 03:50 13,589 --a------ C:\WINDOWS\ekaratiwyk.bat
2008-08-03 03:50 . 2008-08-03 03:50 12,171 --a------ C:\WINDOWS\system32\ugavyfa.dl
2008-08-03 03:50 . 2008-08-03 03:50 11,871 --a------ C:\WINDOWS\system32\ukaloz.dl
2008-08-03 03:50 . 2008-08-03 03:50 11,773 --a------ C:\WINDOWS\system32\eviqojor.inf
2008-08-03 03:50 . 2008-08-03 03:50 10,929 --a------ C:\WINDOWS\system32\ugebedexa.scr
2008-08-03 03:50 . 2008-08-03 03:50 10,227 --a------ C:\WINDOWS\fora.exe
2008-08-03 03:49 . 2008-07-27 22:29 172,295 --a------ C:\WINDOWS\system32\_scui.cpl
2008-08-03 03:02 . 2008-08-03 03:02 <REP> d-------- C:\WINDOWS\Sun
2008-08-02 15:24 . 2008-08-02 15:24 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-08-02 15:03 . 2008-08-02 15:24 <REP> d-------- C:\Program Files\Windows Live
2008-08-02 15:03 . 2008-08-02 15:18 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-08-02 15:03 . 2008-08-02 15:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-31 21:15 . 2008-07-31 21:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-07-31 20:57 . 2008-07-31 20:57 <REP> d-------- C:\Program Files\Yahoo!
2008-07-31 20:57 . 2008-07-31 20:57 <REP> d-------- C:\Program Files\CCleaner
2008-07-29 15:03 . 2008-07-29 15:03 <REP> d-------- C:\Program Files\SAGEM
2008-07-29 13:02 . 2008-07-29 15:04 <REP> d--h----- C:\Program Files\InstallShield Installation Information
2008-07-29 13:01 . 2005-09-19 13:58 126,489 -ra------ C:\WINDOWS\system32\drivers\adiusbaw.sys
2008-07-29 13:01 . 2004-03-02 08:56 50,007 -ra------ C:\WINDOWS\system32\drivers\adildr.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-03 01:50 15,328 ----a-w C:\Program Files\Fichiers communs\holiqule.inf
2008-08-03 01:50 10,234 ----a-w C:\Program Files\Fichiers communs\cojapyner.dl
2008-07-29 13:17 505 ----a-w C:\WINDOWS\system32\drivers\CMV3p.txt
2008-07-29 13:17 31 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2008-07-29 13:13 --------- d-----w C:\Program Files\Menara
2008-07-29 12:12 --------- d-----w C:\Program Files\ATI Technologies
2008-07-29 12:11 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-07-29 12:11 --------- d-----w C:\Program Files\Fichiers communs\ATI Technologies
2008-07-29 10:53 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-29 10:53 --------- d-----w C:\Program Files\Java
2008-07-29 10:53 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-07-29 10:52 9,856 ----a-w C:\WINDOWS\system32\drivers\pfc.sys
2008-07-29 10:52 --------- d-----w C:\Program Files\Media player classic
2008-07-29 10:31 --------- d-----w C:\Program Files\Services en ligne
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48 32881]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 09:12 90112]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
.
- - - - ORPHANS REMOVED - - - -
Notify-WgaLogon - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Zaïd\Application Data\Mozilla\Firefox\Profiles\47z4z5m3.default\
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-04 16:56:39
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Menara\dslmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-04 16:58:27 - machine was rebooted [Za‹d]
ComboFix-quarantined-files.txt 2008-08-04 14:58:24
Pre-Run: 57,120,104,448 octets libres
Post-Run: 57,077,972,992 octets libres
127 --- E O F --- 2008-08-02 13:18:17
Désolé du retard, voici le rapport :
ComboFix 08-08-03.05 - Zaïd 2008-08-04 16:54:27.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1699 [GMT 2:00]
Endroit: C:\Documents and Settings\Zaïd\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\InfoSat.txt
C:\WINDOWS\buritos.exe
C:\WINDOWS\system32\braviax.exe
C:\WINDOWS\system32\buritos.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-04 to 2008-08-04 ))))))))))))))))))))))))))))))))))))
.
2008-08-04 16:33 . 2008-08-04 16:33 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-03 18:17 . 2007-06-28 14:36 401,720 --a------ C:\HijackThis.exe
2008-08-03 17:45 . 2008-08-03 17:45 <REP> d-------- C:\Program Files\Avira
2008-08-03 17:45 . 2008-08-03 17:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-08-03 16:38 . 2008-08-04 16:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-03 16:24 . 2008-08-03 16:24 <REP> d-------- C:\Program Files\AVG
2008-08-03 16:24 . 2008-08-03 17:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-03 03:50 . 2008-08-03 03:50 17,437 --a------ C:\WINDOWS\uloruvig.dl
2008-08-03 03:50 . 2008-08-03 03:50 17,240 --a------ C:\WINDOWS\ryzu.inf
2008-08-03 03:50 . 2008-08-03 03:50 16,382 --a------ C:\Documents and Settings\All Users\Application Data\igawy.pif
2008-08-03 03:50 . 2008-08-03 03:50 14,734 --a------ C:\WINDOWS\wodecupeb.bat
2008-08-03 03:50 . 2008-08-03 03:50 13,589 --a------ C:\WINDOWS\ekaratiwyk.bat
2008-08-03 03:50 . 2008-08-03 03:50 12,171 --a------ C:\WINDOWS\system32\ugavyfa.dl
2008-08-03 03:50 . 2008-08-03 03:50 11,871 --a------ C:\WINDOWS\system32\ukaloz.dl
2008-08-03 03:50 . 2008-08-03 03:50 11,773 --a------ C:\WINDOWS\system32\eviqojor.inf
2008-08-03 03:50 . 2008-08-03 03:50 10,929 --a------ C:\WINDOWS\system32\ugebedexa.scr
2008-08-03 03:50 . 2008-08-03 03:50 10,227 --a------ C:\WINDOWS\fora.exe
2008-08-03 03:49 . 2008-07-27 22:29 172,295 --a------ C:\WINDOWS\system32\_scui.cpl
2008-08-03 03:02 . 2008-08-03 03:02 <REP> d-------- C:\WINDOWS\Sun
2008-08-02 15:24 . 2008-08-02 15:24 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-08-02 15:03 . 2008-08-02 15:24 <REP> d-------- C:\Program Files\Windows Live
2008-08-02 15:03 . 2008-08-02 15:18 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-08-02 15:03 . 2008-08-02 15:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-31 21:15 . 2008-07-31 21:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-07-31 20:57 . 2008-07-31 20:57 <REP> d-------- C:\Program Files\Yahoo!
2008-07-31 20:57 . 2008-07-31 20:57 <REP> d-------- C:\Program Files\CCleaner
2008-07-29 15:03 . 2008-07-29 15:03 <REP> d-------- C:\Program Files\SAGEM
2008-07-29 13:02 . 2008-07-29 15:04 <REP> d--h----- C:\Program Files\InstallShield Installation Information
2008-07-29 13:01 . 2005-09-19 13:58 126,489 -ra------ C:\WINDOWS\system32\drivers\adiusbaw.sys
2008-07-29 13:01 . 2004-03-02 08:56 50,007 -ra------ C:\WINDOWS\system32\drivers\adildr.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-03 01:50 15,328 ----a-w C:\Program Files\Fichiers communs\holiqule.inf
2008-08-03 01:50 10,234 ----a-w C:\Program Files\Fichiers communs\cojapyner.dl
2008-07-29 13:17 505 ----a-w C:\WINDOWS\system32\drivers\CMV3p.txt
2008-07-29 13:17 31 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2008-07-29 13:13 --------- d-----w C:\Program Files\Menara
2008-07-29 12:12 --------- d-----w C:\Program Files\ATI Technologies
2008-07-29 12:11 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-07-29 12:11 --------- d-----w C:\Program Files\Fichiers communs\ATI Technologies
2008-07-29 10:53 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-29 10:53 --------- d-----w C:\Program Files\Java
2008-07-29 10:53 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-07-29 10:52 9,856 ----a-w C:\WINDOWS\system32\drivers\pfc.sys
2008-07-29 10:52 --------- d-----w C:\Program Files\Media player classic
2008-07-29 10:31 --------- d-----w C:\Program Files\Services en ligne
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48 32881]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 09:12 90112]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
.
- - - - ORPHANS REMOVED - - - -
Notify-WgaLogon - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Zaïd\Application Data\Mozilla\Firefox\Profiles\47z4z5m3.default\
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-04 16:56:39
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Menara\dslmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-04 16:58:27 - machine was rebooted [Za‹d]
ComboFix-quarantined-files.txt 2008-08-04 14:58:24
Pre-Run: 57,120,104,448 octets libres
Post-Run: 57,077,972,992 octets libres
127 --- E O F --- 2008-08-02 13:18:17