Aller au contenu

almore

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    2

  • Inscription

  • Dernière visite

almore's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. almore
    A bon, je pensais qu'avast était fiable... Qu'est-ce qu'il a de mieux comme anti-virus gratuit... que je test histoire de faire un scan.
  2. almore
    Bonjour, Je viens demander un peu d'aide pour résoudre une infection de malware ou ver ou .... J'ai win7 et depuis environ une semaine j'ai différents bugs : Panneau de config des fois inaccessible, service update hors service, certains dossier du dd aussi inaccessible et pour finir impossible d'installer un logiciel anti-malware... Enfin bref c'est un peu la quata ! J'ai fais un scan hijackthi, ainsi qu'un avec ComboFix, donc je post les deux dans l'espoir que quelqu'un me sauve mon pc du formatage.... Le rapport hijackthi : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:17:45, on 21/04/2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Windows\SOUNDMAN.EXE C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\scalpalex\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{827DD95B-85C7-4EA3-BA05-5E3343E5EFFD}: NameServer = 194.117.200.10,194.117.200.15 O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 2473 bytes Le rapport ComboFix : ComboFix 10-04-19.05 - scalpalex 20/04/2010 15:55:11.1.1 - x86 Microsoft Windows 7 Édition Intégrale 6.1.7600.0.1252.33.1036.18.1536.904 [GMT 2:00] Lancé depuis: c:\users\scalpalex\Desktop\ComboFix.exe * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\recycler\S-1-5-21-1757981266-725345543-682003330-500 . ((((((((((((((((((((((((((((( Fichiers créés du 2010-03-20 au 2010-04-20 )))))))))))))))))))))))))))))))))))) . 2010-04-20 14:02 . 2010-04-20 14:02 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-04-19 17:55 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-19 17:55 . 2010-04-19 17:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-19 17:55 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-19 16:37 . 2010-04-19 16:38 -------- d-----w- c:\users\scalpalex\AppData\Roaming\GetRightToGo 2010-04-19 15:53 . 2010-04-19 15:53 -------- d-----w- c:\programdata\Malwarebytes 2010-04-16 18:44 . 2010-04-16 18:44 -------- d-----w- c:\users\scalpalex\AppData\Roaming\Media Player Classic 2010-04-16 10:41 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll 2010-04-16 10:41 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll 2010-04-16 10:40 . 2004-01-11 22:00 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-04-16 10:40 . 2003-03-19 03:14 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-04-16 10:40 . 2010-04-18 10:10 -------- d-----w- c:\program files\K-Lite Codec Pack 2010-04-16 10:07 . 2010-04-18 15:03 1 ----a-w- c:\users\scalpalex\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-04-16 10:07 . 2010-04-16 10:07 -------- d-----w- c:\users\scalpalex\AppData\Roaming\OpenOffice.org 2010-04-15 16:36 . 2010-04-15 16:36 -------- d-----w- c:\windows\system32\custom matrices 2010-04-15 16:36 . 2010-04-15 16:36 -------- d-----w- c:\windows\system32\C2MP 2010-04-15 16:36 . 2010-04-15 16:36 -------- d-----w- c:\windows\system32\QuickTime 2010-04-13 11:29 . 2006-09-17 23:57 19456 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\sugs2pc.dll 2010-04-13 11:26 . 2010-04-13 11:27 -------- d-----w- c:\users\scalpalex\AppData\Local\Adobe 2010-04-13 11:19 . 2010-04-13 11:20 -------- d-----w- c:\program files\Common Files\Adobe 2010-04-12 19:50 . 2010-04-13 07:02 61736 ----a-w- c:\users\scalpalex\AppData\Local\GDIPFONTCACHEV1.DAT 2010-04-12 14:17 . 2010-04-12 13:26 -------- d-----w- c:\windows\Panther 2010-04-12 14:17 . 2010-04-12 14:17 -------- d-----w- C:\Boot 2010-04-12 14:14 . 2010-04-12 14:14 -------- d-----w- c:\windows\system32\Macromed 2010-04-12 14:09 . 2010-02-24 08:16 181632 ----a-w- c:\windows\system32\MpSigStub.exe 2010-04-12 14:01 . 2010-04-12 14:01 -------- d-----w- c:\users\scalpalex\AppData\Local\Mozilla 2010-04-12 13:59 . 2010-04-19 17:57 -------- d-----w- c:\users\scalpalex\AppData\Local\ElevatedDiagnostics 2010-04-12 13:55 . 2010-04-12 13:55 -------- d-----w- c:\users\scalpalex\AppData\Local\Diagnostics 2010-04-12 13:54 . 2010-04-12 13:54 -------- d-----w- c:\program files\InstallShield Installation Information 2010-04-12 13:54 . 2010-04-12 13:54 -------- d-----w- c:\program files\NETGEAR 2010-04-12 13:53 . 2010-04-12 13:53 -------- d-----w- c:\windows\Downloaded Installations 2010-04-12 13:37 . 2010-04-14 16:35 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-04-12 13:37 . 2010-04-14 16:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-04-12 13:37 . 2010-04-14 16:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-04-12 13:37 . 2010-04-14 16:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-04-12 13:37 . 2010-04-14 16:31 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2010-04-12 13:37 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr 2010-04-12 13:37 . 2010-04-14 16:47 153184 ----a-w- c:\windows\system32\aswBoot.exe 2010-04-12 13:37 . 2010-04-12 13:37 -------- d-----w- c:\programdata\Alwil Software 2010-04-12 13:37 . 2010-04-12 13:37 -------- d-----w- c:\program files\Alwil Software 2010-04-12 13:35 . 2010-04-20 13:15 -------- d-----w- c:\programdata\NVIDIA 2010-04-12 13:35 . 2010-04-12 13:35 -------- d-----w- c:\program files\AGEIA Technologies 2010-04-12 13:35 . 2010-04-13 11:20 -------- d-sh--w- c:\windows\Installer 2010-04-12 13:35 . 2010-04-12 13:35 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-04-12 13:35 . 2010-04-12 13:35 -------- d-----w- c:\program files\NVIDIA Corporation 2010-04-12 13:33 . 2010-04-20 13:23 -------- d-----w- c:\windows\system32\wbem\Performance 2010-04-10 21:36 . 2010-04-12 13:54 -------- d-----w- C:\OEMSettings 2010-03-24 08:04 . 2010-03-24 18:17 952768 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\30372\AdobeARM.exe 2010-03-24 08:04 . 2010-03-24 18:17 952768 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\15656\AdobeARM.exe 2010-03-24 08:04 . 2010-03-24 18:17 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\30372\AdobeExtractFiles.dll 2010-03-24 08:04 . 2010-03-24 18:17 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\15656\AdobeExtractFiles.dll 2010-03-24 08:04 . 2010-03-24 18:17 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\30372\ReaderUpdater.exe 2010-03-24 08:04 . 2010-03-24 18:17 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\30372\AcrobatUpdater.exe 2010-03-24 08:04 . 2010-03-24 18:17 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\15656\ReaderUpdater.exe 2010-03-24 08:04 . 2010-03-24 18:17 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\15656\AcrobatUpdater.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-20 13:49 . 2010-04-12 20:20 -------- d-----w- c:\program files\CCleaner 2010-04-20 13:23 . 2009-07-14 08:39 694766 ----a-w- c:\windows\system32\perfh00C.dat 2010-04-20 13:23 . 2009-07-14 08:39 127478 ----a-w- c:\windows\system32\perfc00C.dat 2010-04-20 05:08 . 2010-04-20 05:08 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf 2010-04-19 15:35 . 2010-04-12 20:19 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-04-13 17:30 . 2010-04-12 20:19 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-04-13 07:13 . 2010-04-12 20:14 -------- d-----w- c:\program files\Java 2010-04-12 20:19 . 2010-04-12 20:19 -------- d-----w- c:\program files\PhotoFiltre 2010-04-12 20:17 . 2010-04-12 20:17 -------- d-----w- c:\program files\SuperCopier2 2010-04-12 20:15 . 2010-04-12 20:15 -------- d-----w- c:\program files\JRE 2010-04-12 20:15 . 2010-04-12 20:15 -------- d-----w- c:\program files\OpenOffice.org 3 2010-04-12 13:26 . 2010-04-12 13:26 -------- d-sh--we c:\programdata\Modèles 2010-04-12 13:26 . 2010-04-12 13:26 -------- d-sh--we c:\programdata\Menu Démarrer 2010-04-12 13:26 . 2010-04-12 13:26 -------- d-sh--we c:\programdata\Favoris 2010-04-12 13:26 . 2010-04-12 13:26 -------- d-sh--we c:\programdata\Bureau 2010-04-12 13:26 . 2010-04-12 13:26 -------- d-sh--we c:\program files\Fichiers communs 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-04-14 2790472] "SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Assistant Smart Wizard NETGEAR pour WG311v3.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Assistant Smart Wizard NETGEAR pour WG311v3.lnk backup=c:\windows\pss\Assistant Smart Wizard NETGEAR pour WG311v3.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WG111v3 Smart Wizard.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk backup=c:\windows\pss\NETGEAR WG111v3 Smart Wizard.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\CCleaner.exe] path=CCleaner.exe backup=c:\windows\pss\CCleaner.exe.Startup backupExtension=.Startup [HKLM\~\startupfolder\uninst.exe] path=uninst.exe backup=c:\windows\pss\uninst.exe.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2009-12-11 13:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-12-21 23:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-10-11 02:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-04-14 51792] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-01-11 240232] S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2007-12-28 289280] . . ------- Examen supplémentaire ------- . TCP: {827DD95B-85C7-4EA3-BA05-5E3343E5EFFD} = 194.117.200.10,194.117.200.15 FF - ProfilePath - c:\users\scalpalex\AppData\Roaming\Mozilla\Firefox\Profiles\1w5x331q.default\ FF - prefs.js: browser.startup.homepage - hxxp://google.fr FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: c:\windows\system32\C2MP\npdivx32.dll ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Heure de fin: 2010-04-20 16:07:09 ComboFix-quarantined-files.txt 2010-04-20 14:07 Avant-CF: 7 268 798 464 octets libres Après-CF: 7 359 197 184 octets libres - - End Of File - - 49377B2E50ED8E1F87DD7C9A91DD0024
×
×
  • Créer...