Aller au contenu

arno.

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    16

  • Inscription

  • Dernière visite

arno.'s Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. arno.
    Merci beaucoup !
  2. arno.
    Avast ne détecte plus de menace. Je viens de lancer MBAM, tout a l'air nickel ! Résolu ?
  3. arno.
    Logfile of The Avenger Version 2.0, © by Swandog46 Swandog46's Public Anti-Malware Tools Platform: Windows Vista ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File "C:\Windows\winsxs\x86_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.0.6001.18000_none_f29824c60705c394\mountmgr.sys" replaced with dummy successfully. Completed script processing. ******************* Finished! Terminate. Ca m'a l'air pas mal ! Il faudrait que je relance un scan global via avast ?
  4. arno.
    All processes killed ========== OTL ========== File move failed. C:\Windows\winsxs\x86_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.0.6001.18000_none_f29824c60705c394\mountmgr.sys scheduled to be moved on reboot. ========== REGISTRY ========== HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully! OTL by OldTimer - Version 3.2.26.1 log created on 08122011_104830 Files\Folders moved on Reboot... File move failed. C:\Windows\winsxs\x86_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.0.6001.18000_none_f29824c60705c394\mountmgr.sys scheduled to be moved on reboot. Registry entries deleted on Reboot... C'est pas gagné :'( A noter que Windows en se fermant a installé des mises à jour système, je ne sais pas si cela a perturbé l'action de nettoyage d'OTL...
  5. arno.
    OTL : Lien CJoint.com AHlvsqh7HVr Extras : Lien CJoint.com AHlvtnoOiI0 Merci !
  6. arno.
    Avast trouve toujours le même virus, toujours dans le même fichier...Donc je ne crois pas que mon problème soit résolu :/
  7. arno.
    A première vue, bien ! Quelles sont les prochaines étapes, chef ?
  8. arno.
    Et voilà : Rapport de ZHPFix 1.12.3345 par Nicolas Coolman, Update du 29/07/2011 Fichier d'export Registre : C:\ZHP\ZHPExportRegistry-07-08-2011-19-02-14.txt Run by Arnaud at 07/08/2011 19:02:14 Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002) Web site : ZHPFix Fix de rapport ========== Processus mémoire ========== SUPPRIME Memory Process: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe ========== Clé(s) du Registre ========== SUPPRIME Key: HKCU\Software\LdShih SUPPRIME Key: HKLM\Software\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E} SUPPRIME Key: CLSID Extra Buttons: {36ECAF82-3300-8F84-092E-AFF36D6C7040} SUPPRIME Key: HKCU\Software\MeuhMeuhTV SUPPRIME Key: HKLM\Software\MeuhMeuhTV ========== Valeur(s) du Registre ========== SUPPRIME IFC: [FEATURE_BROWSER_EMULATION] svchost.exe SUPPRIME {AE7581EB-9211-456F-AB80-86AF94CF4CB7} SUPPRIME {7429B9B2-3E06-41F1-A05E-136A9C777A18} SUPPRIME {BADF0F46-C9F7-49E8-8A78-CE192F08CEF5} SUPPRIME {90E6D75D-6139-4AEA-A807-1B7026792EF7} SUPPRIME {84908290-FC14-4C20-8C30-0942C6D53B55} SUPPRIME {BCDB9324-4FA1-4E0A-B696-F2F6FE0FDE9B} SUPPRIME {2BC5E4D3-1632-499E-BF66-E95D43C426EC} SUPPRIME {8877A629-5B5F-4DDC-BF32-BA415FFB16E4} SUPPRIME {728C73B8-70D4-4FAB-8DCD-F67063E893BA} SUPPRIME {E46EDB04-477A-4ACF-949A-AF130C803E6B} ========== Dossier(s) ========== SUPPRIME Folder*: C:\Program Files\MeuhMeuhTV SUPPRIME Reboot Folder**: C:\Program Files\Spybot - Search & Destroy SUPPRIME Folder*: C:\ProgramData\Spybot - Search & Destroy ========== Fichier(s) ========== SUPPRIME c:\users\arnaud\desktop\magali - raccourci.lnk SUPPRIME c:\program files\winhttrack\winhttrackiebar.dll SUPPRIME c:\ad-report-clean[1].txt SUPPRIME c:\ad-report-scan[1].txt SUPPRIME c:\users\arnaud\appdata\roaming\microsoft\internet explorer\quick launch\winamp.lnk SUPPRIME c:\program files\winamp\winamp.exe ========== Récapitulatif ========== 1 : Processus mémoire 5 : Clé(s) du Registre 11 : Valeur(s) du Registre 3 : Dossier(s) 6 : Fichier(s) ========== Chemin du fichier rapport ========== C:\ZHP\ZHPFixReport.txt End of the scan in 07mn 10s
  9. arno.
    Je ne comprends pas l'action que je dois effectuer. Où ? Comment ? Merci !
  10. arno.
    le fichier de log : Lien CJoint.com 3Hgs2wrRlY7
  11. arno.
    Voilà le contenu du fichier aswMBR.txt : aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software Run date: 2011-08-05 20:02:30 ----------------------------- 20:02:30.744 OS Version: Windows 6.0.6002 Service Pack 2 20:02:30.744 Number of processors: 2 586 0x4302 20:02:30.747 ComputerName: HENRI UserName: 20:02:31.696 Initialize success 20:02:31.767 AVAST engine defs: 11080501 20:02:33.538 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 20:02:33.543 Disk 0 Vendor: ST3500630AS 3.AAC Size: 476940MB BusType: 3 20:02:33.550 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1 20:02:33.559 Disk 1 Vendor: WDC_WD20EARS-00MVWB0 51.0AB51 Size: 1907729MB BusType: 3 20:02:33.568 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T1L0-5 20:02:33.575 Disk 2 Vendor: ST3160023A 8.01 Size: 152627MB BusType: 3 20:02:35.686 Disk 0 MBR read successfully 20:02:35.694 Disk 0 MBR scan 20:02:35.703 Disk 0 Windows VISTA default MBR code 20:02:35.729 Disk 0 scanning sectors +976771072 20:02:35.940 Disk 0 scanning C:\Windows\system32\drivers 20:03:23.152 Service scanning 20:03:25.489 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32 20:03:26.514 Modules scanning 20:03:46.195 Disk 0 trace - called modules: 20:03:46.234 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x87c711e8]<< 20:03:46.240 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x888af340] 20:03:46.247 3 CLASSPNP.SYS[8b7b68b3] -> nt!IofCallDriver -> [0x88764850] 20:03:46.253 5 acpi.sys[85b266bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x88750640] 20:03:46.260 \Driver\atapi[0x87878770] -> IRP_MJ_CREATE -> 0x87c711e8 20:03:47.335 AVAST engine scan C:\Windows 20:03:51.516 AVAST engine scan C:\Windows\system32 20:07:01.682 AVAST engine scan C:\Windows\system32\drivers 20:07:17.986 AVAST engine scan C:\Users\Arnaud 20:46:08.478 AVAST engine scan C:\ProgramData 20:56:24.258 Scan finished successfully 21:55:41.050 Disk 0 MBR has been saved successfully to "D:\Téléchargement\MBR.dat" 21:55:41.076 The log file has been saved successfully to "D:\Téléchargement\aswMBR.txt" A noter que je ne pouvais que cliquer sur [FixMBR], ce que j'ai fait. J'ai ensuite rebooté, pas de problème particulier à signaler.
  12. arno.
    Je n'arrive pas à me souvenir ce qu'il y avait dedans...Ce qui est étrange c'est que cette suppression n'apparaît pas dans la log...
  13. arno.
    ok je vaire ça. Par contre est-on certain que ComboFix ne m'a pas supprimé un dossier "c:\Images" contenant des fichiers persos ?
  14. arno.
    Merci pour la réponse. A noter que lors du lancement de combofix, il était écrit dans la fenêtre bleue : "suppression de dossiers : C:\Images"...Le dossier a effectivement été supprimé, mais je ne sais pas du tout ce qu'il y avait dedans...Sur quels critères se base combofix pour supprimer des dossiers ? La log : ComboFix 11-08-02.02 - Arnaud 05/08/2011 18:27:44.2.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2046.1030 [GMT 2:00] Lancé depuis: d:\túlúchargement\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} FW: Look 'n' Stop Firewall *Disabled* {E26CE775-4C82-5170-9BEE-E4E4E35B4E07} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Images c:\windows\TEMP\logishrd\LVPrcInj02.dll . . ((((((((((((((((((((((((((((( Fichiers créés du 2011-07-05 au 2011-08-05 )))))))))))))))))))))))))))))))))))) . . 2011-08-05 16:47 . 2011-08-05 16:47 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-08-05 10:07 . 2011-08-05 10:07 -------- d-----w- c:\users\Arnaud\AppData\Local\Programs 2011-08-04 15:37 . 2011-08-04 15:37 388096 ----a-r- c:\users\Arnaud\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-08-04 15:37 . 2011-08-04 15:37 -------- d-----w- c:\program files\Trend Micro 2011-08-02 10:34 . 2011-08-02 10:34 -------- d-----w- c:\program files\Ad-Remover 2011-08-01 16:47 . 2011-08-01 16:47 -------- d-----w- c:\users\Arnaud\AppData\Roaming\Malwarebytes 2011-08-01 16:47 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-08-01 16:47 . 2011-08-01 16:47 -------- d-----w- c:\programdata\Malwarebytes 2011-08-01 16:47 . 2011-08-01 16:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-08-01 16:47 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-01 13:35 . 2011-08-01 13:35 82176 ----a-w- c:\windows\system32\drivers\lnsfw1.sys 2011-08-01 13:35 . 2011-08-01 13:35 59488 ----a-w- c:\windows\system32\drivers\lnsfw.sys 2011-08-01 13:35 . 2011-08-01 13:35 36352 ----a-w- c:\windows\system32\fwapi.dll 2011-08-01 13:12 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-08-01 13:12 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-08-01 13:12 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-08-01 13:12 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-08-01 13:12 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-08-01 13:12 . 2011-05-10 11:59 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-08-01 13:11 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr 2011-08-01 13:11 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-08-01 13:10 . 2011-08-01 13:10 -------- d-----w- c:\programdata\AVAST Software 2011-08-01 13:10 . 2011-08-01 13:10 -------- d-----w- c:\program files\AVAST Software 2011-07-31 11:47 . 2009-08-19 22:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll 2011-07-31 11:46 . 2010-09-22 17:47 112056 ----a-w- c:\windows\system32\acaptuser32.dll 2011-07-31 11:44 . 2011-06-07 10:35 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll 2011-07-28 11:47 . 2011-07-28 11:47 -------- d-----w- c:\program files\iPod 2011-07-28 10:55 . 2011-07-28 10:55 -------- d-----w- c:\program files\Apple Software Update 2011-07-24 11:53 . 2008-01-30 15:36 90112 ----a-w- c:\windows\unvise32.exe 2011-07-24 11:46 . 2011-07-24 11:49 -------- d-----w- c:\program files\Pixie 2011-07-24 11:45 . 2011-07-24 11:53 -------- d---a-w- c:\program files\Furnish Pro 2011-07-18 20:19 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll 2011-07-12 09:20 . 2011-07-12 09:20 83816 ----a-w- c:\windows\system32\dns-sd.exe 2011-07-12 09:20 . 2011-07-12 09:20 73064 ----a-w- c:\windows\system32\dnssd.dll 2011-07-10 14:19 . 2011-07-10 14:19 -------- d-----w- c:\programdata\tmp 2011-07-10 14:19 . 2011-07-10 14:19 -------- d-----w- c:\programdata\hps 2011-07-10 13:54 . 2011-07-10 13:54 -------- d-----w- c:\program files\Fnac . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-11 18:15 . 2011-05-24 19:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-02 13:34 . 2011-07-18 20:19 2043392 ----a-w- c:\windows\system32\win32k.sys 2011-05-23 18:25 . 2011-05-23 18:25 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-05-23 18:25 . 2011-05-23 18:25 161792 ----a-w- c:\windows\system32\msls31.dll 2011-05-23 18:25 . 2011-05-23 18:25 1126912 ----a-w- c:\windows\system32\wininet.dll 2011-05-23 18:25 . 2011-05-23 18:25 86528 ----a-w- c:\windows\system32\iesysprep.dll 2011-05-23 18:25 . 2011-05-23 18:25 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-05-23 18:25 . 2011-05-23 18:25 63488 ----a-w- c:\windows\system32\tdc.ocx 2011-05-23 18:25 . 2011-05-23 18:25 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-05-23 18:25 . 2011-05-23 18:25 367104 ----a-w- c:\windows\system32\html.iec 2011-05-23 18:25 . 2011-05-23 18:25 74752 ----a-w- c:\windows\system32\iesetup.dll 2011-05-23 18:25 . 2011-05-23 18:25 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-05-23 18:25 . 2011-05-23 18:25 23552 ----a-w- c:\windows\system32\licmgr10.dll 2011-05-23 18:25 . 2011-05-23 18:25 152064 ----a-w- c:\windows\system32\wextract.exe 2011-05-23 18:25 . 2011-05-23 18:25 150528 ----a-w- c:\windows\system32\iexpress.exe 2011-05-23 18:25 . 2011-05-23 18:25 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2011-05-23 18:25 . 2011-05-23 18:25 35840 ----a-w- c:\windows\system32\imgutil.dll 2011-05-23 18:25 . 2011-05-23 18:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2011-05-23 18:25 . 2011-05-23 18:25 11776 ----a-w- c:\windows\system32\mshta.exe 2011-05-23 18:25 . 2011-05-23 18:25 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-05-23 18:25 . 2011-05-23 18:25 101888 ----a-w- c:\windows\system32\admparse.dll 2008-06-19 09:16 . 2008-06-19 09:16 118784 ----a-w- c:\program files\mozilla firefox\plugins\MyCamera.dll 2010-08-22 09:04 . 2009-10-04 01:41 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-12-21 1483264] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-02-07 4374528] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080] "Look 'n' Stop"="c:\program files\Look'n Stop\\looknstop.exe" [2011-08-01 593128] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-12-22 67752] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-07-24 450560] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-06-07 40376] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008] "WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-22 30192] "ORAHSSSessionManager"="c:\program files\Orange\Connexion Internet Orange\SessionManager\SessionManager.exe" [2009-08-24 135920] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584] . c:\users\Arnaud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ LooknStop.lnk - c:\program files\Look'n Stop\looknstop.exe [2011-8-1 593128] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-11-14 66864] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-6-2 692224] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "DisableStartupSound"= 1 (0x1) "DisableStatusMessages"= 1 (0x1) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-545074492-2122667057-105061718-1000] "EnableNotificationsRef"=dword:00000001 . R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [x] R3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;c:\windows\system32\DRIVERS\3xHybrid.sys [2006-11-22 1121536] R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-22 30192] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712] R3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2009-08-24 28224] R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2006-12-20 217600] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-07-10 11520] R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R4 lnssvcVista;Look 'n' Stop Service;c:\program files\Look'n Stop\LnsSvcVista.exe [2011-08-01 26168] R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2007-11-10 685816] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 lnsfw1;lnsfw1;c:\windows\system32\drivers\lnsfw1.sys [2011-08-01 82176] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592] S2 G6FTPServer;Gene6 FTP Server;c:\program files\Gene6 FTP Server\G6FTPSERVER.EXE [2007-10-22 470016] S2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-07-24 102400] S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contenu du dossier 'Tâches planifiées' . 2011-08-05 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-26 21:47] . 2011-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-545074492-2122667057-105061718-1000Core.job - c:\users\Arnaud\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-06 18:23] . 2011-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-545074492-2122667057-105061718-1000UA.job - c:\users\Arnaud\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-06 18:23] . . ------- Examen supplémentaire ------- . IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Ajouter à un fichier PDF existant - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir au format Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 LSP: c:\windows\system32\wpclsp.dll TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{48AF3141-5799-4D87-920F-77EE844DDC97}: NameServer = 82.226.18.147 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20091120180921 DPF: {9DF1C00D-8426-4337-972C-DC042D19A916} - hxxp://webtv.guidetv.orange.fr/resources/OCS_9418.cab FF - ProfilePath - c:\users\Arnaud\AppData\Roaming\Mozilla\Firefox\Profiles\7pu4fdn1.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: British English Dictionary: en-GB@dictionaries.addons.mozilla.org - %profile%\extensions\en-GB@dictionaries.addons.mozilla.org FF - Ext: Dictionnaire français «Classique»: fr-FR@dictionaries.addons.mozilla.org - %profile%\extensions\fr-FR@dictionaries.addons.mozilla.org FF - Ext: Gmail Manager: {582195F5-92E7-40a0-A127-DB71295901D7} - %profile%\extensions\{582195F5-92E7-40a0-A127-DB71295901D7} FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} FF - Ext: FoxClocks: {d37dc5d0-431d-44e5-8c91-49419370caa1} - %profile%\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-08-05 18:50 Windows 6.0.6002 Service Pack 2 NTFS . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . Recherche de fichiers cachés ... . . c:\users\Arnaud\AppData\Local\Temp\catchme.dll 53248 bytes executable . Scan terminé avec succès Fichiers cachés: 1 . ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_USERS\S-1-5-21-545074492-2122667057-105061718-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{430C2DE8-69A0-D4D2-3906-7D6F9F111FC0}*] "oaollppooehppebchgjeeahhlafaia"=hex:64,61,64,63,6a,70,6c,67,00,f2 "oakoaeedgkafdlpfacbcpkghmhomla"=hex:6b,61,6f,62,68,65,66,68,70,66,62,67,63,64, 6f,6f,63,62,65,6b,6d,6e,00,00 "naeocachbhcfejlmknlejolnhcdi"=hex:6b,61,6f,62,68,65,66,68,70,66,62,67,63,64, 6f,6f,63,62,65,6b,6d,6e,00,00 . [HKEY_USERS\S-1-5-21-545074492-2122667057-105061718-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{63C79612-069E-8118-957B-9FBEB4090F02}*] "nandigennccppnehpnbaenlocoik"=hex:69,61,65,6f,61,69,66,68,65,6a,6c,6b,65,6b, 69,64,65,6c,00,00 "oahdcadfgpcpfgcnoapnioglpnlmad"=hex:69,61,67,6f,6b,67,64,6b,62,6c,66,62,62,65, 62,64,61,63,00,00 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs chargées dans les processus actifs --------------------- . - - - - - - - > 'Explorer.exe'(11952) c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\TEMP\logishrd\LVPrcInj01.dll c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\conime.exe c:\windows\RtHDVCpl.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\Orange\Connexion Internet Orange\Launcher\Launcher.exe c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe c:\windows\system32\WUDFHost.exe c:\windows\ehome\ehmsas.exe c:\windows\ehome\ehsched.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Windows Media Player\wmplayer.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.EXE c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe c:\windows\ehome\ehRecvr.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\program files\Orange\Connexion Internet Orange\systray\systrayapp.exe c:\program files\Orange\Connexion Internet Orange\connectivity\connectivitymanager.exe c:\progra~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe c:\program files\Orange\Connexion Internet Orange\connectivity\CoreCom\CoreCom.exe c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe c:\program files\Orange\Connexion Internet Orange\connectivity\CoreCom\OraConfigRecover.exe c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe . ************************************************************************** . Heure de fin: 2011-08-05 19:03:44 - La machine a redémarré ComboFix-quarantined-files.txt 2011-08-05 17:03 ComboFix2.txt 2011-08-02 10:01 . Avant-CF: 9 398 697 984 octets libres Après-CF: 10 825 375 744 octets libres . Current=1 Default=1 Failed=0 LastKnownGood=26 Sets=1,2,3,26 - - End Of File - - 87FE149D257BF6531A9C721B7C2123ED
  15. arno.
    Merci pour la réponse. Je suis en mode sans échec, dans les services je vois qu'Avast est arrêté, de même que bien d'autres services...mais j'ai une pop-up de combofix me disant qu'Avast est actif, et que le lancement de Combofix est alors à mes risques et périls... Je ne vois rien dans les processus montrant qu'avast est actif. C'est très étrange... Que faire ? Merci. Arnaud.
×
×
  • Créer...