Aller au contenu

rollandlyon

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    1

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par rollandlyon

  1. rollandlyon
    bonjour, Vous trouverez ci dessous un rapport Combofix suite a des choses bizarre de tremblements sur mon micro. je ne comprend rien du tout. Merci de m'aider Rolland ComboFix 09-04-04.01 - rolland 2009-04-11 11:52:22.1 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.2046.1148 [GMT 2:00] Lancé depuis: d:\users\rolland\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090410-0] *On-access scanning disabled* (Updated) FW: ZoneAlarm Firewall *enabled* * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\webmediaplayer c:\users\rolland\AppData\Local\aucggioi.dat c:\users\rolland\AppData\Local\aucggioi_nav.dat c:\users\rolland\AppData\Local\aucggioi_navps.dat c:\users\rolland\AppData\Local\uuwyg.dat c:\users\rolland\AppData\Local\uuwyg_nav.dat c:\users\rolland\AppData\Local\uuwyg_navps.dat c:\windows\system32\tmp.reg D:\install.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2009-03-11 au 2009-04-11 )))))))))))))))))))))))))))))))))))) . 2009-04-11 11:43 . 2009-04-11 11:43 <REP> d-------- c:\users\rolland\AppData\Roaming\Malwarebytes 2009-04-11 11:43 . 2009-04-11 11:43 <REP> d-------- c:\users\All Users\Malwarebytes 2009-04-11 11:43 . 2009-04-11 11:43 <REP> d-------- c:\programdata\Malwarebytes 2009-04-11 11:43 . 2009-04-11 11:47 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-04-11 11:43 . 2009-04-06 15:32 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2009-04-11 11:43 . 2009-04-06 15:32 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2009-04-11 07:30 . 2009-04-11 09:56 143 --a------ c:\windows\wininit.ini 2009-03-19 14:59 . 2009-03-19 15:06 26,897,264 --a------ c:\users\rolland\AdbeRdr910_fr_FR.exe 2009-03-11 09:40 . 2008-12-16 07:53 7,680 --a------ c:\windows\System32\spwmp.dll 2009-03-11 09:40 . 2008-12-16 07:53 4,096 --a------ c:\windows\System32\msdxm.ocx 2009-03-11 09:40 . 2008-12-16 07:53 4,096 --a------ c:\windows\System32\dxmasf.dll 2009-03-11 09:39 . 2008-12-16 06:00 8,147,968 --a------ c:\windows\System32\wmploc.DLL 2009-03-11 09:37 . 2009-02-09 03:59 2,028,032 --a------ c:\windows\System32\win32k.sys 2009-03-11 09:37 . 2008-11-27 06:42 269,824 --a------ c:\windows\System32\schannel.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-11 07:56 --------- d---a-w c:\programdata\TEMP 2009-04-10 20:12 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-04-10 19:49 --------- d--h--w c:\program files\InstallShield Installation Information 2009-04-10 19:45 --------- d-----w c:\programdata\Google Updater 2009-04-10 19:41 --------- d-----w c:\program files\Spyware Doctor 2009-04-10 06:22 27,525 ----a-w c:\users\rolland\AppData\Roaming\nvModes.dat 2009-03-12 07:07 --------- d-----w c:\program files\Windows Mail 2009-03-12 07:01 --------- d-----w c:\programdata\Microsoft Help 2009-03-07 10:34 --------- d-----w c:\users\rolland\AppData\Roaming\LimeWire 2009-03-07 09:06 --------- d-----w c:\program files\LimeWire 2009-03-07 09:06 --------- d-----w c:\program files\Incomplete 2009-03-03 09:50 --------- d-----w c:\program files\Gpotato 2009-03-02 13:31 --------- d-----w c:\program files\DivX 2009-03-02 07:31 --------- d-----w c:\program files\Common Files\PX Storage Engine 2009-03-01 16:44 --------- d-----w c:\users\rolland\AppData\Roaming\DivX 2009-03-01 16:37 --------- d-----w c:\program files\Google 2009-02-28 17:23 19,333,112 ----a-w c:\users\rolland\DivXInstaller.exe 2009-02-28 16:06 3,813,472 ----a-w c:\users\rolland\DivXWebPlayerInstaller.exe 2009-02-27 16:03 508,552 ----a-w c:\users\rolland\Live-Player_setup.exe 2009-01-15 04:16 826,368 ----a-w c:\windows\System32\wininet.dll 2009-01-15 04:16 56,320 ----a-w c:\windows\System32\iesetup.dll 2009-01-15 04:16 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll 2009-01-15 04:15 26,624 ----a-w c:\windows\System32\ieUnatt.exe 2008-12-12 18:13 174 --sha-w c:\program files\desktop.ini 2008-11-14 17:41 3,231,826 ----a-w c:\users\rolland\eMule0.49b-Installer1.exe 2008-06-17 17:04 691 ----a-w c:\users\rolland\AppData\Roaming\GetValue.vbs 2008-06-17 17:04 35 ----a-w c:\users\rolland\AppData\Roaming\SetValue.bat 2007-11-01 18:21 135,680 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll 2009-01-07 17:07 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2009-01-07 17:07 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2009-01-07 17:07 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat 2008-10-29 20:34 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-10-29 20:34 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-10-29 20:34 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 1591808] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] "EPSON Stylus Photo R265 Series"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIBNE.EXE" [2006-05-19 139264] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-01 68856] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-19 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-19 8466432] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-19 81920] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-05-04 174872] "IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-05-04 33048] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "OSD"="c:\program files\C&E\OSD\osd.exe" [2007-07-10 557056] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-21 136600] "SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-02-06 1036640] "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-02-01 1103240] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 c:\windows\RtHDVCpl.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "SpybotDeletingA9257"="command" [X] "SpybotDeletingC9067"="del" [X] "GrpConv"="grpconv -o" [X] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-04-06 401040] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.mkdmp3enc"= c:\progra~1\CYBERL~1\PowerDV\Kernel\Burner\MKDMP3Enc.ACM HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Upload Manager [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{2E1A4D86-18AC-482B-BA3E-3E113EC5E145}"= c:\program files\CyberLink\PowerDV\PowerDV.exe:CyberLink PowerDV "{CC5ABE24-DE08-4D1E-AEC8-AACDF6F70505}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "TCP Query User{73C1BB4F-7977-4DF9-95BC-04D4D036AAD8}d:\\program files\\empires2.icd"= UDP:d:\program files\empires2.icd:Age of Empires II "UDP Query User{333119E3-9EFB-4D8D-B134-706F66CE6D1D}d:\\program files\\empires2.icd"= TCP:d:\program files\empires2.icd:Age of Empires II "{C9A1136C-9FC9-4444-80B6-B734253C4DCF}"= UDP:d:\program files\age3x.exe:Age of Empires III - The WarChiefs "{91723922-134F-4237-9685-065AA03F1424}"= TCP:d:\program files\age3x.exe:Age of Empires III - The WarChiefs "{66A9ADC5-581B-4006-8B7A-F82220F10DF2}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "TCP Query User{BB04531D-2B0B-422E-BD78-8BCDD979E4DE}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule "UDP Query User{ACBFC445-BAEF-4279-B275-7EFADEC6F4A5}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule "{0EC9D4E6-A051-40D1-989A-96AA96BA2F79}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb "{BC182C94-B955-41BD-B493-0FE0E4AEBCEA}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb "{D972F320-1A3B-41B6-8D39-DFB9906B89C7}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray "{7050F789-4D06-4D34-87A0-DA89F387D7E0}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray "{086731DE-219D-447D-8050-B1C467B493E0}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR "{70CC18B6-5337-4D99-90A6-6FF8584491FF}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR "{8EA726C1-25EA-41EA-A0BD-DEC7186C2C85}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "{687C3515-CEFA-4F67-8F9D-DCF377F9C98F}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "{B31D9A0A-78A5-474B-9049-455BC260073A}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{2CA431F7-1208-4FAA-97E0-79F1F4122ABE}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "TCP Query User{29BC9CCF-A348-4DD6-B935-DD8872838FE7}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{E1D13B44-B0AC-48B6-8B0A-C6D7D6B42C58}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent "{02A50FA7-E4FF-4407-B105-EC9077EC2F77}"= UDP:d:\program files\age3y.exe:Age of Empires III - The Asian Dynasties "{0DDE0297-8833-4461-A7E4-E698BB5E9115}"= TCP:d:\program files\age3y.exe:Age of Empires III - The Asian Dynasties "TCP Query User{5A76F771-2FA1-4FC9-83A4-AFDACE7979A7}c:\\program files\\webmediaplayer\\webmediaplayer.exe"= UDP:c:\program files\webmediaplayer\webmediaplayer.exe:WebMediaPlayer "UDP Query User{9F9943A5-F572-4DDA-963F-85321A09F80D}c:\\program files\\webmediaplayer\\webmediaplayer.exe"= TCP:c:\program files\webmediaplayer\webmediaplayer.exe:WebMediaPlayer "TCP Query User{3AA032E0-54D5-4F86-A5FA-0ED64EBD9581}c:\\program files\\roger wilco\\roger.exe"= UDP:c:\program files\roger wilco\roger.exe:roger "UDP Query User{A5E4F315-5443-4BCA-89F4-6BA8D9C8EF60}c:\\program files\\roger wilco\\roger.exe"= TCP:c:\program files\roger wilco\roger.exe:roger "{65FB9B8B-43EE-4760-97EF-77BB86E234A8}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{246211DB-5A8B-4D5D-8334-B758BD2DEA90}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{C9CC2799-A6A5-46C8-A3DA-B21157CF52D1}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{57C5A8DE-2BA3-4603-AB17-4B8C3486B68C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R0 iaNvStor;Intel® Turbo Memory Technology NAND Controller;c:\windows\System32\drivers\iaNvStor.sys [2007-09-10 208896] R0 Si3531;SiI-3531 SATA Controller;c:\windows\System32\drivers\Si3531.sys [2007-09-10 210224] R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2008-05-23 114768] R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2008-05-23 20560] R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2007-11-01 51792] R2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe -k bthaudiosvc [2006-11-02 22016] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-06-12 810320] R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-03-30 747912] R3 BthAudioHF;Service BthAudioHF;c:\windows\System32\drivers\BthAudioHF.sys [2007-08-14 30208] R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [2007-09-10 46592] --- Autres Services/Pilotes en mémoire --- *Deregistered* - mchInjDrv [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ bthaudiosvc REG_MULTI_SZ HFGService [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4bbdf9a8-9503-11dd-8c43-00030d710cf6}] \shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74b3bafc-6b78-11dd-9087-001060d22ecb}] \shell\AutoRun\command - H:\LaunchU3.exe . Contenu du dossier 'Tâches planifiées' 2009-04-11 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 18:17] 2009-04-11 c:\windows\Tasks\User_Feed_Synchronization-{3AFC1D0D-0C6E-46E2-8D31-DDB5F332003B}.job - c:\windows\system32\msfeedssync.exe [2006-11-02 11:45] 2009-04-11 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20] . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe HKCU-Run-bocpd - c:\users\rolland\appdata\local\bocpd.exe HKLM-Run-Spamicillin - c:\program files\Spamicillin\spamicillin.exe HKLM-RunOnce-<NO NAME> - (no file) . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.de/webhp?sourceid=navclient&hl=fr&ie=UTF-8 uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: microsoft.com\office FF - ProfilePath - c:\users\rolland\AppData\Roaming\Mozilla\Firefox\Profiles\dn371398.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.startup.homepage - hxxp://fr.google.mozilla.com/firefox&client=firefox-a&rls=com.google:fr:official FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=vmn&type=vendio&p= FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npagent.dll ---- PARAMETRES FIREFOX ---- FF - user.js: yahoo.homepage.dontask - true. ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-11 11:57:20 Windows 6.0.6000 NTFS detected NTDLL code modification: ZwClose Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . Heure de fin: 2009-04-11 12:01:42 ComboFix-quarantined-files.txt 2009-04-11 10:01:37 Avant-CF: 42 884 165 632 octets libres Après-CF: 42,632,163,328 octets libres 231 --- E O F --- 2009-04-10 19:50:02
×
×
  • Créer...