Aller au contenu

jflemieux

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    1

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par jflemieux

  1. jflemieux
    ComboFix 10-05-01.04 - LG 2010-05-02 8:13.1.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.2.1036.18.3070.2108 [GMT -4:00] Bonjour, SVP analyser ce rapport de combofix et me revenir pour me dire si tout est OK. Merci. Lancé depuis: c:\users\LG\Desktop\ccm.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\LG\AppData\Roaming\inst.exe c:\windows\system32\inetko.dll c:\windows\system32\VB6KO.DLL . ((((((((((((((((((((((((((((( Fichiers créés du 2010-04-02 au 2010-05-02 )))))))))))))))))))))))))))))))))))) . 2010-05-01 12:13 . 2010-05-01 12:13 -------- d-----w- c:\users\LG\AppData\Roaming\Malwarebytes 2010-05-01 12:12 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-01 12:12 . 2010-05-01 12:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-01 12:12 . 2010-05-01 12:12 -------- d-----w- c:\programdata\Malwarebytes 2010-05-01 12:12 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-26 01:10 . 2010-04-26 01:10 -------- d-----w- c:\program files\DVDFab 6 2010-04-14 20:58 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-04-14 20:58 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2010-04-14 20:58 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-04-14 20:58 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-04-14 20:58 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-04-14 20:58 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-04-14 20:58 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-04-14 20:58 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll 2010-04-14 20:58 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys 2010-04-14 20:56 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll 2010-04-14 20:56 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll 2010-04-13 00:58 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll 2010-04-13 00:58 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll 2010-04-13 00:58 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-02 12:20 . 2009-06-22 01:52 31586 ----a-w- c:\programdata\nvModes.dat 2010-05-02 12:19 . 2009-06-18 15:02 1076 ----a-w- c:\windows\bthservsdp.dat 2010-05-01 13:37 . 2008-01-21 08:40 669566 ----a-w- c:\windows\system32\perfh00C.dat 2010-05-01 13:37 . 2008-01-21 08:40 123556 ----a-w- c:\windows\system32\perfc00C.dat 2010-04-26 01:02 . 2009-06-18 15:11 100824 ----a-w- c:\users\LG\AppData\Local\GDIPFONTCACHEV1.DAT 2010-04-26 00:57 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-04-26 00:57 . 2010-02-27 16:01 -------- d-----w- c:\programdata\Microsoft Help 2010-04-26 00:54 . 2010-02-27 16:10 -------- d-----w- c:\program files\Microsoft Works 2010-04-26 00:45 . 2010-01-28 01:39 47360 ----a-w- c:\users\LG\AppData\Roaming\pcouffin.sys 2010-04-26 00:45 . 2010-01-28 01:39 47360 ----a-w- c:\users\LG\AppData\Roaming\pcouffin.sys 2010-04-26 00:45 . 2010-01-28 01:39 -------- d-----w- c:\users\LG\AppData\Roaming\Vso 2010-03-30 00:47 . 2009-06-18 18:39 -------- d-----w- c:\users\LG\AppData\Roaming\Ahead 2010-03-04 17:50 . 2010-03-04 17:50 261152 ----a-w- c:\windows\system32\drivers\Rtlh86.sys 2010-02-27 17:08 . 2010-02-27 17:08 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe 2010-02-24 14:16 . 2009-10-02 21:18 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-02-23 06:39 . 2010-03-30 21:06 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-23 06:33 . 2010-03-30 21:06 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-02-23 06:33 . 2010-03-30 21:06 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-02-23 04:55 . 2010-03-30 21:06 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-02-03 16:24 . 2009-11-12 12:24 94208 ----a-w- c:\windows\system32\RTNUninst32.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-19 39408] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "WeatherEye"="c:\users\LG\AppData\Local\MétéoMédia\MétéoÉclair\WeatherEye.exe" [2009-10-27 718232] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 313472] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "LG Intelligent Update"="c:\program files\lg_swupdate\giljabistart.exe" [2009-06-22 251184] "CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344] "RtHDVCpl"="RtHDVCpl.exe" [2007-09-10 4702208] "Skytel"="Skytel.exe" [2007-08-03 1826816] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-06 869936] "MGSysCtrl"="c:\program files\LG Software\System Control Manager\MGSysCtrl.exe" [2007-11-12 569344] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-12 13781536] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-9-1 25214] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-02-27 21:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2006-12-11 01:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 19:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):b5,66,81,18,53,5b,ca,01 R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664] S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2007-04-03 39680] S0 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2007-04-02 35712] S1 aswSP;avast! Self Protection; [x] S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560] S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792] S2 NishService;Evil Driver Daemon;c:\program files\LG Software\System Control Manager\edd.exe [2007-08-23 61440] S3 DCamUSBET;ET USB 2760 Camera;c:\windows\system32\DRIVERS\etDevice.sys [2007-07-20 471808] S3 FiltUSBET;ET USB Device Lower Filter;c:\windows\system32\DRIVERS\etFilter.sys [2007-06-14 201216] S3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [2006-12-22 19456] S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480] S3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\system32\DRIVERS\etScan.sys [2007-07-24 6656] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contenu du dossier 'Tâches planifiées' 2010-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 05:25] 2010-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 05:25] 2010-05-02 c:\windows\Tasks\User_Feed_Synchronization-{AE4BDA3B-A81C-48A1-B9BB-3C4895FAF66F}.job - c:\windows\system32\msfeedssync.exe [2010-03-30 04:54] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.ca/ uInternet Settings,ProxyOverride = *.local IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html . - - - - ORPHELINS SUPPRIMES - - - - HKLM-Run-etMonitor - c:\windows\etMon.exe MSConfigStartUp-76825129 - c:\programdata\76825129\76825129.exe ************************************************************************** Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\nvvsvc.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\O2Micro Oz128 Driver\o2flash.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\conime.exe c:\program files\Alwil Software\Avast4\ashDisp.exe c:\windows\RtHDVCpl.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\ehome\ehmsas.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Windows Live\Contacts\wlcomm.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Heure de fin: 2010-05-02 08:27:32 - La machine a redémarré ComboFix-quarantined-files.txt 2010-05-02 12:27 Avant-CF: 85 622 362 112 octets libres Après-CF: 87 478 202 368 octets libres - - End Of File - - 1C5DBFC3074A625371994807B8AEC977
×
×
  • Créer...