Bonjour,quelqu'un pourrait jetter un coup d'oeil sur ce rapport de combofix car kapersky me signale la présence de cheval de troie et mon pc est au ralenti.
ComboFix 10-04-14.04 - jtyk 15/04/2010 17:47:21.1.1 - x86
Microsoft Windows 7 Édition Intégrale 6.1.7600.0.1252.32.1033.18.511.157 [GMT 2:00]
Lancé depuis: c:\users\jtyk\Downloads\killvir.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-03-15 au 2010-04-15 ))))))))))))))))))))))))))))))))))))
.
2010-04-15 16:09 . 2010-04-15 16:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-15 11:43 . 2010-04-15 11:53 -------- d-----w- c:\program files\F1 DELUX 2010
2010-04-13 20:06 . 2010-04-13 20:06 410976 ----a-w- c:\windows\system32\deploytk.dll
2010-04-13 20:06 . 2010-04-13 20:06 -------- d-----w- c:\program files\Java
2010-04-13 20:03 . 2010-04-15 14:47 -------- d-----w- c:\program files\PS3 Media Server
2010-04-13 19:17 . 2010-02-27 12:07 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-13 19:17 . 2010-02-27 12:07 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-13 19:17 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-04-13 19:17 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-13 19:17 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-13 19:17 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-13 19:16 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-13 19:16 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-04-06 12:02 . 2010-04-06 12:44 -------- d-----w- c:\program files\Dream Match Tennis
2010-04-06 11:56 . 2010-04-06 11:56 -------- d-----w- c:\programdata\DVD Shrink
2010-04-06 11:54 . 2010-04-06 11:55 -------- d-----w- c:\program files\DVD Shrink
2010-04-06 00:10 . 2007-12-24 11:47 7680 ----a-w- c:\windows\system32\ff_vfw.dll
2010-04-06 00:10 . 2007-11-29 10:52 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2010-04-06 00:10 . 2007-11-29 10:52 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-04-06 00:10 . 2007-11-29 10:52 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-04-06 00:10 . 2010-04-06 00:10 -------- d-----w- c:\program files\ffdshow
2010-04-06 00:09 . 2010-04-06 00:10 -------- d-----w- c:\program files\TVersity Codec Pack
2010-04-06 00:08 . 2010-04-11 17:47 -------- d-----w- c:\users\jtyk\AppData\Local\TVersity
2010-04-04 19:36 . 2010-04-04 19:36 -------- d-----w- c:\users\jtyk\AppData\Local\ElevatedDiagnostics
2010-04-04 17:11 . 2010-04-04 17:12 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-04-04 06:10 . 2010-04-04 06:10 -------- d-----w- c:\program files\NgrabLite
2010-04-04 06:10 . 2010-04-04 06:10 -------- d-----w- c:\windows\NgrabLite
2010-04-04 06:07 . 2010-04-04 06:07 -------- d-----w- c:\program files\FlashTools
2010-04-04 06:05 . 2010-04-04 06:06 -------- d-----w- c:\program files\Feuvert
2010-04-03 14:17 . 2010-04-03 14:17 -------- d-----w- c:\program files\iPod
2010-04-03 14:17 . 2010-04-03 14:20 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-03 14:17 . 2010-04-03 14:20 -------- d-----w- c:\program files\iTunes
2010-04-03 14:06 . 2010-04-03 14:08 -------- d-----w- c:\program files\QuickTime
2010-04-03 13:56 . 2010-04-03 13:56 -------- d-----w- c:\program files\Bonjour
2010-04-03 13:47 . 2010-04-03 13:48 -------- d-----w- c:\program files\Safari
2010-04-02 21:50 . 2010-04-02 21:50 -------- d-----w- c:\programdata\TomTom
2010-04-02 21:43 . 2010-04-02 21:43 -------- d-----w- c:\users\jtyk\AppData\Roaming\TomTom
2010-04-02 21:43 . 2010-04-02 21:43 -------- d-----w- c:\users\jtyk\AppData\Local\TomTom
2010-04-02 21:09 . 2010-04-08 15:05 -------- d-----w- c:\users\jtyk\AppData\Roaming\skypePM
2010-04-02 21:05 . 2010-04-08 20:07 -------- d-----w- c:\users\jtyk\AppData\Roaming\Skype
2010-04-02 21:03 . 2010-04-02 21:03 -------- d-----w- c:\program files\Common Files\Skype
2010-04-02 21:03 . 2010-04-02 21:04 -------- d-----r- c:\program files\Skype
2010-04-02 21:03 . 2010-04-02 21:03 -------- d-----w- c:\programdata\Skype
2010-04-02 13:12 . 2010-04-02 13:12 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2010-04-02 13:08 . 2010-02-23 07:56 977920 ----a-w- c:\windows\system32\wininet.dll
2010-03-29 19:02 . 2010-03-29 19:02 544 ----a-w- c:\windows\eReg.dat
2010-03-29 19:02 . 2010-03-29 19:02 -------- d-----w- c:\program files\EA SPORTS
2010-03-29 11:53 . 2010-03-29 11:57 -------- d-----w- c:\windows\WindowsMobile
2010-03-29 10:30 . 2010-03-29 10:30 -------- d-----w- c:\programdata\Bluetooth
2010-03-29 10:15 . 2010-03-29 10:15 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-03-29 09:31 . 2010-03-29 09:31 -------- d-----w- c:\program files\ING
2010-03-27 22:37 . 2010-03-27 22:37 -------- d-----w- c:\program files\Conduit
2010-03-27 22:37 . 2010-03-27 22:37 -------- d-----w- c:\program files\Search_USA
2010-03-27 21:03 . 2010-03-29 09:23 -------- d-----w- c:\program files\Microsoft Works
2010-03-27 20:59 . 2010-03-27 20:59 -------- d-----w- c:\program files\Microsoft.NET
2010-03-27 20:44 . 2010-03-27 20:44 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-03-27 20:42 . 2010-03-27 20:42 -------- d-----w- c:\users\jtyk\AppData\Local\Microsoft Help
2010-03-27 20:41 . 2010-04-14 14:54 -------- d-----w- c:\programdata\Microsoft Help
2010-03-27 20:27 . 2003-06-19 00:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2010-03-27 20:27 . 2003-06-19 00:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2010-03-27 17:35 . 2010-04-06 13:44 -------- d-----w- c:\users\jtyk\AppData\Local\Google
2010-03-27 17:35 . 2010-03-27 17:35 -------- d-----w- c:\program files\Google
2010-03-27 15:14 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-03-27 15:12 . 2010-03-27 15:13 -------- d-----w- c:\programdata\NVIDIA
2010-03-27 15:10 . 2009-09-27 22:12 490088 ----a-w- c:\windows\system32\nvuninst.exe
2010-03-27 00:16 . 2010-03-27 00:16 -------- d-----w- c:\program files\IVT Corporation
2010-03-27 00:05 . 2010-03-27 00:05 -------- d-----w- c:\program files\CCleaner
2010-03-26 23:10 . 2010-04-09 20:02 -------- d-----w- c:\users\jtyk\AppData\Roaming\vlc
2010-03-26 21:54 . 2010-04-15 06:48 -------- d-----w- c:\users\jtyk\Tracing
2010-03-26 21:54 . 2010-03-26 21:54 -------- d-----w- c:\users\jtyk\AppData\Roaming\Bandoo
2010-03-26 21:53 . 2010-03-27 15:15 -------- d-----w- c:\programdata\Bandoo
2010-03-26 21:53 . 2010-03-26 21:54 -------- d-----w- c:\program files\Bandoo
2010-03-26 21:42 . 2010-03-26 21:44 -------- d-----w- c:\program files\a-squared Free
2010-03-26 21:35 . 2010-04-06 20:58 -------- d-----w- c:\program files\eMule
2010-03-26 21:33 . 2010-03-26 21:33 -------- d-----w- c:\program files\VideoLAN
2010-03-26 21:32 . 2010-03-26 21:32 -------- d-----w- c:\program files\TomTom International B.V
2010-03-26 21:32 . 2010-03-26 21:32 -------- d-----w- c:\program files\TomTom HOME 2
2010-03-26 21:30 . 2010-04-08 02:26 -------- d-----w- c:\users\jtyk\AppData\Roaming\Apple Computer
2010-03-26 21:30 . 2010-04-03 13:49 -------- d-----w- c:\users\jtyk\AppData\Local\Apple Computer
2010-03-26 21:29 . 2009-05-18 13:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-03-26 21:29 . 2008-04-17 12:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-03-26 21:28 . 2010-03-26 21:29 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-03-26 21:24 . 2010-03-26 21:28 -------- d-----w- c:\programdata\Apple Computer
2010-03-26 21:23 . 2010-03-26 21:23 -------- d-----w- c:\users\jtyk\AppData\Local\Apple
2010-03-26 21:23 . 2010-03-26 21:23 -------- d-----w- c:\program files\Apple Software Update
2010-03-26 21:20 . 2010-03-26 21:14 344522 ----a-w- c:\windows\system32\perfi00C.dat
2010-03-26 21:20 . 2010-04-11 13:38 692886 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-26 21:20 . 2010-04-11 13:38 126998 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-26 21:20 . 2010-03-26 21:14 38160 ----a-w- c:\windows\system32\perfd00C.dat
2010-03-26 21:17 . 2010-03-26 21:17 -------- d-----w- c:\windows\fr-FR
2010-03-26 21:16 . 2010-03-26 21:16 -------- d-----w- c:\windows\system32\XPSViewer
2010-03-26 21:16 . 2010-03-26 21:16 -------- d-----w- c:\windows\system32\040C
2010-03-26 21:16 . 2010-03-26 21:16 -------- d-----w- c:\windows\system32\drivers\fr-FR
2010-03-26 21:16 . 2010-03-26 21:16 -------- d-----w- c:\windows\system32\fr
2010-03-26 21:15 . 2010-03-26 21:15 -------- d-----w- c:\windows\system32\Spool\prtprocs\w32x86\fr-FR
2010-03-26 21:15 . 2010-03-26 21:15 -------- d-----w- c:\windows\system32\wbem\fr-FR
2010-03-26 20:55 . 2010-04-03 14:17 -------- d-----w- c:\program files\Common Files\Apple
2010-03-26 20:55 . 2010-03-26 20:55 -------- d-----w- c:\programdata\Apple
2010-03-26 20:14 . 2010-03-26 20:14 -------- d-----w- c:\windows\system32\Macromed
2010-03-26 19:40 . 2010-03-29 07:30 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-26 19:39 . 2009-08-05 21:48 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-03-26 19:39 . 2010-03-26 21:29 -------- dc----w- c:\windows\system32\DRVSTORE
2010-03-26 19:38 . 2010-03-26 19:38 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-03-26 19:35 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-03-26 19:34 . 2010-03-26 19:34 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-03-26 19:33 . 2010-03-26 19:33 -------- d-----w- c:\program files\Microsoft
2010-03-26 19:32 . 2010-03-26 19:32 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-03-26 19:32 . 2010-03-26 19:39 -------- d-----w- c:\program files\Windows Live
2010-03-26 19:30 . 2010-03-26 19:30 -------- d-----w- c:\windows\PCHEALTH
2010-03-26 19:24 . 2010-03-26 19:24 -------- d-----w- c:\program files\Common Files\Windows Live
2010-03-26 19:18 . 2010-02-02 07:45 2048 ----a-w- c:\windows\system32\tzres.dll
2010-03-26 19:17 . 2010-01-18 23:29 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-03-26 19:17 . 2010-01-18 23:29 369152 ----a-w- c:\windows\system32\secproc.dll
2010-03-26 19:17 . 2010-01-18 23:28 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-03-26 19:17 . 2010-01-18 23:28 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-03-26 19:17 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-03-26 19:17 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-03-26 19:17 . 2010-01-18 23:28 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-03-26 19:17 . 2010-01-18 23:28 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-03-26 19:05 . 2010-04-08 18:07 -------- d-----w- c:\program files\Dream Match Tennis Pro
2010-03-26 18:59 . 2010-03-26 18:59 -------- d-----w- c:\users\jtyk\AppData\Local\Mozilla
2010-03-26 17:37 . 2010-03-26 17:37 -------- d-----w- c:\program files\SiSLan
2010-03-26 17:11 . 2010-03-26 17:11 -------- d-----w- c:\users\jtyk\AppData\Local\Diagnostics
2010-03-26 16:51 . 2010-03-29 10:17 108824 ----a-w- c:\users\jtyk\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-26 16:48 . 2010-04-04 06:05 -------- d--h--w- c:\program files\InstallShield Installation Information
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-04 18:00 . 2010-04-04 18:00 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-04-04 18:00 . 2010-04-04 18:00 704320 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-04-03 13:51 . 2010-04-03 13:51 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-03 13:42 . 2010-04-03 13:42 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-04-02 21:09 . 2010-04-02 21:09 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-03-29 11:56 . 2010-03-29 11:56 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2010-03-27 21:03 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-03-26 21:54 . 2010-03-26 21:53 426 ----a-w- c:\users\jtyk\AppData\Local\GLFB765.tmp
2010-03-26 21:17 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar
2010-03-26 21:17 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-03-26 21:17 . 2009-07-14 07:50 -------- d-----w- c:\program files\Windows Journal
2010-03-26 21:17 . 2009-07-14 04:52 -------- d-----w- c:\program files\DVD Maker
2010-03-26 21:17 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Photo Viewer
2010-03-26 21:17 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Defender
2010-03-26 21:14 . 2010-03-26 21:17 38160 ----a-w- c:\windows\inf\PERFLIB\040C\perfd.dat
2010-03-26 21:14 . 2010-03-26 21:17 38160 ----a-w- c:\windows\inf\PERFLIB\040C\perfc.dat
2010-03-26 21:14 . 2010-03-26 21:17 344522 ----a-w- c:\windows\inf\PERFLIB\040C\perfi.dat
2010-03-26 21:14 . 2010-03-26 21:17 344522 ----a-w- c:\windows\inf\PERFLIB\040C\perfh.dat
2010-03-26 17:44 . 2010-03-26 17:44 80400 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-03-26 17:44 . 2010-03-26 17:44 311312 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\sys\i386\6.0\klif.sys
2010-03-26 17:44 . 2010-03-26 17:44 109072 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2010-03-26 17:44 . 2010-03-26 17:44 80400 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-03-26 17:44 . 2010-03-26 17:44 109072 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2010-03-26 17:44 . 2010-03-26 17:44 311312 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\sys\i386\6.0\klif.sys
2010-03-26 15:39 . 2010-03-26 15:39 -------- d-sh--we c:\programdata\Start Menu
2010-03-26 15:39 . 2010-03-26 15:39 -------- d-sh--we c:\programdata\Favorites
2010-03-26 15:39 . 2010-03-26 15:39 -------- d-sh--we c:\programdata\Documents
2010-03-26 15:39 . 2010-03-26 15:39 -------- d-sh--we c:\programdata\Desktop
2010-03-26 15:25 . 2010-03-26 15:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-02-24 08:16 . 2009-10-14 09:58 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 05:06 . 2010-02-24 05:06 562464 ----a-w- c:\windows\system32\drivers\netr73.sys
2010-02-24 04:07 . 2010-02-24 04:07 226592 ----a-w- c:\windows\system32\RaCoInst.dll
2010-02-12 09:46 . 2010-02-12 09:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 09:46 . 2010-02-12 09:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-01-20 11:13 . 2010-03-26 21:45 52224 ----a-w- c:\users\jtyk\AppData\Roaming\Mozilla\Firefox\Profiles\xweib60r.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
2010-01-20 11:13 . 2010-03-26 21:45 101376 ----a-w- c:\users\jtyk\AppData\Roaming\Mozilla\Firefox\Profiles\xweib60r.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
2010-01-18 23:27 . 2010-03-26 21:54 2149888 ----a-w- c:\users\jtyk\AppData\Roaming\Mozilla\Firefox\Profiles\xweib60r.default\extensions\firefox@bandoo.com\components\FFPlugin.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
------- Sigcheck -------
[-] 2009-07-14 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{48405d3d-2674-4cd8-b1ef-9a719443bd3f}"= "c:\program files\Search_USA\tbSear.dll" [2009-05-20 2085400]
[HKEY_CLASSES_ROOT\clsid\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]
2009-05-20 17:05 2085400 ----a-w- c:\program files\Search_USA\tbSear.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}]
2010-01-18 23:31 2074048 ----a-w- c:\program files\Bandoo\Plugins\IE\ieplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{48405d3d-2674-4cd8-b1ef-9a719443bd3f}"= "c:\program files\Search_USA\tbSear.dll" [2009-05-20 2085400]
[HKEY_CLASSES_ROOT\clsid\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{48405D3D-2674-4CD8-B1EF-9A719443BD3F}"= "c:\program files\Search_USA\tbSear.dll" [2009-05-20 2085400]
[HKEY_CLASSES_ROOT\clsid\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-10-20 340456]
"Cmaudio"="cmicnfg.cpl" [BU]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-04-13 136600]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\Bandoo\BndHook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
R3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr73.sys [2010-02-24 562464]
R3 PS3 Media Server;PS3 Media Server;c:\program files\PS3 Media Server\win32\service\wrapper.exe [x]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [2009-10-01 1858144]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://search.babylon.com/home
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\jtyk\AppData\Roaming\Mozilla\Firefox\Profiles\xweib60r.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/home
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\users\jtyk\AppData\Roaming\Mozilla\Firefox\Profiles\xweib60r.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
FF - component: c:\users\jtyk\AppData\Roaming\Mozilla\Firefox\Profiles\xweib60r.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
FF - component: c:\users\jtyk\AppData\Roaming\Mozilla\Firefox\Profiles\xweib60r.default\extensions\firefox@bandoo.com\components\FFPlugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2010-04-15 18:21:53
ComboFix-quarantined-files.txt 2010-04-15 16:21
ComboFix2.txt 2010-03-21 01:09
ComboFix3.txt 2010-03-18 01:01
Avant-CF: 80.757.157.888 octets libres
Après-CF: 80.679.784.448 octets libres
- - End Of File - - 1A91440F7D9A57413AA53C419B16FCC2
Afficher la suite
17 avril 2010 à 20:23
jtyka commence par désinstaller celui que tu ne veux pas garder !!!