laptop infecté
Hors ligneMister_masque Le 31/01/2009 Ă  12:30 Profil de Mister_masque Configuration de Mister_masque

Ben avant le formatage, il faudrait essayé de réparer le mode sans échec :

Réparer SafeBoot (SP2)

Les autres solution sont surement un peu trop longue, et je pense que tu es pressé.
Le PC est un PC de quel marque ? Portable ? Fixe ? Tu as des CD ?

@++
--
Hors ligneRmc05 Le 02/02/2009 Ă  09:04 Profil de Rmc05 Configuration de Rmc05

Salut,
La modification du registre a été désactivée par votre administrateur snif snif!!La marque c'est un pc portable de marque TOSHIBA L30 11B je n'ai pas de cd pour les pilotes c'est un ordinateur qui a été formaté récemment formater on y a installé le xp sp2 je suis pas préssé merci de m'aider.
le rapport everest pour mon portatif---[ EVEREST Home Edition (c) 2003-2005 Lavalys, Inc. ]---

    Système d'exploitation                            Microsoft Windows XP Professional 5.1.2600 (WinXP Retail)


      Système d'exploitation                            Microsoft Windows XP Professional
      Service Pack du système                           Service Pack 2
      DirectX                                           4.09.00.0904 (DirectX 9.0c)

      Type de processeur                                Mobile DualCore Intel Celeron M, 1733 MHz (13 x 133)
      Nom de la carte mère                              TOSHIBA Satellite L30
      Mémoire système                                   896 Mo
      Type de BIOS                                      Phoenix (01/25/07)

      Carte vidéo                                       ATI RADEON XPRESS 200M Series  (256 Mo)


      Disque dur                                        TOSHIBA MK1032GSX  (93 Go, IDE)
      Lecteur optique                                   MATSHITA DVD-RAM UJ-850S

    Partitions:
      C: (NTFS)                                         60000 Mo (10938 Mo libre)
      D: (NTFS)                                         35385 Mo (3721 Mo libre)
      Taille totale                                     93.1 Go (14.3 Go libre)

    Réseau:
      Carte réseau                                      Atheros AR5005G Wireless Network Adapter  (192.168.1.11)
      Carte réseau                                      Carte réseau Fast Ethernet PCI Realtek RTL8139 Family




      Version                                           Genuine Intel(R) CPU T2
      Vitesse d'horloge maximale                        1730 MHz
      Voltage                                           2.2 V
Hors ligneMister_masque Le 03/02/2009 Ă  20:39 Profil de Mister_masque Configuration de Mister_masque

Salut,

Bon si t'es pas pressé, on va tenté quelque trucs, c'est bien la 1er fois qu'une infection résiste
Je te conseille de sauvegarder les données importante (Photo, fichier .doc) de toute façon, tu devras faire sauvegarde avant de formater.


• Télécharge Combofix.exe (par sUBs) sur ton Bureau et pas ailleurs !

/!\ Ne pas télécharger, cette outil si vous n'y avez pas été invité

Combofix (Supprimé)
ou
Combofix (Supprimé)

Double clique sur l'exécutable, accepte la license si une demande apparait.
Poste le rapport obtenu.
Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt
--
Hors ligneRmc05 Le 06/02/2009 Ă  11:32 Profil de Rmc05 Configuration de Rmc05

Slt voici le rapport
ComboFix 09-02-04.04 - Administrateur 2009-02-06  8:50:34.1 - NTFSx86
Microsoft Windows XP Professionnel  5.1.2600.2.1252.1.1036.18.894.539 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated)
FW: Kaspersky Internet Security *disabled*
.
[color=purple]Les fichiers ci-dessous ont été désactivés pendant l'exécution:[/color]
c:\program files\SuperCopier2\SC2Hook.dll


((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system\svchost.exe
c:\windows\system32\dllcache\tskmgr.exe

.
(((((((((((((((((((((((((((((((((((((((   Pilotes/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_poof


(((((((((((((((((((((((((((((   Fichiers créés du 2009-01-06 au 2009-02-06  ))))))))))))))))))))))))))))))))))))
.

2009-02-03 08:53 . 2009-02-03 08:53     <REP>     d--------     c:\program files\MSXML 4.0
2009-02-02 11:10 . 2009-02-03 08:18     <REP>     d--------     c:\windows\system32\CatRoot_bak
2009-02-02 10:48 . 2009-02-02 11:07     <REP>     d--------     c:\program files\Lavalys
2009-01-29 08:35 . 2008-10-16 14:06     268,648     --a------     c:\windows\system32\mucltui.dll
2009-01-29 08:35 . 2008-10-16 14:06     208,744     --a------     c:\windows\system32\muweb.dll
2009-01-29 08:35 . 2008-10-16 14:06     27,496     --a------     c:\windows\system32\mucltui.dll.mui
2009-01-28 11:33 . 2009-02-06 08:54     <REP>     d--------     c:\documents and settings\Administrateur\Tracing
2009-01-28 11:31 . 2009-01-28 11:31     <REP>     d--------     c:\program files\Microsoft Silverlight
2009-01-28 11:31 . 2009-01-28 11:31     <REP>     d--------     c:\program files\Microsoft Office Outlook Connector
2009-01-28 11:29 . 2009-01-28 11:29     <REP>     d--------     c:\program files\Microsoft Sync Framework
2009-01-28 11:29 . 2006-11-29 13:06     3,426,072     --a------     c:\windows\system32\d3dx9_32.dll
2009-01-28 11:28 . 2009-01-28 11:28     <REP>     d--------     c:\program files\Microsoft SQL Server Compact Edition
2009-01-28 11:26 . 2009-01-28 11:26     <REP>     d--------     c:\program files\Windows Live SkyDrive
2009-01-28 11:26 . 2009-01-28 11:30     <REP>     d--------     c:\program files\Windows Live
2009-01-28 11:26 . 2009-01-28 11:31     <REP>     d--------     c:\program files\Microsoft
2009-01-28 11:21 . 2009-01-28 11:21     <REP>     d--------     c:\program files\Fichiers communs\Windows Live
2009-01-28 10:54 . 2009-01-28 10:54     <REP>     d--------     C:\SDFix
2009-01-26 16:53 . 2009-01-26 16:53     268     --ah-----     C:\sqmdata19.sqm
2009-01-26 16:53 . 2009-01-26 16:53     244     --ah-----     C:\sqmnoopt19.sqm
2009-01-22 12:54 . 2008-10-24 12:10     453,632     -----c---     c:\windows\system32\dllcache\mrxsmb.sys
2009-01-21 13:16 . 2009-01-21 13:16     <REP>     d--------     c:\program files\Malwarebytes' Anti-Malware
2009-01-21 13:16 . 2009-01-21 13:16     <REP>     d--------     c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-21 13:16 . 2009-01-21 13:16     <REP>     d--------     c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-01-21 13:16 . 2009-01-14 16:11     38,496     --a------     c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-21 13:16 . 2009-01-14 16:11     15,504     --a------     c:\windows\system32\drivers\mbam.sys
2009-01-21 12:39 . 2009-01-21 12:39     <REP>     d--------     C:\_OTMoveIt
2009-01-20 18:34 . 2009-01-21 09:54     <REP>     d--------     c:\program files\Free Easy Burner
2009-01-20 18:34 . 2005-03-11 18:37     1,986,560     --a------     c:\windows\system32\AudFile.dll
2009-01-20 18:34 . 2005-02-24 13:11     1,212,416     --a------     c:\windows\system32\AudioInfos.dll
2009-01-20 18:34 . 2005-02-24 12:51     348,160     --a------     c:\windows\system32\WMAFile.dll
2009-01-20 18:34 . 2003-08-07 13:01     237,568     --a------     c:\windows\system32\lame_enc.dll
2009-01-20 18:34 . 2006-11-18 11:38     200,704     --a------     c:\windows\system32\vbalExpBar6.ocx
2009-01-20 18:34 . 2005-01-10 13:54     116,296     --a------     c:\windows\system32\NCTWMAProfiles.prx
2009-01-20 18:34 . 2000-05-22 14:58     115,920     --a------     c:\windows\system32\msinet.OCX
2009-01-20 18:34 . 2003-04-18 15:29     82,432     --a------     c:\windows\system32\msxml4r.dll
2009-01-20 18:34 . 2003-04-18 15:29     44,544     --a------     c:\windows\system32\msxml4a.dll
2009-01-20 18:34 . 1998-07-13 17:53     44,544     --a------     c:\windows\system32\GIF89.DLL
2009-01-20 18:34 . 2003-01-26 12:41     40,960     --a------     c:\windows\system32\SSubTmr6.dll
2009-01-20 18:34 . 1998-07-12 22:00     15,360     --a------     c:\windows\system32\inetfr.DLL
2009-01-20 11:05 . 2009-01-20 11:05     <REP>     d--------     C:\rsit
2009-01-19 14:12 . 2008-06-14 18:59     272,768     ---------     c:\windows\system32\drivers\bthport.sys
2009-01-19 14:12 . 2008-06-14 18:59     272,768     -----c---     c:\windows\system32\dllcache\bthport.sys
2009-01-19 08:07 . 2009-01-26 23:04     <REP>     d--------     c:\program files\Navilog1
2009-01-17 15:25 . 2009-01-17 15:25     <REP>     d--------     c:\program files\MSXML 6.0
2009-01-16 14:26 . 2009-01-21 16:24     <REP>     d--------     c:\program files\FindyKill
2009-01-16 12:12 . 2009-01-16 12:12     <REP>     d--------     c:\program files\AxBx
2009-01-15 20:45 . 2009-01-15 20:45     <REP>     d--h-----     c:\windows\system32\GroupPolicy
2009-01-15 20:28 . 2009-01-15 20:28     <REP>     d--------     c:\documents and settings\All Users\Application Data\Symantec
2009-01-15 20:16 . 2009-01-15 20:16     <REP>     d--------     c:\program files\Windows Sidebar
2009-01-15 20:16 . 2009-01-15 20:16     <REP>     d--------     c:\program files\Norton AntiVirus
2009-01-15 20:15 . 2009-01-15 20:26     10,652     --a------     c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-15 20:15 . 2009-01-15 20:26     806     --a------     c:\windows\system32\drivers\SYMEVENT.INF
2009-01-15 20:13 . 2009-01-28 11:04     1,374     --a------     c:\windows\imsins.BAK
2009-01-15 16:45 . 2009-01-15 16:45     <REP>     d--------     c:\program files\Falco Auto Image
2009-01-15 16:45 . 2001-08-23 15:25     1,706,800     --a------     c:\windows\system32\GdiPlus.dll
2009-01-15 15:36 . 2008-01-29 18:29     32,784     --a------     c:\windows\system32\drivers\klbg.sys
2009-01-15 15:36 . 2008-03-13 19:02     26,640     --a------     c:\windows\system32\drivers\klfltdev.sys
2009-01-15 15:36 . 2008-04-30 18:06     24,592     --a------     c:\windows\system32\drivers\klim5.sys
2009-01-15 15:21 . 2009-01-15 15:21     <REP>     d--------     c:\documents and settings\All Users\Application Data\NortonInstaller
2009-01-15 15:01 . 2009-01-15 15:02     32     --ahs----     c:\windows\system32\drivers\fidbox2.idx
2009-01-15 15:01 . 2009-01-15 15:02     32     --ahs----     c:\windows\system32\drivers\fidbox2.dat
2009-01-15 15:01 . 2009-01-15 15:02     32     --ahs----     c:\windows\system32\drivers\fidbox.idx
2009-01-15 15:01 . 2009-01-15 15:02     32     --ahs----     c:\windows\system32\drivers\fidbox.dat
2009-01-15 14:48 . 2009-01-15 14:48     <REP>     d--------     c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-01-14 12:27 . 2009-01-15 15:47     32     --a------     c:\windows\Smith.INI
2009-01-11 18:56 . 2009-01-11 18:56     268     --ah-----     C:\sqmdata18.sqm
2009-01-11 18:56 . 2009-01-11 18:56     244     --ah-----     C:\sqmnoopt18.sqm
2009-01-11 12:08 . 2009-01-11 12:08     268     --ah-----     C:\sqmdata17.sqm
2009-01-11 12:08 . 2009-01-11 12:08     244     --ah-----     C:\sqmnoopt17.sqm
2009-01-11 10:31 . 2009-01-11 10:31     268     --ah-----     C:\sqmdata16.sqm
2009-01-11 10:31 . 2009-01-11 10:31     244     --ah-----     C:\sqmnoopt16.sqm
2009-01-10 18:40 . 2009-01-10 18:40     268     --ah-----     C:\sqmdata15.sqm
2009-01-10 18:40 . 2009-01-10 18:40     244     --ah-----     C:\sqmnoopt15.sqm
2009-01-06 12:06 . 2009-01-06 12:10     <REP>     d--------     c:\program files\Microsoft Etudes
2009-01-06 12:04 . 2009-01-06 12:04     <REP>     d--------     c:\program files\Learning Essentials
2009-01-06 12:04 . 2005-05-26 15:34     2,297,552     --a------     c:\windows\system32\d3dx9_26.dll

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-06 07:54     ---------     d-----w     c:\documents and settings\Administrateur\Application Data\DMCache
2009-02-06 07:53     ---------     d-----w     c:\program files\SuperCopier2
2009-01-28 10:30     ---------     d-----w     c:\program files\Windows Live Toolbar
2009-01-26 08:46     ---------     d-----w     c:\program files\Google
2009-01-15 14:56     ---------     d-----w     c:\program files\Windows Media Connect 2
2009-01-15 14:01     ---------     d-----w     c:\program files\Kaspersky Lab
2009-01-13 13:38     ---------     d-----w     c:\program files\BitComet
2009-01-13 11:01     ---------     d-----w     c:\documents and settings\Administrateur\Application Data\IDM
2009-01-06 21:00     ---------     d-----w     c:\program files\LeechGet 2007
2009-01-05 20:40     ---------     d-----w     c:\program files\Free FLV Converter
2009-01-05 15:52     ---------     d-----w     c:\documents and settings\Administrateur\Application Data\TuneUp Software
2009-01-05 12:27     ---------     d-----w     c:\program files\RegCleaner
2009-01-05 11:52     ---------     d-----w     c:\program files\Internet Download Manager
2008-12-27 14:25     81,984     ----a-w     c:\windows\system32\bdod.bin
2008-12-27 13:49     ---------     d-----w     c:\program files\Fichiers communs\Softwin
2008-12-27 12:12     ---------     d-----w     c:\program files\Total Video Converter
2008-12-24 10:33     ---------     d-----w     c:\program files\Lara Croft Tomb Raider - The Angel Of Darkness
2008-12-24 09:29     ---------     d-----w     c:\program files\Creative
2008-12-24 09:16     ---------     d--h--w     c:\program files\InstallShield Installation Information
2008-12-20 11:49     ---------     d-----w     c:\program files\Power MP3 WMA Converter
2008-12-19 12:01     ---------     d-----w     c:\documents and settings\Administrateur\Application Data\TeraCopy
2008-12-18 13:26     ---------     d-----w     c:\documents and settings\All Users\Application Data\GRETECH
2008-12-18 13:25     ---------     d-----w     c:\program files\GRETECH
2008-12-18 13:25     ---------     d-----w     c:\documents and settings\Administrateur\Application Data\GRETECH
2008-12-15 07:38     ---------     d-----w     c:\program files\Fichiers communs\Adobe
2008-12-15 07:38     ---------     d-----w     c:\documents and settings\Administrateur\Application Data\AdobeUM
2008-12-12 13:36     ---------     d-----w     c:\program files\QuickMediaConverter
2008-12-12 11:44     ---------     d-----w     c:\program files\Codec Pack - All In 1
2008-12-12 11:43     737,280     ----a-w     c:\windows\iun6002.exe
2008-12-12 10:24     ---------     d-----w     c:\documents and settings\All Users\Application Data\Video Converter Studio
2008-12-12 10:21     ---------     d-----w     c:\program files\Apowersoft
2008-12-12 09:41     ---------     d-----w     c:\program files\Aimersoft
2008-12-11 13:14     ---------     d-----w     c:\program files\eMule
2008-12-11 11:57     333,184     ----a-w     c:\windows\system32\drivers\srv.sys
2008-12-11 10:38     ---------     d-----w     c:\program files\Windows Live Favorites
2008-12-11 10:31     ---------     d-----w     c:\documents and settings\All Users\Application Data\Windows Live Toolbar
2008-12-10 14:02     ---------     d-----w     c:\program files\ltmoh
2008-12-10 12:52     ---------     d-----w     c:\program files\DAP
2008-12-10 12:50     2,560     ----a-w     c:\windows\_MSRSTRT.EXE
2008-12-10 10:43     ---------     d-----w     c:\documents and settings\Administrateur\Application Data\dvdcss
2008-12-10 09:47     ---------     d-----w     c:\documents and settings\Administrateur\Application Data\MSNInstaller
2008-12-09 19:24     ---------     d-----w     c:\documents and settings\Administrateur\Application Data\CyberLink
2008-12-09 13:36     ---------     d-----w     c:\program files\ATI Technologies
2008-12-09 12:04     ---------     d-----w     c:\program files\ESTsoft
2008-12-09 12:04     ---------     d-----w     c:\documents and settings\Administrateur\Application Data\ESTsoft
2008-12-09 09:57     ---------     d-----w     c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-12-09 07:59     ---------     d-----w     c:\program files\Yahoo!
2008-12-09 07:59     ---------     d-----w     c:\program files\CCleaner
2008-12-08 18:51     ---------     d-----w     c:\documents and settings\Administrateur\Application Data\vlc
2008-12-08 15:34     315,392     ----a-w     c:\windows\HideWin.exe
2008-12-08 15:34     ---------     d-----w     c:\program files\Realtek
2008-12-08 15:34     ---------     d-----w     c:\program files\Fichiers communs\InstallShield
2008-12-08 15:33     ---------     d-----w     c:\program files\ATHR
2008-12-08 15:33     ---------     d-----w     c:\documents and settings\Administrateur\Application Data\InstallShield
2008-12-06 15:03     ---------     d-----w     c:\documents and settings\Administrateur\Application Data\Ahead
2008-12-06 10:48     ---------     d-----w     c:\program files\CyberLink
2008-12-06 10:48     ---------     d-----w     c:\documents and settings\All Users\Application Data\CyberLink
2008-12-06 10:36     ---------     d-----w     c:\program files\VideoLAN
2008-12-06 10:28     ---------     d-----w     c:\program files\Fichiers communs\Ahead
2008-12-06 10:28     ---------     d-----w     c:\program files\Ahead
2008-12-06 10:24     ---------     d-----w     c:\program files\Microsoft.NET
2008-12-06 10:23     ---------     d-----w     c:\program files\Microsoft Works
2008-12-06 10:10     ---------     d-----w     c:\program files\microsoft frontpage
2008-12-06 10:08     ---------     d-----w     c:\program files\Services en ligne
2008-12-05 04:20     274,432     ----a-w     c:\windows\system32\TubeFinder.exe
2008-12-04 23:11     308,584     ----a-w     c:\windows\WLXPGSS.SCR
2008-12-02 21:37     49,480     ----a-w     c:\windows\system32\sirenacm.dll
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-01-05 2676144]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3956040]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-12 146680]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"L08FXLRD_1518984"="c:\program files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" [2007-06-12 428824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 335872]
"RemoteControl"="c:\windows\system32\rmctrl.exe" [2005-11-22 110592]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-11 413696]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 c:\windows\RTHDCPL.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-18 c:\windows\agrsmmsg.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Assistant d'Acrobat.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 217193]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-19 16:22 1745408 c:\program files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"L08FXLRD_11668796"="c:\program files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\Ati2evxx.exe"=
"c:\\Program Files\\SuperCopier2\\SuperCopier2.exe"=
"c:\\WINDOWS\\system32\\rmctrl.exe"=
"c:\\WINDOWS\\system32\\NeroCheck.exe"=
"c:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"=
"c:\\Program Files\\Microsoft Etudes\\Microsoft Encarta 2008 - Études DVD\\EDICT.EXE"=
"c:\\WINDOWS\\ALCMTR.EXE"=
"c:\\WINDOWS\\AGRSMMSG.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\Internet Download Manager\\IDMan.exe"=
"c:\\WINDOWS\\system32\\WISPTIS.EXE"=
"c:\\Program Files\\Internet Download Manager\\IEMonitor.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\POWERPNT.EXE"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\Administrateur\\Bureau\\programmes\\msgr9fr.exe"=
"c:\\Program Files\\Fichiers communs\\Microsoft Shared\\Source Engine\\OSE.EXE"=
"c:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiprbxx.exe"=
"c:\\Program Files\\Microsoft\\Office Live\\OfficeLiveSignIn.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9633:TCP"= 9633:TCP:BitComet 9633 TCP
"9633:UDP"= 9633:UDP:BitComet 9633 UDP

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-01-15 32784]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\migjdd.sys --> c:\windows\system32\drivers\migjdd.sys [?]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2009-01-15 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-01-15 24592]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mchInjDrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f1f1ec0-ed26-11dd-bc06-001636fdc1d8}]
\sheLL\AuTOPLAy\CommaNd - F:\ovefx.pif
\sheLL\AutoRun\command - F:\ovefx.pif
\sheLL\exPlore\COMMaNd - F:\ovefx.pif
\sheLL\OpEN\coMMand - F:\ovefx.pif

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{382ff054-c5c7-11dd-bafc-001636fdc1d8}]
\Shell\1\Command - F:\Recycled.exe
\Shell\AutoRun\command - F:\Recycled.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43a9e2b6-eb80-11dd-bbff-001636fdc1d8}]
\Shell\AutOplay\cOmmaNd - F:\njiavw.cmd
\Shell\AutoRun\command - F:\njiavw.cmd
\Shell\explORe\commaNd - F:\njiavw.cmd
\Shell\open\COmmanD - F:\njiavw.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a67db0c-c542-11dd-baf5-001636fdc1d8}]
\Shell\AuToplay\COMmand - F:\rynn.exe
\Shell\AutoRun\command - F:\rynn.exe
\Shell\eXpLore\COmManD - F:\rynn.exe
\Shell\opEN\CoMmAnD - F:\rynn.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74a53e19-e22d-11dd-bbbc-001636fdc1d8}]
\Shell\AutoRun\command - G:\Smith.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af0bf2a2-d5be-11dd-bb79-001636fdc1d8}]
\sHELl\autoplaY\commAnd - F:\wyfu.exe
\sHELl\AutoRun\command - F:\wyfu.exe
\sHELl\expLore\command - F:\wyfu.exe
\sHELl\opeN\CoMmand - F:\wyfu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bdff4606-eadb-11dd-bbfd-001636fdc1d8}]
\sheLl\AuToplay\commanD - F:\eiijv.pif
\sheLl\AutoRun\command - F:\eiijv.pif
\sheLl\exPloRe\CoMMand - F:\eiijv.pif
\sheLl\OpeN\coMMaND - F:\eiijv.pif

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2658aff-e2f3-11dd-bbc2-001636fdc1d8}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MS-DOS.com
\Shell\Explore\command - F:\MS-DOS.com
\Shell\Open\command - F:\MS-DOS.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2658b01-e2f3-11dd-bbc2-001636fdc1d8}]
\Shell\AutoRun\command - G:\zPharaoh.exe
\Shell\explore\command - G:\zPharaoh.exe
\Shell\open\command - G:\zPharaoh.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5d604dc-de4a-11dd-bbaf-001636fdc1d8}]
\SHELl\AutopLay\commAnd - F:\iyame.exe
\SHELl\AutoRun\command - F:\iyame.exe
\SHELl\eXPloRE\COmmanD - F:\iyame.exe
\SHELl\opeN\cOmmanD - F:\iyame.exe
.
Contenu du dossier 'Tâches planifiées'

2009-02-06 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe []
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-PHIME2002A - c:\windows\System\svchost.exe
HKLM-Run-PHIME2002ASync - c:\windows\System\dumprep.exe


.
------- Examen supplémentaire -------
.
uStart Page = google.net-studio.org
uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\n1uy7vyw.default\
FF - prefs.js: browser.startup.homepage - dailymotion.com
FF - component: c:\documents and settings\Administrateur\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-06 08:54:31
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\mc21.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\Administrator\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{775A2C45-0E37-AE11-0253-C04004485FC2}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jajdphacmooeofmlceib"=hex:62,61,66,6f,00,00
"jajdphacmooeofmlcemd"=hex:62,61,6a,6e,00,00
"iajmmgmlbcoocefcdn"=hex:6b,61,65,6f,6f,6a,6a,6b,66,68,69,6e,64,6c,6f,69,70,65,
   64,69,65,6d,00,00
"hapdgekljiapfppj"=hex:6b,61,65,6f,6f,6a,6a,6b,64,68,64,6f,62,70,6e,6c,68,70,
   6d,70,6d,62,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53fd0eea-2eb7-4f38-a3be-8a0df6ec7427}]
@Denied: (Full) (Everyone)
"Model"=dword:00000004
"Therad"=dword:0000001b

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):73,f0,bb,05,64,69,f3,b7,fa,13,41,be,20,60,58,2e,cf,d9,74,7b,ce,
   95,ef,be,fa,c2,3e,8c,97,fe,31,64,fd,78,73,31,bf,c8,8f,4b,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):bf,b3,df,e0,d2,c6,d3,23,7e,cf,5a,71,b7,7d,61,a0,0c,c6,c9,36,ee,
   12,cd,36,5a,80,49,3f,1a,b8,bf,cb,26,f9,70,a6,28,45,47,65,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f7af3770-5d85-43b8-9110-16f7796f7df9}]
@Denied: (Full) (Everyone)
"Model"=dword:00000023
"Therad"=dword:00000003
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
   4b,7b,ad,04,7a,b1,b5,76,9b,27,47,76,53,20,8d,e2,08,3c,85,77,d2,7c,23,ce,0e,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(976)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\docume~1\ADMINI~1\LOCALS~1\Temp\winnjegqk.exe
.
**************************************************************************
.
Heure de fin: 2009-02-06  8:58:02 - La machine a redémarré [Administrateur]
ComboFix-quarantined-files.txt  2009-02-06 07:57:58

Avant-CF: 9,303,846,912 octets libres
Après-CF: 9,152,200,704 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

383     --- E O F ---     2009-02-05 12:53:05
Hors ligneMister_masque Le 06/02/2009 Ă  13:39 Profil de Mister_masque Configuration de Mister_masque

Salut,

Ok, on est sur la bonne voie
On a trouvé le driver qui bloquer l'accès au registre.

Désactive Kaspersky avant la procédure !

Déconnecte ton PC d'internet (En retirant le cable, ou en désactivant la carte réseau)

Démarrer >> Executer, tape notepad

Copie colle dans le bloc note :

Driver::
migjdd
Rootkit::
C:\windows\system32\drivers\migjdd.sys
C:\WINDOWS\system32\Drivers\mchInjDrv.exe
file::
C:\windows\System\dumprep.exe
C:\docume~1\ADMINI~1\LOCALS~1\Temp\winnjegqk.exe
C:\docume~1\ADMINI~1\LOCALS~1\Temp\mc21.tmp
C:\WINDOWS\system32\Drivers\mchInjDrv.exe
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f1f1ec0-ed26-11dd-bc06-001636fdc1d8}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{382ff054-c5c7-11dd-bafc-001636fdc1d8}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43a9e2b6-eb80-11dd-bbff-001636fdc1d8}]  
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a67db0c-c542-11dd-baf5-001636fdc1d8}]    
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74a53e19-e22d-11dd-bbbc-001636fdc1d8}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af0bf2a2-d5be-11dd-bb79-001636fdc1d8}]  
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bdff4606-eadb-11dd-bbfd-001636fdc1d8}]    
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2658aff-e2f3-11dd-bbc2-001636fdc1d8}]    
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2658b01-e2f3-11dd-bbc2-001636fdc1d8}]            
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5d604dc-de4a-11dd-bbaf-001636fdc1d8}]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mchInjDrv]
[-HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{775A2C45-0E37-AE11-0253-C04004485FC2}*]    
Rootkit::
C:\windows\system32\drivers\migjdd.sys


Fichier >> Enregistrer sous >> Sous le nom de : CFScript (sur le Bureau)
Dépose le fichier texte sur Combofix, comme si dessous :



Reconnecte Internet

Poste le rapport Combofix.txt.
--
Hors ligneRmc05 Le 07/02/2009 Ă  10:37 Profil de Rmc05 Configuration de Rmc05

salut voila le rapport mais le registre est toujours bloqué modification du registre désactivée par votre administrateur
ComboFix 09-02-04.04 - Administrateur 2009-02-07 10:16:06.2 - NTFSx86
Microsoft Windows XP Professionnel  5.1.2600.2.1252.1.1036.18.894.541 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated)
FW: Kaspersky Internet Security *disabled*
* Un nouveau point de restauration a été créé

FILE ::
c:\docume~1\ADMINI~1\LOCALS~1\Temp\mc21.tmp
c:\docume~1\ADMINI~1\LOCALS~1\Temp\winnjegqk.exe
c:\windows\System\dumprep.exe
c:\windows\system32\Drivers\mchInjDrv.exe
.
[color=purple]Les fichiers ci-dessous ont été désactivés pendant l'exécution:[/color]
c:\program files\SuperCopier2\SC2Hook.dll


((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system\svchost.exe

.
(((((((((((((((((((((((((((((   Fichiers créés du 2009-01-07 au 2009-02-07  ))))))))))))))))))))))))))))))))))))
.

2009-02-03 08:53 . 2009-02-03 08:53     <REP>     d--------     c:\program files\MSXML 4.0
2009-02-02 11:10 . 2009-02-03 08:18     <REP>     d--------     c:\windows\system32\CatRoot_bak
2009-02-02 10:48 . 2009-02-02 11:07     <REP>     d--------     c:\program files\Lavalys
2009-01-29 08:35 . 2008-10-16 14:06     268,648     --a------     c:\windows\system32\mucltui.dll
2009-01-29 08:35 . 2008-10-16 14:06     208,744     --a------     c:\windows\system32\muweb.dll
2009-01-29 08:35 . 2008-10-16 14:06     27,496     --a------     c:\windows\system32\mucltui.dll.mui
2009-01-28 11:33 . 2009-02-07 10:19     <REP>     d--------     c:\documents and settings\Administrateur\Tracing
2009-01-28 11:31 . 2009-01-28 11:31     <REP>     d--------     c:\program files\Microsoft Silverlight
2009-01-28 11:31 . 2009-01-28 11:31     <REP>     d--------     c:\program files\Microsoft Office Outlook Connector
2009-01-28 11:29 . 2009-01-28 11:29     <REP>     d--------     c:\program files\Microsoft Sync Framework
2009-01-28 11:29 . 2006-11-29 13:06     3,426,072     --a------     c:\windows\system32\d3dx9_32.dll
2009-01-28 11:28 . 2009-01-28 11:28     <REP>     d--------     c:\program files\Microsoft SQL Server Compact Edition
2009-01-28 11:26 . 2009-01-28 11:26     <REP>     d--------     c:\program files\Windows Live SkyDrive
2009-01-28 11:26 . 2009-01-28 11:30     <REP>     d--------     c:\program files\Windows Live
2009-01-28 11:26 . 2009-01-28 11:31     <REP>     d--------     c:\program files\Microsoft
2009-01-28 11:21 . 2009-01-28 11:21     <REP>     d--------     c:\program files\Fichiers communs\Windows Live
2009-01-28 10:54 . 2009-01-28 10:54     <REP>     d--------     C:\SDFix
2009-01-26 16:53 . 2009-01-26 16:53     268     --ah-----     C:\sqmdata19.sqm
2009-01-26 16:53 . 2009-01-26 16:53     244     --ah-----     C:\sqmnoopt19.sqm
2009-01-22 12:54 . 2008-10-24 12:10     453,632     -----c---     c:\windows\system32\dllcache\mrxsmb.sys
2009-01-21 13:16 . 2009-01-21 13:16     <REP>     d--------     c:\program files\Malwarebytes' Anti-Malware
2009-01-21 13:16 . 2009-01-21 13:16     <REP>     d--------     c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-21 13:16 . 2009-01-21 13:16     <REP>     d--------     c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-01-21 13:16 . 2009-01-14 16:11     38,496     --a------     c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-21 13:16 . 2009-01-14 16:11     15,504     --a------     c:\windows\system32\drivers\mbam.sys
2009-01-21 12:39 . 2009-01-21 12:39     <REP>     d--------     C:\_OTMoveIt
2009-01-20 18:34 . 2009-01-21 09:54     <REP>     d--------     c:\program files\Free Easy Burner
2009-01-20 18:34 . 2005-03-11 18:37     1,986,560     --a------     c:\windows\system32\AudFile.dll
2009-01-20 18:34 . 2005-02-24 13:11     1,212,416     --a------     c:\windows\system32\AudioInfos.dll
2009-01-20 18:34 . 2005-02-24 12:51     348,160     --a------     c:\windows\system32\WMAFile.dll
2009-01-20 18:34 . 2003-08-07 13:01     237,568     --a------     c:\windows\system32\lame_enc.dll
2009-01-20 18:34 . 2006-11-18 11:38     200,704     --a------     c:\windows\system32\vbalExpBar6.ocx
2009-01-20 18:34 . 2005-01-10 13:54     116,296     --a------     c:\windows\system32\NCTWMAProfiles.prx
2009-01-20 18:34 . 2000-05-22 14:58     115,920     --a------     c:\windows\system32\msinet.OCX
2009-01-20 18:34 . 2003-04-18 15:29     82,432     --a------     c:\windows\system32\msxml4r.dll
2009-01-20 18:34 . 2003-04-18 15:29     44,544     --a------     c:\windows\system32\msxml4a.dll
2009-01-20 18:34 . 1998-07-13 17:53     44,544     --a------     c:\windows\system32\GIF89.DLL
2009-01-20 18:34 . 2003-01-26 12:41     40,960     --a------     c:\windows\system32\SSubTmr6.dll
2009-01-20 18:34 . 1998-07-12 22:00     15,360     --a------     c:\windows\system32\inetfr.DLL
2009-01-20 11:05 . 2009-01-20 11:05     <REP>     d--------     C:\rsit
2009-01-19 14:12 . 2008-06-14 18:59     272,768     ---------     c:\windows\system32\drivers\bthport.sys
2009-01-19 14:12 . 2008-06-14 18:59     272,768     -----c---     c:\windows\system32\dllcache\bthport.sys
2009-01-19 08:07 . 2009-01-26 23:04     <REP>     d--------     c:\program files\Navilog1
2009-01-17 15:25 . 2009-01-17 15:25     <REP>     d--------     c:\program files\MSXML 6.0
2009-01-16 14:26 . 2009-01-21 16:24     <REP>     d--------     c:\program files\FindyKill
2009-01-16 12:12 . 2009-01-16 12:12     <REP>     d--------     c:\program files\AxBx
2009-01-15 20:45 . 2009-01-15 20:45     <REP>     d--h-----     c:\windows\system32\GroupPolicy
2009-01-15 20:28 . 2009-01-15 20:28     <REP>     d--------     c:\documents and settings\All Users\Application Data\Symantec
2009-01-15 20:16 . 2009-01-15 20:16     <REP>     d--------     c:\program files\Windows Sidebar
2009-01-15 20:16 . 2009-01-15 20:16     <REP>     d--------     c:\program files\Norton AntiVirus
2009-01-15 20:15 . 2009-01-15 20:26     10,652     --a------     c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-15 20:15 . 2009-01-15 20:26     806     --a------     c:\windows\system32\drivers\SYMEVENT.INF
2009-01-15 20:13 . 2009-02-06 10:45     1,355     --a------     c:\windows\imsins.BAK
2009-01-15 16:45 . 2009-01-15 16:45     <REP>     d--------     c:\program files\Falco Auto Image
2009-01-15 16:45 . 2001-08-23 15:25     1,706,800     --a------     c:\windows\system32\GdiPlus.dll
2009-01-15 15:36 . 2008-01-29 18:29     32,784     --a------     c:\windows\system32\drivers\klbg.sys
2009-01-15 15:36 . 2008-03-13 19:02     26,640     --a------     c:\windows\system32\drivers\klfltdev.sys
2009-01-15 15:36 . 2008-04-30 18:06     24,592     --a------     c:\windows\system32\drivers\klim5.sys
2009-01-15 15:21 . 2009-01-15 15:21     <REP>     d--------     c:\documents and settings\All Users\Application Data\NortonInstaller
2009-01-15 15:01 . 2009-01-15 15:02     32     --ahs----     c:\windows\system32\drivers\fidbox2.idx
2009-01-15 15:01 . 2009-01-15 15:02     32     --ahs----     c:\windows\system32\drivers\fidbox2.dat
2009-01-15 15:01 . 2009-01-15 15:02     32     --ahs----     c:\windows\system32\drivers\fidbox.idx
2009-01-15 15:01 . 2009-01-15 15:02     32     --ahs----     c:\windows\system32\drivers\fidbox.dat
2009-01-15 14:48 . 2009-01-15 14:48     <REP>     d--------     c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-01-14 12:27 . 2009-01-15 15:47     32     --a------     c:\windows\Smith.INI
2009-01-11 18:56 . 2009-01-11 18:56     268     --ah-----     C:\sqmdata18.sqm
2009-01-11 18:56 . 2009-01-11 18:56     244     --ah-----     C:\sqmnoopt18.sqm
2009-01-11 12:08 . 2009-01-11 12:08     268     --ah-----     C:\sqmdata17.sqm
2009-01-11 12:08 . 2009-01-11 12:08     244     --ah-----     C:\sqmnoopt17.sqm
2009-01-11 10:31 . 2009-01-11 10:31     268     --ah-----     C:\sqmdata16.sqm
2009-01-11 10:31 . 2009-01-11 10:31     244     --ah-----     C:\sqmnoopt16.sqm
2009-01-10 18:40 . 2009-01-10 18:40     268     --ah-----     C:\sqmdata15.sqm
2009-01-10 18:40 . 2009-01-10 18:40     244     --ah-----     C:\sqmnoopt15.sqm

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-07 09:18     ---------     d-----w     c:\program files\SuperCopier2
2009-02-07 09:16     ---------     d-----w     c:\documents and settings\Administrateur\Application Data\DMCache
2009-01-28 10:30     ---------     d-----w     c:\program files\Windows Live Toolbar
2009-01-26 08:46     ---------     d-----w     c:\program files\Google
2009-01-15 14:56     ---------     d-----w     c:\program files\Windows Media Connect 2
2009-01-15 14:01     ---------     d-----w     c:\program files\Kaspersky Lab
2009-01-13 13:38     ---------     d-----w     c:\program files\BitComet
2009-01-13 11:01     ---------     d-----w     c:\documents and settings\Administrateur\Application Data\IDM
2009-01-06 21:00     ---------     d-----w     c:\program files\LeechGet 2007
2009-01-06 11:10     ---------     d-----w     c:\program files\Microsoft Etudes
2009-01-06 11:04     ---------     d-----w     c:\program files\Learning Essentials
2009-01-05 20:40     ---------     d-----w     c:\program files\Free FLV Converter
2009-01-05 15:52     ---------     d-----w     c:\documents and settings\Administrateur\Application Data\TuneUp Software
2009-01-05 12:27     ---------     d-----w     c:\program files\RegCleaner
2009-01-05 11:52     ---------     d-----w     c:\program files\Internet Download Manager
2008-12-27 14:25     81,984     ----a-w     c:\windows\system32\bdod.bin
2008-12-27 13:49     ---------     d-----w     c:\program files\Fichiers communs\Softwin
2008-12-27 12:12     ---------     d-----w     c:\program files\Total Video Converter
2008-12-24 10:33     ---------     d-----w     c:\program files\Lara Croft Tomb Raider - The Angel Of Darkness
2008-12-24 09:29     ---------     d-----w     c:\program files\Creative
2008-12-24 09:16     ---------     d--h--w     c:\program files\InstallShield Installation Information
2008-12-20 11:49     ---------     d-----w     c:\program files\Power MP3 WMA Converter
2008-12-19 12:01     ---------     d-----w     c:\documents and settings\Administrateur\Application Data\TeraCopy
2008-12-18 13:26     ---------     d-----w     c:\documents and settings\All Users\Application Data\GRETECH
2008-12-18 13:25     ---------     d-----w     c:\program files\GRETECH
2008-12-18 13:25     ---------     d-----w     c:\documents and settings\Administrateur\Application Data\GRETECH
2008-12-15 07:38     ---------     d-----w     c:\program files\Fichiers communs\Adobe
2008-12-15 07:38     ---------     d-----w     c:\documents and settings\Administrateur\Application Data\AdobeUM
2008-12-12 13:36     ---------     d-----w     c:\program files\QuickMediaConverter
2008-12-12 11:44     ---------     d-----w     c:\program files\Codec Pack - All In 1
2008-12-12 11:43     737,280     ----a-w     c:\windows\iun6002.exe
2008-12-12 10:24     ---------     d-----w     c:\documents and settings\All Users\Application Data\Video Converter Studio
2008-12-12 10:21     ---------     d-----w     c:\program files\Apowersoft
2008-12-12 09:41     ---------     d-----w     c:\program files\Aimersoft
2008-12-11 13:14     ---------     d-----w     c:\program files\eMule
2008-12-11 11:57     333,184     ----a-w     c:\windows\system32\drivers\srv.sys
2008-12-11 10:38     ---------     d-----w     c:\program files\Windows Live Favorites
2008-12-11 10:31     ---------     d-----w     c:\documents and settings\All Users\Application Data\Windows Live Toolbar
2008-12-10 14:02     ---------     d-----w     c:\program files\ltmoh
2008-12-10 12:52     ---------     d-----w     c:\program files\DAP
2008-12-10 12:50     2,560     ----a-w     c:\windows\_MSRSTRT.EXE
2008-12-10 10:43     ---------     d-----w     c:\documents and settings\Administrateur\Application Data\dvdcss
2008-12-10 09:47     ---------     d-----w     c:\documents and settings\Administrateur\Application Data\MSNInstaller
2008-12-09 19:24     ---------     d-----w     c:\documents and settings\Administrateur\Application Data\CyberLink
2008-12-09 13:36     ---------     d-----w     c:\program files\ATI Technologies
2008-12-09 12:04     ---------     d-----w     c:\program files\ESTsoft
2008-12-09 12:04     ---------     d-----w     c:\documents and settings\Administrateur\Application Data\ESTsoft
2008-12-09 09:57     ---------     d-----w     c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-12-09 07:59     ---------     d-----w     c:\program files\Yahoo!
2008-12-09 07:59     ---------     d-----w     c:\program files\CCleaner
2008-12-08 18:51     ---------     d-----w     c:\documents and settings\Administrateur\Application Data\vlc
2008-12-08 15:34     315,392     ----a-w     c:\windows\HideWin.exe
2008-12-08 15:34     ---------     d-----w     c:\program files\Realtek
2008-12-08 15:34     ---------     d-----w     c:\program files\Fichiers communs\InstallShield
2008-12-08 15:33     ---------     d-----w     c:\program files\ATHR
2008-12-08 15:33     ---------     d-----w     c:\documents and settings\Administrateur\Application Data\InstallShield
2008-12-05 04:20     274,432     ----a-w     c:\windows\system32\TubeFinder.exe
2008-12-04 23:11     308,584     ----a-w     c:\windows\WLXPGSS.SCR
2008-12-02 21:37     49,480     ----a-w     c:\windows\system32\sirenacm.dll
.

(((((((((((((((((((((((((((((   SnapShot@2009-02-06_ 8.56.18.76   )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-08-16 12:13:24     100,352     ----a-w     c:\windows\$hf_mig$\KB951748\SP2QFE\6to4svc.dll
+ 2008-06-20 10:44:08     138,368     ----a-w     c:\windows\$hf_mig$\KB951748\SP2QFE\afd.sys
+ 2008-06-20 17:37:01     147,968     ----a-w     c:\windows\$hf_mig$\KB951748\SP2QFE\dnsapi.dll
+ 2008-06-20 17:37:01     247,808     ----a-w     c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
+ 2008-06-20 10:44:42     360,960     ----a-w     c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
+ 2008-06-20 09:32:39     225,920     ----a-w     c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip6.sys
+ 2008-06-20 11:40:08     138,496     ----a-w     c:\windows\$hf_mig$\KB951748\SP3GDR\afd.sys
+ 2008-06-20 17:47:22     147,968     ----a-w     c:\windows\$hf_mig$\KB951748\SP3GDR\dnsapi.dll
+ 2008-06-20 17:47:22     247,808     ----a-w     c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
+ 2008-06-20 11:51:12     361,600     ----a-w     c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
+ 2008-06-20 11:08:27     225,856     ----a-w     c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip6.sys
+ 2008-06-20 11:48:03     138,496     ----a-w     c:\windows\$hf_mig$\KB951748\SP3QFE\afd.sys
+ 2008-06-20 17:44:02     147,968     ----a-w     c:\windows\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
+ 2008-06-20 17:44:02     247,808     ----a-w     c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
+ 2008-06-20 11:59:02     361,600     ----a-w     c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
+ 2008-06-20 11:16:44     225,856     ----a-w     c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
+ 2007-11-30 12:39:29     18,296     ----a-w     c:\windows\$hf_mig$\KB951748\spmsg.dll
+ 2007-11-30 12:39:29     234,872     ----a-w     c:\windows\$hf_mig$\KB951748\spuninst.exe
+ 2007-11-30 12:39:29     26,488     ----a-w     c:\windows\$hf_mig$\KB951748\update\spcustom.dll
+ 2007-11-30 12:39:26     767,352     ----a-w     c:\windows\$hf_mig$\KB951748\update\update.exe
+ 2007-11-30 12:39:29     406,392     ----a-w     c:\windows\$hf_mig$\KB951748\update\updspapi.dll
- 2000-08-31 07:00:00     29,696     ----a-w     c:\windows\NIRCMD.exe
+ 2000-08-31 07:00:00     99,328     ----a-w     c:\windows\NIRCMD.exe
- 2004-08-19 15:09:20     100,352     ----a-w     c:\windows\system32\6to4svc.dll
+ 2006-08-16 11:59:27     100,352     ----a-w     c:\windows\system32\6to4svc.dll
- 2004-08-19 15:09:20     100,352     -c--a-w     c:\windows\system32\dllcache\6to4svc.dll
+ 2006-08-16 11:59:27     100,352     -c--a-w     c:\windows\system32\dllcache\6to4svc.dll
- 2004-08-19 15:09:24     148,480     -c--a-w     c:\windows\system32\dllcache\dnsapi.dll
+ 2008-06-20 17:41:06     148,992     -c--a-w     c:\windows\system32\dllcache\dnsapi.dll
- 2004-08-19 15:09:36     247,808     -c--a-w     c:\windows\system32\dllcache\mswsock.dll
+ 2008-06-20 17:41:06     247,808     -c--a-w     c:\windows\system32\dllcache\mswsock.dll
- 2004-08-19 15:09:36     1,236,480     -c--a-w     c:\windows\system32\dllcache\msxml3.dll
+ 2008-09-04 16:45:11     1,106,944     -c--a-w     c:\windows\system32\dllcache\msxml3.dll
- 2004-08-03 22:14:42     359,040     -c--a-w     c:\windows\system32\dllcache\tcpip.sys
+ 2008-06-20 10:45:13     360,320     -c--a-w     c:\windows\system32\dllcache\tcpip.sys
- 2004-08-03 22:07:46     223,616     -c--a-w     c:\windows\system32\dllcache\tcpip6.sys
+ 2008-06-20 09:52:06     225,920     -c--a-w     c:\windows\system32\dllcache\tcpip6.sys
- 2004-08-19 15:09:24     148,480     ----a-w     c:\windows\system32\dnsapi.dll
+ 2008-06-20 17:41:06     148,992     ----a-w     c:\windows\system32\dnsapi.dll
- 2004-08-03 22:14:42     359,040     ----a-w     c:\windows\system32\drivers\tcpip.sys
+ 2008-06-20 10:45:13     360,320     ----a-w     c:\windows\system32\drivers\tcpip.sys
- 2004-08-03 22:07:46     223,616     ----a-w     c:\windows\system32\drivers\tcpip6.sys
+ 2008-06-20 09:52:06     225,920     ----a-w     c:\windows\system32\drivers\tcpip6.sys
- 2004-08-19 15:09:36     247,808     ----a-w     c:\windows\system32\mswsock.dll
+ 2008-06-20 17:41:06     247,808     ----a-w     c:\windows\system32\mswsock.dll
- 2004-08-19 15:09:36     1,236,480     ----a-w     c:\windows\system32\msxml3.dll
+ 2008-09-04 16:45:11     1,106,944     ----a-w     c:\windows\system32\msxml3.dll
- 2008-07-08 13:03:54     18,296     ------w     c:\windows\system32\spmsg.dll
+ 2007-11-30 12:39:29     18,296     ------w     c:\windows\system32\spmsg.dll
+ 2009-02-07 09:19:16     16,384     ----atw     c:\windows\temp\Perflib_Perfdata_964.dat
.
-- Instantané actualisé --
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-01-05 2676144]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3956040]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-12 146680]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"L08FXLRD_1518984"="c:\program files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" [2007-06-12 428824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 335872]
"RemoteControl"="c:\windows\system32\rmctrl.exe" [2005-11-22 110592]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-11 413696]
"PHIME2002A"="c:\windows\System\svchost.exe" [BU]
"PHIME2002ASync"="c:\windows\System\dumprep.exe" [BU]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 c:\windows\RTHDCPL.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-18 c:\windows\agrsmmsg.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Assistant d'Acrobat.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 217193]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-19 16:22 1745408 c:\program files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"L08FXLRD_11668796"="c:\program files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\Ati2evxx.exe"=
"c:\\Program Files\\SuperCopier2\\SuperCopier2.exe"=
"c:\\WINDOWS\\system32\\rmctrl.exe"=
"c:\\WINDOWS\\system32\\NeroCheck.exe"=
"c:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"=
"c:\\Program Files\\Microsoft Etudes\\Microsoft Encarta 2008 - Études DVD\\EDICT.EXE"=
"c:\\WINDOWS\\ALCMTR.EXE"=
"c:\\WINDOWS\\AGRSMMSG.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\Internet Download Manager\\IDMan.exe"=
"c:\\WINDOWS\\system32\\WISPTIS.EXE"=
"c:\\Program Files\\Internet Download Manager\\IEMonitor.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\POWERPNT.EXE"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\Administrateur\\Bureau\\programmes\\msgr9fr.exe"=
"c:\\Program Files\\Fichiers communs\\Microsoft Shared\\Source Engine\\OSE.EXE"=
"c:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiprbxx.exe"=
"c:\\Program Files\\Microsoft\\Office Live\\OfficeLiveSignIn.exe"=
"c:\\WINDOWS\\NIRCMD.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9633:TCP"= 9633:TCP:BitComet 9633 TCP
"9633:UDP"= 9633:UDP:BitComet 9633 UDP

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-01-15 32784]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\migjdd.sys --> c:\windows\system32\drivers\migjdd.sys [?]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2009-01-15 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-01-15 24592]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mchInjDrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a67db0d-c542-11dd-baf5-001636fdc1d8}]
\shell\AutOplaY\command - G:\xjgc.exe
\shell\AutoRun\command - G:\xjgc.exe
\shell\eXplore\COMmaNd - G:\xjgc.exe
\shell\opEn\commAnd - G:\xjgc.exe
.
Contenu du dossier 'Tâches planifiées'

2009-02-07 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe []
.
.
------- Examen supplémentaire -------
.
uStart Page = google.net-studio.org
uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\n1uy7vyw.default\
FF - prefs.js: browser.startup.homepage - dailymotion.com
FF - component: c:\documents and settings\Administrateur\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-07 10:19:16
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\Administrator\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{775A2C45-0E37-AE11-0253-C04004485FC2}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jajdphacmooeofmlceib"=hex:62,61,66,6f,00,00
"jajdphacmooeofmlcemd"=hex:62,61,6a,6e,00,00
"iajmmgmlbcoocefcdn"=hex:6b,61,65,6f,6f,6a,6a,6b,66,68,69,6e,64,6c,6f,69,70,65,
   64,69,65,6d,00,00
"hapdgekljiapfppj"=hex:6b,61,65,6f,6f,6a,6a,6b,64,68,64,6f,62,70,6e,6c,68,70,
   6d,70,6d,62,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53fd0eea-2eb7-4f38-a3be-8a0df6ec7427}]
@Denied: (Full) (Everyone)
"Model"=dword:00000004
"Therad"=dword:0000001b

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):73,f0,bb,05,64,69,f3,b7,fa,13,41,be,20,60,58,2e,cf,d9,74,7b,ce,
   95,ef,be,fa,c2,3e,8c,97,fe,31,64,fd,78,73,31,bf,c8,8f,4b,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):bf,b3,df,e0,d2,c6,d3,23,7e,cf,5a,71,b7,7d,61,a0,0c,c6,c9,36,ee,
   12,cd,36,5a,80,49,3f,1a,b8,bf,cb,26,f9,70,a6,28,45,47,65,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f7af3770-5d85-43b8-9110-16f7796f7df9}]
@Denied: (Full) (Everyone)
"Model"=dword:00000023
"Therad"=dword:00000003
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
   4b,7b,ad,04,7a,b1,b5,76,9b,27,47,76,53,20,8d,e2,08,3c,85,77,d2,7c,23,ce,0e,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(976)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Heure de fin: 2009-02-07 10:21:54 - La machine a redémarré
ComboFix-quarantined-files.txt  2009-02-07 09:21:51
ComboFix2.txt  2009-02-06 07:58:03

Avant-CF: 10 958 495 744 octets libres
Après-CF: 10,867,482,624 octets libres

384     --- E O F ---     2009-02-06 09:45:12
Hors ligneMister_masque Le 08/02/2009 Ă  13:47 Profil de Mister_masque Configuration de Mister_masque

Salut,

Ok, sa avance ... Encore désoler du temps que je mets à résoudre ton problème .. Merci pour ta confiance
Tu as cette infection : W32/Puress-B
Si t'as passé FlashDisenfector, autorun.inf a du être détruit.

C:\\Documents and Settings\\Administrateur\\Bureau\\programmes\\msgr9fr.exe
C'est quoi ?

Désactive Kaspersky avant la procédure !

/!\ Très important !! Déconnecte ton PC d'internet (En retirant le cable, ou en désactivant la carte réseau) Débranche le câble !!

Démarrer >> Executer, tape notepad

Copie colle dans le bloc note :


file::
c:\windows\System\svchost.exe
C:\windows\System\dumprep.exe
Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"="0"  
"DisableRegistryTools"= "0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002A"="-"
"PHIME2002ASync"="-"
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a67db0d-c542-11dd-baf5-001636fdc1d8}]  
[-HKEY_USERS\Administrator\Software\Microsoft\SystemCertificates\AddressBook*]
[-HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{775A2C45-0E37-AE11-0253-C04004485FC2}*]    
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53fd0eea-2eb7-4f38-a3be-8a0df6ec7427}]  
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]  
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f7af3770-5d85-43b8-9110-16f7796f7df9}]    


Fichier >> Enregistrer sous >> Sous le nom de : CFScript (sur le Bureau)
Dépose le fichier texte sur Combofix, comme si dessous :



~~~~~~~~~~

Télécharge Recherche.bat sur ton bureau.
Lance le et poste le rapport obtenu.

~~~~~~~~~~

Kaspsersky Online Scanner:
Rend toi à cette adresse avec Internet Explorer: Scanner Kaspersky
Clique sur "Démarrer Online Scanner", accepte la license et l'ActiveX.
Scan le "Poste de Travail"

Aide: Un tutorial de Kaspersky On-Line est disponible

@++
--
Hors ligneRmc05 Le 09/02/2009 Ă  15:58 Profil de Rmc05 Configuration de Rmc05

je n'arrive pas à voir ton message la connection doit être naze il y a un nouveau problème qui est apparu aujourd'hui j'arrive plus à copier dans des supports amovible mes données sont bloquées.SNIF SNIF
Hors ligneMister_masque Le 10/02/2009 Ă  23:08 Profil de Mister_masque Configuration de Mister_masque

Sa doit être l'infection par disque amovible, tu as passé Flash Disenfector pour vacciner tout tes supports amovible ?
Firefox a également des plug-ins bizarre.
Repasse MalwareBytes après l'avoir mis à jour !

Bon courage, tu en auras besoin ;]
--
Vous avez résolu votre problème avec VIC ? Faites-le savoir sur les réseaux sociaux !
Vulgarisation-informatique.com
Cours en informatique & tutoriels