Besoin d'aide pr virus JS:scriptip - inf ...

Télécharge ATF Cleaner par Atribune sur ton bureau

- Démarre ATF-Cleaner et coche toutes les cases.
- Clique sur <Empty Selected> et au message "Done Cleaning" sur <Ok>
NB : Si tu utilises Firefox ou Opera :
- Clique sur Firefox ou Opera en haut puis choisis <Select All>.
- Clique sur le bouton <Empty Selected> (NB : Si tu veux conserver tes mots de passe sauvegardés alors clique sur <No> à l'invite).
- Clique sur <Main> pour revenir à menu principal
- Clique sur <Exit>, du menu prinicipal, pour quitter ATFcleaner.
NB : Si le prefetch est nettoyé le redémarrage du PC sera plus lent.

-----------------------------
- Crée un nouveau document texte : clic droit de souris sur le bureau => Nouveau => Document Texte, et copie/colle dedans les lignes suivantes :

KILLALL::

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] 
"ddnsfilter REG_MULTI_SZ ddnsfilter"=- 

Files::
c:\windows\mmsmark2.dat 
c:\windows\ex23567.dat 

- Enregistre ce fichier sous le nom CFScript (Type du fichier : tous les fichiers)
- Ferme tous tes navigateurs web (donc copie ou imprime les instructions suivantes avant si besoin est).
- Désactive ton antivirus et tes autres protections résidentes (ex : Spybot) si tu en as (c'est important).
- Fais un glissé/déposé de ce fichier CFScript sur le programme ComboFix.exe comme sur cette image

( Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relâche alors le bouton de la souris).
- Combofix va démarrer,
- Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal !
- Ne touche à rien tant que le scan n'est pas terminé sinon le PC peut planter !
- Une fois le scan achevé, un rapport va s'afficher: poste le stp.

---------------------
Ensuite et seulement après :

- Télécharge Malwarebytes' Anti-Malware


- Installe le > double-clic sur Mbam-setup.exe, à la fin de l'installation, il se mettra automatiquement à jour
- Une fois installé, fermes toutes les applications en cours et lances Malwarebytes
- Exécutes un examen rapide du pc ( tu n'auras pas accés à internet pendant l'analyse)
- A la fin du scan clic sur " Afficher les résultats ", si Malwarebytes a trouvé des infections >> clic sur " Supprimer la sélection "
- Si il a besoin de redémarrer le pc pour finir la désinfection, acceptes
- Un rapport s'établira, postes son contenu.

Voici le rapport de combofix

ComboFix 09-09-01.04 - Christophe 02/09/2009 13:39.2.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2046.1087 [GMT 2:00]
Running from: c:\users\Christophe\Desktop\ComboFix.exe
Command switches used :: c:\users\Christophe\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1229 [VPS 081213-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1229 [VPS 081213-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-08-02 to 2009-09-02 )))))))))))))))))))))))))))))))
.

2009-09-02 11:48 . 2009-09-02 11:48 -------- d-----w- c:\users\Christophe\AppData\Local\Apple Computer
2009-09-02 11:46 . 2009-09-02 11:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-02 11:46 . 2009-09-02 11:46 -------- d-----w- c:\users\Christophe et Brice\AppData\Local\temp
2009-09-01 22:56 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-09-01 22:56 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-09-01 22:56 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-09-01 22:56 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-01 22:56 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-09-01 22:56 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-09-01 22:56 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-09-01 22:56 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-09-01 21:15 . 2009-09-02 11:49 -------- d-----w- c:\users\Christophe\AppData\Local\temp
2009-09-01 20:36 . 2009-09-01 20:36 -------- d-----w- c:\program files\CCleaner
2009-09-01 17:49 . 2009-09-01 20:43 -------- d-----w- c:\program files\trend micro
2009-09-01 17:49 . 2009-09-01 17:49 -------- d-----w- C:\rsit
2009-08-31 15:21 . 2009-08-31 15:21 37760 ----a-w- c:\windows\system32\drivers\Filter.sys
2009-08-31 15:21 . 2009-08-31 15:21 1 ---h--w- c:\windows\mmsmark2.dat
2009-08-31 15:21 . 2009-08-31 15:21 1 ---h--w- c:\windows\ex23567.dat
2009-08-25 22:29 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-25 19:03 . 2009-06-05 12:34 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-25 19:03 . 2009-06-05 10:08 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-13 10:35 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-13 10:35 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-13 10:35 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-13 10:35 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-13 10:35 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-13 10:35 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-13 10:35 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-13 10:35 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-02 11:46 . 2008-09-11 12:24 12 ----a-w- c:\windows\bthservsdp.dat
2009-09-02 09:48 . 2007-08-08 15:34 130274 ----a-w- c:\users\Christophe\AppData\Roaming\nvModes.dat
2009-09-01 17:48 . 2006-11-02 15:48 726808 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-01 17:48 . 2006-11-02 15:48 147336 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-01 12:32 . 2008-04-06 13:14 -------- d-----w- c:\programdata\Google Updater
2009-08-27 20:38 . 2009-07-09 16:43 -------- d-----w- c:\program files\ManyCam 2.4
2009-08-21 10:03 . 2007-08-06 11:52 104651 ----a-w- c:\users\Christophe et Brice\AppData\Roaming\nvModes.dat
2009-08-17 16:10 . 2007-08-06 13:45 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:05 . 2008-04-06 12:49 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-04-06 12:49 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:05 . 2007-08-06 13:45 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-08-17 16:04 . 2007-08-06 13:46 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2007-08-06 13:46 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:02 . 2007-08-06 13:46 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-13 13:25 . 2007-05-28 07:48 -------- d-----w- c:\programdata\Microsoft Help
2009-08-13 13:24 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-31 10:14 . 2009-01-04 16:29 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-21 21:52 . 2009-07-29 08:22 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 08:22 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 08:22 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 08:22 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-16 20:38 . 2009-07-16 20:38 -------- d-----w- c:\program files\iTunes
2009-07-16 20:38 . 2009-07-16 20:38 -------- d-----w- c:\program files\iPod
2009-07-16 20:38 . 2007-12-07 16:19 -------- d-----w- c:\program files\Common Files\Apple
2009-07-16 20:34 . 2009-07-16 20:34 75040 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-16 19:39 . 2007-08-23 12:57 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-09 17:43 . 2009-07-09 17:43 -------- d-----w- c:\program files\AxBx
2009-07-09 16:45 . 2009-07-09 16:43 -------- d-----w- c:\users\Christophe\AppData\Roaming\ManyCam
2009-06-15 15:24 . 2009-07-15 06:37 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-15 06:37 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-15 06:37 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-15 06:37 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-13 07:59 . 2009-06-13 07:59 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb2E61.tmp.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-09-01_21.05.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-01 22:56 . 2009-06-15 15:00 72704 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\secur32.dll
+ 2009-09-01 22:56 . 2009-06-15 14:53 72704 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\secur32.dll
+ 2009-09-01 22:56 . 2009-06-15 15:25 72704 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\secur32.dll
+ 2009-09-01 22:56 . 2009-06-15 15:24 72704 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\secur32.dll
+ 2009-09-01 22:56 . 2009-06-15 15:08 72704 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\secur32.dll
+ 2009-09-01 22:56 . 2009-06-15 15:28 72704 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\secur32.dll
+ 2007-05-25 09:26 . 2009-09-02 11:50 70488 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-09-02 11:50 74468 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-08-08 15:36 . 2009-09-02 11:50 13756 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4192035002-909409505-293855971-1004_UserData.bin
- 2007-08-06 11:49 . 2009-09-01 20:36 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-08-06 11:49 . 2009-09-02 11:48 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-08-06 11:49 . 2009-09-02 11:48 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-08-06 11:49 . 2009-09-01 20:36 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-08-06 11:49 . 2009-09-01 20:36 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-08-06 11:49 . 2009-09-02 11:48 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-01 22:56 . 2009-06-15 12:51 9728 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\lsass.exe
+ 2009-09-01 22:56 . 2009-06-15 12:48 9728 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\lsass.exe
+ 2009-09-01 22:56 . 2009-06-15 13:03 9728 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\lsass.exe
+ 2009-09-01 22:56 . 2009-06-15 12:57 9728 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\lsass.exe
+ 2009-09-01 22:56 . 2009-06-15 12:59 7680 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\lsass.exe
+ 2009-09-01 22:56 . 2009-06-15 13:10 7680 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\lsass.exe
+ 2009-09-02 11:48 . 2009-09-02 11:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-09-01 21:03 . 2009-09-01 21:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-09-01 22:56 . 2009-06-15 15:00 270848 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6002.22152_none_2452506b6bad8187\schannel.dll
+ 2009-09-01 22:56 . 2009-06-15 14:53 270848 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6002.18051_none_23c7b3565290c866\schannel.dll
+ 2009-09-01 22:56 . 2009-06-15 15:25 270848 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6001.22450_none_2269ddef6e88f9b5\schannel.dll
+ 2009-09-01 22:56 . 2009-06-15 15:24 270848 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6001.18272_none_21cc9ffa5579c754\schannel.dll
+ 2009-09-01 22:56 . 2009-06-15 15:08 272384 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6000.21067_none_207fa79f71646c31\schannel.dll
+ 2009-09-01 22:56 . 2009-06-15 15:28 272384 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6000.16870_none_1fe460c0585503b5\schannel.dll
+ 2009-09-01 22:56 . 2009-06-15 14:59 217600 c:\windows\winsxs\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6002.22152_none_7eeef23078f56dde\msv1_0.dll
+ 2009-09-01 22:56 . 2009-06-15 14:53 218624 c:\windows\winsxs\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6002.18051_none_7e64551b5fd8b4bd\msv1_0.dll
+ 2009-09-01 22:56 . 2009-06-15 15:24 213504 c:\windows\winsxs\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6001.22450_none_7d067fb47bd0e60c\msv1_0.dll
+ 2009-09-01 22:56 . 2009-06-15 15:22 213504 c:\windows\winsxs\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6001.18272_none_7c6941bf62c1b3ab\msv1_0.dll
+ 2009-09-01 22:56 . 2009-06-15 15:06 216576 c:\windows\winsxs\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6000.21067_none_7b1c49647eac5888\msv1_0.dll
+ 2009-09-01 22:56 . 2009-06-15 15:25 216576 c:\windows\winsxs\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6000.16870_none_7a810285659cf00c\msv1_0.dll
+ 2009-09-01 22:56 . 2009-06-15 14:58 500736 c:\windows\winsxs\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6002.22152_none_e912e288c7383abe\kerberos.dll
+ 2009-09-01 22:56 . 2009-06-15 14:52 499712 c:\windows\winsxs\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6002.18051_none_e8884573ae1b819d\kerberos.dll
+ 2009-09-01 22:56 . 2009-06-15 15:22 500736 c:\windows\winsxs\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6001.22450_none_e72a700cca13b2ec\kerberos.dll
+ 2009-09-01 22:56 . 2009-06-15 15:21 499712 c:\windows\winsxs\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6001.18272_none_e68d3217b104808b\kerberos.dll
+ 2009-09-01 22:56 . 2009-06-15 15:04 496640 c:\windows\winsxs\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6000.21067_none_e54039bcccef2568\kerberos.dll
+ 2009-09-01 22:56 . 2009-06-15 15:23 494592 c:\windows\winsxs\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6000.16870_none_e4a4f2ddb3dfbcec\kerberos.dll
+ 2009-09-01 22:56 . 2009-06-15 15:00 175104 c:\windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6002.22152_none_3d095074931fbe8f\wdigest.dll
+ 2009-09-01 22:56 . 2009-06-15 14:54 175104 c:\windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6002.18051_none_3c7eb35f7a03056e\wdigest.dll
+ 2009-09-01 22:56 . 2009-06-15 15:26 175104 c:\windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6001.22450_none_3b20ddf895fb36bd\wdigest.dll
+ 2009-09-01 22:56 . 2009-06-15 15:24 175104 c:\windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6001.18272_none_3a83a0037cec045c\wdigest.dll
+ 2009-09-01 22:56 . 2009-06-15 15:09 175104 c:\windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6000.21067_none_3936a7a898d6a939\wdigest.dll
+ 2009-09-01 22:56 . 2009-06-15 15:29 175104 c:\windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6000.16870_none_389b60c97fc740bd\wdigest.dll
+ 2009-09-01 22:56 . 2009-06-15 21:17 439880 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\ksecdd.sys
+ 2009-09-01 22:56 . 2009-06-15 23:15 439864 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\ksecdd.sys
+ 2009-09-01 22:56 . 2009-06-15 18:40 439880 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\ksecdd.sys
+ 2009-09-01 22:56 . 2009-06-15 18:20 439896 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\ksecdd.sys
+ 2009-09-01 22:56 . 2009-06-15 23:20 408136 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\ksecdd.sys
+ 2009-09-01 22:56 . 2009-06-15 18:12 408136 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\ksecdd.sys
- 2009-05-16 18:43 . 2009-09-01 17:46 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-05-16 18:43 . 2009-09-02 09:51 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-09-01 22:56 . 2009-06-15 14:58 1259008 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\lsasrv.dll
+ 2009-09-01 22:56 . 2009-06-15 14:52 1259008 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\lsasrv.dll
+ 2009-09-01 22:56 . 2009-06-15 15:25 1257984 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\lsasrv.dll
+ 2009-09-01 22:56 . 2009-06-15 15:23 1256448 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\lsasrv.dll
+ 2009-09-01 22:56 . 2009-06-15 15:04 1235456 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\lsasrv.dll
+ 2009-09-01 22:56 . 2009-06-15 15:23 1233920 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\lsasrv.dll
+ 2006-11-02 10:22 . 2009-09-02 09:45 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2006-11-02 10:22 . 2009-08-25 22:31 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-05-17 14:02 . 2009-09-01 22:54 89296257 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-06 68856]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-08-07 247144]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-09 835584]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2007-02-07 411768]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-04-02 321656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"Norton Save and Restore 2.0"="c:\program files\Norton Save and Restore\Agent\VProTray.exe" [2007-02-13 2020968]
"AppMon Utility"="c:\program files\Sony\AppMonUtil\AppMonUtility.exe" [2007-04-12 415864]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-18 185896]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-07 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-07 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-07 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-28 4390912]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-03-28 1822720]

c:\users\Christophe et Brice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
palmOne Registration.lnk - c:\program files\palmOne\register.exe [2005-2-11 2301952]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2008-9-24 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-03-09 07:55 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{59DB767F-7238-4EF8-9486-9817438A9E5D}"= Disabled:UDP:c:\program files\sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{619C8763-C41E-4434-BF2A-260E1BB61106}"= Disabled:TCP:c:\program files\sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"TCP Query User{94322494-0AC1-4686-8609-2F5AF5878546}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{DDFB28BF-1371-4E75-BAD5-96D599BB01BE}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{D75B1BD0-FE78-4F8F-AA07-9410CB7962C6}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{42FAD36C-9472-417B-868A-AB8B85C290E5}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"TCP Query User{658264AB-E75D-4728-8E08-1F770F34401A}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{2FC003FF-A95F-424D-A8FE-ED884E0D4829}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{EFAA58D9-ECA0-418A-844C-E6A85654CCEC}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. The whole world can talk for free.
"UDP Query User{74B79AF1-124C-4566-97BC-B8BA1CB8460A}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. The whole world can talk for free.
"TCP Query User{0B5478DE-80C2-46C4-8D65-84A3B71972C3}c:\\program files\\quicktime\\quicktimeplayer.exe"= UDP:c:\program files\quicktime\quicktimeplayer.exe:QuickTime Player
"UDP Query User{D3E34915-E3DA-4D16-A15B-A469638F3E7D}c:\\program files\\quicktime\\quicktimeplayer.exe"= TCP:c:\program files\quicktime\quicktimeplayer.exe:QuickTime Player
"TCP Query User{660451A3-66F6-4BE9-932C-41CB7E2E8170}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{60A505B1-ED96-4CE0-84D3-413A3A8F12BC}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{E7CCD1A9-FDAA-4148-A3AD-75D724CBD6E6}c:\\program files\\ea games\\medal of honor batailles du pacifique(tm)\\mohpa.exe"= UDP:c:\program files\ea games\medal of honor batailles du pacifique(tm)\mohpa.exe:Medal of Honor Pacific Assault(tm)
"UDP Query User{4198EEB4-C5D2-4129-B818-E9A8EACE10A9}c:\\program files\\ea games\\medal of honor batailles du pacifique(tm)\\mohpa.exe"= TCP:c:\program files\ea games\medal of honor batailles du pacifique(tm)\mohpa.exe:Medal of Honor Pacific Assault(tm)
"TCP Query User{1AA12958-38E1-4578-BDC9-1374571A4F1A}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{B1ADE82E-0913-4989-8A29-3B63C490F065}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"TCP Query User{7EC00E3F-8DE7-4786-806C-2FE218FB71D3}c:\\program files\\real\\realplayer\\recordingmanager.exe"= UDP:c:\program files\real\realplayer\recordingmanager.exe:RealNetworks Download and Record Manager
"UDP Query User{21F22FA6-D2D5-4AF5-8C71-F3CCF3A192A6}c:\\program files\\real\\realplayer\\recordingmanager.exe"= TCP:c:\program files\real\realplayer\recordingmanager.exe:RealNetworks Download and Record Manager
"{D50ACCF8-0061-4B71-9A25-324577FE7760}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{9580375B-A81F-4997-97CA-38456481E84B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6A12D1E7-026E-4637-8BAE-9AD9DD38D4A6}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{F7C5A1E6-EC1C-45F5-9510-F790FC8AEB6D}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{38424C9D-0C3F-4EA4-A44F-EE80236BDDCF}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{616FEA98-8ACD-47E5-B1CE-4C167D3AE962}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{D316798E-3CEB-4AA5-AA19-546CBE1EE548}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{51641DC0-F33B-4E28-AA49-6931FACBBB08}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{EA9E4DCE-3590-4F15-9DC8-2C67BE7594CB}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{9C26D24F-A6DE-44B5-A663-0B325AEEDEB5}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{1CE15DE8-D1E4-47C6-8654-E9AAFD463E1A}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{A90AF496-4784-48CB-A65A-5FCEC25FC5F5}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"{0B748B9A-78F2-4D33-B3FA-65E0CF90AC99}"= UDP:5678:LocalSubnet:LocalSubnet|IF={FBDBF529-EAB5-4481-8E39-B951239DD5CB}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004
"{422589B7-516F-4371-B8B9-97D13069EF43}"= UDP:999:LocalSubnet:LocalSubnet|IF={FBDBF529-EAB5-4481-8E39-B951239DD5CB}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005
"{E13002F0-3CB9-4BB2-9085-0FA75EE47882}"= UDP:26675:LocalSubnet:LocalSubnet|IF={FBDBF529-EAB5-4481-8E39-B951239DD5CB}:@%systemroot%\WindowsMobile\wmdc.exe,-4006
"{53F7A45D-B40D-464C-B8BB-F9BF938C8580}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A939C35B-AA4E-40D4-AB3D-346F5314E2A1}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D386C38B-C549-4F8B-803E-E783A3A377A3}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{D0698B21-DC8F-4D59-8D15-72923F0852E8}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{3E58639D-2602-4CE3-8093-948E761C58F0}"= UDP:c:\program files\sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{A74888F9-4B1D-499E-B49B-B6E8A6078CA3}"= TCP:c:\program files\sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{ECA4F604-9422-4459-B1D2-4CAFD3D63CF3}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{25C97877-F83D-4F45-8D3B-FF259920D4A4}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{92E97BC9-F8AD-40CD-9A53-193595BBF315}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{530657D5-8ECF-4C38-B71B-0749F301A07D}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{003C56D8-82B2-422E-BF9E-3A8798347D76}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{049C9E28-BC0E-4B64-B5D8-938D3A10BC1B}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{54F99BAC-3CAC-40AB-965E-779751FEB516}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [06/04/2008 14:49 114768]
R1 Filter;Filter;c:\windows\System32\drivers\Filter.sys [31/08/2009 17:21 37760]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [06/04/2008 14:49 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [06/08/2007 15:45 53328]
R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24/11/2008 23:31 29263712]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [17/04/2007 20:09 11032]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [15/09/2008 16:42 809296]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [07/08/2009 16:31 92008]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [25/05/2007 20:52 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [25/05/2007 20:52 43904]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\System32\drivers\SonyImgF.sys [25/05/2007 20:52 31104]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [23/04/2007 13:29 812544]
S3 AVerM115S;AVerM115S service;c:\windows\System32\drivers\AVerM115S.sys [25/05/2007 12:21 785280]
S3 Norton Save and Restore;Norton Save and Restore;c:\program files\Norton Save and Restore\Agent\VProSvc.exe [13/02/2007 18:57 2655848]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\VAIO Media Integrated Server\UCLS.exe [31/05/2007 07:13 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [31/05/2007 07:12 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [31/05/2007 07:12 1089536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
ddnsfilter REG_MULTI_SZ ddnsfilter

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
rundll32.exe advpack.dll,LaunchINFSection c:\windows\INF\nsplayer.inf,PerUserStub.NT
.
Contents of the 'Scheduled Tasks' folder

2009-09-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-28 11:27]

2009-09-02 c:\windows\Tasks\User_Feed_Synchronization-{63E6A3EB-F909-4D28-BAA4-1A8D515EF6CE}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {5A7DB938-7E7C-4682-9DCA-04ED185F9BAE} = 208.67.220.220,208.67.222.222
TCP: {B01CD15E-9D64-4E68-82FA-20917BE47EB9} = 192.168.1.87,208.67.222.222
TCP: {CAF325C5-0FA9-4C93-BE75-9A3386D8A1A7} = 208.67.220.220,208.67.222.222
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: CANALPLAY Installer - hxxp://www.canalplay.com/cabs/CanalInstaller.CAB
DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} - hxxps://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
FF - ProfilePath - c:\users\Christophe\AppData\Roaming\Mozilla\Firefox\Profiles\ec8y8awn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
FF - plugin: c:\progra~1\palmOne\PACKAG~1\NPInstal.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-02 13:48
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000003d

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\sony\VAIO Update 3\VAIOUpdt.exe
c:\program files\sony\Wireless Switch Setting Utility\Switcher.exe
c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\stacsv.exe
c:\program files\sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\sony\VAIO Event Service\VESMgrSub.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\System32\WUDFHost.exe
c:\program files\sony\VAIO Power Management\SPMgr.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-09-02 14:00 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-02 11:59
ComboFix2.txt 2009-09-01 21:15

Pre-Run: 63 968 251 904 octets libres
Post-Run: 63 893 598 208 octets libres

392 --- E O F --- 2009-09-02 09:54


Je lance malwarebyte et te poste de suite le rapport

Et voici le rapport de malwarebytes

Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2729
Windows 6.0.6001 Service Pack 1

02/09/2009 14:10:51
mbam-log-2009-09-02 (14-10-51).txt

Type de recherche: Examen rapide
Eléments examinés: 100395
Temps écoulé: 4 minute(s), 30 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ddnsfilter (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Windows\mmsmark2.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Windows\0535251103110107106.yux (KoobFace.Trace) -> Quarantined and deleted successfully.