Analyse Par ComboFix

Bonjour,
Après une attaque d'un Rogue j'ai fais une analyse par ComboFix mais je n'arrive pas a savoir ce que je dois faire ensuite. Pouvez-vous m'aider ? Merci beaucoup.


ComboFix 10-08-07.02 - Valomet 08/08/2010 17:55:21.1.2 - x86 NETWORK
Microsoft Windows 7 Édition Intégrale 6.1.7600.0.1252.33.1036.18.3326.2781 [GMT 2:00]
Lancé depuis: c:\users\Valomet\Desktop\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Valomet\AppData\Local\dkpbqfybi
c:\users\Valomet\AppData\Local\dkpbqfybi\stxapjwtssd.exe
c:\users\Valomet\AppData\Roaming\5A9CA7589AB071724606B06CE6F047E3
c:\users\Valomet\AppData\Roaming\5A9CA7589AB071724606B06CE6F047E3\enemies-names.txt
c:\users\Valomet\AppData\Roaming\5A9CA7589AB071724606B06CE6F047E3\local.ini
c:\users\Valomet\AppData\Roaming\5A9CA7589AB071724606B06CE6F047E3\lsrslt.ini
c:\users\Valomet\AppData\Roaming\5A9CA7589AB071724606B06CE6F047E3\newreleaseversion70700.exe
c:\users\Valomet\AppData\Roaming\dkpbqfybi
c:\users\Valomet\AppData\Roaming\dkpbqfybi\stxapjwtssd.exe
c:\windows\Readme.txt
c:\windows\system32\dbjqp.dll
c:\windows\system32\muzapp.exe
c:\windows\system32\pthreadVC.dll
c:\windows\system32\ReadMe.txt

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-07-08 au 2010-08-08 ))))))))))))))))))))))))))))))))))))
.

2010-08-08 15:58 . 2010-08-08 15:58 -------- d-----w- c:\users\Valomet\AppData\Local\temp
2010-08-08 15:58 . 2010-08-08 15:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-04 17:44 . 2010-08-08 15:58 783360 ----a-w- c:\windows\system32\drivers\ejvcmmmp.sys
2010-07-26 18:29 . 2010-07-26 18:31 -------- d-----w- c:\program files\FileZilla 2.2.32

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-08 15:56 . 2009-07-14 08:39 714094 ----a-w- c:\windows\system32\perfh00C.dat
2010-08-08 15:56 . 2009-07-14 08:39 135410 ----a-w- c:\windows\system32\perfc00C.dat
2010-08-08 15:12 . 2009-12-08 18:55 -------- d-----w- c:\programdata\Kaspersky Lab
2010-08-08 15:12 . 2009-12-09 01:44 -------- d-----w- c:\programdata\NVIDIA
2010-08-04 18:46 . 2009-07-13 23:11 43088 ----a-w- c:\windows\system32\drivers\pcw.sys
2010-08-04 17:27 . 2010-01-02 16:35 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-07-30 07:20 . 2010-01-02 16:48 -------- d-----w- c:\users\Valomet\AppData\Roaming\vlc
2010-07-29 16:41 . 2010-02-07 16:19 -------- d-----w- c:\users\Valomet\AppData\Roaming\free3gp
2010-07-29 16:34 . 2009-12-08 18:55 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-07-29 16:34 . 2009-12-08 18:55 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-07-10 13:15 . 2010-01-02 16:54 -------- d-----w- c:\users\Valomet\AppData\Roaming\dvdcss
2010-07-06 14:36 . 2010-07-06 14:36 -------- d-----w- c:\users\Valomet\AppData\Roaming\Foxit Software
2010-06-25 20:59 . 2009-12-08 18:50 -------- d-----w- c:\program files\Microsoft.NET
2010-06-25 17:36 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll
2010-06-25 17:36 . 2009-07-13 23:36 13824 ----a-w- c:\windows\system32\slwga.dll
2010-06-25 17:36 . 2009-07-13 23:24 811520 ----a-w- c:\windows\system32\user32.dll
2010-05-30 15:22 . 2010-05-30 15:22 2724120 ------w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-05-30 15:22 . 2010-05-30 15:22 42776 ------w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-05-30 15:22 . 2010-05-30 15:22 639296 ------w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-05-27 07:24 . 2010-06-10 05:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-10 05:11 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 12:14 . 2009-12-08 19:00 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 05:18 . 2010-06-10 05:11 977920 ----a-w- c:\windows\system32\wininet.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sh--r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sh--w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

------- Sigcheck -------

[-] 2010-06-25 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-11-24 1738040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cobian Backup 9"="c:\program files\Cobian Backup 9\Cobian.exe" [2009-01-22 579584]
"SMSTray"="c:\program files\Samsung\EmoDio\SMSTray.exe" [2008-09-17 484880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
forteManager.lnk - c:\program files\LG Soft India\forteManager\bin\Monitor.exe [2010-3-3 1687552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-04-17 11:41 196608 ------w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-04-13 05:07 69632 ------w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 135664]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-11-20 240232]
R3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [2008-12-12 14336]
R3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [2008-12-12 18432]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-24 1343400]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]


--- Autres Services/Pilotes en mémoire ---

*Deregistered* - ejvcmmmp
.
Contenu du dossier 'Tâches planifiées'

2010-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 13:32]

2010-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 13:32]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {C4B38126-F995-4D46-A964-0DCC0C23DECA} = 192.168.1.1
FF - ProfilePath - c:\users\Valomet\AppData\Roaming\Mozilla\Firefox\Profiles\ocm2rdmn.default\
FF - prefs.js: browser.startup.homepage - google.fr
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-ucisqeft - c:\users\Valomet\AppData\Roaming\dkpbqfybi\stxapjwtssd.exe
HKCU-Run-newreleaseversion70700.exe - c:\users\Valomet\AppData\Roaming\5A9CA7589AB071724606B06CE6F047E3\newreleaseversion70700.exe
HKLM-Run-MChk - c:\windows\system32\ubjqp.exe
HKLM-RunOnce-<NO NAME> - (no file)



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ejvcmmmp]

.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2010-08-08 17:59:51
ComboFix-quarantined-files.txt 2010-08-08 15:59

Avant-CF: 101 688 700 928 octets libres
Après-CF: 101 590 630 400 octets libres

- - End Of File - - 989E37ABD2A8F86A00D6E755BD20D3D4





Après