Gary123456

Bonjour, Voici le rapport combofix. Ce qui est bizarre c'est que Avira, je l'ai désinstallé mais il apparait dans ce rapport, savez-vousp pourquoi? Pensez vous que mon pc est stable ? Merci ComboFix 12-08-07.02 - Romerix 07/08/2012 18:04:25.1.2 - x64 MINIMAL Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.4060.3083 [GMT 2:00] Lancé depuis: c:\users\Romerix\Desktop\ComboFix.exe AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\UNWISE.EXE c:\users\Romerix\Taskmgr.exe c:\windows\SysWow64\reghmf.exe c:\windows\SysWow64\UNWISE.EXE . c:\windows\system32\Services.exe . . . est infecté!! . . ((((((((((((((((((((((((((((( Fichiers créés du 2012-07-07 au 2012-08-07 )))))))))))))))))))))))))))))))))))) . . 2012-08-07 16:57 . 2012-08-07 17:49 -------- d-----w- c:\users\Romerix\AppData\Local\temp 2012-08-07 16:57 . 2012-08-07 16:57 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-07 12:57 . 2012-08-07 12:57 -------- d-----w- C:\TDSSKiller_Quarantine 2012-08-06 15:56 . 2012-08-07 16:02 -------- d-----w- c:\program files (x86)\ewido anti-malware 2012-08-06 13:53 . 2012-08-06 13:53 -------- d-----w- c:\users\Romerix\AppData\Roaming\RoboForm 2012-08-06 13:51 . 2012-08-06 13:51 -------- d-----w- c:\programdata\RoboForm 2012-08-06 13:51 . 2012-08-06 13:51 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-08-06 13:50 . 2012-08-06 13:50 -------- d-----w- c:\program files (x86)\Oracle 2012-08-06 13:49 . 2012-07-05 20:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-08-06 13:49 . 2012-08-06 13:49 -------- d-----w- c:\program files (x86)\Siber Systems 2012-08-06 13:48 . 2012-07-03 16:21 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-08-06 13:48 . 2012-07-03 16:21 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-08-06 13:48 . 2012-07-03 16:21 44272 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-08-06 13:48 . 2012-07-03 16:21 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-08-06 13:48 . 2012-07-03 16:21 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-08-06 13:48 . 2012-07-03 16:21 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-08-06 13:47 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr 2012-08-06 13:47 . 2012-07-03 16:21 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-08-05 19:38 . 2012-08-05 19:38 512 ----a-w- C:\PhysicalDisk0_MBR.bin 2012-08-05 17:02 . 2012-08-05 17:02 -------- d-----w- c:\users\Romerix\AppData\Local\Macromedia 2012-08-05 15:36 . 2012-08-05 15:36 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-08-05 13:23 . 2012-08-05 13:23 -------- d-----w- c:\users\Romerix\AppData\Local\Software 2012-08-05 13:23 . 2012-08-05 13:23 -------- d-----w- c:\programdata\Software 2012-08-05 13:23 . 2012-08-05 13:23 -------- d-----w- c:\program files (x86)\Software 2012-08-05 12:26 . 2012-08-05 12:33 -------- d-----w- C:\Pre_Scan 2012-08-05 01:30 . 2012-08-05 01:30 -------- d-----w- C:\$RECYCLE(0).BIN 2012-08-04 21:43 . 2012-08-05 13:26 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-08-04 21:42 . 2012-08-05 01:56 -------- d-----w- c:\users\AppData 2012-08-04 20:55 . 2012-08-04 20:55 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition 2012-08-04 20:52 . 2012-08-04 20:52 -------- d-----w- c:\program files (x86)\Microsoft 2012-08-02 22:31 . 2012-08-02 22:31 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CE8A5BBD-5CB1-48F6-9120-19B5FC2FF53B}\offreg.dll 2012-07-31 23:24 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CE8A5BBD-5CB1-48F6-9120-19B5FC2FF53B}\mpengine.dll 2012-07-27 12:29 . 2012-07-27 12:29 0 ----a-w- c:\windows\ativpsrm.bin 2012-07-24 22:51 . 2012-07-24 22:51 -------- d-----w- c:\programdata\TOSHIBA Tempro 2012-07-24 22:51 . 2012-07-24 22:51 -------- d-----w- c:\programdata\IsolatedStorage 2012-07-24 22:50 . 2012-07-24 22:50 -------- d-----w- c:\program files (x86)\Toshiba TEMPRO 2012-07-24 22:50 . 2012-07-24 22:50 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2012-07-13 12:36 . 2012-08-04 20:55 -------- d-----w- c:\program files\Windows Live 2012-07-13 12:35 . 2012-07-16 07:57 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2012-07-13 12:33 . 2012-07-13 12:33 6260088 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\bd97c4e01cd60f315\Silverlight.4.0.exe 2012-07-13 12:33 . 2012-08-07 09:24 -------- d-----w- c:\users\Romerix\AppData\Local\Windows Live 2012-07-11 08:05 . 2012-06-13 13:58 2769408 ----a-w- c:\windows\system32\win32k.sys . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-06 14:34 . 2012-04-03 07:28 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-06 14:34 . 2011-05-28 07:49 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-13 12:37 . 2011-03-28 16:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-07-11 08:11 . 2006-11-02 12:35 59701280 ----a-w- c:\windows\system32\mrt.exe 2012-07-05 20:06 . 2010-11-14 14:09 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-07-03 16:21 . 2011-08-15 16:50 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-06-02 22:19 . 2012-06-22 07:57 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-22 07:58 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-22 07:58 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-22 07:58 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-22 07:57 35864 ----a-w- c:\windows\SysWow64\wups.dll 2012-06-02 22:19 . 2012-06-22 07:57 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:19 . 2012-06-22 07:57 577048 ----a-w- c:\windows\SysWow64\wuapi.dll 2012-06-02 22:15 . 2012-06-22 07:58 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-22 07:57 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 22:12 . 2012-06-22 07:57 88576 ----a-w- c:\windows\SysWow64\wudriver.dll 2012-06-02 13:19 . 2012-06-22 07:57 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 13:19 . 2012-06-22 07:57 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll 2012-06-02 13:15 . 2012-06-22 07:57 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 13:12 . 2012-06-22 07:57 33792 ----a-w- c:\windows\SysWow64\wuapp.exe 2012-05-31 10:25 . 2009-10-04 10:02 279656 ------w- c:\windows\system32\MpSigStub.exe . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2009-04-11 . 934E0B7D77FF78C18D9F8891221B6DE3 . 384512 . . [6.0.6002.18005] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe [7] 2008-01-21 . DFAC660F0F139276CC9299812DE42719 . 384512 . . [6.0.6001.18000] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe [-] 2009-04-11 . BC81150939BD52DBC7A08C245F1FB229 . 384512 . . [6.0.6000.16386] .. c:\windows\system32\services.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe" [2009-03-16 6158240] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696] "googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2012-07-29 3297280] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2007-04-16 422400] "SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2008-11-21 438272] "KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-21 61440] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736] "NDSTray.exe"="c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe" [2009-05-12 299008] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "adaware"="reg.exe delete HKCU\Software\AppDataLow\Software\adaware" [X] "adaware_XP"="reg.exe delete HKCU\Software\adaware" [X] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-2-24 391072] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux5"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" "MobileConnect"=%programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent "UIExec"="c:\program files (x86)\Metfone 3G\UIExec.exe" "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" "tvncontrol"="c:\program files (x86)\TightVNC\tvnserver.exe" -controlservice -slave . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-06 250056] R3 AF9035BDA;Cinergy T-Stick service;c:\windows\system32\DRIVERS\AF15BDA.sys [2011-01-25 513656] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] . . --- Autres Services/Pilotes en mémoire --- . *NewlyCreated* - WS2IFSL . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . Contenu du dossier 'Tâches planifiées' . 2012-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 14:34] . 2012-08-07 c:\windows\Tasks\GlaryInitialize.job - c:\program files (x86)\Glary Utilities\initialize.exe [2012-04-20 19:06] . 2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-01 21:02] . 2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-01 21:02] . 2012-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4166468453-4050640416-1565833345-1000Core.job - c:\users\Romerix\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-03 21:02] . 2012-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4166468453-4050640416-1565833345-1000UA.job - c:\users\Romerix\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-03 21:02] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe" [2009-04-23 1128448] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-03-30 7574048] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-30 1833504] "SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [bU] "TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU] "HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [bU] "00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1716008] "SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [bU] "Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [bU] "TPCHWMsg"="c:\program files (x86)\TOSHIBA\TPHM\TPCHWMsg.exe" [bU] "Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2009-03-04 96144] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-01-07 2304904] "Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-10-26 1050072] . ------- Examen supplémentaire ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.fr/ mStart Page = hxxp://www.google.com mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEG&bmod=TSEG; mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://ie.search.msn.com IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Ajouter à un fichier PDF existant - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Barre avast! EasyPass - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Convertir au format Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la cible du lien au format Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Enregistrer les formulaires - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Personnaliser le menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Remplir les formulaires - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: Tout télécharger avec BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddAllLink.htm IE: Télécharger avec BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddLink.htm IE: Télécharger toutes les vidéos avec BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddVideo.htm TCP: DhcpNameServer = 89.2.0.1 89.2.0.2 FF - ProfilePath - c:\users\Romerix\AppData\Roaming\Mozilla\Firefox\Profiles\8lugpj7t.default\ . - - - - ORPHELINS SUPPRIMES - - - - . AddRemove-Hardlock Device Drivers - c:\windows\system32\UNWISE.EXE . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BFE] "ImagePath"="." . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_USERS\S-1-5-21-4166468453-4050640416-1565833345-1000\Software\SecuROM\License information*] "datasecu"=hex:7a,a7,1a,44,26,b6,5f,6b,d9,3f,23,e6,1f,bb,63,9a,70,93,88,a7,09, e9,9b,95,23,11,b1,a5,05,6c,18,cd,9a,3a,42,ae,48,6c,45,cf,2e,e5,f1,91,d8,3a,\ "rkeysecu"=hex:1d,59,68,28,93,fd,a9,1c,d4,27,aa,dc,87,6d,f8,d0 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Autres processus actifs ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe c:\program files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe c:\program files (x86)\Metfone 3G\AssistantServices.exe c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe c:\program files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe . ************************************************************************** . Heure de fin: 2012-08-07 19:55:10 - La machine a redémarré ComboFix-quarantined-files.txt 2012-08-07 17:55 ComboFix2.txt 2012-08-05 01:56 . Avant-CF: 45 339 602 944 octets libres Après-CF: 40 595 030 016 octets libres . - - End Of File - - 5E58165C74D3FEA8E515BFE4F3B26479

Rapport Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Version de la base de données: v2012.08.06.09 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Romerix :: PC-DE-ROMERIX [administrateur] 07/08/2012 14:42:21 mbam-log-2012-08-07 (14-42-21).txt Type d'examen: Examen complet Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 671836 Temps écoulé: 2 heure(s), 35 minute(s), 26 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Valeur(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 0 (Aucun élément nuisible détecté) (fin) Je lance un combofix

Ok merci je termine la phase de malware complet et je lance un combofix selon ce qui est écrit. Je fais le retour après

Bonjour, Ou trouve t'on le rapport en .txt de Avast, dans celui çi je ne peux que le lire mais pas importer ou accéder à son fichier pour vous le poster. En tout cas, le résulat c'est qu'il me trouve rien. Mais les alertes continuent... comprend pas ?

>> 3ème rapport après avoir cliquer sur Cliquer sur Host RAZ RogueKiller V7.6.5 [03/08/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/57) Blog: tigzy-RK Systeme d'exploitation: Windows Vista (6.0.6002 Service Pack 2) 64 bits version Demarrage : Mode normal Utilisateur: Romerix [Droits d'admin] Mode: HOSTS RAZ -- Date: 07/08/2012 14:11:48 ¤¤¤ Processus malicieux: 0 ¤¤¤ ¤¤¤ Driver: [NON CHARGE] ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ ¤¤¤ Nouveau fichier HOSTS: ¤¤¤ 127.0.0.1 localhost Termine : << RKreport[3].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt >> 4ème rapport après avoir cliquer sur Proxy RAZ RogueKiller V7.6.5 [03/08/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/57) Blog: tigzy-RK Systeme d'exploitation: Windows Vista (6.0.6002 Service Pack 2) 64 bits version Demarrage : Mode normal Utilisateur: Romerix [Droits d'admin] Mode: Proxy RAZ -- Date: 07/08/2012 14:14:38 ¤¤¤ Processus malicieux: 0 ¤¤¤ ¤¤¤ Driver: [NON CHARGE] ¤¤¤ ¤¤¤ Entrees de registre: 1 ¤¤¤ [PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> REPLACED (0) Termine : << RKreport[4].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt >> 5ème rapport après avoir cliquer sur DNS RAZ RogueKiller V7.6.5 [03/08/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/57) Blog: tigzy-RK Systeme d'exploitation: Windows Vista (6.0.6002 Service Pack 2) 64 bits version Demarrage : Mode normal Utilisateur: Romerix [Droits d'admin] Mode: DNS RAZ -- Date: 07/08/2012 14:16:53 ¤¤¤ Processus malicieux: 0 ¤¤¤ ¤¤¤ Driver: [NON CHARGE] ¤¤¤ ¤¤¤ Entrees de registre: 0 ¤¤¤ Termine : << RKreport[5].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt >>6ème rapport après avoir cliquer sur Racc. RAZ. RogueKiller V7.6.5 [03/08/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/57) Blog: http://tigzyrk.blogspot.com Systeme d'exploitation: Windows Vista (6.0.6002 Service Pack 2) 64 bits version Demarrage : Mode normal Utilisateur: Romerix [Droits d'admin] Mode: Raccourcis RAZ -- Date: 07/08/2012 14:27:28 ¤¤¤ Processus malicieux: 0 ¤¤¤ ¤¤¤ Driver: [NON CHARGE] ¤¤¤ ¤¤¤ Attributs de fichiers restaures: ¤¤¤ Bureau: Success 1 / Fail 0 Lancement rapide: Success 0 / Fail 0 Programmes: Success 11 / Fail 0 Menu demarrer: Success 8 / Fail 0 Dossier utilisateur: Success 434 / Fail 0 Mes documents: Success 3 / Fail 0 Mes favoris: Success 0 / Fail 0 Mes images: Success 0 / Fail 0 Ma musique: Success 0 / Fail 0 Mes videos: Success 0 / Fail 0 Disques locaux: Success 176 / Fail 0 Sauvegarde: [NOT FOUND] Lecteurs: [C:] \Device\HarddiskVolume2 -- 0x3 --> Restored [D:] \Device\CdRom1 -- 0x5 --> Skipped [E:] \Device\HarddiskVolume3 -- 0x3 --> Restored [F:] \Device\CdRom0 -- 0x5 --> Skipped ¤¤¤ Infection : ZeroAccess ¤¤¤ Termine : << RKreport[6].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt

Le 2ème rapport RogueKiller après nettoyage / suppression. RogueKiller V7.6.5 [03/08/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/57) Blog: tigzy-RK Systeme d'exploitation: Windows Vista (6.0.6002 Service Pack 2) 64 bits version Demarrage : Mode normal Utilisateur: Romerix [Droits d'admin] Mode: Suppression -- Date: 07/08/2012 14:03:54 ¤¤¤ Processus malicieux: 0 ¤¤¤ ¤¤¤ Entrees de registre: 5 ¤¤¤ [sUSP PATH] 16713ec0.job @ : C:\Users\Romerix\AppData\Local\Temp\\setup1055094976.exe -> DELETED [PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> NOT REMOVED, USE PROXYFIX [ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Romerix\AppData\Local\{d2760dc5-4070-6783-74a3-7f8f6cc5120d}\n.) -> REPLACED (c:\windows\system32\shell32.dll) [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ [ZeroAccess][FILE] @ : c:\windows\installer\{d2760dc5-4070-6783-74a3-7f8f6cc5120d}\@ --> REMOVED AT REBOOT [Del.Parent][FILE] 00000001.@ : c:\windows\installer\{d2760dc5-4070-6783-74a3-7f8f6cc5120d}\U\00000001.@ --> REMOVED [ZeroAccess][FOLDER] U : c:\windows\installer\{d2760dc5-4070-6783-74a3-7f8f6cc5120d}\U --> REMOVED [ZeroAccess][FOLDER] L : c:\windows\installer\{d2760dc5-4070-6783-74a3-7f8f6cc5120d}\L --> REMOVED [ZeroAccess][FILE] @ : c:\users\romerix\appdata\local\{d2760dc5-4070-6783-74a3-7f8f6cc5120d}\@ --> REMOVED [ZeroAccess][FOLDER] U : c:\users\romerix\appdata\local\{d2760dc5-4070-6783-74a3-7f8f6cc5120d}\U --> REMOVED [ZeroAccess][FOLDER] L : c:\users\romerix\appdata\local\{d2760dc5-4070-6783-74a3-7f8f6cc5120d}\L --> REMOVED [susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> CANNOT FIX ¤¤¤ Driver: [NON CHARGE] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK4055GSX +++++ --- User --- [MBR] c49fcc1f349e82e2dead223ef3b5e75d [bSP] 686d1a45e81a0255bbbdba93cbbe1bc8 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 190777 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 393785344 | Size: 189276 Mo User = LL1 ... OK! User = LL2 ... OK! Termine : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt

Bonjour et merci de votre réponse : Voici le rapport RogueKiller en attendant le rapport Avast dont il reste 28%. RogueKiller V7.6.5 [03/08/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/57) Blog: tigzy-RK Systeme d'exploitation: Windows Vista (6.0.6002 Service Pack 2) 64 bits version Demarrage : Mode normal Utilisateur: Romerix [Droits d'admin] Mode: Recherche -- Date: 07/08/2012 13:43:15 ¤¤¤ Processus malicieux: 0 ¤¤¤ ¤¤¤ Entrees de registre: 5 ¤¤¤ [sUSP PATH] 16713ec0.job @ : C:\Users\Romerix\AppData\Local\Temp\\setup1055094976.exe -> FOUND [PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND [ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Romerix\AppData\Local\{d2760dc5-4070-6783-74a3-7f8f6cc5120d}\n.) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ [ZeroAccess][FILE] @ : c:\windows\installer\{d2760dc5-4070-6783-74a3-7f8f6cc5120d}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\windows\installer\{d2760dc5-4070-6783-74a3-7f8f6cc5120d}\U --> FOUND [ZeroAccess][FOLDER] L : c:\windows\installer\{d2760dc5-4070-6783-74a3-7f8f6cc5120d}\L --> FOUND [ZeroAccess][FILE] @ : c:\users\romerix\appdata\local\{d2760dc5-4070-6783-74a3-7f8f6cc5120d}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\users\romerix\appdata\local\{d2760dc5-4070-6783-74a3-7f8f6cc5120d}\U --> FOUND [ZeroAccess][FOLDER] L : c:\users\romerix\appdata\local\{d2760dc5-4070-6783-74a3-7f8f6cc5120d}\L --> FOUND [susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> CANNOT FIX ¤¤¤ Driver: [NON CHARGE] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK4055GSX +++++ --- User --- [MBR] c49fcc1f349e82e2dead223ef3b5e75d [bSP] 686d1a45e81a0255bbbdba93cbbe1bc8 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 190777 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 393785344 | Size: 189276 Mo User = LL1 ... OK! User = LL2 ... OK! Termine : << RKreport[1].txt >> RKreport[1].txt

Bonjour, Cela fait quelques jours que je suis en battle avec 2 virus : Win32:malware-gen Win32:trojan-gen A chaque alertes Avast, je les mets pourtant en "quarantaine" mais rien à faire, les mêmes alertes reviennent tout le temps ! le pc rame au démarrage. Quelqu'un peut il svp m'aider à éradiquer ces virus !