Trojan.Sirefef.fy;HK;tout le reste de la famille :(

[inviteb619d5d1]

Bonjour,j'ai un problème avec mon ordinateur, l'antivirus : Bitdefender bloque un Trojan Sirefef.
Je lance une analyse et il ne me trouve pas le trojan, et dans les jours qui suivent, il me bloque des .FY .HK etc .....

Je ne sais pas quoi faire, j'ai regardé sur le net et j'ai télécharger combofix et analyser mon PC voici le rapport, si quelqu'un peut m'aider se serait super, merci d'avance.
( Au fait, je suis sur windows 7 familial )

ComboFix 12-07-20.02 - Théodore 20/07/2012 17:59:06.1.4 - x64
Microsoft Windows*7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.394 9.2301 [GMT 2:00]
Lancé depuis: C:\Users\Théodore\Desktop\Comb oFix.exe
AV: BitDefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
FW: BitDefender Pare-feu *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: BitDefender Antispyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


(((((((((((((((((((((((((((((( (((((( Autres suppressions )))))))))))))))))))))))))))))) ))))))))))))))))))


C:\eSupport\eDriver\Software\A SUS\MultiFrame\XP32_Vista32_Vi sta64_Win7_32_Win7_64_1.0.0021 \Desktop_.ini
C:\ProgramData\FullRemove.exe
C:\ProgramData\nnzhrrfyfhkdlyk
C:\Users\THODOR~1\AppData\Loca l\Temp\feb59f87-baa7-4a0a-902c-c33cfc0feb21\CliSecureRT.dll
C:\Users\Théodore\AppData\Loca l\Temp\feb59f87-baa7-4a0a-902c-c33cfc0feb21\CliSecureRT.dll
C:\Windows\Installer\{48e920f5-25f2-1bbe-3db4-8ed747a14b87}\@
C:\Windows\Installer\{48e920f5-25f2-1bbe-3db4-8ed747a14b87}\L\00000004.@
C:\Windows\Installer\{48e920f5-25f2-1bbe-3db4-8ed747a14b87}\L\1afb2d56
C:\Windows\Installer\{48e920f5-25f2-1bbe-3db4-8ed747a14b87}\L\201d3dde
C:\Windows\Installer\{48e920f5-25f2-1bbe-3db4-8ed747a14b87}\U\00000004.@
C:\Windows\Installer\{48e920f5-25f2-1bbe-3db4-8ed747a14b87}\U\00000008.@
C:\Windows\Installer\{48e920f5-25f2-1bbe-3db4-8ed747a14b87}\U\000000cb.$
C:\Windows\Installer\{48e920f5-25f2-1bbe-3db4-8ed747a14b87}\U\80000000.@
C:\Windows\Installer\{48e920f5-25f2-1bbe-3db4-8ed747a14b87}\U\80000032.@
C:\Windows\Installer\{48e920f5-25f2-1bbe-3db4-8ed747a14b87}\U\80000064.@

Une copie infectée de C:\Windows\system32\services.e xe a été trouvée et désinfectée
Copie restaurée à partir de - C:\Windows\winsxs\amd64_micros oft-windows-s..s-servicecontroller_31bf3856ad36 4e35_6.1.7600.16385_none_2b54b 20ee6fa07b1\services.exe


((((((((((((((((((((((((((((( Fichiers créés du 2012-06-20 au 2012-07-20 )))))))))))))))))))))))))))))) ))))))


2012-07-20 16:17:40 . 2012-07-20 16:17:40 -------- d-----w- C:\Users\Default\AppData\Local \temp
2012-07-20 14:59:55 . 2012-07-20 14:59:55 -------- d-----w- C:\Users\Théodore\AppData\Loca l\bdch
2012-07-20 11:56:31 . 2012-07-20 11:56:34 -------- d-----w- C:\Program Files (x86)\kittyhawk
2012-07-12 13:24:52 . 2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\system32\win32k.sys
2012-07-10 14:45:37 . 2012-07-10 14:45:37 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-10 07:41:10 . 2012-05-04 11:00:43 366592 ----a-w- C:\Windows\system32\qdvd.dll
2012-07-10 07:41:10 . 2012-05-04 09:59:54 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-07-10 07:29:57 . 2012-07-10 07:30:03 -------- d-----w- C:\Program Files\CCleaner
2012-07-10 06:08:09 . 2012-07-10 06:08:09 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-06-26 09:13:23 . 2012-06-26 09:23:05 -------- d-----w- C:\Users\Théodore\AppData\Loca l\rencontreshard
2012-06-25 14:04:24 . 2012-06-25 14:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll
2012-06-24 15:52:18 . 2012-06-24 15:52:18 -------- d-----w- C:\Windows\fr
2012-06-24 15:50:43 . 2012-06-24 15:50:43 -------- d-----w- C:\Users\Théodore\AppData\Loca l\{4CFBB2F1-0066-454A-8976-F9DC6F4F80E7}
2012-06-24 15:50:26 . 2012-06-24 15:50:26 -------- d-----w- C:\Windows\en
2012-06-24 15:50:16 . 2012-06-24 15:50:16 -------- d-----w- C:\Windows\el
2012-06-24 15:50:11 . 2012-06-24 15:50:11 -------- d-----w- C:\Windows\es
2012-06-24 15:50:05 . 2012-06-24 15:50:05 -------- d-----w- C:\Windows\he
2012-06-24 15:50:00 . 2012-06-24 15:50:01 -------- d-----w- C:\Windows\it
2012-06-24 15:49:54 . 2012-06-24 15:49:54 -------- d-----w- C:\Windows\nl
2012-06-24 15:49:41 . 2012-06-24 15:49:41 -------- d-----w- C:\Windows\de
2012-06-24 15:44:28 . 2012-03-08 16:40:52 48488 ----a-w- C:\Windows\system32\drivers\fs sfltr.sys
2012-06-24 15:44:04 . 2012-06-24 15:43:52 19736 ----a-w- C:\ProgramData\Microsoft\Ident ityCRL\production\ppcrlconfig6 00.dll
2012-06-24 15:39:25 . 2012-06-24 15:39:25 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\887730e71cd521f01\ DSETUP.dll
2012-06-24 15:39:25 . 2012-06-24 15:39:25 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\887730e71cd521f01\ DXSETUP.exe
2012-06-24 15:39:25 . 2012-06-24 15:39:25 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\887730e71cd521f01\ dsetup32.dll
2012-06-24 15:39:25 . 2012-06-24 15:39:25 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\88a9b3541cd521f02\ MeshBetaRemover.exe
2012-06-24 15:37:40 . 2012-06-24 15:37:51 -------- d-----w- C:\Users\Théodore\AppData\Loca l\{7C25AD45-429E-477F-8F9D-3CD88FEF70EF}
2012-06-24 11:31:52 . 2012-06-24 11:31:52 -------- d-----w- C:\Users\Théodore\AppData\Loca l\Macromedia
2012-06-23 15:45:14 . 2012-06-23 15:58:56 -------- d-----w- C:\Users\Théodore\AppData\Loca l\messengerdusexe
2012-06-21 06:17:04 . 2012-06-02 22:19:43 2428952 ----a-w- C:\Windows\system32\wuaueng.dl l
2012-06-21 06:17:04 . 2012-06-02 22:19:42 57880 ----a-w- C:\Windows\system32\wuauclt.ex e
2012-06-21 06:17:04 . 2012-06-02 22:19:42 44056 ----a-w- C:\Windows\system32\wups2.dll
2012-06-21 06:17:04 . 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\system32\wucltux.dl l
2012-06-21 06:16:45 . 2012-06-02 22:19:46 38424 ----a-w- C:\Windows\system32\wups.dll
2012-06-21 06:16:45 . 2012-06-02 22:19:23 701976 ----a-w- C:\Windows\system32\wuapi.dll
2012-06-21 06:16:45 . 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\system32\wudriver.d ll
2012-06-21 06:16:20 . 2012-06-02 13:19:42 186752 ----a-w- C:\Windows\system32\wuwebv.dll
2012-06-21 06:16:20 . 2012-06-02 13:15:12 36864 ----a-w- C:\Windows\system32\wuapp.exe
.


(((((((((((((((((((((((((((((( (((( Compte-rendu de Find3M )))))))))))))))))))))))))))))) ))))))))))))))))))

2012-07-16 12:31:19 . 2012-04-02 06:25:56 426184 ----a-w- C:\Windows\SysWow64\FlashPlaye rApp.exe
2012-07-16 12:31:19 . 2011-09-14 16:13:27 70344 ----a-w- C:\Windows\SysWow64\FlashPlaye rCPLApp.cpl
2012-07-12 13:22:33 . 2011-08-31 01:51:53 59701280 ----a-w- C:\Windows\system32\MRT.exe
2012-07-08 06:55:59 . 2012-03-12 06:26:08 45056 ----a-w- C:\Windows\system32\acovcnt.ex e
2012-05-15 04:01:31 . 2012-06-14 16:16:38 1188864 ----a-w- C:\Windows\system32\wininet.dl l
2012-05-15 03:59:18 . 2012-06-14 16:16:37 64512 ----a-w- C:\Windows\system32\jsproxy.dl l
2012-05-15 03:03:54 . 2012-06-14 16:16:38 981504 ----a-w- C:\Windows\SysWow64\wininet.dl l
2012-05-04 11:06:22 . 2012-06-14 16:15:52 5559664 ----a-w- C:\Windows\system32\ntoskrnl.e xe
2012-05-04 10:03:53 . 2012-06-14 16:15:50 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.e xe
2012-05-04 10:03:50 . 2012-06-14 16:15:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.e xe
2012-05-01 05:40:20 . 2012-06-14 16:15:53 209920 ----a-w- C:\Windows\system32\profsvc.dl l
2012-04-28 03:55:21 . 2012-06-14 16:15:44 210944 ----a-w- C:\Windows\system32\drivers\rd pwd.sys
2012-04-26 05:41:56 . 2012-06-14 16:16:01 77312 ----a-w- C:\Windows\system32\rdpwsx.dll
2012-04-26 05:41:55 . 2012-06-14 16:16:01 149504 ----a-w- C:\Windows\system32\rdpcorekmt s.dll
2012-04-26 05:34:27 . 2012-06-14 16:16:01 9216 ----a-w- C:\Windows\system32\rdrmemptyl st.exe
2012-04-24 05:37:37 . 2012-06-14 16:15:35 184320 ----a-w- C:\Windows\system32\cryptsvc.d ll
2012-04-24 05:37:37 . 2012-06-14 16:15:35 140288 ----a-w- C:\Windows\system32\cryptnet.d ll
2012-04-24 05:37:36 . 2012-06-14 16:15:37 1462272 ----a-w- C:\Windows\system32\crypt32.dl l
2012-04-24 04:36:42 . 2012-06-14 16:15:35 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.d ll
2012-04-24 04:36:42 . 2012-06-14 16:15:35 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dl l
2012-04-24 04:36:42 . 2012-06-14 16:15:35 103936 ----a-w- C:\Windows\SysWow64\cryptnet.d ll
2010-07-08 07:37:14 . 2010-07-08 07:37:14 101544 ----a-w- C:\Program Files\Common Files\LinkInstaller.exe
-----

[inviteb619d5d1]

(((((((((((((((((((((((((((((( ((( Points de chargement Reg )))))))))))))))))))))))))))))) ))))))))))))))))))


*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\software\wo w6432node\microsoft\windows\cu rrentversion\explorer\shellico noverlayidentifiers\ADSMOverla yIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D44 8F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08:18 143360 ------w- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIcon ShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Mic rosoft\Windows\CurrentVersion\ Run]
"KiesPDLR"="C:\Program Files (x86)\Samsung\Kies\External\Fi rmwareUpdate\KiesPDLR.exe" [2012-01-04 06:07:40 21392]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2010-11-20 13:25:17 1475584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wo w6432Node\Microsoft\Windows\Cu rrentVersion\Run]
"UpdateLBPShortCut"="C:\Progra m Files (x86)\CyberLink\LabelPrint\MUI Transfer\MUIStartMenu.exe" [2009-05-20 06:16:16 222504]
"UpdateP2GoShortCut"="C:\Progr am Files (x86)\CyberLink\Power2Go\MUITr ansfer\MUIStartMenu.exe" [2009-05-20 06:16:16 222504]
"Nuance PDF Reader-reminder"="C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 19:02:06 328992]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-12 04:12:50 98304]
"ATKMEDIA"="C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 21:41:46 170624]
"HControlUser"="C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 17:29:42 105016]
"Wireless Console 3"="C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-07-02 20:36:26 1597440]
"SunJavaUpdateSched"="C:\Progr am Files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 12:06:06 254696]

C:\ProgramData\Microsoft\Windo ws\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLa uncher.exe [2011-1-12 549040]
SRS Premium Sound.lnk - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C 7B668029A47458B27645FE6E4A715. exe [2011-3-28 156952]

[HKEY_LOCAL_MACHINE\software\mi crosoft\windows\currentversion \policies\system]
"ConsentPromptBehaviorAdmi n"= 5 (0x5)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wo w6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\curr entcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 clr_optimization_v4.0.30319_64 ;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Micr osoft.NET\Framework64\v4.0.303 19\mscorsvw.exe [2010-03-18 12:27:14 138576]
R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpda te.exe [2011-01-12 15:50:05 135664]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.ex e [2012-02-29 06:50:48 158856]
R3 AdobeFlashPlayerUpdateSvc;Adob e Flash Player Update Service;C:\Windows\SysWOW64\Ma cromed\Flash\FlashPlayerUpdate Service.exe [2012-07-16 12:31:20 250056]
R3 dgderdrv;dgderdrv;C:\Windows\s ystem32\drivers\dgderdrv.sys [2010-07-30 05:51:52 20552]
R3 gupdatem;Service Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpda te.exe [2011-01-12 15:50:05 135664]
R3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 20:35:31 113120]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRI VERS\SiSG664.sys [2009-06-10 20:35:57 56832]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\Windows\system32\DRIV ERS\ss_bbus.sys [2010-04-27 02:25:16 127488]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\Windows\system32\D RIVERS\ss_bmdfl.sys [2010-04-27 02:25:16 18944]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\Windows\system32\DRIV ERS\ss_bmdm.sys [2010-04-27 02:25:16 161280]
R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;C:\Windows\system32\DRI VERS\ss_bserd.sys [2010-04-27 02:25:16 128000]
R3 TFsExDisk;TFsExDisk;C:\Windows \System32\Drivers\TFsExDisk.sy s [2010-06-24 13:00:14 16392]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\s ystem32\drivers\tsusbflt.sys [2010-11-20 11:07:05 59392]
R3 TurboBoost;TurboBoost;C:\Progr am Files\Intel\TurboBoost\TurboBo ost.exe [2009-08-06 21:17:46 118672]
R3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\system 32\Wat\WatAdminSvc.exe [2011-07-28 04:59:22 1255736]
R4 avc3;avc3;C:\Windows\system32\ DRIVERS\avc3.sys [2010-06-28 09:55:38 692816]
R4 avckf;avckf;C:\Windows\system3 2\DRIVERS\avckf.sys [2010-06-28 09:55:44 1040976]
R4 Update Server;BitDefender Update Server v2;C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2011-09-18 21:40:41 467248]
R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 02:10:10 57184]
S1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2010-08-20 12:42:08 88144]
S1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-08-20 15:42:04 99408]
S1 Bdvedisk;Bdvedisk;C:\Windows\s ystem32\DRIVERS\bdvedisk.sys [2010-01-19 16:32:40 103944]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRI VERS\vwififlt.sys [2009-07-14 00:07:22 59904]
S2 AFBAgent;AFBAgent;C:\Windows\s ystem32\FBAgent.exe [2010-11-30 20:19:52 379520]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\at iesrxx.exe [2010-08-11 13:44:46 203264]
S2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 00:36:14 15416]
S2 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\dri vers\npf.sys [2010-06-25 17:07:26 35344]
S2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\Team Viewer_Service.exe [2012-03-19 11:38:46 2666880]
S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRI VERS\TurboB.sys [2009-08-06 21:17:34 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 02:34:22 2314240]
S2 Updatesrv;BitDefender Desktop Update Service;C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe [2011-09-18 21:39:53 53224]
S3 amdkmdag;amdkmdag;C:\Windows\s ystem32\DRIVERS\atikmdag.sys [2010-08-11 14:15:50 7765504]
S3 amdkmdap;amdkmdap;C:\Windows\s ystem32\DRIVERS\atikmpag.sys [2010-08-11 13:11:08 279040]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\dr ivers\AtihdW76.sys [2010-07-15 00:47:42 116240]
S3 BDFM;BDFM;C:\Windows\system32\ DRIVERS\bdfm.sys [2010-05-13 13:52:08 162896]
S3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRI VERS\ETD.sys [2010-04-13 10:15:04 135560]
S3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\ DRIVERS\HECIx64.sys [2009-09-17 19:54:54 56344]
S3 Impcd;Impcd;C:\Windows\system3 2\DRIVERS\Impcd.sys [2010-02-26 08:32:12 158976]
S3 JMCR;JMCR;C:\Windows\system32\ DRIVERS\jmcr.sys [2009-08-18 08:23:32 143472]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\system32\DRIV ERS\JME.sys [2010-02-25 03:26:58 115312]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DR IVERS\vwifimp.sys [2009-07-14 00:07:28 17920]


Contenu du dossier 'Tâches planifiées'

2012-07-20 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\F lash\FlashPlayerUpdateService. exe [2012-04-02 06:25:56 . 2012-07-16 12:31:20]

2012-07-20 C:\Windows\Tasks\GoogleUpdateT askMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpda te.exe [2011-01-12 15:50:06 . 2011-01-12 15:50:05]

2012-07-20 C:\Windows\Tasks\GoogleUpdateT askMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpda te.exe [2011-01-12 15:50:06 . 2011-01-12 15:50:05]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\software\mi crosoft\windows\currentversion \explorer\shelliconoverlayiden tifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D44 8F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52:58 159744 ------w- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIcon ShlExt1_64.dll

[HKEY_LOCAL_MACHINE\software\mi crosoft\windows\currentversion \explorer\shelliconoverlayiden tifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D413 3E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49:40 70656 ------w- C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShell Ext64.dll

[HKEY_LOCAL_MACHINE\software\mi crosoft\windows\currentversion \explorer\shelliconoverlayiden tifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174 815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49:40 70656 ------w- C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShell Ext64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Mi crosoft\Windows\CurrentVersion \Run]
"ASUS WebStorage"="C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSServi ce.exe" [2010-03-16 01:48:34 1754448]
"SmartAudio"="C:\Program Files\CONEXANT\SAII\SAIICpl.ex e" [2010-12-14 05:07:22 316032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Mi crosoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0

------- Examen supplémentaire -------

uLocal Page = C:\Windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = C:\Windows\SysWOW64\blank.htm
IE: E&xporter vers Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\ EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - C:\Users\Théodore\AppData\Roam ing\Mozilla\Firefox\Profiles\1 uk9vlgr.default\

- - - - ORPHELINS SUPPRIMES - - - -

Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDWare - C:\Program Files (x86)\Elantech\ETDCtrl.exe



--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Cl asses\Wow6432Node\CLSID\{A483C 63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\Window s\\SysWOW64\\Macromed\\Flash\\ FlashUtil32_11_3_300_265_Activ eX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Cl asses\Wow6432Node\CLSID\{A483C 63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Cl asses\Wow6432Node\CLSID\{A483C 63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="C:\\Windows\\SysWOW64\\Macr omed\\Flash\\FlashUtil32_11_3_ 300_265_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Cl asses\Wow6432Node\CLSID\{A483C 63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Cl asses\Wow6432Node\CLSID\{D27CD B6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Cl asses\Wow6432Node\CLSID\{D27CD B6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\\Windows\\SysWOW64\\Macr omed\\Flash\\Flash32_11_3_300_ 265.ocx"
"ThreadingModel"="Apartmen t"

[HKEY_LOCAL_MACHINE\software\Cl asses\Wow6432Node\CLSID\{D27CD B6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\software\Cl asses\Wow6432Node\CLSID\{D27CD B6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFla sh.11"

[HKEY_LOCAL_MACHINE\software\Cl asses\Wow6432Node\CLSID\{D27CD B6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\\Windows\\SysWOW64\\Macr omed\\Flash\\Flash32_11_3_300_ 265.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Cl asses\Wow6432Node\CLSID\{D27CD B6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Cl asses\Wow6432Node\CLSID\{D27CD B6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Cl asses\Wow6432Node\CLSID\{D27CD B6E-AE6D-11cf-96B8-444553540000}\VersionIndepende ntProgID]
@="ShockwaveFlash.ShockwaveFla sh"

[HKEY_LOCAL_MACHINE\software\Cl asses\Wow6432Node\CLSID\{D27CD B70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Cl asses\Wow6432Node\CLSID\{D27CD B70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\\Windows\\SysWOW64\\Macr omed\\Flash\\Flash32_11_3_300_ 265.ocx"
"ThreadingModel"="Apartmen t"

[HKEY_LOCAL_MACHINE\software\Cl asses\Wow6432Node\CLSID\{D27CD B70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1 "

[HKEY_LOCAL_MACHINE\software\Cl asses\Wow6432Node\CLSID\{D27CD B70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\\Windows\\SysWOW64\\Macr omed\\Flash\\Flash32_11_3_300_ 265.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Cl asses\Wow6432Node\CLSID\{D27CD B70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Cl asses\Wow6432Node\CLSID\{D27CD B70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Cl asses\Wow6432Node\CLSID\{D27CD B70-AE6D-11cf-96B8-444553540000}\VersionIndepende ntProgID]
@="FlashFactory.FlashFactory "

[HKEY_LOCAL_MACHINE\software\Cl asses\Wow6432Node\Interface\{E 3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Cl asses\Wow6432Node\Interface\{E 3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Cl asses\Wow6432Node\Interface\{E 3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\Cont rolSet001\Control\Class\{4D36E 96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSett ings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\Cont rolSet001\Control\Class\{4D36E 96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSett ings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\Cont rolSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

[invite28e3abb9]

Bonjour et bienvenue sur Futura Sciences


ComboFix est un outil très puissant à ne pas utiliser sans connaissance (même si dans ton cas, il était approprié à l'infection).
As tu toujours des alertes de BitDefender ?

Peux tu faire ce diagnostic :

Télécharge OTL (de OldTimer) sur ton Bureau.

Ferme toutes tes applications en cours

• Lance OTL.exe, l'interface principale s'ouvre.
• Dans la section Rapport en haut à droite de la fenêtre, coche Rapport minimal
• Coche la case Tous les utilisateurs
• Laisse tous les autres paramètres par défaut
• Dans la partie "Personnalisation", copie/colle la liste en citation :

msconfig
/md5start
explorer.exe
winlogon.exe
userinit.exe
svchost.exe
services.exe
wshelper.dll
/md5stop
%ALLUSERSPROFILE%\Application Data\*.exe /s
%ALLUSERSPROFILE%\Application Data\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
CREATERESTOREPOINT

• Clique sur le bouton Analyse rapide, patiente pendant le balayage du système.
• 2 rapports vont s'ouvrir au format bloc-note :
• OTL.txt (qui sera affiché) ainsi que Extras.txt (réduit dans la barre des tâches)
• Poste ces 2 rapports en PJ

Aide : Tutorial OTL (par Malekal)

A +