Steven_CH

# DelFix v8.0 - Rapport créé le 02/06/2011 à 12:37 # Mis à jour le 01/06/11 à 13h par Xplode # Système d'exploitation : Windows 7 Ultimate (32 bits) [Version 6.1.7600] # Nom d'utilisateur : Steph - ASROCK (Administrateur) # Exécuté depuis : C:\Users\Steph\Desktop\delfix0.exe # Option [suppression] ~~~~~~ Dossier(s) ~~~~~~ Supprimé : C:\_OTL Supprimé : C:\_OTM Supprimé : C:\Qoobox Supprimé : C:\tdsskiller Supprimé : C:\USBFix Supprimé : C:\Program Files\trend micro\Hijackthis Supprimé : C:\Program Files\ZHPDiag Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hijackthis Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP ~~~~~~ Fichier(s) ~~~~~~ Supprimé : C:\ComboFix.txt Supprimé : C:\PhysicalDisk0_MBR.bin Supprimé : C:\TDSSKiller.2.5.3.0_30.05.2011_13.32.41_log.txt Supprimé : C:\TDSSKiller.2.5.3.0_30.05.2011_13.34.34_log.txt Supprimé : C:\TDSSKiller.2.5.3.0_31.05.2011_15.43.16_log.txt Supprimé : C:\UsbFix.txt Supprimé : C:\ZHPExportRegistry-30.05.2011-13-23-00.txt Supprimé : C:\ZHPExportRegistry-31.05.2011-22-15-47.txt Supprimé : C:\Windows\grep.exe Supprimé : C:\Windows\MBR.exe Supprimé : C:\Windows\NIRCMD.exe Supprimé : C:\Windows\PEV.exe Supprimé : C:\Windows\sed.exe Supprimé : C:\Windows\SWREG.exe Supprimé : C:\Windows\SWSC.exe Supprimé : C:\Windows\SWXCACLS.exe Supprimé : C:\Windows\zip.exe Supprimé : C:\Users\Steph\Desktop\ComboFix.exe Supprimé : C:\Users\Steph\Desktop\Load_tdsskiller.exe Supprimé : C:\Users\Steph\Desktop\OTL.exe Supprimé : C:\Users\Steph\Desktop\OTM.exe Supprimé : C:\Users\Steph\Desktop\ZHPDiag.txt Supprimé : C:\Users\Steph\Desktop\ZHPFixReport.txt Supprimé : C:\Users\Public\Desktop\MBRCheck.lnk Supprimé : C:\Users\Public\Desktop\ZHPDiag.lnk Supprimé : C:\Users\Public\Desktop\ZHPFix.lnk ~~~~~~ Registre ~~~~~~ Clé Supprimée : HKCU\SOFTWARE\USBFix Clé Supprimée : HKLM\Software\OldTimer Tools Clé Supprimée : HKLM\Software\Swearware Clé Supprimée : HKLM\Software\Classes\.cfxxe Clé Supprimée : HKLM\Software\Classes\cfxxefile Clé Supprimée : HKLM\Software\TrendMicro\Hijackthis Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\USBFix Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1 Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\HijackThis.exe Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe ~~~~~~ Autre ~~~~~~ -> ESET Online Scanner ... Désinstallé avec succès ########## EOF - "C:\DelFixSuppr.txt" - [2660 octets] ##########

Au fait, normal que AntiVir détecte l'autorun sur C:\ ?

Rapport de ZHPFix 1.12.3288 par Nicolas Coolman, Update du 29/05/2011 Fichier d'export Registre : Run by Steph at 31.05.2011 22:15:47 Windows 7 Ultimate Edition, 32-bit (Build 7600) Web site : ZHPFix Fix de rapport ========== Logiciel(s) ========== O42 - Logiciel: Adobe AIR - (.Adobe Systems Inc..) [HKLM] -- Adobe AIR => Logiciel supprimé avec succès ========== Clé(s) du Registre ========== O16 - DPF: Microsoft XML Parser for Java - (Microsoft XML Parser for Java) - (.not file.) - C:\Windows\Java\classes\xmldso.cab => Clé supprimée avec succès O23 - Service: (Microsoft SharePoint Workspace Audit Service) - Clé orpheline => Clé supprimée avec succès HKLM\Software\Classes\AppID\SoftwareUpdate.exe => Clé supprimée avec succès HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0} => Clé supprimée avec succès HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0} => Clé supprimée avec succès HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} => Clé supprimée avec succès HKCR\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} => Clé supprimée avec succès HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} => Clé absente ========== Valeur(s) du Registre ========== O4 - HKLM\..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (.not file.) => Valeur supprimée avec succès O24 - Default MHTML Editor: Last - .(...) - (.not file.) => Valeur absente ========== Dossier(s) ========== c:\users\steph\appdata\locallow\conduit => Supprimé et mis en quarantaine c:\users\steph\appdata\locallow\pricegong => Supprimé et mis en quarantaine Dossiers Flash Cookies supprimés : 1 Dossiers temporaires Windows supprimés: 1 ========== Fichier(s) ========== c:\program files\common files\adobe\arm\1.0\adobearm.exe => Fichier absent Fichiers Flash Cookies supprimés : 0 Fichiers temporaires Windows supprimés : 6 ========== Tache planifiée ========== Task : AdobeAAMUpdater-1.0-Asrock-Steph => Tâche supprimée avec succès ========== Récapitulatif ========== 8 : Clé(s) du Registre 2 : Valeur(s) du Registre 4 : Dossier(s) 3 : Fichier(s) 1 : Logiciel(s) 1 : Tache planifiée End of the scan

All processes killed ========== FILES ========== File/Folder c:\program files\Common Files\Adobe not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: Steph ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 6971755 bytes ->Flash cache emptied: 0 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 7.00 mb OTM by OldTimer - Version 3.1.18.0 log created on 05312011_213733

C'est fait Et voilà le rapport ZHPdiag -> Zippyshare.com - ZHPDiag.txt

Toute à l'air maintenant de fonctionner correctement, merci beaucoup !

ComboFix 11-05-31.01 - Steph 31.05.2011 20:41:55.10.2 - x86 NETWORK Microsoft Windows 7 Ultimate 6.1.7600.0.1252.41.1033.18.2047.1663 [GMT 2:00] Lancé depuis: c:\users\Steph\Desktop\ComboFix.exe Commutateurs utilisés :: c:\users\Steph\Desktop\CFScript.txt AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Un nouveau point de restauration a été créé . FILE :: "c:\program files\Common Files\Adobe" . . ((((((((((((((((((((((((((((( Fichiers créés du 2011-04-28 au 2011-05-31 )))))))))))))))))))))))))))))))))))) . . 2011-05-31 18:48 . 2011-05-31 18:48 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-05-31 14:27 . 2011-05-31 18:48 -------- d-----w- c:\users\Steph\AppData\Local\temp 2011-05-30 11:32 . 2011-05-30 12:56 -------- d-----w- C:\tdsskiller 2011-05-29 20:32 . 2011-05-29 20:32 512 ----a-w- C:\PhysicalDisk0_MBR.bin 2011-05-29 20:19 . 2011-05-30 11:23 -------- d-----w- c:\program files\ZHPDiag 2011-05-29 20:15 . 2011-05-29 20:15 -------- d-----w- c:\program files\VIA 2011-05-29 20:15 . 2010-02-11 09:59 23192 ----a-w- c:\windows\system32\drivers\xfilt.sys 2011-05-29 20:15 . 2010-02-11 09:59 13976 ----a-w- c:\windows\system32\drivers\videX32.sys 2011-05-29 20:13 . 2010-08-06 14:25 45056 ----a-w- c:\windows\system32\drivers\fetn62.sys 2011-05-29 20:13 . 2006-10-27 14:26 69632 ----a-w- c:\windows\system32\vuins32.dll 2011-05-29 20:06 . 2011-05-29 20:11 -------- d--h--w- c:\program files\Temp 2011-05-29 19:56 . 2011-05-31 18:06 -------- d-----w- c:\users\UpdatusUser 2011-05-29 19:54 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll 2011-05-29 19:54 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll 2011-05-29 19:54 . 2011-04-08 05:14 57960 ----a-w- c:\windows\system32\OpenCL.dll 2011-05-29 19:54 . 2011-04-08 05:14 5180824 ----a-w- c:\windows\system32\nvcuda.dll 2011-05-29 19:54 . 2011-04-08 05:14 2765928 ----a-w- c:\windows\system32\nvcuvid.dll 2011-05-29 19:54 . 2011-04-08 05:14 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-05-29 19:54 . 2011-04-08 05:14 15227496 ----a-w- c:\windows\system32\nvoglv32.dll 2011-05-29 19:54 . 2011-04-08 05:14 10690024 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2011-05-29 19:54 . 2011-04-08 05:14 13007464 ----a-w- c:\windows\system32\nvcompiler.dll 2011-05-29 19:54 . 2011-05-29 19:54 -------- d-----w- C:\NVIDIA 2011-05-29 19:49 . 2011-05-29 19:50 -------- d-----w- c:\program files\ma-config.com 2011-05-29 19:49 . 2011-05-29 19:49 -------- d-----w- c:\programdata\ma-config.com 2011-05-23 21:13 . 2011-05-23 21:13 -------- d-----w- c:\users\Steph\AppData\Roaming\AnvSoft 2011-05-23 21:13 . 2011-05-23 21:13 -------- d-----w- c:\program files\AnvSoft 2011-05-18 05:30 . 2011-05-18 05:30 -------- d-----w- c:\programdata\IObit 2011-05-18 05:25 . 2011-05-18 05:25 -------- d-----w- c:\users\Steph\AppData\Roaming\IObit 2011-05-18 05:25 . 2011-05-18 05:25 -------- d-----w- c:\program files\IObit 2011-05-13 11:49 . 2011-05-13 11:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-06 13:55 . 2011-05-06 13:55 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll 2011-05-06 13:55 . 2011-05-06 13:55 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll 2011-05-06 13:55 . 2011-05-06 13:55 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll 2011-05-06 13:55 . 2011-05-06 13:55 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll 2011-05-06 13:55 . 2011-05-06 13:55 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll 2011-05-06 13:55 . 2011-05-06 13:55 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll 2011-05-06 13:55 . 2011-05-06 13:55 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll 2011-05-06 13:55 . 2011-05-06 13:55 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2011-05-06 13:53 . 2011-05-06 13:53 -------- d-----w- C:\found.003 2011-05-05 17:33 . 2011-05-05 17:33 -------- d-----w- C:\_OTM 2011-05-04 23:11 . 2011-05-04 23:11 -------- d-----w- c:\program files\ESET . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-08 05:14 . 2011-05-29 19:54 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd 2011-04-08 05:14 . 2010-07-10 03:37 2034280 ----a-w- c:\windows\system32\nvapi.dll 2011-04-08 05:14 . 2009-06-10 21:19 10071656 ----a-w- c:\windows\system32\nvd3dum.dll 2011-04-07 20:43 . 2011-04-07 20:43 612456 ----a-w- c:\windows\system32\nvvsvc.exe 2011-04-07 20:43 . 2011-04-07 20:43 2582120 ----a-w- c:\windows\system32\nvsvcr.dll 2011-04-07 20:43 . 2011-04-07 20:43 111208 ----a-w- c:\windows\system32\nvmctray.dll 2011-04-07 20:43 . 2011-04-07 20:43 3701352 ----a-w- c:\windows\system32\nvcpl.dll 2011-04-07 20:43 . 2011-04-07 20:43 2565224 ----a-w- c:\windows\system32\nvsvc.dll 2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 14:20 . 2011-04-06 14:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll 2011-04-06 14:20 . 2011-04-06 14:20 197920 ----a-w- c:\windows\system32\dnssdX.dll 2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\system32\dns-sd.exe 2011-03-16 10:57 . 2010-09-10 21:31 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-03-09 19:28 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-05-06 13:55 . 2011-05-06 13:55 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . <pre> c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe c:\program files\ZHPDiag\Quarantine\QuickTime.DIR\QTTask .exe </pre> . ((((((((((((((((((((((((((((( SnapShot@2011-05-31_14.07.56 ))))))))))))))))))))))))))))))))))))))))) . + 2010-02-10 05:54 . 2011-05-31 17:34 45460 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin - 2009-07-14 04:55 . 2011-05-31 13:46 31464 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2009-07-14 04:55 . 2011-05-31 17:34 31464 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-08-21 20:29 . 2011-05-31 18:04 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-08-21 20:29 . 2011-05-31 13:44 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:41 . 2011-05-31 13:44 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:41 . 2011-05-31 18:04 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-09-10 20:52 . 2011-05-31 13:45 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-09-10 20:52 . 2011-05-31 18:04 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-09-10 20:52 . 2011-05-31 13:45 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-09-10 20:52 . 2011-05-31 18:04 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-09-10 20:52 . 2011-05-31 13:45 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-09-10 20:52 . 2011-05-31 18:04 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-08-21 20:53 . 2011-05-31 18:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-08-21 20:53 . 2011-05-31 13:45 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-08-21 20:53 . 2011-05-31 13:45 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-08-21 20:53 . 2011-05-31 18:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-08-21 20:35 . 2011-05-31 13:12 5090 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4098055962-2749868280-2150505687-1000_UserData.bin + 2010-08-21 20:35 . 2011-05-31 17:34 5090 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4098055962-2749868280-2150505687-1000_UserData.bin - 2011-05-31 13:44 . 2011-05-31 13:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-05-31 17:32 . 2011-05-31 18:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-05-31 17:32 . 2011-05-31 18:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-05-31 13:44 . 2011-05-31 13:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2010-02-10 05:43 . 2011-05-31 17:32 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2010-02-10 05:43 . 2011-05-31 11:02 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2010-08-21 20:29 . 2011-05-31 13:44 131072 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-08-21 20:29 . 2011-05-31 18:04 131072 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:47 . 2011-05-31 14:37 713204 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 04:47 . 2011-05-31 13:43 713204 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2010-10-03 17:55 . 2011-05-31 13:43 6094356 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4098055962-2749868280-2150505687-1000-12288.dat + 2010-10-03 17:55 . 2011-05-31 14:37 6094356 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4098055962-2749868280-2150505687-1000-12288.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] "Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-04-21 402832] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2008-12-09 20392] R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-04-21 352656] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992] R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2010-11-02 339624] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360] R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-03-08 421032] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 136176] R2 ioloFileInfoList;iolo FileInfoList Service; [x] R2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600] R2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-01 2271608] R3 BENDER;Pinnacle AV/DV2 Capture;c:\windows\system32\drivers\bender.sys [2006-12-04 203264] R3 FNETTHJM_152D;Freecom Turbo USB 2.0;c:\windows\system32\drivers\fnetthjm_152D.sys [2010-12-11 24448] R3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 136176] R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2011-05-01 311744] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] R3 UCharger;Energizer Usb Charger Driver;c:\windows\system32\Drivers\UCharger.sys [2007-05-15 13765] R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-27 1343400] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contenu du dossier 'Tâches planifiées' . 2011-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 12:02] . 2011-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 12:02] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.ch/ uInternet Settings,ProxyOverride = *.local IE: &Envoyer à OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 192.168.1.1 DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab FF - ProfilePath - c:\users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\17wnhgoh.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.ch/ FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 55111 FF - prefs.js: network.proxy.type - 0 FF - user.js: network.protocol-handler.warn-external.dnupdate - false . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Heure de fin: 2011-05-31 20:51:18 ComboFix-quarantined-files.txt 2011-05-31 18:51 ComboFix2.txt 2011-05-31 18:07 ComboFix3.txt 2011-05-31 14:32 ComboFix4.txt 2011-05-31 14:09 ComboFix5.txt 2011-05-31 18:28 . Avant-CF: 593'707'008 bytes free Après-CF: 766'558'208 bytes free . - - End Of File - - 6EA9B02D99E5022AF8CC2A6514A158E3

Ah et maintenant encore un autre message d'AntiVir Type: Autorun blocked Access to file "F:\autorun.inf" was blocked for your security

ComboFix 11-05-31.01 - Steph 31.05.2011 19:56:00.8.2 - x86 NETWORK Microsoft Windows 7 Ultimate 6.1.7600.0.1252.41.1033.18.2047.1643 [GMT 2:00] Lancé depuis: c:\users\Steph\Desktop\ComboFix.exe Commutateurs utilisés :: c:\users\Steph\Desktop\CFScript.txt AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Un nouveau point de restauration a été créé . . ((((((((((((((((((((((((((((( Fichiers créés du 2011-04-28 au 2011-05-31 )))))))))))))))))))))))))))))))))))) . . 2011-05-31 18:03 . 2011-05-31 18:03 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-05-31 14:27 . 2011-05-31 18:04 -------- d-----w- c:\users\Steph\AppData\Local\temp 2011-05-30 11:32 . 2011-05-30 12:56 -------- d-----w- C:\tdsskiller 2011-05-29 20:32 . 2011-05-29 20:32 512 ----a-w- C:\PhysicalDisk0_MBR.bin 2011-05-29 20:19 . 2011-05-30 11:23 -------- d-----w- c:\program files\ZHPDiag 2011-05-29 20:15 . 2011-05-29 20:15 -------- d-----w- c:\program files\VIA 2011-05-29 20:15 . 2010-02-11 09:59 23192 ----a-w- c:\windows\system32\drivers\xfilt.sys 2011-05-29 20:15 . 2010-02-11 09:59 13976 ----a-w- c:\windows\system32\drivers\videX32.sys 2011-05-29 20:13 . 2010-08-06 14:25 45056 ----a-w- c:\windows\system32\drivers\fetn62.sys 2011-05-29 20:13 . 2006-10-27 14:26 69632 ----a-w- c:\windows\system32\vuins32.dll 2011-05-29 20:06 . 2011-05-29 20:11 -------- d--h--w- c:\program files\Temp 2011-05-29 19:56 . 2011-05-29 21:07 -------- d-----w- c:\users\UpdatusUser 2011-05-29 19:54 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll 2011-05-29 19:54 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll 2011-05-29 19:54 . 2011-04-08 05:14 57960 ----a-w- c:\windows\system32\OpenCL.dll 2011-05-29 19:54 . 2011-04-08 05:14 5180824 ----a-w- c:\windows\system32\nvcuda.dll 2011-05-29 19:54 . 2011-04-08 05:14 2765928 ----a-w- c:\windows\system32\nvcuvid.dll 2011-05-29 19:54 . 2011-04-08 05:14 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-05-29 19:54 . 2011-04-08 05:14 15227496 ----a-w- c:\windows\system32\nvoglv32.dll 2011-05-29 19:54 . 2011-04-08 05:14 10690024 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2011-05-29 19:54 . 2011-04-08 05:14 13007464 ----a-w- c:\windows\system32\nvcompiler.dll 2011-05-29 19:54 . 2011-05-29 19:54 -------- d-----w- C:\NVIDIA 2011-05-29 19:49 . 2011-05-29 19:50 -------- d-----w- c:\program files\ma-config.com 2011-05-29 19:49 . 2011-05-29 19:49 -------- d-----w- c:\programdata\ma-config.com 2011-05-23 21:13 . 2011-05-23 21:13 -------- d-----w- c:\users\Steph\AppData\Roaming\AnvSoft 2011-05-23 21:13 . 2011-05-23 21:13 -------- d-----w- c:\program files\AnvSoft 2011-05-18 05:30 . 2011-05-18 05:30 -------- d-----w- c:\programdata\IObit 2011-05-18 05:25 . 2011-05-18 05:25 -------- d-----w- c:\users\Steph\AppData\Roaming\IObit 2011-05-18 05:25 . 2011-05-18 05:25 -------- d-----w- c:\program files\IObit 2011-05-13 11:49 . 2011-05-13 11:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-06 13:55 . 2011-05-06 13:55 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll 2011-05-06 13:55 . 2011-05-06 13:55 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll 2011-05-06 13:55 . 2011-05-06 13:55 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll 2011-05-06 13:55 . 2011-05-06 13:55 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll 2011-05-06 13:55 . 2011-05-06 13:55 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll 2011-05-06 13:55 . 2011-05-06 13:55 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll 2011-05-06 13:55 . 2011-05-06 13:55 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll 2011-05-06 13:55 . 2011-05-06 13:55 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2011-05-06 13:53 . 2011-05-06 13:53 -------- d-----w- C:\found.003 2011-05-05 17:33 . 2011-05-05 17:33 -------- d-----w- C:\_OTM 2011-05-04 23:11 . 2011-05-04 23:11 -------- d-----w- c:\program files\ESET . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-08 05:14 . 2011-05-29 19:54 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd 2011-04-08 05:14 . 2010-07-10 03:37 2034280 ----a-w- c:\windows\system32\nvapi.dll 2011-04-08 05:14 . 2009-06-10 21:19 10071656 ----a-w- c:\windows\system32\nvd3dum.dll 2011-04-07 20:43 . 2011-04-07 20:43 612456 ----a-w- c:\windows\system32\nvvsvc.exe 2011-04-07 20:43 . 2011-04-07 20:43 2582120 ----a-w- c:\windows\system32\nvsvcr.dll 2011-04-07 20:43 . 2011-04-07 20:43 111208 ----a-w- c:\windows\system32\nvmctray.dll 2011-04-07 20:43 . 2011-04-07 20:43 3701352 ----a-w- c:\windows\system32\nvcpl.dll 2011-04-07 20:43 . 2011-04-07 20:43 2565224 ----a-w- c:\windows\system32\nvsvc.dll 2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 14:20 . 2011-04-06 14:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll 2011-04-06 14:20 . 2011-04-06 14:20 197920 ----a-w- c:\windows\system32\dnssdX.dll 2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\system32\dns-sd.exe 2011-03-16 10:57 . 2010-09-10 21:31 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-03-09 19:28 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-05-06 13:55 . 2011-05-06 13:55 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . <pre> c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe c:\program files\ZHPDiag\Quarantine\QuickTime.DIR\QTTask .exe </pre> . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] "Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-04-21 402832] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 136176] R2 ioloFileInfoList;iolo FileInfoList Service; [x] R2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600] R3 FNETTHJM_152D;Freecom Turbo USB 2.0;c:\windows\system32\drivers\fnetthjm_152D.sys [2010-12-11 24448] R3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 136176] R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2011-05-01 311744] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] R3 UCharger;Energizer Usb Charger Driver;c:\windows\system32\Drivers\UCharger.sys [2007-05-15 13765] R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-27 1343400] S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2008-12-09 20392] S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-04-21 352656] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2010-11-02 339624] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360] S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-03-08 421032] S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-01 2271608] S3 BENDER;Pinnacle AV/DV2 Capture;c:\windows\system32\drivers\bender.sys [2006-12-04 203264] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contenu du dossier 'Tâches planifiées' . 2011-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 12:02] . 2011-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 12:02] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.ch/ uInternet Settings,ProxyOverride = *.local IE: &Envoyer à OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 192.168.1.1 DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab FF - ProfilePath - c:\users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\17wnhgoh.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.ch/ FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 55111 FF - prefs.js: network.proxy.type - 0 FF - user.js: network.protocol-handler.warn-external.dnupdate - false . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\nvvsvc.exe c:\program files\NVIDIA Corporation\Display\NvXDSync.exe c:\windows\system32\nvvsvc.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\conhost.exe c:\windows\system32\crypserv.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\windows\system32\sppsvc.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\taskhost.exe c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe c:\windows\system32\conhost.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\DllHost.exe . ************************************************************************** . Heure de fin: 2011-05-31 20:07:29 - La machine a redémarré ComboFix-quarantined-files.txt 2011-05-31 18:07 ComboFix2.txt 2011-05-31 14:32 ComboFix3.txt 2011-05-31 14:09 ComboFix4.txt 2011-05-30 13:04 . Avant-CF: 591'527'936 bytes free Après-CF: 445'792'256 bytes free . - - End Of File - - B0EF91509F854062F374E1A8CF4B7E0A Et voilà le message d'erreur exacte d'AntiVir: Zippyshare.com - AVIRA.gif

ComboFix 11-05-30.08 - Steph 31.05.2011 16:20:26.6.2 - x86 MINIMAL Microsoft Windows 7 Ultimate 6.1.7600.0.1252.41.1033.18.2047.1698 [GMT 2:00] Lancé depuis: c:\users\Steph\Desktop\ComboFix.exe Commutateurs utilisés :: c:\users\Steph\Desktop\CFScript.txt AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Un nouveau point de restauration a été créé . FILE :: "c:\windows\system32\easyUpdatusAPIU.dll" . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\easyUpdatusAPIU.dll . . ((((((((((((((((((((((((((((( Fichiers créés du 2011-04-28 au 2011-05-31 )))))))))))))))))))))))))))))))))))) . . 2011-05-31 14:27 . 2011-05-31 14:29 -------- d-----w- c:\users\Steph\AppData\Local\temp 2011-05-31 14:27 . 2011-05-31 14:27 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-05-30 11:32 . 2011-05-30 12:56 -------- d-----w- C:\tdsskiller 2011-05-29 20:32 . 2011-05-29 20:32 512 ----a-w- C:\PhysicalDisk0_MBR.bin 2011-05-29 20:19 . 2011-05-30 11:23 -------- d-----w- c:\program files\ZHPDiag 2011-05-29 20:15 . 2011-05-29 20:15 -------- d-----w- c:\program files\VIA 2011-05-29 20:15 . 2010-02-11 09:59 23192 ----a-w- c:\windows\system32\drivers\xfilt.sys 2011-05-29 20:15 . 2010-02-11 09:59 13976 ----a-w- c:\windows\system32\drivers\videX32.sys 2011-05-29 20:13 . 2010-08-06 14:25 45056 ----a-w- c:\windows\system32\drivers\fetn62.sys 2011-05-29 20:13 . 2006-10-27 14:26 69632 ----a-w- c:\windows\system32\vuins32.dll 2011-05-29 20:06 . 2011-05-29 20:11 -------- d--h--w- c:\program files\Temp 2011-05-29 19:56 . 2011-05-29 21:07 -------- d-----w- c:\users\UpdatusUser 2011-05-29 19:54 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll 2011-05-29 19:54 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll 2011-05-29 19:54 . 2011-04-08 05:14 57960 ----a-w- c:\windows\system32\OpenCL.dll 2011-05-29 19:54 . 2011-04-08 05:14 5180824 ----a-w- c:\windows\system32\nvcuda.dll 2011-05-29 19:54 . 2011-04-08 05:14 2765928 ----a-w- c:\windows\system32\nvcuvid.dll 2011-05-29 19:54 . 2011-04-08 05:14 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-05-29 19:54 . 2011-04-08 05:14 15227496 ----a-w- c:\windows\system32\nvoglv32.dll 2011-05-29 19:54 . 2011-04-08 05:14 10690024 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2011-05-29 19:54 . 2011-04-08 05:14 13007464 ----a-w- c:\windows\system32\nvcompiler.dll 2011-05-29 19:54 . 2011-05-29 19:54 -------- d-----w- C:\NVIDIA 2011-05-29 19:49 . 2011-05-29 19:50 -------- d-----w- c:\program files\ma-config.com 2011-05-29 19:49 . 2011-05-29 19:49 -------- d-----w- c:\programdata\ma-config.com 2011-05-23 21:13 . 2011-05-23 21:13 -------- d-----w- c:\users\Steph\AppData\Roaming\AnvSoft 2011-05-23 21:13 . 2011-05-23 21:13 -------- d-----w- c:\program files\AnvSoft 2011-05-18 05:30 . 2011-05-18 05:30 -------- d-----w- c:\programdata\IObit 2011-05-18 05:25 . 2011-05-18 05:25 -------- d-----w- c:\users\Steph\AppData\Roaming\IObit 2011-05-18 05:25 . 2011-05-18 05:25 -------- d-----w- c:\program files\IObit 2011-05-13 11:49 . 2011-05-13 11:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-06 13:55 . 2011-05-06 13:55 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll 2011-05-06 13:55 . 2011-05-06 13:55 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll 2011-05-06 13:55 . 2011-05-06 13:55 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll 2011-05-06 13:55 . 2011-05-06 13:55 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll 2011-05-06 13:55 . 2011-05-06 13:55 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll 2011-05-06 13:55 . 2011-05-06 13:55 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll 2011-05-06 13:55 . 2011-05-06 13:55 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll 2011-05-06 13:55 . 2011-05-06 13:55 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2011-05-06 13:53 . 2011-05-06 13:53 -------- d-----w- C:\found.003 2011-05-05 17:33 . 2011-05-05 17:33 -------- d-----w- C:\_OTM 2011-05-04 23:11 . 2011-05-04 23:11 -------- d-----w- c:\program files\ESET . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-08 05:14 . 2011-05-29 19:54 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd 2011-04-08 05:14 . 2010-07-10 03:37 2034280 ----a-w- c:\windows\system32\nvapi.dll 2011-04-08 05:14 . 2009-06-10 21:19 10071656 ----a-w- c:\windows\system32\nvd3dum.dll 2011-04-07 20:43 . 2011-04-07 20:43 612456 ----a-w- c:\windows\system32\nvvsvc.exe 2011-04-07 20:43 . 2011-04-07 20:43 2582120 ----a-w- c:\windows\system32\nvsvcr.dll 2011-04-07 20:43 . 2011-04-07 20:43 111208 ----a-w- c:\windows\system32\nvmctray.dll 2011-04-07 20:43 . 2011-04-07 20:43 3701352 ----a-w- c:\windows\system32\nvcpl.dll 2011-04-07 20:43 . 2011-04-07 20:43 2565224 ----a-w- c:\windows\system32\nvsvc.dll 2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 14:20 . 2011-04-06 14:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll 2011-04-06 14:20 . 2011-04-06 14:20 197920 ----a-w- c:\windows\system32\dnssdX.dll 2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\system32\dns-sd.exe 2011-03-16 10:57 . 2010-09-10 21:31 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-03-09 19:28 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-05-06 13:55 . 2011-05-06 13:55 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . <pre> c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe c:\program files\ZHPDiag\Quarantine\QuickTime.DIR\QTTask .exe </pre> . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] "Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-04-21 402832] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 136176] R2 ioloFileInfoList;iolo FileInfoList Service; [x] R3 FNETTHJM_152D;Freecom Turbo USB 2.0;c:\windows\system32\drivers\fnetthjm_152D.sys [2010-12-11 24448] R3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 136176] R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2011-05-01 311744] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] R3 UCharger;Energizer Usb Charger Driver;c:\windows\system32\Drivers\UCharger.sys [2007-05-15 13765] R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-27 1343400] S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2008-12-09 20392] S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-04-21 352656] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2010-11-02 339624] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360] S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-03-08 421032] S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600] S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-01 2271608] S3 BENDER;Pinnacle AV/DV2 Capture;c:\windows\system32\drivers\bender.sys [2006-12-04 203264] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contenu du dossier 'Tâches planifiées' . 2011-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 12:02] . 2011-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 12:02] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.ch/ uInternet Settings,ProxyOverride = *.local IE: &Envoyer à OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 192.168.1.1 DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab FF - ProfilePath - c:\users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\17wnhgoh.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.ch/ FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 55111 FF - prefs.js: network.proxy.type - 0 FF - user.js: network.protocol-handler.warn-external.dnupdate - false . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\nvvsvc.exe c:\program files\NVIDIA Corporation\Display\NvXDSync.exe c:\windows\system32\nvvsvc.exe c:\windows\system32\WUDFHost.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\conhost.exe c:\windows\system32\crypserv.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\windows\system32\sppsvc.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\taskhost.exe c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe c:\windows\system32\conhost.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\DllHost.exe c:\program files\Q-Dir\Q-Dir.exe . ************************************************************************** . Heure de fin: 2011-05-31 16:32:37 - La machine a redémarré ComboFix-quarantined-files.txt 2011-05-31 14:32 ComboFix2.txt 2011-05-31 14:09 ComboFix3.txt 2011-05-30 13:04 . Avant-CF: 660'815'872 bytes free Après-CF: 446'222'336 bytes free . - - End Of File - - 43AB7CEE3B2E1160C78969E53AF57D3D Voilà le résultat, mon pc accepte enfin de s'éteindre, mais AntiVir me signale encore détecté ceci: TR/Crypt.XPACK.gen Est-ce grave docteur ?

ComboFix 11-05-29.02 - Steph 30.05.2011 14:46:51.2.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.41.1033.18.2047.1406 [GMT 2:00] Lancé depuis: c:\users\Steph\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\data C:\FLVDirect.exe c:\program files\Common Files\Java\Java Update\jusched.exe c:\program files\iTunes\iTunesHelper.exe c:\tdsskiller\tdsskiller.exe c:\windows\system32\arp.exe c:\windows\system32\msconfig.exe . . \\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_srvB94 . . ((((((((((((((((((((((((((((( Fichiers créés du 2011-04-28 au 2011-05-30 )))))))))))))))))))))))))))))))))))) . . 2011-05-29 20:32 . 2011-05-29 20:32 512 ----a-w- C:\PhysicalDisk0_MBR.bin 2011-05-29 20:19 . 2011-05-30 11:23 -------- d-----w- c:\program files\ZHPDiag 2011-05-29 20:15 . 2011-05-29 20:15 -------- d-----w- c:\program files\VIA 2011-05-29 20:15 . 2010-02-11 09:59 23192 ----a-w- c:\windows\system32\drivers\xfilt.sys 2011-05-29 20:15 . 2010-02-11 09:59 13976 ----a-w- c:\windows\system32\drivers\videX32.sys 2011-05-29 20:13 . 2010-08-06 14:25 45056 ----a-w- c:\windows\system32\drivers\fetn62.sys 2011-05-29 20:13 . 2006-10-27 14:26 69632 ----a-w- c:\windows\system32\vuins32.dll 2011-05-29 20:06 . 2011-05-29 20:11 -------- d--h--w- c:\program files\Temp 2011-05-29 19:56 . 2011-05-29 21:07 -------- d-----w- c:\users\UpdatusUser 2011-05-29 19:54 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll 2011-05-29 19:54 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll 2011-05-29 19:54 . 2011-04-08 05:14 57960 ----a-w- c:\windows\system32\OpenCL.dll 2011-05-29 19:54 . 2011-04-08 05:14 5180824 ----a-w- c:\windows\system32\nvcuda.dll 2011-05-29 19:54 . 2011-04-08 05:14 2765928 ----a-w- c:\windows\system32\nvcuvid.dll 2011-05-29 19:54 . 2011-04-08 05:14 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-05-29 19:54 . 2011-04-08 05:14 15227496 ----a-w- c:\windows\system32\nvoglv32.dll 2011-05-29 19:54 . 2011-04-08 05:14 10690024 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2011-05-29 19:54 . 2011-04-08 05:14 13007464 ----a-w- c:\windows\system32\nvcompiler.dll 2011-05-29 19:54 . 2011-05-29 19:54 -------- d-----w- C:\NVIDIA 2011-05-29 19:49 . 2011-05-29 19:50 -------- d-----w- c:\program files\ma-config.com 2011-05-29 19:49 . 2011-05-29 19:49 -------- d-----w- c:\programdata\ma-config.com 2011-05-23 21:13 . 2011-05-23 21:13 -------- d-----w- c:\users\Steph\AppData\Roaming\AnvSoft 2011-05-23 21:13 . 2011-05-23 21:13 -------- d-----w- c:\program files\AnvSoft 2011-05-18 05:30 . 2011-05-18 05:30 -------- d-----w- c:\programdata\IObit 2011-05-18 05:25 . 2011-05-18 05:25 -------- d-----w- c:\users\Steph\AppData\Roaming\IObit 2011-05-18 05:25 . 2011-05-18 05:25 -------- d-----w- c:\program files\IObit 2011-05-13 11:49 . 2011-05-13 11:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-06 13:55 . 2011-05-06 13:55 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll 2011-05-06 13:55 . 2011-05-06 13:55 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll 2011-05-06 13:55 . 2011-05-06 13:55 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll 2011-05-06 13:55 . 2011-05-06 13:55 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll 2011-05-06 13:55 . 2011-05-06 13:55 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll 2011-05-06 13:55 . 2011-05-06 13:55 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll 2011-05-06 13:55 . 2011-05-06 13:55 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll 2011-05-06 13:55 . 2011-05-06 13:55 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2011-05-06 13:53 . 2011-05-06 13:53 -------- d-----w- C:\found.003 2011-05-05 17:33 . 2011-05-05 17:33 -------- d-----w- C:\_OTM 2011-05-04 23:11 . 2011-05-04 23:11 -------- d-----w- c:\program files\ESET 2011-05-01 11:00 . 2011-05-01 11:00 -------- d-----w- C:\found.002 . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-08 05:14 . 2011-05-29 19:54 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd 2011-04-08 05:14 . 2010-07-10 03:37 2034280 ----a-w- c:\windows\system32\nvapi.dll 2011-04-08 05:14 . 2009-06-10 21:19 10071656 ----a-w- c:\windows\system32\nvd3dum.dll 2011-04-07 20:43 . 2011-04-07 20:43 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll 2011-04-07 20:43 . 2011-04-07 20:43 612456 ----a-w- c:\windows\system32\nvvsvc.exe 2011-04-07 20:43 . 2011-04-07 20:43 2582120 ----a-w- c:\windows\system32\nvsvcr.dll 2011-04-07 20:43 . 2011-04-07 20:43 111208 ----a-w- c:\windows\system32\nvmctray.dll 2011-04-07 20:43 . 2011-04-07 20:43 3701352 ----a-w- c:\windows\system32\nvcpl.dll 2011-04-07 20:43 . 2011-04-07 20:43 2565224 ----a-w- c:\windows\system32\nvsvc.dll 2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 14:20 . 2011-04-06 14:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll 2011-04-06 14:20 . 2011-04-06 14:20 197920 ----a-w- c:\windows\system32\dnssdX.dll 2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\system32\dns-sd.exe 2011-03-16 10:57 . 2010-09-10 21:31 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-03-09 19:28 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-05-06 13:55 . 2011-05-06 13:55 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . <pre> c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe c:\program files\Avira\AntiVir Desktop\avgnt .exe c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager .exe c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility .exe c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard .exe c:\program files\Common Files\Java\Java Update\jusched .exe c:\program files\iTunes\iTunesHelper .exe c:\program files\Microsoft Office\Office14\BCSSync .exe c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip .exe c:\program files\Spybot - Search & Destroy\TeaTimer .exe c:\program files\TaskAngel\TaskAngel .exe c:\program files\ZHPDiag\Quarantine\QuickTime.DIR\QTTask .exe </pre> . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] "Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-04-21 402832] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-24 281768] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [N/A] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [N/A] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 136176] R2 ioloFileInfoList;iolo FileInfoList Service; [x] R3 FNETTHJM_152D;Freecom Turbo USB 2.0;c:\windows\system32\drivers\fnetthjm_152D.sys [2010-12-11 24448] R3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 136176] R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2011-05-01 311744] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-27 1343400] S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2008-12-09 20392] S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-04-21 352656] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2010-11-02 339624] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360] S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-03-08 421032] S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600] S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-01 2271608] S3 BENDER;Pinnacle AV/DV2 Capture;c:\windows\system32\drivers\bender.sys [2006-12-04 203264] S3 UCharger;Energizer Usb Charger Driver;c:\windows\system32\Drivers\UCharger.sys [2007-05-15 13765] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contenu du dossier 'Tâches planifiées' . 2011-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 12:02] . 2011-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 12:02] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.ch/ uInternet Settings,ProxyOverride = *.local IE: &Envoyer à OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 192.168.1.1 DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab FF - ProfilePath - c:\users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\17wnhgoh.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.ch/ FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 55111 FF - prefs.js: network.proxy.type - 0 FF - user.js: network.protocol-handler.warn-external.dnupdate - false . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\nvvsvc.exe c:\program files\NVIDIA Corporation\Display\NvXDSync.exe c:\windows\system32\nvvsvc.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\rundll32.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\conhost.exe c:\windows\system32\crypserv.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\taskhost.exe c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe c:\windows\system32\conhost.exe c:\windows\system32\DllHost.exe . ************************************************************************** . Heure de fin: 2011-05-30 15:04:04 - La machine a redémarré ComboFix-quarantined-files.txt 2011-05-30 13:04 . Avant-CF: 476'532'736 bytes free Après-CF: 721'145'856 bytes free . - - End Of File - - 3049C909DAFDD1FDC4528F15DA1E811A C:\Program Files\Explorer++ est un explorateur windows plus évolué et que j'avais déjà précédement, l'infection ne doit pas venir de ce programme à mon avis...

Rapport de ZHPFix 1.12.3288 par Nicolas Coolman, Update du 29/05/2011 Fichier d'export Registre : C:\ZHPExportRegistry-30.05.2011-13-23-00.txt Run by Steph at 30.05.2011 13:23:00 Windows 7 Ultimate Edition, 32-bit (Build 7600) Web site : ZHPFix Fix de rapport ========== Clé(s) du Registre ========== O42 - Logiciel: QuickTime - (.Apple Inc..) [HKLM] -- {57752979-A1C9-4C02-856B-FBB27AC4E02C} => Désinstallation logicielle annulée par l'utilisateur ou désinstallation partielle! HKCU\Software\AppDataLow\Software\Conduit => Clé supprimée avec succès HKCU\Software\AppDataLow\Software\PriceGong => Clé supprimée avec succès HKCU\Software\AutocompleteProBHO => Clé supprimée avec succès HKCU\Software\AutocompletePro => Clé supprimée avec succès HKCU\Software\Error Fix => Clé supprimée avec succès HKCU\Software\Jxomfsvgul => Clé supprimée avec succès HKLM\Software\Conduit => Clé supprimée avec succès HKLM\Software\Error Fix => Clé supprimée avec succès HKLM\Software\Jxomfsvgul => Clé supprimée avec succès ========== Valeur(s) du Registre ========== O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask .exe => Valeur absente O4 - HKLM\..\Run: [uSB-Set] wscript C:\Program Files\USB-set\TSR.vbe (.not file.) => Valeur absente O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. => Valeur absente O52 - TDSD: \drivers.desc\"pvmjpg30.dll"="PICVideo 3 M-JPEG VfW Codec" . (.Pas de propriétaire - Pas de description.) -- (.not file.) => Valeur supprimée avec succès O52 - TDSD: \drivers.desc\"Ir50_32.dll"="Indeo R.5.11.15.2.55 codec" . (.Pas de propriétaire - Pas de description.) -- (.not file.) => Valeur supprimée avec succès O52 - TDSD: \Drivers32\"vidc.mjpg"="pvmjpg30.dll" . (.Pas de propriétaire - Pas de description.) -- (.not file.) => Valeur supprimée avec succès O81 - IFC: Internet Feature Controls [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe => Valeur supprimée avec succès O81 - IFC: Internet Feature Controls [HKUS\S-1-5-18] [FEATURE_BROWSER_EMULATION] -- svchost.exe => Valeur absente FirewallRaz (Private) : {D7BE4AF6-F8AA-41B5-B50C-F22A7E58EDA4} => Valeur supprimée avec succès FirewallRaz (Private) : {8913C302-A8F7-42E8-8D14-A559F053C8E1} => Valeur supprimée avec succès ========== Dossier(s) ========== C:\Program Files\QuickTime => Supprimé et mis en quarantaine C:\Program Files\AutocompletePro => Supprimé et mis en quarantaine C:\Program Files\Error Fix => Supprimé et mis en quarantaine C:\Users\Steph\AppData\Roaming\Error Fix => Supprimé et mis en quarantaine Dossiers Flash Cookies supprimés : 4 Dossiers temporaires Windows supprimés: 132 ========== Fichier(s) ========== c:\program files\mozilla firefox\plugins\npqtplugin.dll => Fichier absent c:\program files\mozilla firefox\plugins\npqtplugin2.dll => Fichier absent c:\program files\mozilla firefox\plugins\npqtplugin3.dll => Fichier absent c:\program files\mozilla firefox\plugins\npqtplugin4.dll => Fichier absent c:\program files\mozilla firefox\plugins\npqtplugin5.dll => Fichier absent c:\program files\mozilla firefox\plugins\npqtplugin6.dll => Fichier absent c:\program files\mozilla firefox\plugins\npqtplugin7.dll => Fichier absent c:\program files\quicktime\qttask .exe => Fichier absent c:\program files\usb-set\tsr.vbe => Fichier absent Fichiers Flash Cookies supprimés : 1 Fichiers temporaires Windows supprimés : 233 ========== Tache planifiée ========== Task : At1 => Tâche supprimée avec succès Task : At2 => Tâche supprimée avec succès Task : {3F037422-FF23-48BA-8F89-563710D5C7E5} => Tâche supprimée avec succès Task : {7F8EA61C-CF35-45C8-B3C6-5D899223C9FD} => Tâche supprimée avec succès ========== Récapitulatif ========== 10 : Clé(s) du Registre 10 : Valeur(s) du Registre 6 : Dossier(s) 11 : Fichier(s) 4 : Tache planifiée End of the scan

Bonsoir Bernard, Merci tout d'abord pour ta prompte réponse ! Voilà mes réponses : 01. J'ai installé plusieurs logiciels/périphériques étant donné que j'avais formaté mon ordinateur il y a peu 02. J'ai vérifié l'état des drivers et j'ai mis à jour ceux qui ne l'étaient pas 03. J'ai posté le rapport ZHPDiag ici -> Zippyshare.com - ZHPDiag.txt

Bonjour, Mon PC refuse de s'éteindre et redémarre à chaque fois à la place et affiche le message d'erreur suivant (écran bleu) "Internal Power Error - Crash Dump". Ma configuration: Windows 7 Ultimate 32-bit (anglais) Intel Core 2 CPU / 6300 1.86 GhZ 1.79 GhZ RAM 2.00 Indiquez-moi les rapports dont vous avez besoin et je les posteraient. D'avance merci pour votre aide ! Steven

J'ai effectué l'opération avec Dr. Web Live CD selon le tuto, malheureusement le problème n'est pas totalement résolu, même si j'ai récupéré ma connexion internet, ce qui est déjà un bon début ! Anti-Vir m'indique qu'il bloque le fichier autorun.inf sur mes différents disques durs, est-ce que cela peut éventuellement vous aider à mieux identifier mon infection ?