Steven_CH

# DelFix v8.0 - Rapport créé le 02/06/2011 à 12:37 # Mis à jour le 01/06/11 à 13h par Xplode # Système d'exploitation : Windows 7 Ultimate (32 bits) [Version 6.1.7600] # Nom d'utilisateur : Steph - ASROCK (Administrateur) # Exécuté depuis : C:\Users\Steph\Desktop\delfix0.exe # Option [suppression] ~~~~~~ Dossier(s) ~~~~~~ Supprimé : C:\_OTL Supprimé : C:\_OTM Supprimé : C:\Qoobox Supprimé : C:\tdsskiller Supprimé : C:\USBFix Supprimé : C:\Program Files\trend micro\Hijackthis Supprimé : C:\Program Files\ZHPDiag Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hijackthis Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP ~~~~~~ Fichier(s) ~~~~~~ Supprimé : C:\ComboFix.txt Supprimé : C:\PhysicalDisk0_MBR.bin Supprimé : C:\TDSSKiller.2.5.3.0_30.05.2011_13.32.41_log.txt Supprimé : C:\TDSSKiller.2.5.3.0_30.05.2011_13.34.34_log.txt Supprimé : C:\TDSSKiller.2.5.3.0_31.05.2011_15.43.16_log.txt Supprimé : C:\UsbFix.txt Supprimé : C:\ZHPExportRegistry-30.05.2011-13-23-00.txt Supprimé : C:\ZHPExportRegistry-31.05.2011-22-15-47.txt Supprimé : C:\Windows\grep.exe Supprimé : C:\Windows\MBR.exe Supprimé : C:\Windows\NIRCMD.exe Supprimé : C:\Windows\PEV.exe Supprimé : C:\Windows\sed.exe Supprimé : C:\Windows\SWREG.exe Supprimé : C:\Windows\SWSC.exe Supprimé : C:\Windows\SWXCACLS.exe Supprimé : C:\Windows\zip.exe Supprimé : C:\Users\Steph\Desktop\ComboFix.exe Supprimé : C:\Users\Steph\Desktop\Load_tdsskiller.exe Supprimé : C:\Users\Steph\Desktop\OTL.exe Supprimé : C:\Users\Steph\Desktop\OTM.exe Supprimé : C:\Users\Steph\Desktop\ZHPDiag.txt Supprimé : C:\Users\Steph\Desktop\ZHPFixReport.txt Supprimé : C:\Users\Public\Desktop\MBRCheck.lnk Supprimé : C:\Users\Public\Desktop\ZHPDiag.lnk Supprimé : C:\Users\Public\Desktop\ZHPFix.lnk ~~~~~~ Registre ~~~~~~ Clé Supprimée : HKCU\SOFTWARE\USBFix Clé Supprimée : HKLM\Software\OldTimer Tools Clé Supprimée : HKLM\Software\Swearware Clé Supprimée : HKLM\Software\Classes\.cfxxe Clé Supprimée : HKLM\Software\Classes\cfxxefile Clé Supprimée : HKLM\Software\TrendMicro\Hijackthis Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\USBFix Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1 Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\HijackThis.exe Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe ~~~~~~ Autre ~~~~~~ -> ESET Online Scanner ... Désinstallé avec succès ########## EOF - "C:\DelFixSuppr.txt" - [2660 octets] ##########

Au fait, normal que AntiVir détecte l'autorun sur C:\ ?

Rapport de ZHPFix 1.12.3288 par Nicolas Coolman, Update du 29/05/2011 Fichier d'export Registre : Run by Steph at 31.05.2011 22:15:47 Windows 7 Ultimate Edition, 32-bit (Build 7600) Web site : ZHPFix Fix de rapport ========== Logiciel(s) ========== O42 - Logiciel: Adobe AIR - (.Adobe Systems Inc..) [HKLM] -- Adobe AIR => Logiciel supprimé avec succès ========== Clé(s) du Registre ========== O16 - DPF: Microsoft XML Parser for Java - (Microsoft XML Parser for Java) - (.not file.) - C:\Windows\Java\classes\xmldso.cab => Clé supprimée avec succès O23 - Service: (Microsoft SharePoint Workspace Audit Service) - Clé orpheline => Clé supprimée avec succès HKLM\Software\Classes\AppID\SoftwareUpdate.exe => Clé supprimée avec succès HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0} => Clé supprimée avec succès HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0} => Clé supprimée avec succès HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} => Clé supprimée avec succès HKCR\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} => Clé supprimée avec succès HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} => Clé absente ========== Valeur(s) du Registre ========== O4 - HKLM\..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (.not file.) => Valeur supprimée avec succès O24 - Default MHTML Editor: Last - .(...) - (.not file.) => Valeur absente ========== Dossier(s) ========== c:\users\steph\appdata\locallow\conduit => Supprimé et mis en quarantaine c:\users\steph\appdata\locallow\pricegong => Supprimé et mis en quarantaine Dossiers Flash Cookies supprimés : 1 Dossiers temporaires Windows supprimés: 1 ========== Fichier(s) ========== c:\program files\common files\adobe\arm\1.0\adobearm.exe => Fichier absent Fichiers Flash Cookies supprimés : 0 Fichiers temporaires Windows supprimés : 6 ========== Tache planifiée ========== Task : AdobeAAMUpdater-1.0-Asrock-Steph => Tâche supprimée avec succès ========== Récapitulatif ========== 8 : Clé(s) du Registre 2 : Valeur(s) du Registre 4 : Dossier(s) 3 : Fichier(s) 1 : Logiciel(s) 1 : Tache planifiée End of the scan

All processes killed ========== FILES ========== File/Folder c:\program files\Common Files\Adobe not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: Steph ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 6971755 bytes ->Flash cache emptied: 0 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 7.00 mb OTM by OldTimer - Version 3.1.18.0 log created on 05312011_213733

C'est fait Et voilà le rapport ZHPdiag -> Zippyshare.com - ZHPDiag.txt

Toute à l'air maintenant de fonctionner correctement, merci beaucoup !

ComboFix 11-05-31.01 - Steph 31.05.2011 20:41:55.10.2 - x86 NETWORK Microsoft Windows 7 Ultimate 6.1.7600.0.1252.41.1033.18.2047.1663 [GMT 2:00] Lancé depuis: c:\users\Steph\Desktop\ComboFix.exe Commutateurs utilisés :: c:\users\Steph\Desktop\CFScript.txt AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Un nouveau point de restauration a été créé . FILE :: "c:\program files\Common Files\Adobe" . . ((((((((((((((((((((((((((((( Fichiers créés du 2011-04-28 au 2011-05-31 )))))))))))))))))))))))))))))))))))) . . 2011-05-31 18:48 . 2011-05-31 18:48 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-05-31 14:27 . 2011-05-31 18:48 -------- d-----w- c:\users\Steph\AppData\Local\temp 2011-05-30 11:32 . 2011-05-30 12:56 -------- d-----w- C:\tdsskiller 2011-05-29 20:32 . 2011-05-29 20:32 512 ----a-w- C:\PhysicalDisk0_MBR.bin 2011-05-29 20:19 . 2011-05-30 11:23 -------- d-----w- c:\program files\ZHPDiag 2011-05-29 20:15 . 2011-05-29 20:15 -------- d-----w- c:\program files\VIA 2011-05-29 20:15 . 2010-02-11 09:59 23192 ----a-w- c:\windows\system32\drivers\xfilt.sys 2011-05-29 20:15 . 2010-02-11 09:59 13976 ----a-w- c:\windows\system32\drivers\videX32.sys 2011-05-29 20:13 . 2010-08-06 14:25 45056 ----a-w- c:\windows\system32\drivers\fetn62.sys 2011-05-29 20:13 . 2006-10-27 14:26 69632 ----a-w- c:\windows\system32\vuins32.dll 2011-05-29 20:06 . 2011-05-29 20:11 -------- d--h--w- c:\program files\Temp 2011-05-29 19:56 . 2011-05-31 18:06 -------- d-----w- c:\users\UpdatusUser 2011-05-29 19:54 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll 2011-05-29 19:54 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll 2011-05-29 19:54 . 2011-04-08 05:14 57960 ----a-w- c:\windows\system32\OpenCL.dll 2011-05-29 19:54 . 2011-04-08 05:14 5180824 ----a-w- c:\windows\system32\nvcuda.dll 2011-05-29 19:54 . 2011-04-08 05:14 2765928 ----a-w- c:\windows\system32\nvcuvid.dll 2011-05-29 19:54 . 2011-04-08 05:14 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-05-29 19:54 . 2011-04-08 05:14 15227496 ----a-w- c:\windows\system32\nvoglv32.dll 2011-05-29 19:54 . 2011-04-08 05:14 10690024 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2011-05-29 19:54 . 2011-04-08 05:14 13007464 ----a-w- c:\windows\system32\nvcompiler.dll 2011-05-29 19:54 . 2011-05-29 19:54 -------- d-----w- C:\NVIDIA 2011-05-29 19:49 . 2011-05-29 19:50 -------- d-----w- c:\program files\ma-config.com 2011-05-29 19:49 . 2011-05-29 19:49 -------- d-----w- c:\programdata\ma-config.com 2011-05-23 21:13 . 2011-05-23 21:13 -------- d-----w- c:\users\Steph\AppData\Roaming\AnvSoft 2011-05-23 21:13 . 2011-05-23 21:13 -------- d-----w- c:\program files\AnvSoft 2011-05-18 05:30 . 2011-05-18 05:30 -------- d-----w- c:\programdata\IObit 2011-05-18 05:25 . 2011-05-18 05:25 -------- d-----w- c:\users\Steph\AppData\Roaming\IObit 2011-05-18 05:25 . 2011-05-18 05:25 -------- d-----w- c:\program files\IObit 2011-05-13 11:49 . 2011-05-13 11:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-06 13:55 . 2011-05-06 13:55 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll 2011-05-06 13:55 . 2011-05-06 13:55 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll 2011-05-06 13:55 . 2011-05-06 13:55 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll 2011-05-06 13:55 . 2011-05-06 13:55 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll 2011-05-06 13:55 . 2011-05-06 13:55 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll 2011-05-06 13:55 . 2011-05-06 13:55 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll 2011-05-06 13:55 . 2011-05-06 13:55 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll 2011-05-06 13:55 . 2011-05-06 13:55 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2011-05-06 13:53 . 2011-05-06 13:53 -------- d-----w- C:\found.003 2011-05-05 17:33 . 2011-05-05 17:33 -------- d-----w- C:\_OTM 2011-05-04 23:11 . 2011-05-04 23:11 -------- d-----w- c:\program files\ESET . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-08 05:14 . 2011-05-29 19:54 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd 2011-04-08 05:14 . 2010-07-10 03:37 2034280 ----a-w- c:\windows\system32\nvapi.dll 2011-04-08 05:14 . 2009-06-10 21:19 10071656 ----a-w- c:\windows\system32\nvd3dum.dll 2011-04-07 20:43 . 2011-04-07 20:43 612456 ----a-w- c:\windows\system32\nvvsvc.exe 2011-04-07 20:43 . 2011-04-07 20:43 2582120 ----a-w- c:\windows\system32\nvsvcr.dll 2011-04-07 20:43 . 2011-04-07 20:43 111208 ----a-w- c:\windows\system32\nvmctray.dll 2011-04-07 20:43 . 2011-04-07 20:43 3701352 ----a-w- c:\windows\system32\nvcpl.dll 2011-04-07 20:43 . 2011-04-07 20:43 2565224 ----a-w- c:\windows\system32\nvsvc.dll 2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 14:20 . 2011-04-06 14:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll 2011-04-06 14:20 . 2011-04-06 14:20 197920 ----a-w- c:\windows\system32\dnssdX.dll 2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\system32\dns-sd.exe 2011-03-16 10:57 . 2010-09-10 21:31 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-03-09 19:28 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-05-06 13:55 . 2011-05-06 13:55 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . <pre> c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe c:\program files\ZHPDiag\Quarantine\QuickTime.DIR\QTTask .exe </pre> . ((((((((((((((((((((((((((((( SnapShot@2011-05-31_14.07.56 ))))))))))))))))))))))))))))))))))))))))) . + 2010-02-10 05:54 . 2011-05-31 17:34 45460 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin - 2009-07-14 04:55 . 2011-05-31 13:46 31464 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2009-07-14 04:55 . 2011-05-31 17:34 31464 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-08-21 20:29 . 2011-05-31 18:04 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-08-21 20:29 . 2011-05-31 13:44 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:41 . 2011-05-31 13:44 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:41 . 2011-05-31 18:04 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-09-10 20:52 . 2011-05-31 13:45 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-09-10 20:52 . 2011-05-31 18:04 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-09-10 20:52 . 2011-05-31 13:45 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-09-10 20:52 . 2011-05-31 18:04 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-09-10 20:52 . 2011-05-31 13:45 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-09-10 20:52 . 2011-05-31 18:04 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-08-21 20:53 . 2011-05-31 18:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-08-21 20:53 . 2011-05-31 13:45 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-08-21 20:53 . 2011-05-31 13:45 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-08-21 20:53 . 2011-05-31 18:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-08-21 20:35 . 2011-05-31 13:12 5090 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4098055962-2749868280-2150505687-1000_UserData.bin + 2010-08-21 20:35 . 2011-05-31 17:34 5090 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4098055962-2749868280-2150505687-1000_UserData.bin - 2011-05-31 13:44 . 2011-05-31 13:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-05-31 17:32 . 2011-05-31 18:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-05-31 17:32 . 2011-05-31 18:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-05-31 13:44 . 2011-05-31 13:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2010-02-10 05:43 . 2011-05-31 17:32 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2010-02-10 05:43 . 2011-05-31 11:02 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2010-08-21 20:29 . 2011-05-31 13:44 131072 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-08-21 20:29 . 2011-05-31 18:04 131072 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:47 . 2011-05-31 14:37 713204 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 04:47 . 2011-05-31 13:43 713204 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2010-10-03 17:55 . 2011-05-31 13:43 6094356 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4098055962-2749868280-2150505687-1000-12288.dat + 2010-10-03 17:55 . 2011-05-31 14:37 6094356 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4098055962-2749868280-2150505687-1000-12288.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] "Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-04-21 402832] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2008-12-09 20392] R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-04-21 352656] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992] R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2010-11-02 339624] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360] R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-03-08 421032] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 136176] R2 ioloFileInfoList;iolo FileInfoList Service; [x] R2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600] R2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-01 2271608] R3 BENDER;Pinnacle AV/DV2 Capture;c:\windows\system32\drivers\bender.sys [2006-12-04 203264] R3 FNETTHJM_152D;Freecom Turbo USB 2.0;c:\windows\system32\drivers\fnetthjm_152D.sys [2010-12-11 24448] R3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 136176] R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2011-05-01 311744] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] R3 UCharger;Energizer Usb Charger Driver;c:\windows\system32\Drivers\UCharger.sys [2007-05-15 13765] R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-27 1343400] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contenu du dossier 'Tâches planifiées' . 2011-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 12:02] . 2011-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 12:02] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.ch/ uInternet Settings,ProxyOverride = *.local IE: &Envoyer à OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 192.168.1.1 DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab FF - ProfilePath - c:\users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\17wnhgoh.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.ch/ FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 55111 FF - prefs.js: network.proxy.type - 0 FF - user.js: network.protocol-handler.warn-external.dnupdate - false . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Heure de fin: 2011-05-31 20:51:18 ComboFix-quarantined-files.txt 2011-05-31 18:51 ComboFix2.txt 2011-05-31 18:07 ComboFix3.txt 2011-05-31 14:32 ComboFix4.txt 2011-05-31 14:09 ComboFix5.txt 2011-05-31 18:28 . Avant-CF: 593'707'008 bytes free Après-CF: 766'558'208 bytes free . - - End Of File - - 6EA9B02D99E5022AF8CC2A6514A158E3

Ah et maintenant encore un autre message d'AntiVir Type: Autorun blocked Access to file "F:\autorun.inf" was blocked for your security

ComboFix 11-05-31.01 - Steph 31.05.2011 19:56:00.8.2 - x86 NETWORK Microsoft Windows 7 Ultimate 6.1.7600.0.1252.41.1033.18.2047.1643 [GMT 2:00] Lancé depuis: c:\users\Steph\Desktop\ComboFix.exe Commutateurs utilisés :: c:\users\Steph\Desktop\CFScript.txt AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Un nouveau point de restauration a été créé . . ((((((((((((((((((((((((((((( Fichiers créés du 2011-04-28 au 2011-05-31 )))))))))))))))))))))))))))))))))))) . . 2011-05-31 18:03 . 2011-05-31 18:03 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-05-31 14:27 . 2011-05-31 18:04 -------- d-----w- c:\users\Steph\AppData\Local\temp 2011-05-30 11:32 . 2011-05-30 12:56 -------- d-----w- C:\tdsskiller 2011-05-29 20:32 . 2011-05-29 20:32 512 ----a-w- C:\PhysicalDisk0_MBR.bin 2011-05-29 20:19 . 2011-05-30 11:23 -------- d-----w- c:\program files\ZHPDiag 2011-05-29 20:15 . 2011-05-29 20:15 -------- d-----w- c:\program files\VIA 2011-05-29 20:15 . 2010-02-11 09:59 23192 ----a-w- c:\windows\system32\drivers\xfilt.sys 2011-05-29 20:15 . 2010-02-11 09:59 13976 ----a-w- c:\windows\system32\drivers\videX32.sys 2011-05-29 20:13 . 2010-08-06 14:25 45056 ----a-w- c:\windows\system32\drivers\fetn62.sys 2011-05-29 20:13 . 2006-10-27 14:26 69632 ----a-w- c:\windows\system32\vuins32.dll 2011-05-29 20:06 . 2011-05-29 20:11 -------- d--h--w- c:\program files\Temp 2011-05-29 19:56 . 2011-05-29 21:07 -------- d-----w- c:\users\UpdatusUser 2011-05-29 19:54 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll 2011-05-29 19:54 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll 2011-05-29 19:54 . 2011-04-08 05:14 57960 ----a-w- c:\windows\system32\OpenCL.dll 2011-05-29 19:54 . 2011-04-08 05:14 5180824 ----a-w- c:\windows\system32\nvcuda.dll 2011-05-29 19:54 . 2011-04-08 05:14 2765928 ----a-w- c:\windows\system32\nvcuvid.dll 2011-05-29 19:54 . 2011-04-08 05:14 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-05-29 19:54 . 2011-04-08 05:14 15227496 ----a-w- c:\windows\system32\nvoglv32.dll 2011-05-29 19:54 . 2011-04-08 05:14 10690024 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2011-05-29 19:54 . 2011-04-08 05:14 13007464 ----a-w- c:\windows\system32\nvcompiler.dll 2011-05-29 19:54 . 2011-05-29 19:54 -------- d-----w- C:\NVIDIA 2011-05-29 19:49 . 2011-05-29 19:50 -------- d-----w- c:\program files\ma-config.com 2011-05-29 19:49 . 2011-05-29 19:49 -------- d-----w- c:\programdata\ma-config.com 2011-05-23 21:13 . 2011-05-23 21:13 -------- d-----w- c:\users\Steph\AppData\Roaming\AnvSoft 2011-05-23 21:13 . 2011-05-23 21:13 -------- d-----w- c:\program files\AnvSoft 2011-05-18 05:30 . 2011-05-18 05:30 -------- d-----w- c:\programdata\IObit 2011-05-18 05:25 . 2011-05-18 05:25 -------- d-----w- c:\users\Steph\AppData\Roaming\IObit 2011-05-18 05:25 . 2011-05-18 05:25 -------- d-----w- c:\program files\IObit 2011-05-13 11:49 . 2011-05-13 11:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-06 13:55 . 2011-05-06 13:55 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll 2011-05-06 13:55 . 2011-05-06 13:55 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll 2011-05-06 13:55 . 2011-05-06 13:55 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll 2011-05-06 13:55 . 2011-05-06 13:55 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll 2011-05-06 13:55 . 2011-05-06 13:55 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll 2011-05-06 13:55 . 2011-05-06 13:55 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll 2011-05-06 13:55 . 2011-05-06 13:55 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll 2011-05-06 13:55 . 2011-05-06 13:55 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2011-05-06 13:53 . 2011-05-06 13:53 -------- d-----w- C:\found.003 2011-05-05 17:33 . 2011-05-05 17:33 -------- d-----w- C:\_OTM 2011-05-04 23:11 . 2011-05-04 23:11 -------- d-----w- c:\program files\ESET . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-08 05:14 . 2011-05-29 19:54 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd 2011-04-08 05:14 . 2010-07-10 03:37 2034280 ----a-w- c:\windows\system32\nvapi.dll 2011-04-08 05:14 . 2009-06-10 21:19 10071656 ----a-w- c:\windows\system32\nvd3dum.dll 2011-04-07 20:43 . 2011-04-07 20:43 612456 ----a-w- c:\windows\system32\nvvsvc.exe 2011-04-07 20:43 . 2011-04-07 20:43 2582120 ----a-w- c:\windows\system32\nvsvcr.dll 2011-04-07 20:43 . 2011-04-07 20:43 111208 ----a-w- c:\windows\system32\nvmctray.dll 2011-04-07 20:43 . 2011-04-07 20:43 3701352 ----a-w- c:\windows\system32\nvcpl.dll 2011-04-07 20:43 . 2011-04-07 20:43 2565224 ----a-w- c:\windows\system32\nvsvc.dll 2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 14:20 . 2011-04-06 14:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll 2011-04-06 14:20 . 2011-04-06 14:20 197920 ----a-w- c:\windows\system32\dnssdX.dll 2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\system32\dns-sd.exe 2011-03-16 10:57 . 2010-09-10 21:31 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-03-09 19:28 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-05-06 13:55 . 2011-05-06 13:55 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . <pre> c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe c:\program files\ZHPDiag\Quarantine\QuickTime.DIR\QTTask .exe </pre> . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] "Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-04-21 402832] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 136176] R2 ioloFileInfoList;iolo FileInfoList Service; [x] R2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600] R3 FNETTHJM_152D;Freecom Turbo USB 2.0;c:\windows\system32\drivers\fnetthjm_152D.sys [2010-12-11 24448] R3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 136176] R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2011-05-01 311744] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] R3 UCharger;Energizer Usb Charger Driver;c:\windows\system32\Drivers\UCharger.sys [2007-05-15 13765] R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-27 1343400] S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2008-12-09 20392] S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-04-21 352656] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2010-11-02 339624] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360] S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-03-08 421032] S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-01 2271608] S3 BENDER;Pinnacle AV/DV2 Capture;c:\windows\system32\drivers\bender.sys [2006-12-04 203264] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contenu du dossier 'Tâches planifiées' . 2011-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 12:02] . 2011-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 12:02] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.ch/ uInternet Settings,ProxyOverride = *.local IE: &Envoyer à OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 192.168.1.1 DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab FF - ProfilePath - c:\users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\17wnhgoh.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.ch/ FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 55111 FF - prefs.js: network.proxy.type - 0 FF - user.js: network.protocol-handler.warn-external.dnupdate - false . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\nvvsvc.exe c:\program files\NVIDIA Corporation\Display\NvXDSync.exe c:\windows\system32\nvvsvc.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\conhost.exe c:\windows\system32\crypserv.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\windows\system32\sppsvc.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\taskhost.exe c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe c:\windows\system32\conhost.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\DllHost.exe . ************************************************************************** . Heure de fin: 2011-05-31 20:07:29 - La machine a redémarré ComboFix-quarantined-files.txt 2011-05-31 18:07 ComboFix2.txt 2011-05-31 14:32 ComboFix3.txt 2011-05-31 14:09 ComboFix4.txt 2011-05-30 13:04 . Avant-CF: 591'527'936 bytes free Après-CF: 445'792'256 bytes free . - - End Of File - - B0EF91509F854062F374E1A8CF4B7E0A Et voilà le message d'erreur exacte d'AntiVir: Zippyshare.com - AVIRA.gif

ComboFix 11-05-30.08 - Steph 31.05.2011 16:20:26.6.2 - x86 MINIMAL Microsoft Windows 7 Ultimate 6.1.7600.0.1252.41.1033.18.2047.1698 [GMT 2:00] Lancé depuis: c:\users\Steph\Desktop\ComboFix.exe Commutateurs utilisés :: c:\users\Steph\Desktop\CFScript.txt AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Un nouveau point de restauration a été créé . FILE :: "c:\windows\system32\easyUpdatusAPIU.dll" . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\easyUpdatusAPIU.dll . . ((((((((((((((((((((((((((((( Fichiers créés du 2011-04-28 au 2011-05-31 )))))))))))))))))))))))))))))))))))) . . 2011-05-31 14:27 . 2011-05-31 14:29 -------- d-----w- c:\users\Steph\AppData\Local\temp 2011-05-31 14:27 . 2011-05-31 14:27 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-05-30 11:32 . 2011-05-30 12:56 -------- d-----w- C:\tdsskiller 2011-05-29 20:32 . 2011-05-29 20:32 512 ----a-w- C:\PhysicalDisk0_MBR.bin 2011-05-29 20:19 . 2011-05-30 11:23 -------- d-----w- c:\program files\ZHPDiag 2011-05-29 20:15 . 2011-05-29 20:15 -------- d-----w- c:\program files\VIA 2011-05-29 20:15 . 2010-02-11 09:59 23192 ----a-w- c:\windows\system32\drivers\xfilt.sys 2011-05-29 20:15 . 2010-02-11 09:59 13976 ----a-w- c:\windows\system32\drivers\videX32.sys 2011-05-29 20:13 . 2010-08-06 14:25 45056 ----a-w- c:\windows\system32\drivers\fetn62.sys 2011-05-29 20:13 . 2006-10-27 14:26 69632 ----a-w- c:\windows\system32\vuins32.dll 2011-05-29 20:06 . 2011-05-29 20:11 -------- d--h--w- c:\program files\Temp 2011-05-29 19:56 . 2011-05-29 21:07 -------- d-----w- c:\users\UpdatusUser 2011-05-29 19:54 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll 2011-05-29 19:54 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll 2011-05-29 19:54 . 2011-04-08 05:14 57960 ----a-w- c:\windows\system32\OpenCL.dll 2011-05-29 19:54 . 2011-04-08 05:14 5180824 ----a-w- c:\windows\system32\nvcuda.dll 2011-05-29 19:54 . 2011-04-08 05:14 2765928 ----a-w- c:\windows\system32\nvcuvid.dll 2011-05-29 19:54 . 2011-04-08 05:14 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-05-29 19:54 . 2011-04-08 05:14 15227496 ----a-w- c:\windows\system32\nvoglv32.dll 2011-05-29 19:54 . 2011-04-08 05:14 10690024 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2011-05-29 19:54 . 2011-04-08 05:14 13007464 ----a-w- c:\windows\system32\nvcompiler.dll 2011-05-29 19:54 . 2011-05-29 19:54 -------- d-----w- C:\NVIDIA 2011-05-29 19:49 . 2011-05-29 19:50 -------- d-----w- c:\program files\ma-config.com 2011-05-29 19:49 . 2011-05-29 19:49 -------- d-----w- c:\programdata\ma-config.com 2011-05-23 21:13 . 2011-05-23 21:13 -------- d-----w- c:\users\Steph\AppData\Roaming\AnvSoft 2011-05-23 21:13 . 2011-05-23 21:13 -------- d-----w- c:\program files\AnvSoft 2011-05-18 05:30 . 2011-05-18 05:30 -------- d-----w- c:\programdata\IObit 2011-05-18 05:25 . 2011-05-18 05:25 -------- d-----w- c:\users\Steph\AppData\Roaming\IObit 2011-05-18 05:25 . 2011-05-18 05:25 -------- d-----w- c:\program files\IObit 2011-05-13 11:49 . 2011-05-13 11:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-06 13:55 . 2011-05-06 13:55 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll 2011-05-06 13:55 . 2011-05-06 13:55 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll 2011-05-06 13:55 . 2011-05-06 13:55 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll 2011-05-06 13:55 . 2011-05-06 13:55 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll 2011-05-06 13:55 . 2011-05-06 13:55 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll 2011-05-06 13:55 . 2011-05-06 13:55 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll 2011-05-06 13:55 . 2011-05-06 13:55 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll 2011-05-06 13:55 . 2011-05-06 13:55 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2011-05-06 13:53 . 2011-05-06 13:53 -------- d-----w- C:\found.003 2011-05-05 17:33 . 2011-05-05 17:33 -------- d-----w- C:\_OTM 2011-05-04 23:11 . 2011-05-04 23:11 -------- d-----w- c:\program files\ESET . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-08 05:14 . 2011-05-29 19:54 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd 2011-04-08 05:14 . 2010-07-10 03:37 2034280 ----a-w- c:\windows\system32\nvapi.dll 2011-04-08 05:14 . 2009-06-10 21:19 10071656 ----a-w- c:\windows\system32\nvd3dum.dll 2011-04-07 20:43 . 2011-04-07 20:43 612456 ----a-w- c:\windows\system32\nvvsvc.exe 2011-04-07 20:43 . 2011-04-07 20:43 2582120 ----a-w- c:\windows\system32\nvsvcr.dll 2011-04-07 20:43 . 2011-04-07 20:43 111208 ----a-w- c:\windows\system32\nvmctray.dll 2011-04-07 20:43 . 2011-04-07 20:43 3701352 ----a-w- c:\windows\system32\nvcpl.dll 2011-04-07 20:43 . 2011-04-07 20:43 2565224 ----a-w- c:\windows\system32\nvsvc.dll 2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 14:20 . 2011-04-06 14:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll 2011-04-06 14:20 . 2011-04-06 14:20 197920 ----a-w- c:\windows\system32\dnssdX.dll 2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\system32\dns-sd.exe 2011-03-16 10:57 . 2010-09-10 21:31 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-03-09 19:28 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-05-06 13:55 . 2011-05-06 13:55 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . <pre> c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe c:\program files\ZHPDiag\Quarantine\QuickTime.DIR\QTTask .exe </pre> . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] "Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-04-21 402832] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 136176] R2 ioloFileInfoList;iolo FileInfoList Service; [x] R3 FNETTHJM_152D;Freecom Turbo USB 2.0;c:\windows\system32\drivers\fnetthjm_152D.sys [2010-12-11 24448] R3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 136176] R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2011-05-01 311744] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] R3 UCharger;Energizer Usb Charger Driver;c:\windows\system32\Drivers\UCharger.sys [2007-05-15 13765] R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-27 1343400] S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2008-12-09 20392] S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-04-21 352656] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2010-11-02 339624] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360] S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-03-08 421032] S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600] S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-01 2271608] S3 BENDER;Pinnacle AV/DV2 Capture;c:\windows\system32\drivers\bender.sys [2006-12-04 203264] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contenu du dossier 'Tâches planifiées' . 2011-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 12:02] . 2011-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 12:02] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.ch/ uInternet Settings,ProxyOverride = *.local IE: &Envoyer à OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 192.168.1.1 DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab FF - ProfilePath - c:\users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\17wnhgoh.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.ch/ FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 55111 FF - prefs.js: network.proxy.type - 0 FF - user.js: network.protocol-handler.warn-external.dnupdate - false . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\nvvsvc.exe c:\program files\NVIDIA Corporation\Display\NvXDSync.exe c:\windows\system32\nvvsvc.exe c:\windows\system32\WUDFHost.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\conhost.exe c:\windows\system32\crypserv.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\windows\system32\sppsvc.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\taskhost.exe c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe c:\windows\system32\conhost.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\DllHost.exe c:\program files\Q-Dir\Q-Dir.exe . ************************************************************************** . Heure de fin: 2011-05-31 16:32:37 - La machine a redémarré ComboFix-quarantined-files.txt 2011-05-31 14:32 ComboFix2.txt 2011-05-31 14:09 ComboFix3.txt 2011-05-30 13:04 . Avant-CF: 660'815'872 bytes free Après-CF: 446'222'336 bytes free . - - End Of File - - 43AB7CEE3B2E1160C78969E53AF57D3D Voilà le résultat, mon pc accepte enfin de s'éteindre, mais AntiVir me signale encore détecté ceci: TR/Crypt.XPACK.gen Est-ce grave docteur ?

ComboFix 11-05-29.02 - Steph 30.05.2011 14:46:51.2.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.41.1033.18.2047.1406 [GMT 2:00] Lancé depuis: c:\users\Steph\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\data C:\FLVDirect.exe c:\program files\Common Files\Java\Java Update\jusched.exe c:\program files\iTunes\iTunesHelper.exe c:\tdsskiller\tdsskiller.exe c:\windows\system32\arp.exe c:\windows\system32\msconfig.exe . . \\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_srvB94 . . ((((((((((((((((((((((((((((( Fichiers créés du 2011-04-28 au 2011-05-30 )))))))))))))))))))))))))))))))))))) . . 2011-05-29 20:32 . 2011-05-29 20:32 512 ----a-w- C:\PhysicalDisk0_MBR.bin 2011-05-29 20:19 . 2011-05-30 11:23 -------- d-----w- c:\program files\ZHPDiag 2011-05-29 20:15 . 2011-05-29 20:15 -------- d-----w- c:\program files\VIA 2011-05-29 20:15 . 2010-02-11 09:59 23192 ----a-w- c:\windows\system32\drivers\xfilt.sys 2011-05-29 20:15 . 2010-02-11 09:59 13976 ----a-w- c:\windows\system32\drivers\videX32.sys 2011-05-29 20:13 . 2010-08-06 14:25 45056 ----a-w- c:\windows\system32\drivers\fetn62.sys 2011-05-29 20:13 . 2006-10-27 14:26 69632 ----a-w- c:\windows\system32\vuins32.dll 2011-05-29 20:06 . 2011-05-29 20:11 -------- d--h--w- c:\program files\Temp 2011-05-29 19:56 . 2011-05-29 21:07 -------- d-----w- c:\users\UpdatusUser 2011-05-29 19:54 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll 2011-05-29 19:54 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll 2011-05-29 19:54 . 2011-04-08 05:14 57960 ----a-w- c:\windows\system32\OpenCL.dll 2011-05-29 19:54 . 2011-04-08 05:14 5180824 ----a-w- c:\windows\system32\nvcuda.dll 2011-05-29 19:54 . 2011-04-08 05:14 2765928 ----a-w- c:\windows\system32\nvcuvid.dll 2011-05-29 19:54 . 2011-04-08 05:14 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-05-29 19:54 . 2011-04-08 05:14 15227496 ----a-w- c:\windows\system32\nvoglv32.dll 2011-05-29 19:54 . 2011-04-08 05:14 10690024 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2011-05-29 19:54 . 2011-04-08 05:14 13007464 ----a-w- c:\windows\system32\nvcompiler.dll 2011-05-29 19:54 . 2011-05-29 19:54 -------- d-----w- C:\NVIDIA 2011-05-29 19:49 . 2011-05-29 19:50 -------- d-----w- c:\program files\ma-config.com 2011-05-29 19:49 . 2011-05-29 19:49 -------- d-----w- c:\programdata\ma-config.com 2011-05-23 21:13 . 2011-05-23 21:13 -------- d-----w- c:\users\Steph\AppData\Roaming\AnvSoft 2011-05-23 21:13 . 2011-05-23 21:13 -------- d-----w- c:\program files\AnvSoft 2011-05-18 05:30 . 2011-05-18 05:30 -------- d-----w- c:\programdata\IObit 2011-05-18 05:25 . 2011-05-18 05:25 -------- d-----w- c:\users\Steph\AppData\Roaming\IObit 2011-05-18 05:25 . 2011-05-18 05:25 -------- d-----w- c:\program files\IObit 2011-05-13 11:49 . 2011-05-13 11:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-06 13:55 . 2011-05-06 13:55 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll 2011-05-06 13:55 . 2011-05-06 13:55 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll 2011-05-06 13:55 . 2011-05-06 13:55 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll 2011-05-06 13:55 . 2011-05-06 13:55 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll 2011-05-06 13:55 . 2011-05-06 13:55 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll 2011-05-06 13:55 . 2011-05-06 13:55 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll 2011-05-06 13:55 . 2011-05-06 13:55 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll 2011-05-06 13:55 . 2011-05-06 13:55 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2011-05-06 13:53 . 2011-05-06 13:53 -------- d-----w- C:\found.003 2011-05-05 17:33 . 2011-05-05 17:33 -------- d-----w- C:\_OTM 2011-05-04 23:11 . 2011-05-04 23:11 -------- d-----w- c:\program files\ESET 2011-05-01 11:00 . 2011-05-01 11:00 -------- d-----w- C:\found.002 . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-08 05:14 . 2011-05-29 19:54 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd 2011-04-08 05:14 . 2010-07-10 03:37 2034280 ----a-w- c:\windows\system32\nvapi.dll 2011-04-08 05:14 . 2009-06-10 21:19 10071656 ----a-w- c:\windows\system32\nvd3dum.dll 2011-04-07 20:43 . 2011-04-07 20:43 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll 2011-04-07 20:43 . 2011-04-07 20:43 612456 ----a-w- c:\windows\system32\nvvsvc.exe 2011-04-07 20:43 . 2011-04-07 20:43 2582120 ----a-w- c:\windows\system32\nvsvcr.dll 2011-04-07 20:43 . 2011-04-07 20:43 111208 ----a-w- c:\windows\system32\nvmctray.dll 2011-04-07 20:43 . 2011-04-07 20:43 3701352 ----a-w- c:\windows\system32\nvcpl.dll 2011-04-07 20:43 . 2011-04-07 20:43 2565224 ----a-w- c:\windows\system32\nvsvc.dll 2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 14:20 . 2011-04-06 14:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll 2011-04-06 14:20 . 2011-04-06 14:20 197920 ----a-w- c:\windows\system32\dnssdX.dll 2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\system32\dns-sd.exe 2011-03-16 10:57 . 2010-09-10 21:31 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-03-09 19:28 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-05-06 13:55 . 2011-05-06 13:55 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . <pre> c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe c:\program files\Avira\AntiVir Desktop\avgnt .exe c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager .exe c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility .exe c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard .exe c:\program files\Common Files\Java\Java Update\jusched .exe c:\program files\iTunes\iTunesHelper .exe c:\program files\Microsoft Office\Office14\BCSSync .exe c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip .exe c:\program files\Spybot - Search & Destroy\TeaTimer .exe c:\program files\TaskAngel\TaskAngel .exe c:\program files\ZHPDiag\Quarantine\QuickTime.DIR\QTTask .exe </pre> . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] "Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-04-21 402832] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-24 281768] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [N/A] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [N/A] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 136176] R2 ioloFileInfoList;iolo FileInfoList Service; [x] R3 FNETTHJM_152D;Freecom Turbo USB 2.0;c:\windows\system32\drivers\fnetthjm_152D.sys [2010-12-11 24448] R3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 136176] R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2011-05-01 311744] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-27 1343400] S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2008-12-09 20392] S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-04-21 352656] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2010-11-02 339624] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360] S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-03-08 421032] S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600] S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-01 2271608] S3 BENDER;Pinnacle AV/DV2 Capture;c:\windows\system32\drivers\bender.sys [2006-12-04 203264] S3 UCharger;Energizer Usb Charger Driver;c:\windows\system32\Drivers\UCharger.sys [2007-05-15 13765] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contenu du dossier 'Tâches planifiées' . 2011-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 12:02] . 2011-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 12:02] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.ch/ uInternet Settings,ProxyOverride = *.local IE: &Envoyer à OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 192.168.1.1 DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab FF - ProfilePath - c:\users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\17wnhgoh.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.ch/ FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 55111 FF - prefs.js: network.proxy.type - 0 FF - user.js: network.protocol-handler.warn-external.dnupdate - false . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\nvvsvc.exe c:\program files\NVIDIA Corporation\Display\NvXDSync.exe c:\windows\system32\nvvsvc.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\rundll32.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\conhost.exe c:\windows\system32\crypserv.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\taskhost.exe c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe c:\windows\system32\conhost.exe c:\windows\system32\DllHost.exe . ************************************************************************** . Heure de fin: 2011-05-30 15:04:04 - La machine a redémarré ComboFix-quarantined-files.txt 2011-05-30 13:04 . Avant-CF: 476'532'736 bytes free Après-CF: 721'145'856 bytes free . - - End Of File - - 3049C909DAFDD1FDC4528F15DA1E811A C:\Program Files\Explorer++ est un explorateur windows plus évolué et que j'avais déjà précédement, l'infection ne doit pas venir de ce programme à mon avis...

Rapport de ZHPFix 1.12.3288 par Nicolas Coolman, Update du 29/05/2011 Fichier d'export Registre : C:\ZHPExportRegistry-30.05.2011-13-23-00.txt Run by Steph at 30.05.2011 13:23:00 Windows 7 Ultimate Edition, 32-bit (Build 7600) Web site : ZHPFix Fix de rapport ========== Clé(s) du Registre ========== O42 - Logiciel: QuickTime - (.Apple Inc..) [HKLM] -- {57752979-A1C9-4C02-856B-FBB27AC4E02C} => Désinstallation logicielle annulée par l'utilisateur ou désinstallation partielle! HKCU\Software\AppDataLow\Software\Conduit => Clé supprimée avec succès HKCU\Software\AppDataLow\Software\PriceGong => Clé supprimée avec succès HKCU\Software\AutocompleteProBHO => Clé supprimée avec succès HKCU\Software\AutocompletePro => Clé supprimée avec succès HKCU\Software\Error Fix => Clé supprimée avec succès HKCU\Software\Jxomfsvgul => Clé supprimée avec succès HKLM\Software\Conduit => Clé supprimée avec succès HKLM\Software\Error Fix => Clé supprimée avec succès HKLM\Software\Jxomfsvgul => Clé supprimée avec succès ========== Valeur(s) du Registre ========== O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask .exe => Valeur absente O4 - HKLM\..\Run: [uSB-Set] wscript C:\Program Files\USB-set\TSR.vbe (.not file.) => Valeur absente O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. => Valeur absente O52 - TDSD: \drivers.desc\"pvmjpg30.dll"="PICVideo 3 M-JPEG VfW Codec" . (.Pas de propriétaire - Pas de description.) -- (.not file.) => Valeur supprimée avec succès O52 - TDSD: \drivers.desc\"Ir50_32.dll"="Indeo R.5.11.15.2.55 codec" . (.Pas de propriétaire - Pas de description.) -- (.not file.) => Valeur supprimée avec succès O52 - TDSD: \Drivers32\"vidc.mjpg"="pvmjpg30.dll" . (.Pas de propriétaire - Pas de description.) -- (.not file.) => Valeur supprimée avec succès O81 - IFC: Internet Feature Controls [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe => Valeur supprimée avec succès O81 - IFC: Internet Feature Controls [HKUS\S-1-5-18] [FEATURE_BROWSER_EMULATION] -- svchost.exe => Valeur absente FirewallRaz (Private) : {D7BE4AF6-F8AA-41B5-B50C-F22A7E58EDA4} => Valeur supprimée avec succès FirewallRaz (Private) : {8913C302-A8F7-42E8-8D14-A559F053C8E1} => Valeur supprimée avec succès ========== Dossier(s) ========== C:\Program Files\QuickTime => Supprimé et mis en quarantaine C:\Program Files\AutocompletePro => Supprimé et mis en quarantaine C:\Program Files\Error Fix => Supprimé et mis en quarantaine C:\Users\Steph\AppData\Roaming\Error Fix => Supprimé et mis en quarantaine Dossiers Flash Cookies supprimés : 4 Dossiers temporaires Windows supprimés: 132 ========== Fichier(s) ========== c:\program files\mozilla firefox\plugins\npqtplugin.dll => Fichier absent c:\program files\mozilla firefox\plugins\npqtplugin2.dll => Fichier absent c:\program files\mozilla firefox\plugins\npqtplugin3.dll => Fichier absent c:\program files\mozilla firefox\plugins\npqtplugin4.dll => Fichier absent c:\program files\mozilla firefox\plugins\npqtplugin5.dll => Fichier absent c:\program files\mozilla firefox\plugins\npqtplugin6.dll => Fichier absent c:\program files\mozilla firefox\plugins\npqtplugin7.dll => Fichier absent c:\program files\quicktime\qttask .exe => Fichier absent c:\program files\usb-set\tsr.vbe => Fichier absent Fichiers Flash Cookies supprimés : 1 Fichiers temporaires Windows supprimés : 233 ========== Tache planifiée ========== Task : At1 => Tâche supprimée avec succès Task : At2 => Tâche supprimée avec succès Task : {3F037422-FF23-48BA-8F89-563710D5C7E5} => Tâche supprimée avec succès Task : {7F8EA61C-CF35-45C8-B3C6-5D899223C9FD} => Tâche supprimée avec succès ========== Récapitulatif ========== 10 : Clé(s) du Registre 10 : Valeur(s) du Registre 6 : Dossier(s) 11 : Fichier(s) 4 : Tache planifiée End of the scan

Bonsoir Bernard, Merci tout d'abord pour ta prompte réponse ! Voilà mes réponses : 01. J'ai installé plusieurs logiciels/périphériques étant donné que j'avais formaté mon ordinateur il y a peu 02. J'ai vérifié l'état des drivers et j'ai mis à jour ceux qui ne l'étaient pas 03. J'ai posté le rapport ZHPDiag ici -> Zippyshare.com - ZHPDiag.txt

Bonjour, Mon PC refuse de s'éteindre et redémarre à chaque fois à la place et affiche le message d'erreur suivant (écran bleu) "Internal Power Error - Crash Dump". Ma configuration: Windows 7 Ultimate 32-bit (anglais) Intel Core 2 CPU / 6300 1.86 GhZ 1.79 GhZ RAM 2.00 Indiquez-moi les rapports dont vous avez besoin et je les posteraient. D'avance merci pour votre aide ! Steven

J'ai effectué l'opération avec Dr. Web Live CD selon le tuto, malheureusement le problème n'est pas totalement résolu, même si j'ai récupéré ma connexion internet, ce qui est déjà un bon début ! Anti-Vir m'indique qu'il bloque le fichier autorun.inf sur mes différents disques durs, est-ce que cela peut éventuellement vous aider à mieux identifier mon infection ?

Alors, j'ai suivi la marche à suivre de Combofix et malgré le fait de l'avoir lancé en mode sans échec, après avoir vérifié que l'UAC était toujours désactivé et bien Comboxfix se lance et se charge jusqu'à la fin de la barre d'état bleue et ensuite le système plante, affiche un écran bleu et redémarre

Je suis sur Seven et après vérification, j'ai bien les droits administrateurs et l'UAC était déjà désactivée. A noter que l'utilitaire à l'air de fonctionner correctement, mais n'exécute simplement pas de rapport à la fin de l'activité/avant le redémarrage :-/

J'ai retenté la procédure en mode sans echec, mais le résultat est le même. OTL fait redémarrer le système et ensuite, aucun rapport ne s'affiche. J'ai d'ailleurs un écran bleu au redémarrage ainsi qu'un message d'accueil Windows m'indiquant qu'il ne sait pas fermer correctement lors de la dernière mise hors service... Est-ce que l'infection serait plus grave que vous le pensiez ? Y'a-t-il une alternative à la marche à suivre avec OTL ? En tout cas merci pour votre aide !

Si j'ai bien suivi la procédure pour OTL en collant les données en vert, mais une fois le système redémarré, aucun rapport ne s'affiche. Désolé si je m'y prend mal

OTL logfile created on: 24.04.2011 17:14:01 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Steph\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 0000100c | Country: Suisse | Language: FRS | Date Format: dd.MM.yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free 5.00 Gb Paging File | 4.00 Gb Available in Paging File | 80.00% Paging File free Paging file location(s): [binary data over 100 bytes] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 29.72 Gb Total Space | 6.60 Gb Free Space | 22.22% Space Free | Partition Type: NTFS Drive E: | 2.93 Gb Total Space | 0.38 Gb Free Space | 13.13% Space Free | Partition Type: NTFS Drive F: | 928.58 Gb Total Space | 11.07 Gb Free Space | 1.19% Space Free | Partition Type: NTFS Drive G: | 955.47 Mb Total Space | 753.42 Mb Free Space | 78.85% Space Free | Partition Type: FAT32 Computer Name: ASROCK | User Name: Steph | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.04.24 17:12:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.04.24 13:09:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Steph\Desktop\OTL.exe PRC - [2011.04.21 19:24:36 | 000,131,080 | ---- | M] () -- C:\Program Files\TaskAngel\TaskAngel.exe PRC - [2011.04.21 19:01:13 | 000,131,076 | ---- | M] () -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe PRC - [2011.04.21 19:01:13 | 000,131,076 | ---- | M] () -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe PRC - [2011.04.21 19:01:13 | 000,131,076 | ---- | M] () -- C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe PRC - [2011.04.21 19:01:13 | 000,131,076 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe PRC - [2011.04.01 10:31:38 | 002,271,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2011.03.16 12:57:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011.03.08 10:43:04 | 000,421,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2011.02.10 00:24:54 | 001,373,456 | ---- | M] (MyPocketSoft) -- C:\Program Files\TaskAngel\TaskAngel .exe PRC - [2011.01.31 10:44:43 | 000,035,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl .exe PRC - [2010.11.02 13:32:05 | 000,339,624 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe PRC - [2010.11.02 13:32:05 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt .exe PRC - [2010.11.02 13:32:05 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010.09.21 00:07:44 | 000,932,288 | R--- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM .exe PRC - [2010.03.25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe PRC - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2010.01.14 22:12:21 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2007.02.20 11:07:40 | 000,199,752 | ---- | M] (Pinnacle Systems GmbH) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip .exe PRC - [2006.03.01 03:10:18 | 000,069,632 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe ========== Modules (SafeList) ========== MOD - [2011.04.24 13:09:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Steph\Desktop\OTL.exe MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (ioloFileInfoList) SRV - File not found [Auto | Stopped] -- -- (Bonjour Service) SRV - [2011.04.21 19:01:13 | 000,131,076 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2011.04.21 19:00:54 | 000,059,400 | -HS- | M] () [Auto | Stopped] -- \\?\globalroot\Device\HarddiskVolume2\Windows\Temp\srvB94.tmp [WARNING: \\?\globalroot\Device\HarddiskVolume2\Windows\Temp\srvB94.tmp] -- (srvB94) SRV - [2011.04.01 10:31:38 | 002,271,608 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.03.30 21:52:47 | 003,229,784 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_a35e6b9.dll -- (Akamai) SRV - [2011.03.16 12:57:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.03.08 10:43:04 | 000,421,032 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2010.11.02 13:32:05 | 000,339,624 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2010.11.02 13:32:05 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.09.27 23:08:49 | 001,343,400 | ---- | M] () [unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010.03.25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010.03.25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2006.03.01 03:10:18 | 000,069,632 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License) ========== Driver Services (SafeList) ========== DRV - [2011.03.16 12:57:30 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.12.11 02:19:53 | 000,024,448 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fnetthjm_152D.sys -- (FNETTHJM_152D) DRV - [2010.11.22 13:15:21 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.07.10 05:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009.07.14 00:02:53 | 000,044,032 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetnd6.sys -- (FETNDIS) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.12.09 10:59:30 | 000,020,392 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElRawDsk.sys -- (ElRawDisk) DRV - [2007.05.15 07:43:50 | 000,013,765 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UCharger.sys -- (UCharger) DRV - [2006.12.04 09:36:10 | 000,203,264 | ---- | M] (Pinnacle Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bender.sys -- (BENDER) DRV - [2006.01.10 04:47:27 | 000,031,846 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\ckldrv.sys -- (NetworkX) DRV - [2005.09.23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:58889 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:58889 IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-4098055962-2749868280-2150505687-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKU\S-1-5-21-4098055962-2749868280-2150505687-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-4098055962-2749868280-2150505687-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = Hotmail, Messenger, Divertissement, Actualité, Sport, Voiture, Rencontres et plus IE - HKU\S-1-5-21-4098055962-2749868280-2150505687-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-ch IE - HKU\S-1-5-21-4098055962-2749868280-2150505687-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5D D4 71 2D 0E 85 CB 01 [binary data] IE - HKU\S-1-5-21-4098055962-2749868280-2150505687-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-4098055962-2749868280-2150505687-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-4098055962-2749868280-2150505687-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.ch/" FF - prefs.js..extensions.enabledItems: "" FF - prefs.js..extensions.enabledItems: "" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.2.0.8 FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.2 FF - prefs.js..extensions.enabledItems: adblockpopups@jessehakanen.net:0.2.4 FF - prefs.js..extensions.enabledItems: "" FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.10.2 FF - prefs.js..extensions.enabledItems: yslow@yahoo-inc.com:2.1.0 FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2 FF - prefs.js..extensions.enabledItems: "" FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.1.1 FF - prefs.js..extensions.enabledItems: {d9284e50-81fc-11da-a72b-0800200c9a66}:7.6.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {618D522B-652C-4e19-9194-048700B12ED6}:1.4 FF - prefs.js..extensions.enabledItems: statusbar@toodledo.com:1.77 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.30 21:56:35 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.24 14:20:55 | 000,000,000 | ---D | M] [2010.10.26 17:00:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steph\AppData\Roaming\Mozilla\Extensions [2010.10.26 17:00:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steph\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.08.23 22:04:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steph\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2011.04.24 00:34:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\17wnhgoh.default\extensions [2011.02.06 05:20:39 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\17wnhgoh.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2011.04.01 00:33:44 | 000,000,000 | ---D | M] (Sothink SWF Catcher) -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\17wnhgoh.default\extensions\{618D522B-652C-4e19-9194-048700B12ED6} [2011.04.08 12:39:06 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\17wnhgoh.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2011.04.08 12:39:06 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\17wnhgoh.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2011.04.08 12:39:07 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\17wnhgoh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.02.09 15:12:04 | 000,000,000 | ---D | M] ("Yoono") -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\17wnhgoh.default\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66} [2011.02.20 00:15:21 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\17wnhgoh.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2011.04.21 13:56:51 | 000,000,000 | ---D | M] (Adblock Plus Pop-up Addon) -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\17wnhgoh.default\extensions\adblockpopups@jessehakanen.net [2011.01.12 07:22:35 | 000,000,000 | ---D | M] (Read It Later) -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\17wnhgoh.default\extensions\isreaditlater@ideashower.com [2011.04.15 11:58:22 | 000,000,000 | ---D | M] (Toodledo) -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\17wnhgoh.default\extensions\statusbar@toodledo.com [2010.11.02 19:28:08 | 000,000,000 | ---D | M] (YSlow) -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\17wnhgoh.default\extensions\yslow@yahoo-inc.com [2011.04.24 17:07:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.03.24 14:20:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010.09.11 16:40:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.10.20 16:33:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.03.01 00:17:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.24 14:20:54 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2011.03.24 14:20:54 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2009.07.07 23:20:42 | 000,061,440 | ---- | M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnu.dll [2009.07.07 23:20:42 | 000,065,536 | ---- | M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll [2010.09.14 20:46:49 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll [2009.06.25 13:20:28 | 001,446,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll [2011.03.24 14:20:54 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2007.03.22 19:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL [2011.03.12 13:28:40 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll [2010.12.13 23:02:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll [2010.12.13 23:02:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll [2010.12.13 23:02:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll [2010.12.13 23:02:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll [2010.12.13 23:02:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll [2010.12.13 23:02:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll [2010.12.13 23:02:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll [2010.10.22 12:47:31 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2010.10.22 12:47:31 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2010.10.22 12:47:31 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2010.10.22 12:47:31 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2010.10.22 12:47:31 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2010.10.22 12:47:31 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2010.10.22 12:47:31 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml O1 HOSTS File: ([2010.11.16 02:30:21 | 000,426,463 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 adobe.activate.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 www.adobeereg.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 125.252.224.90 O1 - Hosts: 127.0.0.1 125.252.224.91 O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 14678 more lines... O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe () O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe () O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe () O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe () O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe () O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask .exe (Apple Inc.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe () O4 - HKLM..\Run: [uSB-Set] File not found O4 - HKLM..\Run: [uSBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe () O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4098055962-2749868280-2150505687-1000..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4098055962-2749868280-2150505687-1000..\Run: [TaskAngel] C:\Program Files\TaskAngel\TaskAngel.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKU\S-1-5-21-4098055962-2749868280-2150505687-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\S-1-5-21-4098055962-2749868280-2150505687-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O8 - Extra context menu item: &Envoyer à OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011.04.24 00:35:13 | 000,000,000 | ---D | M] - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2011.04.24 00:35:12 | 000,000,000 | ---D | M] - E:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2011.04.24 00:35:14 | 000,000,000 | ---D | M] - F:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2011.04.24 02:31:20 | 000,000,000 | ---D | M] - G:\autorun.inf -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.24 17:10:00 | 000,000,000 | -HSD | C] -- C:\found.000 [2011.04.24 17:07:54 | 000,000,000 | ---D | C] -- C:\_OTL [2011.04.24 13:11:23 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Steph\Desktop\OTL.exe [2011.04.24 00:35:13 | 000,000,000 | ---D | C] -- C:\autorun.inf [2011.04.23 17:07:50 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2011.04.23 14:46:37 | 000,000,000 | ---D | C] -- C:\UsbFix [2011.04.23 14:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\USB-set [2011.04.23 14:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\USB-set [2011.04.22 13:31:00 | 000,000,000 | ---D | C] -- F:\My Documents\Fichiers Outlook [2011.04.21 16:36:48 | 000,165,888 | ---- | C] (Kenonic Controls) -- C:\Windows\Ckconfig.exe [2011.04.21 16:36:48 | 000,069,632 | ---- | C] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe [2011.04.21 16:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Mail Recovery [2011.04.21 13:50:49 | 000,000,000 | ---D | C] -- C:\Program Files\SysTools Outlook Recovery [2011.04.20 21:13:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.04.20 21:12:30 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011.04.20 21:12:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011.04.20 21:10:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.04.18 14:50:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO [2011.04.13 20:58:49 | 000,000,000 | ---D | C] -- C:\Program Files\TaskAngel [2011.04.13 20:58:49 | 000,000,000 | ---D | C] -- C:\Users\Steph\AppData\Roaming\MyPocketSoft [2011.04.11 03:32:46 | 000,000,000 | ---D | C] -- C:\Users\Steph\AppData\Roaming\RealWorld [2011.04.11 03:32:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealWorld [2011.04.11 03:32:27 | 000,000,000 | ---D | C] -- C:\Program Files\RealWorld Icon Editor [2011.04.06 23:42:13 | 000,000,000 | ---D | C] -- C:\Program Files\Explorer++ [2011.04.06 16:20:16 | 000,197,920 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dnssdX.dll [2011.04.06 16:20:16 | 000,107,808 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe [2011.04.06 16:20:16 | 000,091,424 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dnssd.dll [2011.04.06 16:20:16 | 000,075,040 | ---- | C] (Apple Inc.) -- C:\Windows\System32\jdns_sd.dll [2011.04.01 00:32:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SourceTec [2011.04.01 00:32:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SourceTec [2011.04.01 00:07:08 | 000,000,000 | ---D | C] -- C:\Program Files\SourceTec [2011.03.30 23:31:21 | 000,000,000 | ---D | C] -- C:\Users\Steph\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.03.30 23:31:21 | 000,000,000 | ---D | C] -- C:\Users\Steph\AppData\Roaming\Adobe Mini Bridge CS5 [1998.06.29 10:03:36 | 000,099,840 | ---- | C] ( ) -- C:\Windows\System32\Zipdll.dll [1998.06.29 10:03:36 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\Unzdll.dll ========== Files - Modified Within 30 Days ========== [2011.04.24 17:11:41 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.24 17:11:26 | 000,000,308 | -HS- | M] () -- C:\Windows\tasks\BJJJ.job [2011.04.24 17:11:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.24 17:10:30 | 000,003,392 | ---- | M] () -- C:\bootsqm.dat [2011.04.24 17:07:28 | 000,074,713 | ---- | M] () -- C:\Windows\Q-Dir.ini [2011.04.24 17:07:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.24 13:15:25 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.24 13:15:25 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.24 13:14:14 | 000,014,192 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.24 13:14:14 | 000,014,192 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.24 13:14:10 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin [2011.04.24 13:09:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Steph\Desktop\OTL.exe [2011.04.23 14:56:16 | 208,969,728 | ---- | M] () -- C:\Users\Steph\Desktop\kav_rescue_10.iso [2011.04.23 14:37:35 | 000,001,835 | ---- | M] () -- C:\Users\Steph\Desktop\USB-set.lnk [2011.04.22 19:00:00 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\At2.job [2011.04.22 19:00:00 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\At1.job [2011.04.22 00:20:53 | 000,001,099 | ---- | M] () -- C:\Users\Steph\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk [2011.04.21 22:00:09 | 000,003,828 | ---- | M] () -- C:\Users\Steph\AppData\Roaming\92DA.4C7 [2011.04.21 19:02:57 | 000,001,680 | ---- | M] () -- C:\Windows\System32\esnecil.ind [2011.04.21 19:01:13 | 000,131,076 | ---- | M] () -- C:\ProgramData\UEBeSifOsb.exe [2011.04.21 16:37:07 | 000,001,680 | ---- | M] () -- C:\Windows\System32\esnecil.nlp [2011.04.21 16:37:07 | 000,000,004 | ---- | M] () -- C:\Windows\vx86036.dat [2011.04.21 16:36:56 | 000,000,055 | ---- | M] () -- C:\Windows\Crypkey.ini [2011.04.06 16:20:16 | 000,197,920 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dnssdX.dll [2011.04.06 16:20:16 | 000,107,808 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe [2011.04.06 16:20:16 | 000,091,424 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dnssd.dll [2011.04.06 16:20:16 | 000,075,040 | ---- | M] (Apple Inc.) -- C:\Windows\System32\jdns_sd.dll [2011.04.06 14:27:49 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI [2011.04.01 00:32:49 | 000,001,258 | ---- | M] () -- C:\Users\Steph\Application Data\Microsoft\Internet Explorer\Quick Launch\Sothink SWF Decompiler.lnk ========== Files Created - No Company Name ========== [2011.04.24 17:10:30 | 000,003,392 | ---- | C] () -- C:\bootsqm.dat [2011.04.24 13:14:10 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin [2011.04.23 14:57:30 | 208,969,728 | ---- | C] () -- C:\Users\Steph\Desktop\kav_rescue_10.iso [2011.04.23 14:37:35 | 000,001,835 | ---- | C] () -- C:\Users\Steph\Desktop\USB-set.lnk [2011.04.21 19:24:28 | 000,003,828 | ---- | C] () -- C:\Users\Steph\AppData\Roaming\92DA.4C7 [2011.04.21 19:00:49 | 000,131,076 | ---- | C] () -- C:\ProgramData\UEBeSifOsb.exe [2011.04.21 19:00:24 | 000,000,308 | -HS- | C] () -- C:\Windows\tasks\BJJJ.job [2011.04.21 16:37:07 | 000,001,680 | ---- | C] () -- C:\Windows\System32\esnecil.nlp [2011.04.21 16:37:07 | 000,001,680 | ---- | C] () -- C:\Windows\System32\esnecil.ind [2011.04.21 16:37:07 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat [2011.04.21 16:36:56 | 000,000,055 | ---- | C] () -- C:\Windows\Crypkey.ini [2011.04.21 16:36:48 | 000,031,846 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys [2011.04.21 16:36:48 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe [2011.04.21 16:36:48 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll [2011.04.21 16:36:48 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe [2011.04.21 16:36:24 | 000,000,376 | ---- | C] () -- C:\Windows\tasks\At2.job [2011.04.21 16:35:50 | 000,000,376 | ---- | C] () -- C:\Windows\tasks\At1.job [2011.04.13 20:58:49 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TaskAngel.lnk [2011.04.06 11:45:27 | 000,001,064 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk [2011.04.01 00:32:49 | 000,001,258 | ---- | C] () -- C:\Users\Steph\Application Data\Microsoft\Internet Explorer\Quick Launch\Sothink SWF Decompiler.lnk [2011.03.06 18:27:23 | 000,387,064 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2010.12.28 22:52:47 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll [2010.11.04 14:46:51 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat [2010.10.28 14:02:20 | 000,004,096 | -H-- | C] () -- C:\Users\Steph\AppData\Local\keyfile3.drm [2010.10.18 13:59:56 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2010.10.08 18:30:32 | 000,007,628 | ---- | C] () -- C:\Users\Steph\AppData\Local\Resmon.ResmonCfg [2010.09.21 21:07:21 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.09.18 00:13:29 | 000,014,336 | ---- | C] () -- C:\Users\Steph\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.18 00:04:43 | 000,000,000 | ---- | C] () -- C:\Windows\Graffiti5.2Pin.ini [2010.09.17 20:54:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\qtmlClient.dll [2010.09.14 23:54:57 | 000,000,016 | ---- | C] () -- C:\Windows\System32\msvcsv60.dll [2010.09.14 23:54:57 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat [2010.09.11 16:33:55 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat [2010.08.23 22:04:00 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.08.23 21:37:11 | 000,074,713 | ---- | C] () -- C:\Windows\Q-Dir.ini [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 004,133,520 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,618,714 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,107,034 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2007.05.15 07:43:50 | 000,013,765 | ---- | C] () -- C:\Windows\System32\drivers\UCharger.sys [2007.04.16 14:23:00 | 000,057,344 | ---- | C] () -- C:\Windows\System32\PT21F.DLL [2007.03.26 10:37:20 | 000,001,112 | ---- | C] () -- C:\Windows\System32\PT21L.INI ========== LOP Check ========== [2011.02.09 00:52:25 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\acccore [2010.10.24 18:36:51 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\ArcticLine [2010.12.22 22:54:06 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\CamfrogWEB [2010.09.28 21:50:54 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\CD-LabelPrint [2010.11.19 16:14:17 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.01.14 17:06:21 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Dropbox [2010.09.21 22:01:12 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Encryptomatic, LLC [2011.04.21 16:38:39 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\FileZilla [2010.10.26 17:49:56 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\InfraRecorder [2010.12.28 23:12:34 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\iolo [2010.09.21 22:01:13 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\MessageViewer [2011.04.13 20:58:49 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\MyPocketSoft [2010.09.12 20:45:15 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\NetMedia Providers [2010.11.07 02:22:11 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\NuVJ [2010.09.21 21:06:52 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\proDAD [2010.09.12 20:45:15 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Publish Providers [2011.03.24 14:50:00 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Q-Dir [2010.10.20 15:49:12 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Softland [2010.09.15 00:20:28 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Sony [2011.03.03 18:37:15 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Sony Creative Software [2011.03.30 23:31:21 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.04.06 11:44:20 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\TeamViewer [2010.10.26 17:00:04 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Thunderbird [2011.04.22 00:16:04 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\uTorrent [2011.01.08 12:36:59 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Youtube Downloader HD [2011.04.22 19:00:00 | 000,000,376 | ---- | M] () -- C:\Windows\Tasks\At1.job [2011.04.22 19:00:00 | 000,000,376 | ---- | M] () -- C:\Windows\Tasks\At2.job [2011.04.24 17:11:26 | 000,000,308 | -HS- | M] () -- C:\Windows\Tasks\BJJJ.job [2011.02.08 14:44:45 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report >

Résultats des analyses sur jotti: PhysicalMBR.bin PhysicalMBR.bin - Le scanner antivirus de Jotti WatAdminSvc.exe WatAdminSvc.exe - Le scanner antivirus de Jotti

j'ai essayé d'envoyer les fichiers indiqués plusieurs fois sur www.virustotal.com, mais autant pour l'un que pour l'autre, j'obtiens ce message d'erreur après avoir cliqué sur "envoyer" : "Erreur du serveur! Le serveur a èté victime d'une erreur interne et n'a pas été capable de faire aboutir votre requête. Soit le server est surchargé soit il s'agit d'une erreur dans le script CGI. Si vous pensez qu'il s'agit d'une erreur du serveur, veuillez contacter le gestionnaire du site." Que faire ?

OTL Extras logfile created on: 24.04.2011 13:13:07 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Steph\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 0000100c | Country: Suisse | Language: FRS | Date Format: dd.MM.yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free 5.00 Gb Paging File | 4.00 Gb Available in Paging File | 79.00% Paging File free Paging file location(s): [binary data over 100 bytes] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 29.72 Gb Total Space | 6.61 Gb Free Space | 22.24% Space Free | Partition Type: NTFS Drive E: | 2.93 Gb Total Space | 0.38 Gb Free Space | 13.13% Space Free | Partition Type: NTFS Drive F: | 928.58 Gb Total Space | 11.07 Gb Free Space | 1.19% Space Free | Partition Type: NTFS Drive G: | 955.47 Mb Total Space | 753.61 Mb Free Space | 78.87% Space Free | Partition Type: FAT32 Computer Name: ASROCK | User Name: Steph | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-4098055962-2749868280-2150505687-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup) "_{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension "_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW® Graphics Suite X5 "{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}" = Sony Noise Reduction Plug-In 2.0h "{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup) "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5 "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10 "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data "{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA "{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications ® Core "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 24 "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 "{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime "{29D3773E-54F4-23C2-D523-236A4453B844}_is1" = FileAlyzer "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3514CD14-6F9C-39C9-94F5-6644CAD122CF}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - FRA "{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{3F9170C9-A7C2-408F-A4D8-EC77250040BF}" = Sound Forge Pro 10.0 "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4BF5A325-DEB6-4F24-BF52-E4BF76329E56}" = Yooda Match Density "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{4D9F6AAE-CDA4-44B6-AC20-E59B3E8CB108}" = RealWorld Icon Editor "{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photorécit 3 pour Windows "{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect "{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7 "{5EB90C06-964F-4195-B83E-BD7E55C88415}" = Pilote vidéo Pinnacle "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack "{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pilote vidéo Pinnacle "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{70217FBC-0A7F-4FCE-819E-F17D265A2099}" = Microsoft Visual Round Trip Analyzer v3.0.0253.1024 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10 "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support "{8A8F0E9B-4FC9-3C40-9AFB-9AEEFE81D6A7}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - FRA "{8BAC9DAB-9118-4D13-8CF4-78812CC4755C}" = ACID Pro 7.0 "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8F18CFF8-8259-4148-AD00-2EE572754E92}" = CorelDRAW Graphics Suite X5 - FR "{90140000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2010 "{90140000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2010 "{90140000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2010 "{90140000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2010 "{90140000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2010 "{90140000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2010 "{90140000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2010 "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2010 "{90140000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2010 "{90140000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2010 "{90140000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2010 "{90140000-00BA-040C-0000-0000000FF1CE}" = Microsoft Office Groove MUI (French) 2010 "{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003 "{90849E84-F026-4638-A184-E6FCFD472C34}" = Brother P-touch Software "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-007A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{96FE1BDC-6A66-470B-86A9-75A2966C92BF}" = TitleExtreme "{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14 "{AC76BA86-7AD7-1036-7B44-A94000000001}" = Adobe Reader 9.4.3 - Français "{B3783869-5D14-4838-A042-910DF816D070}" = Xara3D6 "{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5 "{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10 "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications ® Core - English "{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM "{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0 "{E06C8E13-7A8C-434C-8548-34BC4762212D}" = Logitech Harmony Remote Software 7 "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0 "{E89B484C-B913-49A0-959B-89E836001658}" = GEAR 32bit Driver Installer "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{ED21ABB5-7296-4F23-A0D4-F65BEC76882D}" = Visual Basic for Applications ® Core - French "{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic "{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition) "{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10 "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AIM_7" = AIM 7 "Akamai" = Akamai NetSession Interface "Avira AntiVir Desktop" = Avira AntiVir Premium "CCleaner" = CCleaner "CFWebAdvancedU" = CamfrogWEB Advanced ActiveX Plugin (remove only) "doPDF 7 printer_is1" = doPDF 7.1 printer "FileZilla Client" = FileZilla Client 3.4.0 "Folder Marker_is1" = Folder Marker Pro v 3.0 "GIF Movie Gear_is1" = GIF Movie Gear 4.2.3 "Google Earth Pro 4.2" = Google Earth Pro 4.2 "InfraRecorder" = InfraRecorder "InstallShield_{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0 "LinkedIn Outlook Connector" = LinkedIn Outlook Connector "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MediaNavigation.CDLabelPrint" = CD-LabelPrint "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "mmfsetup_is1" = MixMeister Fusion 7.3.5 "Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16) "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "Office14.PROPLUSR" = Microsoft Office Professionnel Plus 2010 "proDAD-Mercalli-1.0" = proDAD Mercalli 1.0 "Q-Dir" = Q-Dir "SoftwareUpdUtility" = Download Updater (AOL LLC) "stax-Pinnacle_is1" = SureThing Express Labeler "TaskAngel" = MyPocketSoft TaskAngel 1.7 "TeamViewer 6" = TeamViewer 6 "T-RackS 24" = T-RackS 24 "Usbfix" = UsbFix By TeamXscript "uTorrent" = µTorrent "VLC media player" = VLC media player 1.1.5 "WinISO_is1" = WinISO 5.3 "WinLiveSuite" = Windows Live "WinRAR archiver" = WinRAR archiver "Xilisoft MP4 Converter" = Xilisoft MP4 Converter "Yooda seeUrank" = Yooda seeUrank "Yooda Submit" = Yooda Submit ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report >

Merci pour votre aide! Voici le rapport OTL.txt : OTL logfile created on: 24.04.2011 13:13:07 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Steph\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 0000100c | Country: Suisse | Language: FRS | Date Format: dd.MM.yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free 5.00 Gb Paging File | 4.00 Gb Available in Paging File | 79.00% Paging File free Paging file location(s): [binary data over 100 bytes] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 29.72 Gb Total Space | 6.61 Gb Free Space | 22.24% Space Free | Partition Type: NTFS Drive E: | 2.93 Gb Total Space | 0.38 Gb Free Space | 13.13% Space Free | Partition Type: NTFS Drive F: | 928.58 Gb Total Space | 11.07 Gb Free Space | 1.19% Space Free | Partition Type: NTFS Drive G: | 955.47 Mb Total Space | 753.61 Mb Free Space | 78.87% Space Free | Partition Type: FAT32 Computer Name: ASROCK | User Name: Steph | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.04.24 13:09:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Steph\Desktop\OTL.exe PRC - [2011.04.23 08:09:15 | 000,131,084 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.04.21 19:24:36 | 000,131,080 | ---- | M] () -- C:\Program Files\TaskAngel\TaskAngel.exe PRC - [2011.04.21 19:01:13 | 000,131,076 | ---- | M] () -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe PRC - [2011.04.21 19:01:13 | 000,131,076 | ---- | M] () -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe PRC - [2011.04.21 19:01:13 | 000,131,076 | ---- | M] () -- C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe PRC - [2011.04.21 19:01:13 | 000,131,076 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe PRC - [2011.04.01 10:31:38 | 002,271,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2011.03.16 12:57:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011.03.08 10:43:04 | 000,421,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2011.02.10 00:24:54 | 001,373,456 | ---- | M] (MyPocketSoft) -- C:\Program Files\TaskAngel\TaskAngel .exe PRC - [2011.01.31 10:44:43 | 000,035,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl .exe PRC - [2010.11.02 13:32:05 | 000,339,624 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe PRC - [2010.11.02 13:32:05 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt .exe PRC - [2010.11.02 13:32:05 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010.09.21 00:07:44 | 000,932,288 | R--- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM .exe PRC - [2010.08.22 21:02:34 | 000,642,560 | ---- | M] (Nenad Hrg (SoftwareOK.com)) -- C:\Program Files\Q-Dir\Q-Dir.exe PRC - [2010.03.25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe PRC - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2010.01.14 22:12:21 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2007.02.20 11:07:40 | 000,199,752 | ---- | M] (Pinnacle Systems GmbH) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip .exe PRC - [2006.03.01 03:10:18 | 000,069,632 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe ========== Modules (SafeList) ========== MOD - [2011.04.24 13:09:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Steph\Desktop\OTL.exe MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (ioloFileInfoList) SRV - [2011.04.21 19:01:13 | 000,131,076 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2011.04.21 19:00:54 | 000,059,400 | -HS- | M] () [Auto | Stopped] -- \\?\globalroot\Device\HarddiskVolume2\Windows\Temp\srvB94.tmp [WARNING: \\?\globalroot\Device\HarddiskVolume2\Windows\Temp\srvB94.tmp] -- (srvB94) SRV - [2011.04.01 10:31:38 | 002,271,608 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.03.30 21:52:47 | 003,229,784 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_a35e6b9.dll -- (Akamai) SRV - [2011.03.16 12:57:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.03.08 10:43:04 | 000,421,032 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2010.11.02 13:32:05 | 000,339,624 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2010.11.02 13:32:05 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.09.27 23:08:49 | 001,343,400 | ---- | M] () [unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010.03.25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010.03.25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2006.03.01 03:10:18 | 000,069,632 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License) ========== Driver Services (SafeList) ========== DRV - [2011.03.16 12:57:30 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.12.11 02:19:53 | 000,024,448 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fnetthjm_152D.sys -- (FNETTHJM_152D) DRV - [2010.11.22 13:15:21 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.07.10 05:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009.07.14 00:02:53 | 000,044,032 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetnd6.sys -- (FETNDIS) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.12.09 10:59:30 | 000,020,392 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElRawDsk.sys -- (ElRawDisk) DRV - [2007.05.15 07:43:50 | 000,013,765 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UCharger.sys -- (UCharger) DRV - [2006.12.04 09:36:10 | 000,203,264 | ---- | M] (Pinnacle Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bender.sys -- (BENDER) DRV - [2006.01.10 04:47:27 | 000,031,846 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\ckldrv.sys -- (NetworkX) DRV - [2005.09.23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:58889 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:58889 IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-4098055962-2749868280-2150505687-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKU\S-1-5-21-4098055962-2749868280-2150505687-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-4098055962-2749868280-2150505687-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = Hotmail, Messenger, Divertissement, Actualité, Sport, Voiture, Rencontres et plus IE - HKU\S-1-5-21-4098055962-2749868280-2150505687-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-ch IE - HKU\S-1-5-21-4098055962-2749868280-2150505687-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5D D4 71 2D 0E 85 CB 01 [binary data] IE - HKU\S-1-5-21-4098055962-2749868280-2150505687-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-4098055962-2749868280-2150505687-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-4098055962-2749868280-2150505687-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-4098055962-2749868280-2150505687-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:55111 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.ch/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.2.0.8 FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.2 FF - prefs.js..extensions.enabledItems: adblockpopups@jessehakanen.net:0.2.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.10.2 FF - prefs.js..extensions.enabledItems: yslow@yahoo-inc.com:2.1.0 FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.1.1 FF - prefs.js..extensions.enabledItems: {d9284e50-81fc-11da-a72b-0800200c9a66}:7.6.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {618D522B-652C-4e19-9194-048700B12ED6}:1.4 FF - prefs.js..extensions.enabledItems: statusbar@toodledo.com:1.77 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.30 21:56:35 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.24 14:20:55 | 000,000,000 | ---D | M] [2010.10.26 17:00:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steph\AppData\Roaming\Mozilla\Extensions [2010.10.26 17:00:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steph\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.08.23 22:04:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steph\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2011.04.24 00:34:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\17wnhgoh.default\extensions [2011.02.06 05:20:39 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\17wnhgoh.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2011.04.01 00:33:44 | 000,000,000 | ---D | M] (Sothink SWF Catcher) -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\17wnhgoh.default\extensions\{618D522B-652C-4e19-9194-048700B12ED6} [2011.04.08 12:39:06 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\17wnhgoh.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2011.04.08 12:39:06 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\17wnhgoh.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2011.04.08 12:39:07 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\17wnhgoh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.02.09 15:12:04 | 000,000,000 | ---D | M] ("Yoono") -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\17wnhgoh.default\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66} [2011.02.20 00:15:21 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\17wnhgoh.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2011.04.21 13:56:51 | 000,000,000 | ---D | M] (Adblock Plus Pop-up Addon) -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\17wnhgoh.default\extensions\adblockpopups@jessehakanen.net [2011.01.12 07:22:35 | 000,000,000 | ---D | M] (Read It Later) -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\17wnhgoh.default\extensions\isreaditlater@ideashower.com [2011.04.15 11:58:22 | 000,000,000 | ---D | M] (Toodledo) -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\17wnhgoh.default\extensions\statusbar@toodledo.com [2010.11.02 19:28:08 | 000,000,000 | ---D | M] (YSlow) -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\17wnhgoh.default\extensions\yslow@yahoo-inc.com [2011.04.22 14:03:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.03.24 14:20:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010.09.11 16:40:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.09.11 18:19:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.20 16:33:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.07 17:04:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.01 00:17:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.03.24 14:20:54 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2011.03.24 14:20:54 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2009.07.07 23:20:42 | 000,061,440 | ---- | M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnu.dll [2009.07.07 23:20:42 | 000,065,536 | ---- | M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll [2010.09.14 20:46:49 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll [2009.06.25 13:20:28 | 001,446,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll [2011.03.24 14:20:54 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2007.03.22 19:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL [2011.03.12 13:28:40 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll [2010.12.13 23:02:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll [2010.12.13 23:02:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll [2010.12.13 23:02:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll [2010.12.13 23:02:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll [2010.12.13 23:02:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll [2010.12.13 23:02:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll [2010.12.13 23:02:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll [2010.10.22 12:47:31 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2010.10.22 12:47:31 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2010.10.22 12:47:31 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2010.10.22 12:47:31 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2010.10.22 12:47:31 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2010.10.22 12:47:31 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2010.10.22 12:47:31 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml O1 HOSTS File: ([2010.11.16 02:30:21 | 000,426,463 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 adobe.activate.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 www.adobeereg.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 125.252.224.90 O1 - Hosts: 127.0.0.1 125.252.224.91 O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 14678 more lines... O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKU\S-1-5-21-4098055962-2749868280-2150505687-1000\..\Toolbar\WebBrowser: (no name) - {05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe () O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe () O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe () O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe () O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe () O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe () O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask .exe (Apple Inc.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe () O4 - HKLM..\Run: [uSB-Set] File not found O4 - HKLM..\Run: [uSBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe () O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4098055962-2749868280-2150505687-1000..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4098055962-2749868280-2150505687-1000..\Run: [TaskAngel] C:\Program Files\TaskAngel\TaskAngel.exe () F3 - HKU\.DEFAULT WinNT: Load - (C:\Windows\TEMP\csrss.exe) - File not found F3 - HKU\S-1-5-18 WinNT: Load - (C:\Windows\TEMP\csrss.exe) - File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKU\S-1-5-21-4098055962-2749868280-2150505687-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\S-1-5-21-4098055962-2749868280-2150505687-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O8 - Extra context menu item: &Envoyer à OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011.04.24 00:35:13 | 000,000,000 | ---D | M] - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2011.04.24 00:35:12 | 000,000,000 | ---D | M] - E:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2011.04.24 00:35:14 | 000,000,000 | ---D | M] - F:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2011.04.24 02:31:20 | 000,000,000 | ---D | M] - G:\autorun.inf -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: srvB94 - \\?\globalroot\Device\HarddiskVolume2\Windows\Temp\srvB94.tmp () NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.IV50 - C:\Windows\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.mjpg - pvmjpg30.dll File not found PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin ========== Files/Folders - Created Within 30 Days ========== [2011.04.24 13:11:23 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Steph\Desktop\OTL.exe [2011.04.24 00:35:13 | 000,000,000 | ---D | C] -- C:\autorun.inf [2011.04.23 17:07:50 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2011.04.23 14:46:37 | 000,000,000 | ---D | C] -- C:\UsbFix [2011.04.23 14:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\USB-set [2011.04.23 14:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\USB-set [2011.04.22 13:31:00 | 000,000,000 | ---D | C] -- F:\My Documents\Fichiers Outlook [2011.04.21 16:36:48 | 000,165,888 | ---- | C] (Kenonic Controls) -- C:\Windows\Ckconfig.exe [2011.04.21 16:36:48 | 000,069,632 | ---- | C] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe [2011.04.21 16:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Mail Recovery [2011.04.21 13:50:49 | 000,000,000 | ---D | C] -- C:\Program Files\SysTools Outlook Recovery [2011.04.20 21:13:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.04.20 21:12:30 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011.04.20 21:12:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011.04.20 21:10:52 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2011.04.20 21:10:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.04.18 14:50:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO [2011.04.13 20:58:49 | 000,000,000 | ---D | C] -- C:\Program Files\TaskAngel [2011.04.13 20:58:49 | 000,000,000 | ---D | C] -- C:\Users\Steph\AppData\Roaming\MyPocketSoft [2011.04.11 03:32:46 | 000,000,000 | ---D | C] -- C:\Users\Steph\AppData\Roaming\RealWorld [2011.04.11 03:32:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealWorld [2011.04.11 03:32:27 | 000,000,000 | ---D | C] -- C:\Program Files\RealWorld Icon Editor [2011.04.06 23:42:13 | 000,000,000 | ---D | C] -- C:\Program Files\Explorer++ [2011.04.06 16:20:16 | 000,197,920 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dnssdX.dll [2011.04.06 16:20:16 | 000,107,808 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe [2011.04.06 16:20:16 | 000,091,424 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dnssd.dll [2011.04.06 16:20:16 | 000,075,040 | ---- | C] (Apple Inc.) -- C:\Windows\System32\jdns_sd.dll [2011.04.01 00:32:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SourceTec [2011.04.01 00:32:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SourceTec [2011.04.01 00:07:08 | 000,000,000 | ---D | C] -- C:\Program Files\SourceTec [2011.03.30 23:31:21 | 000,000,000 | ---D | C] -- C:\Users\Steph\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.03.30 23:31:21 | 000,000,000 | ---D | C] -- C:\Users\Steph\AppData\Roaming\Adobe Mini Bridge CS5 [1998.06.29 10:03:36 | 000,099,840 | ---- | C] ( ) -- C:\Windows\System32\Zipdll.dll [1998.06.29 10:03:36 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\Unzdll.dll ========== Files - Modified Within 30 Days ========== [2011.04.24 13:14:14 | 000,014,192 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.24 13:14:14 | 000,014,192 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.24 13:14:10 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin [2011.04.24 13:12:24 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.24 13:12:24 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.24 13:11:11 | 000,074,711 | ---- | M] () -- C:\Windows\Q-Dir.ini [2011.04.24 13:09:30 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.24 13:09:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Steph\Desktop\OTL.exe [2011.04.24 13:09:00 | 000,000,308 | -HS- | M] () -- C:\Windows\tasks\BJJJ.job [2011.04.24 13:08:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.24 13:07:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.23 14:56:16 | 208,969,728 | ---- | M] () -- C:\Users\Steph\Desktop\kav_rescue_10.iso [2011.04.23 14:37:35 | 000,001,835 | ---- | M] () -- C:\Users\Steph\Desktop\USB-set.lnk [2011.04.22 19:00:00 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\At2.job [2011.04.22 19:00:00 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\At1.job [2011.04.22 00:20:53 | 000,001,099 | ---- | M] () -- C:\Users\Steph\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk [2011.04.21 22:00:09 | 000,003,828 | ---- | M] () -- C:\Users\Steph\AppData\Roaming\92DA.4C7 [2011.04.21 19:02:57 | 000,001,680 | ---- | M] () -- C:\Windows\System32\esnecil.ind [2011.04.21 19:01:13 | 000,131,076 | ---- | M] () -- C:\ProgramData\UEBeSifOsb.exe [2011.04.21 16:37:07 | 000,001,680 | ---- | M] () -- C:\Windows\System32\esnecil.nlp [2011.04.21 16:37:07 | 000,000,004 | ---- | M] () -- C:\Windows\vx86036.dat [2011.04.21 16:36:56 | 000,000,055 | ---- | M] () -- C:\Windows\Crypkey.ini [2011.04.06 16:20:16 | 000,197,920 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dnssdX.dll [2011.04.06 16:20:16 | 000,107,808 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe [2011.04.06 16:20:16 | 000,091,424 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dnssd.dll [2011.04.06 16:20:16 | 000,075,040 | ---- | M] (Apple Inc.) -- C:\Windows\System32\jdns_sd.dll [2011.04.06 14:27:49 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI [2011.04.01 00:32:49 | 000,001,258 | ---- | M] () -- C:\Users\Steph\Application Data\Microsoft\Internet Explorer\Quick Launch\Sothink SWF Decompiler.lnk ========== Files Created - No Company Name ========== [2011.04.24 13:14:10 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin [2011.04.23 14:57:30 | 208,969,728 | ---- | C] () -- C:\Users\Steph\Desktop\kav_rescue_10.iso [2011.04.23 14:37:35 | 000,001,835 | ---- | C] () -- C:\Users\Steph\Desktop\USB-set.lnk [2011.04.21 19:24:28 | 000,003,828 | ---- | C] () -- C:\Users\Steph\AppData\Roaming\92DA.4C7 [2011.04.21 19:00:49 | 000,131,076 | ---- | C] () -- C:\ProgramData\UEBeSifOsb.exe [2011.04.21 19:00:24 | 000,000,308 | -HS- | C] () -- C:\Windows\tasks\BJJJ.job [2011.04.21 16:37:07 | 000,001,680 | ---- | C] () -- C:\Windows\System32\esnecil.nlp [2011.04.21 16:37:07 | 000,001,680 | ---- | C] () -- C:\Windows\System32\esnecil.ind [2011.04.21 16:37:07 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat [2011.04.21 16:36:56 | 000,000,055 | ---- | C] () -- C:\Windows\Crypkey.ini [2011.04.21 16:36:48 | 000,031,846 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys [2011.04.21 16:36:48 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe [2011.04.21 16:36:48 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll [2011.04.21 16:36:48 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe [2011.04.21 16:36:24 | 000,000,376 | ---- | C] () -- C:\Windows\tasks\At2.job [2011.04.21 16:35:50 | 000,000,376 | ---- | C] () -- C:\Windows\tasks\At1.job [2011.04.13 20:58:49 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TaskAngel.lnk [2011.04.06 11:45:27 | 000,001,064 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk [2011.04.01 00:32:49 | 000,001,258 | ---- | C] () -- C:\Users\Steph\Application Data\Microsoft\Internet Explorer\Quick Launch\Sothink SWF Decompiler.lnk [2011.03.06 18:27:23 | 000,387,064 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2010.12.28 22:52:47 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll [2010.11.04 14:46:51 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat [2010.10.28 14:02:20 | 000,004,096 | -H-- | C] () -- C:\Users\Steph\AppData\Local\keyfile3.drm [2010.10.18 13:59:56 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2010.10.08 18:30:32 | 000,007,628 | ---- | C] () -- C:\Users\Steph\AppData\Local\Resmon.ResmonCfg [2010.09.21 21:07:21 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.09.18 00:13:29 | 000,014,336 | ---- | C] () -- C:\Users\Steph\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.18 00:04:43 | 000,000,000 | ---- | C] () -- C:\Windows\Graffiti5.2Pin.ini [2010.09.17 20:54:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\qtmlClient.dll [2010.09.14 23:54:57 | 000,000,016 | ---- | C] () -- C:\Windows\System32\msvcsv60.dll [2010.09.14 23:54:57 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat [2010.09.11 16:33:55 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat [2010.08.23 22:04:00 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.08.23 21:37:11 | 000,074,711 | ---- | C] () -- C:\Windows\Q-Dir.ini [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 004,133,520 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,618,714 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,107,034 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2007.05.15 07:43:50 | 000,013,765 | ---- | C] () -- C:\Windows\System32\drivers\UCharger.sys [2007.04.16 14:23:00 | 000,057,344 | ---- | C] () -- C:\Windows\System32\PT21F.DLL [2007.03.26 10:37:20 | 000,001,112 | ---- | C] () -- C:\Windows\System32\PT21L.INI ========== LOP Check ========== [2011.02.09 00:52:25 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\acccore [2010.10.24 18:36:51 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\ArcticLine [2010.12.22 22:54:06 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\CamfrogWEB [2010.09.28 21:50:54 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\CD-LabelPrint [2010.11.19 16:14:17 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.01.14 17:06:21 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Dropbox [2010.09.21 22:01:12 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Encryptomatic, LLC [2011.04.21 16:38:39 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\FileZilla [2010.10.26 17:49:56 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\InfraRecorder [2010.12.28 23:12:34 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\iolo [2010.09.21 22:01:13 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\MessageViewer [2011.04.13 20:58:49 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\MyPocketSoft [2010.09.12 20:45:15 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\NetMedia Providers [2010.11.07 02:22:11 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\NuVJ [2010.09.21 21:06:52 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\proDAD [2010.09.12 20:45:15 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Publish Providers [2011.03.24 14:50:00 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Q-Dir [2010.10.20 15:49:12 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Softland [2010.09.15 00:20:28 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Sony [2011.03.03 18:37:15 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Sony Creative Software [2011.03.30 23:31:21 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.04.06 11:44:20 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\TeamViewer [2010.10.26 17:00:04 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Thunderbird [2011.04.22 00:16:04 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\uTorrent [2011.01.08 12:36:59 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Youtube Downloader HD [2011.04.22 19:00:00 | 000,000,376 | ---- | M] () -- C:\Windows\Tasks\At1.job [2011.04.22 19:00:00 | 000,000,376 | ---- | M] () -- C:\Windows\Tasks\At2.job [2011.04.24 13:09:00 | 000,000,308 | -HS- | M] () -- C:\Windows\Tasks\BJJJ.job [2011.02.08 14:44:45 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > [2011.02.13 21:44:40 | 000,000,286 | ---- | M] () -- C:\FLVDirect.exe < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %appdata% *.exe /s > < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ALG.EXE > [2009.07.14 03:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) MD5=18A54E132947CD98FEA9ACCC57F98F13 -- C:\Windows\System32\alg.exe [2009.07.14 03:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) MD5=18A54E132947CD98FEA9ACCC57F98F13 -- C:\Windows\winsxs\x86_microsoft-windows-alg_31bf3856ad364e35_6.1.7600.16385_none_a8bfa843bc721ead\alg.exe < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: CDROM.SYS > [2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys [2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys [2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: CSRSS.EXE > [2009.07.14 03:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\System32\csrss.exe [2009.07.14 03:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_58ba39fb456943bd\csrss.exe < MD5 for: EXPLORER.EXE > [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: FXSSVC.EXE > [2009.07.14 03:14:20 | 000,522,752 | ---- | M] (Microsoft Corporation) MD5=F7EA23CC5E6BF2181F3F399D54F6EFC1 -- C:\Windows\System32\FXSSVC.exe [2009.07.14 03:14:20 | 000,522,752 | ---- | M] (Microsoft Corporation) MD5=F7EA23CC5E6BF2181F3F399D54F6EFC1 -- C:\Windows\winsxs\x86_microsoft-windows-fax-service_31bf3856ad364e35_6.1.7600.16385_none_acf9efe0e19d01e2\FXSSVC.exe < MD5 for: IASTORV.SYS > [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys < MD5 for: IESETUP.DLL > [2009.07.14 03:15:28 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=30AAEBF099DFB1CFAD22BB664E3F0BC5 -- C:\Windows\System32\iesetup.dll [2009.07.14 03:15:28 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=30AAEBF099DFB1CFAD22BB664E3F0BC5 -- C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.7600.16385_none_e061527f36ced75c\iesetup.dll < MD5 for: INSENG.DLL > [2009.07.14 03:15:33 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=CEE8E89A211C5765DDFC20BBAACE2D48 -- C:\Windows\System32\inseng.dll [2009.07.14 03:15:33 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=CEE8E89A211C5765DDFC20BBAACE2D48 -- C:\Windows\winsxs\x86_microsoft-windows-ie-setup_31bf3856ad364e35_8.0.7600.16385_none_b3cff901201ddb2c\inseng.dll < MD5 for: LOCATOR.EXE > [2009.07.14 03:14:22 | 000,009,216 | ---- | M] (Microsoft Corporation) MD5=94D36C0E44677DD26981D2BFEEF2A29D -- C:\Windows\System32\Locator.exe [2009.07.14 03:14:22 | 000,009,216 | ---- | M] (Microsoft Corporation) MD5=94D36C0E44677DD26981D2BFEEF2A29D -- C:\Windows\winsxs\x86_microsoft-windows-rpc-locator_31bf3856ad364e35_6.1.7600.16385_none_cf0ae9504deb8ab1\Locator.exe < MD5 for: LSASS.EXE > [2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\System32\lsass.exe [2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_a620e0e5be1ecda7\lsass.exe [2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\lsass.exe [2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\lsass.exe < MD5 for: MSDTC.EXE > [2009.07.14 03:14:25 | 000,134,144 | ---- | M] (Microsoft Corporation) MD5=E1BCE74A3BD9902B72599C0192A07E27 -- C:\Windows\System32\msdtc.exe [2009.07.14 03:14:25 | 000,134,144 | ---- | M] (Microsoft Corporation) MD5=E1BCE74A3BD9902B72599C0192A07E27 -- C:\Windows\winsxs\x86_microsoft-windows-com-dtc-runtime_31bf3856ad364e35_6.1.7600.16385_none_19295908c15690f3\msdtc.exe < MD5 for: MSHTML.DLL > [2010.06.30 08:15:45 | 005,972,992 | ---- | M] (Microsoft Corporation) MD5=25C1646ADC24C371B594544C3D530967 -- C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20745_none_2e889224137c3085\mshtml.dll [2009.07.14 03:15:44 | 005,957,632 | ---- | M] (Microsoft Corporation) MD5=43592D31AFF84DD957199248898D9430 -- C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16385_none_2dd3aff6fa7f090a\mshtml.dll [2010.09.08 06:31:38 | 005,977,088 | ---- | M] (Microsoft Corporation) MD5=4F3DEEE94B0F650862F7AB7ABBE40CA1 -- C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20795_none_2e52828813a4bc3a\mshtml.dll [2010.11.04 07:52:43 | 005,979,136 | ---- | M] (Microsoft Corporation) MD5=61854D1111E33A09603452B32A84B5F0 -- C:\Windows\SoftwareDistribution\Download\86a716cbcc0c20c0f0e2c15c920b45e9\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20831_none_2e8f62ce1377ac5f\mshtml.dll [2009.12.19 11:02:42 | 005,961,728 | ---- | M] (Microsoft Corporation) MD5=6EE36579E69E37D2AB2926A40B16DBB3 -- C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16490_none_2dc3e07efa8ba36f\mshtml.dll [2010.11.04 07:49:17 | 005,978,112 | ---- | M] (Microsoft Corporation) MD5=9145EF1A437A3FCA06069FC649E16E32 -- C:\Windows\SoftwareDistribution\Download\86a716cbcc0c20c0f0e2c15c920b45e9\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16700_none_2e25357cfa429f6b\mshtml.dll [2009.12.19 11:10:22 | 005,962,240 | ---- | M] (Microsoft Corporation) MD5=96990605689B601287D4A83DD2B05F0B -- C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20600_none_2eaece7c136044e7\mshtml.dll [2010.09.08 06:28:44 | 005,977,600 | ---- | M] (Microsoft Corporation) MD5=BAF92C3C3D5A0958817B661439A81FD9 -- C:\Windows\System32\mshtml.dll [2010.09.08 06:28:44 | 005,977,600 | ---- | M] (Microsoft Corporation) MD5=BAF92C3C3D5A0958817B661439A81FD9 -- C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16671_none_2dda846cfa7a7f32\mshtml.dll [2010.06.30 08:22:34 | 005,971,456 | ---- | M] (Microsoft Corporation) MD5=BDFD710842C8A25DD27254D91DE60AC6 -- C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16625_none_2e149530fa4e58d9\mshtml.dll < MD5 for: NDIS.SYS > [2009.07.14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys [2009.07.14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: PNGFILT.DLL > [2009.07.14 03:16:12 | 000,046,592 | ---- | M] (Microsoft Corporation) MD5=EED5AE4EF38893DD1743A95760C98704 -- C:\Windows\System32\pngfilt.dll [2009.07.14 03:16:12 | 000,046,592 | ---- | M] (Microsoft Corporation) MD5=EED5AE4EF38893DD1743A95760C98704 -- C:\Windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_8.0.7600.16385_none_08570c83ebbf01dd\pngfilt.dll < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: SNMPTRAP.EXE > [2009.07.14 03:14:39 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=6A984831644ECA1A33FFEAE4126F4F37 -- C:\Windows\System32\snmptrap.exe [2009.07.14 03:14:39 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=6A984831644ECA1A33FFEAE4126F4F37 -- C:\Windows\winsxs\x86_microsoft-windows-snmp-trap-service_31bf3856ad364e35_6.1.7600.16385_none_cf615500a0bb6ff9\snmptrap.exe < MD5 for: SPOOLSV.EXE > [2010.08.20 06:25:14 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=2FB4CE429488156B19C0D8E5C4552043 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.20785_none_d6ab9bc23bf9f1c6\spoolsv.exe [2009.07.14 03:14:41 | 000,316,416 | ---- | M] (Microsoft Corporation) MD5=49B6DD6AB3715B7A67965F17194E98A9 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16385_none_d621f94522dc5a87\spoolsv.exe [2010.08.21 07:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=D1BB750EB51694DE183E08B9C33BE5B2 -- C:\Windows\System32\spoolsv.exe [2010.08.21 07:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=D1BB750EB51694DE183E08B9C33BE5B2 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16661_none_d6339da722cfb4be\spoolsv.exe < MD5 for: SPPSVC.EXE > [2009.07.14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) MD5=4C287F9069FEDBD791178876EE9DE536 -- C:\Windows\System32\sppsvc.exe [2009.07.14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) MD5=4C287F9069FEDBD791178876EE9DE536 -- C:\Windows\winsxs\x86_microsoft-windows-security-spp_31bf3856ad364e35_6.1.7600.16385_none_1a37ad9b82468857\sppsvc.exe < MD5 for: TCPIP.SYS > [2009.07.14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys [2010.06.14 08:06:58 | 001,288,576 | ---- | M] (Microsoft Corporation) MD5=A39EA325C081AD27461F630C8E3E56E0 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys [2010.06.14 08:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\System32\drivers\tcpip.sys [2010.06.14 08:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys < MD5 for: UI0DETECT.EXE > [2009.07.14 03:14:43 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=8344FD4FCE927880AA1AA7681D4927E5 -- C:\Windows\System32\UI0Detect.exe [2009.07.14 03:14:43 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=8344FD4FCE927880AA1AA7681D4927E5 -- C:\Windows\winsxs\x86_microsoft-windows-session0viewer_31bf3856ad364e35_6.1.7600.16385_none_e1bd3e25a80193e3\UI0Detect.exe < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: VDS.EXE > [2009.07.14 03:14:43 | 000,452,608 | ---- | M] (Microsoft Corporation) MD5=8C4E7C49D3641BC9E299E466A7F8867D -- C:\Windows\System32\vds.exe [2009.07.14 03:14:43 | 000,452,608 | ---- | M] (Microsoft Corporation) MD5=8C4E7C49D3641BC9E299E466A7F8867D -- C:\Windows\winsxs\x86_microsoft-windows-virtualdiskservice_31bf3856ad364e35_6.1.7600.16385_none_6ac128c35c0231aa\vds.exe < MD5 for: VSSVC.EXE > [2009.07.14 03:14:43 | 001,025,536 | ---- | M] (Microsoft Corporation) MD5=7EA2BCD94D9CFAF4C556F5CC94532A6C -- C:\Windows\System32\VSSVC.exe [2009.07.14 03:14:43 | 001,025,536 | ---- | M] (Microsoft Corporation) MD5=7EA2BCD94D9CFAF4C556F5CC94532A6C -- C:\Windows\winsxs\x86_microsoft-windows-vssservice_31bf3856ad364e35_6.1.7600.16385_none_5aa3249a792b0938\VSSVC.exe < MD5 for: WATADMINSVC.EXE > [2010.09.27 23:08:49 | 001,343,400 | ---- | M] () MD5=3685705F252687B9095D3D08F170C6CC -- C:\Windows\System32\Wat\WatAdminSvc.exe [2010.01.28 04:11:36 | 001,343,400 | ---- | M] () MD5=3685705F252687B9095D3D08F170C6CC -- C:\Windows\winsxs\x86_microsoft-windows-s..ivationtechnologies_31bf3856ad364e35_7.1.7600.16395_none_2dac82dbc20710f5\WatAdminSvc.exe < MD5 for: WBENGINE.EXE > [2009.07.14 03:14:44 | 001,202,688 | ---- | M] (Microsoft Corporation) MD5=7790B77FE1E5EE47DCC66247095BB4C9 -- C:\Windows\System32\wbengine.exe [2009.07.14 03:14:44 | 001,202,688 | ---- | M] (Microsoft Corporation) MD5=7790B77FE1E5EE47DCC66247095BB4C9 -- C:\Windows\winsxs\x86_microsoft-windows-blb-engine-main_31bf3856ad364e35_6.1.7600.16385_none_e3b84c1b61137e4a\wbengine.exe < MD5 for: WEBCHECK.DLL > [2009.07.14 03:16:18 | 000,229,376 | ---- | M] (Microsoft Corporation) MD5=177DF28315BF4300ECB5CBEEEE961292 -- C:\Windows\System32\webcheck.dll [2009.07.14 03:16:18 | 000,229,376 | ---- | M] (Microsoft Corporation) MD5=177DF28315BF4300ECB5CBEEEE961292 -- C:\Windows\winsxs\x86_microsoft-windows-ie-offlinefavorites_31bf3856ad364e35_8.0.7600.16385_none_7bbc80532a0f1e83\webcheck.dll < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WMIAPSRV.EXE > [2009.07.14 03:14:46 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=6EB6B66517B048D87DC1856DDF1F4C3F -- C:\Windows\System32\wbem\WmiApSrv.exe [2009.07.14 03:14:46 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=6EB6B66517B048D87DC1856DDF1F4C3F -- C:\Windows\winsxs\x86_microsoft-windows-wmi-core_31bf3856ad364e35_6.1.7600.16385_none_b92a593880ec3564\WmiApSrv.exe < MD5 for: WMPNETWK.EXE > [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) MD5=77FBD400984CF72BA0FC4B3489D65F74 -- C:\Program Files\Windows Media Player\wmpnetwk.exe [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) MD5=77FBD400984CF72BA0FC4B3489D65F74 -- C:\Windows\winsxs\x86_microsoft-windows-wmpnss-service_31bf3856ad364e35_6.1.7600.16385_none_035d21f62fe736df\wmpnetwk.exe < %systemroot%\*. /mp /s > < End of report >

Bonjour, Je me permets de solliciter votre aide concernant mon pc infecté et tournant sous Windows 7 (anglais), avec notamment des problèmes tels que AntiVir qui ne se charge plus au démarrage et surtout plus de connexion internet. J'ai déjà essayé les logiciels usuels Malwarebyte's Anti-Malware ainsi que Spypot Search & Destroy, mais sans succès. Pourriez-vous svp m'aider à identifier l'infection ? Voici le rapport HiJackThis du dit pc: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:29:04, on 24.04.2011 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16671) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Microsoft Office\Office14\BCSSync.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe C:\Program Files\QuickTime\QTTask .exe C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe C:\Windows\System32\wscript.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Avira\AntiVir Desktop\avgnt .exe C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip .exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM .exe C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe C:\Program Files\TaskAngel\TaskAngel .exe C:\Program Files\QuickTime\QTTask .exe C:\Program Files\Trend Micro\HijackThis\HJT.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [uSBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [uSB-Set] wscript "C:\Program Files\USB-set\TSR.vbe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [TaskAngel] C:\Program Files\TaskAngel\TaskAngel.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O8 - Extra context menu item: &Envoyer à OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (file missing) O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: SwitchBoard - Unknown owner - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe -- End of file - 7697 bytes