Se connecter / S'enregistrer
Votre question

Ecran bleu après suppression de Antimalware Doctor

Tags :
  • Sécurité
  • Écrans
Dernière réponse : dans Sécurité et virus
11 Septembre 2010 21:14:15

Bonjour les gens,
Voila hier j'ai été infecté pas Antimalware Doctor, que j'ai pu supprimer grâce a des Forums comme celui-ci.
mais depuis, lorsque je suis sur mon pc portable, un écran bleu apparait oÔ et fait redémarrer mon pc...
j'ai fait un scan avec Malwarebytes qui me signale tjr le même ficher infecté c'est à dire celui ci : C:\Windows\System32\drivers\tayudvzm.sys

lorsque que l'écran bleu apparait il me dit aussi que ce fichier est en cause, mais j'ai pas pu en lire plus, le pc redémarre 3 sec appairait l'apparition de l'écran bleu.

Donc je vous demande de 'aide pour me sortir de cette M..elasse XD

Merci =]

Autres pages sur : ecran bleu suppression antimalware doctor

11 Septembre 2010 22:43:13

Bonsoir
Télécharge DDS et sauvegarde-le sur ton bureau.
  • Désactive tout script bloquant, tel q'un antivirus, un logiciel comme ad-block, noscript etc.
  • Double-clique sur dds.scr pour lancer l'outil.
  • Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .
  • Clique Oui à la prochaine invite Optional Scan.
  • Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt.
    12 Septembre 2010 19:14:10

    Bonsoir,
    merci pour votre réponse rapide
    voici le fichier DDS





    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Nouni at 19:07:19,28 on 12/09/2010
    Internet Explorer: 8.0.6001.18943
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2037.936 [GMT 2:00]

    AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
    FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Windows\System32\svchost.exe -k Akamai
    C:\Acer\ALaunch\ALaunchSvc.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    C:\Acer\Empowering Technology\eNet\eNet Service.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Acer\Mobility Center\MobilityService.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    "C:\Windows\System32\svchost.exe"
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Nouni\Desktop\dds.scr
    C:\Windows\system32\conime.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uURLSearchHooks: Yahoo! Toolbar avec bloqueur de fenêtres pop-up: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.0\NppBho.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
    TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.0\UIBHO.dll
    mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Free YouTube to Mp3 Converter - c:\users\nouni\appdata\roaming\dvdvideosoftiehelpers\youtubetomp3.htm
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programs\partygaming\partypoker\RunApp.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: eNetHook.dll
    SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - c:\program files\stardock\object desktop\iconpackager\iprepair.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\nouni\appdata\roaming\mozilla\firefox\profiles\pul9zbbx.default\
    FF - component: c:\users\nouni\appdata\roaming\mozilla\firefox\profiles\pul9zbbx.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264}\components\FFExternalAlert.dll
    FF - component: c:\users\nouni\appdata\roaming\mozilla\firefox\profiles\pul9zbbx.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264}\components\RadioWMPCore.dll
    FF - component: c:\users\nouni\appdata\roaming\mozilla\firefox\profiles\pul9zbbx.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
    FF - component: c:\users\nouni\appdata\roaming\mozilla\firefox\profiles\pul9zbbx.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
    FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R1 DsaLwf;NDIS LightWeight Filter For DSA;c:\windows\system32\drivers\dsalwf.sys [2009-10-25 18944]
    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-11-16 108792]
    R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20080111.002\IDSvix86.sys [2008-1-12 180272]
    R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\play movie\000.fcl [2007-8-25 13560]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-7-1 21504]
    R2 ALaunchService;ALaunch Service;c:\acer\alaunch\ALaunchSvc.exe [2007-8-10 50688]
    R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-11-16 735960]
    R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-12-18 95896]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-9-1 1153368]
    R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-7-6 173352]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-8-10 179712]
    R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2007-8-10 32256]
    R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2006-11-21 37008]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-1 21504]
    S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-11-23 1252232]
    S3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    =============== Created Last 30 ================

    2010-09-10 17:50:10 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-09-10 15:58:15 2048 ----a-w- c:\windows\system32\winrsmgr.dll
    2010-09-10 15:58:04 40448 ----a-w- c:\windows\system32\winrs.exe
    2010-09-10 15:58:04 20480 ----a-w- c:\windows\system32\winrshost.exe
    2010-09-10 15:58:04 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
    2010-09-10 15:58:03 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
    2010-09-10 15:58:03 10240 ----a-w- c:\windows\system32\winrssrv.dll
    2010-09-10 15:58:01 81408 ----a-w- c:\windows\system32\wevtfwd.dll
    2010-09-10 15:58:01 79872 ----a-w- c:\windows\system32\wecutil.exe
    2010-09-10 15:58:01 56320 ----a-w- c:\windows\system32\wecapi.dll
    2010-09-10 15:58:01 54272 ----a-w- c:\windows\system32\WsmRes.dll
    2010-09-10 15:58:01 41472 ----a-w- c:\windows\system32\pwrshplugin.dll
    2010-09-10 15:58:01 146944 ----a-w- c:\windows\system32\wecsvc.dll
    2010-09-10 15:57:56 4675 ----a-w- c:\windows\system32\wsmanconfig_schema.xml
    2010-09-10 15:57:56 2426 ----a-w- c:\windows\system32\WsmTxt.xsl
    2010-09-10 15:57:56 201184 ----a-w- c:\windows\system32\winrm.vbs
    2010-09-10 15:57:55 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
    2010-09-10 15:57:55 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
    2010-09-10 15:57:55 241152 ----a-w- c:\windows\system32\winrscmd.dll
    2010-09-10 15:57:55 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
    2010-09-10 15:57:55 145408 ----a-w- c:\windows\system32\WsmAuto.dll
    2010-09-10 15:57:55 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
    2010-09-10 15:24:41 691 ----a-w- c:\users\nouni\appdata\roaming\GetValue.vbs
    2010-09-10 15:24:41 35 ----a-w- c:\users\nouni\appdata\roaming\SetValue.bat
    2010-09-10 15:24:41 1554 ----a-w- c:\windows\system32\tmp.reg
    2010-09-10 15:24:05 79360 ----a-w- c:\windows\system32\swxcacls.exe
    2010-09-10 15:24:05 75776 ----a-w- c:\windows\system32\WS2Fix.exe
    2010-09-10 15:24:05 53248 ----a-w- c:\windows\system32\Process.exe
    2010-09-10 15:24:05 51200 ----a-w- c:\windows\system32\dumphive.exe
    2010-09-10 15:24:05 289144 ----a-w- c:\windows\system32\VCCLSID.exe
    2010-09-10 15:24:05 288417 ----a-w- c:\windows\system32\SrchSTS.exe
    2010-09-10 15:24:05 135168 ----a-w- c:\windows\system32\swreg.exe
    2010-09-10 13:34:17 0 d-----w- c:\users\nouni\appdata\roaming\Malwarebytes
    2010-09-10 13:34:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-09-10 13:34:02 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-09-10 13:34:02 0 d-----w- c:\programdata\Malwarebytes
    2010-09-10 13:34:02 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-09-10 13:30:37 0 d-----w- C:\sh4ldr
    2010-09-10 13:30:37 0 d-----w- c:\program files\Enigma Software Group
    2010-09-10 13:30:19 0 d-----w- c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP
    2010-09-10 13:30:18 0 d-----w- c:\program files\common files\Wise Installation Wizard
    2010-09-10 13:08:14 0 d-----w- c:\users\nouni\appdata\roaming\download2
    2010-09-10 12:54:20 777728 ----a-w- c:\windows\system32\drivers\tayudvzm.sys
    2010-09-04 19:39:48 0 d-----w- c:\program files\SystemRequirementsLab
    2010-09-01 13:54:46 0 d-----w- c:\programdata\Spybot - Search & Destroy
    2010-09-01 13:54:46 0 d-----w- c:\program files\Spybot - Search & Destroy
    2010-08-14 20:02:12 11 ----a-r- c:\windows\amunres.lsl

    ==================== Find3M ====================

    2010-09-11 18:40:24 679042 ----a-w- c:\windows\system32\perfh00C.dat
    2010-09-11 18:40:24 126626 ----a-w- c:\windows\system32\perfc00C.dat
    2010-09-10 16:00:11 86016 ----a-w- c:\windows\inf\infpub.dat
    2010-09-10 16:00:10 143360 ----a-w- c:\windows\inf\infstrng.dat
    2010-09-10 15:59:52 143360 ----a-w- c:\windows\inf\infstor.dat
    2010-08-14 20:02:31 2560 ----a-w- c:\windows\_MSRSTRT.EXE
    2010-07-24 13:59:02 12872 ----a-w- c:\windows\system32\bootdelete.exe
    2010-07-24 13:55:07 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2010-06-26 06:05:49 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-26 06:02:15 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-06-26 06:02:15 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-06-26 04:25:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-06-21 13:37:03 2037760 ----a-w- c:\windows\system32\win32k.sys
    2010-06-18 17:31:29 36864 ----a-w- c:\windows\system32\rtutils.dll
    2010-06-18 12:58:49 56 ---ha-w- c:\programdata\ezsidmv.dat
    2010-02-20 20:51:12 665600 ----a-w- c:\windows\inf\drvindex.dat
    2009-01-05 07:14:15 174 --sha-w- c:\program files\desktop.ini
    2006-11-02 15:45:47 37390 ----a-w- c:\windows\inf\perflib\040c\perfd.dat
    2006-11-02 15:45:47 37390 ----a-w- c:\windows\inf\perflib\040c\perfc.dat
    2006-11-02 15:45:47 340236 ----a-w- c:\windows\inf\perflib\040c\perfi.dat
    2006-11-02 15:45:47 340236 ----a-w- c:\windows\inf\perflib\040c\perfh.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

    ============= FINISH: 19:09:23,51 ===============
    Contenus similaires
    12 Septembre 2010 21:54:29

    re
    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs :
    ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    13 Septembre 2010 14:37:16

    Re, voici le rapport


    ComboFix 10-09-12.04 - Nouni 13/09/2010 14:10:40.3.2 - x86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2037.1062 [GMT 2:00]
    Lancé depuis: c:\users\Nouni\Desktop\ComboFix.exe
    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    * Un antivirus résident est actif

    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2010-08-13 au 2010-09-13 ))))))))))))))))))))))))))))))))))))
    .

    2010-09-13 12:23 . 2010-09-13 12:23 -------- d-----w- c:\users\Nouni\AppData\Local\temp
    2010-09-13 12:23 . 2010-09-13 12:23 -------- d-----w- c:\users\Public\AppData\Local\temp
    2010-09-13 12:23 . 2010-09-13 12:23 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-09-10 17:50 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-09-10 15:58 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
    2010-09-10 15:58 . 2009-10-09 21:56 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
    2010-09-10 15:58 . 2009-10-09 21:56 20480 ----a-w- c:\windows\system32\winrshost.exe
    2010-09-10 15:58 . 2009-10-09 21:56 40448 ----a-w- c:\windows\system32\winrs.exe
    2010-09-10 15:58 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
    2010-09-10 15:58 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\winrssrv.dll
    2010-09-10 15:58 . 2009-10-09 21:56 41472 ----a-w- c:\windows\system32\pwrshplugin.dll
    2010-09-10 15:58 . 2009-10-09 21:55 79872 ----a-w- c:\windows\system32\wecutil.exe
    2010-09-10 15:58 . 2009-10-09 21:55 54272 ----a-w- c:\windows\system32\WsmRes.dll
    2010-09-10 15:58 . 2009-10-09 21:55 146944 ----a-w- c:\windows\system32\wecsvc.dll
    2010-09-10 15:58 . 2009-10-09 21:55 81408 ----a-w- c:\windows\system32\wevtfwd.dll
    2010-09-10 15:58 . 2009-10-09 21:55 56320 ----a-w- c:\windows\system32\wecapi.dll
    2010-09-10 15:57 . 2009-08-01 06:27 201184 ----a-w- c:\windows\system32\winrm.vbs
    2010-09-10 15:57 . 2009-10-09 21:56 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
    2010-09-10 15:57 . 2009-10-09 21:56 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
    2010-09-10 15:57 . 2009-10-09 21:56 241152 ----a-w- c:\windows\system32\winrscmd.dll
    2010-09-10 15:57 . 2009-10-09 21:56 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
    2010-09-10 15:57 . 2009-10-09 21:56 145408 ----a-w- c:\windows\system32\WsmAuto.dll
    2010-09-10 15:57 . 2009-10-09 21:55 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
    2010-09-10 15:24 . 2010-09-10 15:24 35 ----a-w- c:\users\Nouni\AppData\Roaming\SetValue.bat
    2010-09-10 13:34 . 2010-09-10 13:34 -------- d-----w- c:\users\Nouni\AppData\Roaming\Malwarebytes
    2010-09-10 13:34 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-09-10 13:34 . 2010-09-10 13:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-09-10 13:34 . 2010-09-10 13:34 -------- d-----w- c:\programdata\Malwarebytes
    2010-09-10 13:34 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-09-10 13:30 . 2010-09-10 13:30 110080 ----a-r- c:\users\Nouni\AppData\Roaming\Microsoft\Installer\{95431C66-CF9A-4913-BFFF-6050785AFB65}\IconF7A21AF7.exe
    2010-09-10 13:30 . 2010-09-10 13:30 110080 ----a-r- c:\users\Nouni\AppData\Roaming\Microsoft\Installer\{95431C66-CF9A-4913-BFFF-6050785AFB65}\IconD7F16134.exe
    2010-09-10 13:30 . 2010-09-10 13:30 -------- d-----w- C:\sh4ldr
    2010-09-10 13:30 . 2010-09-10 13:30 -------- d-----w- c:\program files\Enigma Software Group
    2010-09-10 13:30 . 2010-09-10 13:30 -------- d-----w- c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP
    2010-09-10 13:30 . 2010-09-10 13:30 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2010-09-04 19:39 . 2010-09-04 19:39 -------- d-----w- c:\program files\SystemRequirementsLab
    2010-09-04 19:39 . 2010-09-04 19:39 92280 ----a-w- c:\users\Nouni\AppData\Roaming\SystemRequirementsLab\srlproxy_cyri_4.3.1.0A.dll
    2010-09-04 19:39 . 2010-09-04 19:39 -------- d-----w- c:\users\Nouni\AppData\Roaming\SystemRequirementsLab
    2010-09-01 13:54 . 2010-09-11 08:25 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2010-09-01 13:54 . 2010-09-01 13:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-08-26 12:33 . 2010-08-18 15:12 52224 ----a-w- c:\users\Nouni\AppData\Roaming\Mozilla\Firefox\Profiles\pul9zbbx.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
    2010-08-26 12:33 . 2010-08-18 15:12 101376 ----a-w- c:\users\Nouni\AppData\Roaming\Mozilla\Firefox\Profiles\pul9zbbx.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
    2010-08-18 18:57 . 2010-08-18 15:18 52224 ----a-w- c:\users\Nouni\AppData\Roaming\Mozilla\Firefox\Profiles\pul9zbbx.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264}\components\FFExternalAlert.dll
    2010-08-18 18:57 . 2010-08-18 15:18 101376 ----a-w- c:\users\Nouni\AppData\Roaming\Mozilla\Firefox\Profiles\pul9zbbx.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264}\components\RadioWMPCore.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-13 12:24 . 2010-04-19 11:21 -------- d-----w- c:\program files\Common Files\Akamai
    2010-09-13 12:07 . 2010-02-18 15:16 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2010-09-13 11:29 . 2007-08-10 08:07 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2010-09-13 11:17 . 2007-08-10 08:07 -------- d-----w- c:\programdata\Symantec
    2010-09-13 11:14 . 2006-11-02 15:48 679042 ----a-w- c:\windows\system32\perfh00C.dat
    2010-09-13 11:14 . 2006-11-02 15:48 126626 ----a-w- c:\windows\system32\perfc00C.dat
    2010-09-10 17:53 . 2010-06-18 12:57 -------- d-----w- c:\users\Nouni\AppData\Roaming\Skype
    2010-09-10 15:24 . 2010-09-10 15:24 691 ----a-w- c:\users\Nouni\AppData\Roaming\GetValue.vbs
    2010-09-10 15:14 . 2010-06-18 12:58 -------- d-----w- c:\users\Nouni\AppData\Roaming\skypePM
    2010-09-09 22:31 . 2007-12-07 18:40 -------- d-----w- c:\users\Nouni\AppData\Roaming\LimeWire
    2010-09-09 00:29 . 2010-02-17 22:22 -------- d-----w- c:\program files\Common Files\Steam
    2010-09-04 12:46 . 2010-02-19 22:34 -------- d-----w- c:\program files\Messenger Plus! Live
    2010-09-04 12:42 . 2010-06-04 09:07 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-08-20 12:04 . 2010-08-07 22:35 -------- d-----w- c:\users\Nouni\AppData\Roaming\vlc
    2010-08-14 20:02 . 2010-02-23 09:41 2560 ----a-w- c:\windows\_MSRSTRT.EXE
    2010-08-14 20:02 . 2010-06-18 12:56 -------- d-----r- c:\program files\Skype
    2010-08-12 05:35 . 2007-08-10 07:53 -------- d-----w- c:\programdata\Microsoft Help
    2010-08-12 01:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2010-08-07 11:22 . 2007-10-16 19:30 103152 ----a-w- c:\users\Nouni\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-07-24 16:00 . 2010-07-24 15:58 -------- d-----w- c:\users\Nouni\AppData\Roaming\TeamViewer
    2010-07-24 15:58 . 2010-07-24 15:58 -------- d-----w- c:\program files\TeamViewer
    2010-07-24 13:59 . 2010-06-27 08:39 12872 ----a-w- c:\windows\system32\bootdelete.exe
    2010-07-23 22:51 . 2010-07-23 22:51 -------- d-----w- c:\users\Nouni\AppData\Roaming\DVDVideoSoftIEHelpers
    2010-07-23 22:51 . 2010-02-23 13:09 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
    2010-06-26 06:05 . 2010-09-10 16:03 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-26 06:02 . 2010-09-10 16:03 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-06-26 06:02 . 2010-09-10 16:03 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-06-26 04:25 . 2010-09-10 16:03 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-06-21 13:37 . 2010-08-11 21:46 2037760 ----a-w- c:\windows\system32\win32k.sys
    2010-06-18 17:31 . 2010-08-11 21:46 36864 ----a-w- c:\windows\system32\rtutils.dll
    2010-06-18 15:04 . 2010-08-11 21:44 302080 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-06-18 15:04 . 2010-08-11 21:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-06-18 12:58 . 2010-06-18 12:58 56 ---ha-w- c:\programdata\ezsidmv.dat
    2010-06-16 16:04 . 2010-08-11 21:44 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
    .

    ------- Sigcheck -------

    [-] 2010-02-23 . E8F0D3B322C7C2DFE8F33BFF26F2A88B . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\eNetHook.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
    backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
    2010-03-30 21:12 151552 ----a-w- c:\acer\AcerTour\Reminder.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
    2007-06-06 08:06 159744 ----a-w- c:\program files\Apoint2K\Apoint.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
    2009-10-10 12:32 203264 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
    2010-01-26 15:45 1724728 ----a-w- c:\program files\CCleaner\CCleaner.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eAudio]
    2010-03-30 21:12 1286144 ----a-w- c:\acer\Empowering Technology\eAudio\eAudio.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
    2007-04-25 14:33 457216 ----a-w- c:\acer\Empowering Technology\eDataSecurity\eDSLoader.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2008-02-11 18:13 166424 ----a-w- c:\windows\System32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
    2007-03-21 11:00 174872 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2008-02-11 18:13 141848 ----a-w- c:\windows\System32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
    2007-05-17 21:45 279912 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
    2010-04-29 13:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2008-02-11 18:13 133656 ----a-w- c:\windows\System32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
    2007-05-24 11:38 206952 ------w- c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetL]
    2007-07-05 10:35 94208 ----a-w- c:\windows\PLFSetL.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2006-09-01 14:57 282624 ----a-w- c:\program files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    2007-07-06 03:06 4669440 ----a-w- c:\windows\RtHDVCpl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
    2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
    2007-06-15 08:45 1826816 ----a-w- c:\windows\SkyTel.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2010-09-01 14:51 1242448 ----a-w- c:\program files\Valve\Steam\Steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
    2007-04-10 21:46 709992 ----a-w- c:\windows\vVX1000.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
    2006-11-05 19:48 57344 ----a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    2010-06-29 04:00 74752 ----a-w- c:\program files\Winamp\winampa.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
    2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4195573955-95987829-1668268641-1000]
    "EnableNotificationsRef"=dword:00000003

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R3 XDva337;XDva337;c:\windows\system32\XDva337.sys [x]
    S1 DsaLwf;NDIS LightWeight Filter For DSA;c:\windows\system32\DRIVERS\dsalwf.sys [2008-08-01 18944]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
    S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 13560]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]
    S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960]
    S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-12-18 95896]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 179712]
    S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2007-03-07 32256]
    S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2010-09-13 16968]


    --- Autres Services/Pilotes en mémoire ---

    *NewlyCreated* - HITMANPRO35
    *Deregistered* - tayudvzm

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    Akamai REG_MULTI_SZ Akamai
    .
    Contenu du dossier 'Tâches planifiées'

    2010-03-29 c:\windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
    - c:\program files\Microsoft LifeCam\LifeExp.exe [2007-05-17 21:45]

    2010-04-06 c:\windows\Tasks\Microsoft_Hardware_Launch_vVX1000_exe.job
    - c:\windows\vVX1000.exe [2007-04-10 21:46]

    2010-06-18 c:\windows\Tasks\{7E9C83EF-DE7C-4C70-B7DF-53D4923EC2BE}.job
    - c:\program files\Skype\Phone\Skype.exe [2010-05-13 14:12]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.com/
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Free YouTube to Mp3 Converter - c:\users\Nouni\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    FF - ProfilePath - c:\users\Nouni\AppData\Roaming\Mozilla\Firefox\Profiles\pul9zbbx.default\
    FF - component: c:\users\Nouni\AppData\Roaming\Mozilla\Firefox\Profiles\pul9zbbx.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264}\components\FFExternalAlert.dll
    FF - component: c:\users\Nouni\AppData\Roaming\Mozilla\Firefox\Profiles\pul9zbbx.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264}\components\RadioWMPCore.dll
    FF - component: c:\users\Nouni\AppData\Roaming\Mozilla\Firefox\Profiles\pul9zbbx.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
    FF - component: c:\users\Nouni\AppData\Roaming\Mozilla\Firefox\Profiles\pul9zbbx.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- PARAMETRES FIREFOX ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-09-13 14:23
    Windows 6.0.6002 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
    "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"

    [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\tayudvzm]

    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Heure de fin: 2010-09-13 14:31:08
    ComboFix-quarantined-files.txt 2010-09-13 12:31
    ComboFix2.txt 2010-09-12 22:25

    Avant-CF: 29 620 199 424 octets libres
    Après-CF: 29 581 176 832 octets libres

    Current=3 Default=3 Failed=1 LastKnownGood=7 Sets=1,2,3,4,5,6,7
    - - End Of File - - 47CC6A5B60FD072A435D7FDA39F5C36C
    13 Septembre 2010 23:15:47

    re
    vu que tu as fais plusieurs passes avec combofix, à mon avis, il n'y a plus que des restes...

    Copie (Ctrl+C) le texte ci-dessous :
    Killall::

    File::
    c:\users\Nouni\AppData\Roaming\Microsoft\Installer\{95431C66-CF9A-4913-BFFF-6050785AFB65}\IconF7A21AF7.exe
    c:\users\Nouni\AppData\Roaming\Microsoft\Installer\{95431C66-CF9A-4913-BFFF-6050785AFB65}\IconD7F16134.exe
    c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP
    c:\programdata\ezsidmv.dat
    c:\windows\system32\drivers\tayudvzm.sys

    Folder::
    C:\sh4ldr
    c:\program files\Enigma Software Group
    Registry::
    [-HKEY_LOCAL_MACHINE\system\ControlSet003\Services\tayudvzm]



    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
    Sauvegarde ce fichier sous le nom de CFScript.txt

    Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Combofix se lance, laisse toi guider..

  • Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis

  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    14 Septembre 2010 20:00:02

    Pour l'instant l'écran bleu n'est pas réapparut mais je reste pas assez longtemps sur le pc pour voir les améliorations, je vous ferais signe si il réapparait

    Voici le rapport :

    ComboFix 10-09-14.01 - Nouni 14/09/2010 19:19:12.4.2 - x86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2037.1025 [GMT 2:00]
    Lancé depuis: c:\users\Nouni\Desktop\ComboFix.exe
    Commutateurs utilisés :: c:\users\Nouni\Desktop\CFScript.txt
    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    * Un nouveau point de restauration a été créé
    * Un antivirus résident est actif


    FILE ::
    "c:\programdata\ezsidmv.dat"
    "c:\users\Nouni\AppData\Roaming\Microsoft\Installer\{95431C66-CF9A-4913-BFFF-6050785AFB65}\IconD7F16134.exe"
    "c:\users\Nouni\AppData\Roaming\Microsoft\Installer\{95431C66-CF9A-4913-BFFF-6050785AFB65}\IconF7A21AF7.exe"
    "c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP"
    "c:\windows\system32\drivers\tayudvzm.sys"
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Enigma Software Group
    c:\program files\Enigma Software Group\SpyHunter\Data\dns.dat
    c:\program files\Enigma Software Group\SpyHunter\Defs\2010091001.def
    c:\program files\Enigma Software Group\SpyHunter\gil.dat
    c:\program files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20100911_203653.log
    c:\program files\Enigma Software Group\SpyHunter\mon\autoexec.bat.bk
    c:\program files\Enigma Software Group\SpyHunter\mon\hosts.bk
    c:\program files\Enigma Software Group\SpyHunter\mon\system.ini.bk
    c:\program files\Enigma Software Group\SpyHunter\mon\win.ini.bk
    c:\program files\Enigma Software Group\SpyHunter\safeol.dat
    c:\program files\Enigma Software Group\SpyHunter\scan.log
    c:\program files\Enigma Software Group\SpyHunter\scanlog.xml
    c:\program files\Enigma Software Group\SpyHunter\supportlog.txt
    c:\program files\Enigma Software Group\SpyHunter\unkcache.dat
    c:\programdata\ezsidmv.dat
    c:\windows\system32\drivers\tayudvzm.sys . . . . impossible à supprimer

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_tayudvzm
    -------\Service_tayudvzm


    ((((((((((((((((((((((((((((( Fichiers créés du 2010-08-14 au 2010-09-14 ))))))))))))))))))))))))))))))))))))
    .

    2010-09-14 17:33 . 2010-09-14 17:38 -------- d-----w- c:\users\Nouni\AppData\Local\temp
    2010-09-14 17:33 . 2010-09-14 17:33 -------- d-----w- c:\users\Public\AppData\Local\temp
    2010-09-14 17:33 . 2010-09-14 17:33 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-09-10 17:50 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-09-10 15:58 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
    2010-09-10 15:58 . 2009-10-09 21:56 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
    2010-09-10 15:58 . 2009-10-09 21:56 20480 ----a-w- c:\windows\system32\winrshost.exe
    2010-09-10 15:58 . 2009-10-09 21:56 40448 ----a-w- c:\windows\system32\winrs.exe
    2010-09-10 15:58 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
    2010-09-10 15:58 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\winrssrv.dll
    2010-09-10 15:58 . 2009-10-09 21:56 41472 ----a-w- c:\windows\system32\pwrshplugin.dll
    2010-09-10 15:58 . 2009-10-09 21:55 79872 ----a-w- c:\windows\system32\wecutil.exe
    2010-09-10 15:58 . 2009-10-09 21:55 54272 ----a-w- c:\windows\system32\WsmRes.dll
    2010-09-10 15:58 . 2009-10-09 21:55 146944 ----a-w- c:\windows\system32\wecsvc.dll
    2010-09-10 15:58 . 2009-10-09 21:55 81408 ----a-w- c:\windows\system32\wevtfwd.dll
    2010-09-10 15:58 . 2009-10-09 21:55 56320 ----a-w- c:\windows\system32\wecapi.dll
    2010-09-10 15:57 . 2009-08-01 06:27 201184 ----a-w- c:\windows\system32\winrm.vbs
    2010-09-10 15:57 . 2009-10-09 21:56 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
    2010-09-10 15:57 . 2009-10-09 21:56 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
    2010-09-10 15:57 . 2009-10-09 21:56 241152 ----a-w- c:\windows\system32\winrscmd.dll
    2010-09-10 15:57 . 2009-10-09 21:56 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
    2010-09-10 15:57 . 2009-10-09 21:56 145408 ----a-w- c:\windows\system32\WsmAuto.dll
    2010-09-10 15:57 . 2009-10-09 21:55 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
    2010-09-10 13:34 . 2010-09-10 13:34 -------- d-----w- c:\users\Nouni\AppData\Roaming\Malwarebytes
    2010-09-10 13:34 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-09-10 13:34 . 2010-09-10 13:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-09-10 13:34 . 2010-09-10 13:34 -------- d-----w- c:\programdata\Malwarebytes
    2010-09-10 13:34 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-09-10 13:30 . 2010-09-13 13:37 -------- d-----w- c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP
    2010-09-10 13:30 . 2010-09-10 13:30 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2010-09-10 12:54 . 2010-09-14 17:37 777728 ----a-w- c:\windows\system32\drivers\tayudvzm.sys
    2010-09-04 19:39 . 2010-09-04 19:39 -------- d-----w- c:\program files\SystemRequirementsLab
    2010-09-04 19:39 . 2010-09-04 19:39 -------- d-----w- c:\users\Nouni\AppData\Roaming\SystemRequirementsLab
    2010-09-01 13:54 . 2010-09-11 08:25 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2010-09-01 13:54 . 2010-09-01 13:56 -------- d-----w- c:\program files\Spybot - Search & Destroy

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-14 17:35 . 2010-04-19 11:21 -------- d-----w- c:\program files\Common Files\Akamai
    2010-09-13 23:27 . 2010-06-18 12:57 -------- d-----w- c:\users\Nouni\AppData\Roaming\Skype
    2010-09-13 22:06 . 2010-06-18 12:58 -------- d-----w- c:\users\Nouni\AppData\Roaming\skypePM
    2010-09-13 13:35 . 2010-02-18 15:16 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2010-09-13 12:47 . 2010-09-13 12:47 653576 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2010-09-13 11:29 . 2007-08-10 08:07 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2010-09-13 11:17 . 2007-08-10 08:07 -------- d-----w- c:\programdata\Symantec
    2010-09-13 11:14 . 2006-11-02 15:48 679042 ----a-w- c:\windows\system32\perfh00C.dat
    2010-09-13 11:14 . 2006-11-02 15:48 126626 ----a-w- c:\windows\system32\perfc00C.dat
    2010-09-10 15:24 . 2010-09-10 15:24 691 ----a-w- c:\users\Nouni\AppData\Roaming\GetValue.vbs
    2010-09-10 15:24 . 2010-09-10 15:24 35 ----a-w- c:\users\Nouni\AppData\Roaming\SetValue.bat
    2010-09-10 15:24 . 2010-09-10 15:24 35 ----a-w- c:\users\Nouni\AppData\Roaming\SetValue.bat
    2010-09-09 22:31 . 2007-12-07 18:40 -------- d-----w- c:\users\Nouni\AppData\Roaming\LimeWire
    2010-09-09 00:29 . 2010-02-17 22:22 -------- d-----w- c:\program files\Common Files\Steam
    2010-09-04 19:39 . 2010-09-04 19:39 92280 ----a-w- c:\users\Nouni\AppData\Roaming\SystemRequirementsLab\srlproxy_cyri_4.3.1.0A.dll
    2010-09-04 12:46 . 2010-02-19 22:34 -------- d-----w- c:\program files\Messenger Plus! Live
    2010-09-04 12:42 . 2010-06-04 09:07 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-08-20 12:04 . 2010-08-07 22:35 -------- d-----w- c:\users\Nouni\AppData\Roaming\vlc
    2010-08-18 15:18 . 2010-08-18 18:57 52224 ----a-w- c:\users\Nouni\AppData\Roaming\Mozilla\Firefox\Profiles\pul9zbbx.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264}\components\FFExternalAlert.dll
    2010-08-18 15:18 . 2010-08-18 18:57 101376 ----a-w- c:\users\Nouni\AppData\Roaming\Mozilla\Firefox\Profiles\pul9zbbx.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264}\components\RadioWMPCore.dll
    2010-08-18 15:12 . 2010-08-26 12:33 52224 ----a-w- c:\users\Nouni\AppData\Roaming\Mozilla\Firefox\Profiles\pul9zbbx.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
    2010-08-18 15:12 . 2010-08-26 12:33 101376 ----a-w- c:\users\Nouni\AppData\Roaming\Mozilla\Firefox\Profiles\pul9zbbx.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
    2010-08-14 20:02 . 2010-02-23 09:41 2560 ----a-w- c:\windows\_MSRSTRT.EXE
    2010-08-14 20:02 . 2010-06-18 12:56 -------- d-----r- c:\program files\Skype
    2010-08-12 05:35 . 2007-08-10 07:53 -------- d-----w- c:\programdata\Microsoft Help
    2010-08-12 01:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2010-08-07 11:22 . 2007-10-16 19:30 103152 ----a-w- c:\users\Nouni\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-07-24 16:00 . 2010-07-24 15:58 -------- d-----w- c:\users\Nouni\AppData\Roaming\TeamViewer
    2010-07-24 15:58 . 2010-07-24 15:58 -------- d-----w- c:\program files\TeamViewer
    2010-07-24 13:59 . 2010-06-27 08:39 12872 ----a-w- c:\windows\system32\bootdelete.exe
    2010-07-23 22:51 . 2010-07-23 22:51 -------- d-----w- c:\users\Nouni\AppData\Roaming\DVDVideoSoftIEHelpers
    2010-07-23 22:51 . 2010-02-23 13:09 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
    2010-06-26 06:05 . 2010-09-10 16:03 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-26 06:02 . 2010-09-10 16:03 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-06-26 06:02 . 2010-09-10 16:03 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-06-26 04:25 . 2010-09-10 16:03 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-06-21 13:37 . 2010-08-11 21:46 2037760 ----a-w- c:\windows\system32\win32k.sys
    2010-06-18 17:31 . 2010-08-11 21:46 36864 ----a-w- c:\windows\system32\rtutils.dll
    2010-06-18 15:04 . 2010-08-11 21:44 302080 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-06-18 15:04 . 2010-08-11 21:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
    .

    ------- Sigcheck -------

    [-] 2010-02-23 . E8F0D3B322C7C2DFE8F33BFF26F2A88B . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\eNetHook.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
    backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
    2010-03-30 21:12 151552 ----a-w- c:\acer\AcerTour\Reminder.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
    2007-06-06 08:06 159744 ----a-w- c:\program files\Apoint2K\Apoint.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
    2009-10-10 12:32 203264 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
    2010-01-26 15:45 1724728 ----a-w- c:\program files\CCleaner\CCleaner.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eAudio]
    2010-03-30 21:12 1286144 ----a-w- c:\acer\Empowering Technology\eAudio\eAudio.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
    2007-04-25 14:33 457216 ----a-w- c:\acer\Empowering Technology\eDataSecurity\eDSLoader.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2008-02-11 18:13 166424 ----a-w- c:\windows\System32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
    2007-03-21 11:00 174872 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2008-02-11 18:13 141848 ----a-w- c:\windows\System32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
    2007-05-17 21:45 279912 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
    2010-04-29 13:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2008-02-11 18:13 133656 ----a-w- c:\windows\System32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
    2007-05-24 11:38 206952 ------w- c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetL]
    2007-07-05 10:35 94208 ----a-w- c:\windows\PLFSetL.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2006-09-01 14:57 282624 ----a-w- c:\program files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    2007-07-06 03:06 4669440 ----a-w- c:\windows\RtHDVCpl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
    2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
    2007-06-15 08:45 1826816 ----a-w- c:\windows\SkyTel.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2010-09-01 14:51 1242448 ----a-w- c:\program files\Valve\Steam\Steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
    2007-04-10 21:46 709992 ----a-w- c:\windows\vVX1000.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
    2006-11-05 19:48 57344 ----a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    2010-06-29 04:00 74752 ----a-w- c:\program files\Winamp\winampa.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
    2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4195573955-95987829-1668268641-1000]
    "EnableNotificationsRef"=dword:00000003

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2010-09-13 16968]
    S1 DsaLwf;NDIS LightWeight Filter For DSA;c:\windows\system32\DRIVERS\dsalwf.sys [2008-08-01 18944]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]
    S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960]
    S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-12-18 95896]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 179712]
    S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2007-03-07 32256]


    --- Autres Services/Pilotes en mémoire ---

    *NewlyCreated* - CFCATCHME
    *Deregistered* - CFcatchme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    Akamai REG_MULTI_SZ Akamai
    .
    Contenu du dossier 'Tâches planifiées'

    2010-03-29 c:\windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
    - c:\program files\Microsoft LifeCam\LifeExp.exe [2007-05-17 21:45]

    2010-04-06 c:\windows\Tasks\Microsoft_Hardware_Launch_vVX1000_exe.job
    - c:\windows\vVX1000.exe [2007-04-10 21:46]

    2010-06-18 c:\windows\Tasks\{7E9C83EF-DE7C-4C70-B7DF-53D4923EC2BE}.job
    - c:\program files\Skype\Phone\Skype.exe [2010-05-13 14:12]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.com/
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Free YouTube to Mp3 Converter - c:\users\Nouni\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    FF - ProfilePath - c:\users\Nouni\AppData\Roaming\Mozilla\Firefox\Profiles\pul9zbbx.default\
    FF - component: c:\users\Nouni\AppData\Roaming\Mozilla\Firefox\Profiles\pul9zbbx.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264}\components\FFExternalAlert.dll
    FF - component: c:\users\Nouni\AppData\Roaming\Mozilla\Firefox\Profiles\pul9zbbx.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264}\components\RadioWMPCore.dll
    FF - component: c:\users\Nouni\AppData\Roaming\Mozilla\Firefox\Profiles\pul9zbbx.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
    FF - component: c:\users\Nouni\AppData\Roaming\Mozilla\Firefox\Profiles\pul9zbbx.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- PARAMETRES FIREFOX ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-09-14 19:38
    Windows 6.0.6002 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...


    c:\windows\TEMP\TMP0000003A138FBA4B964BEB54 524288 bytes

    Scan terminé avec succès
    Fichiers cachés: 1

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
    "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
    c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
    c:\acer\Empowering Technology\eNet\eNet Service.exe
    c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\acer\Mobility Center\MobilityService.exe
    c:\program files\Microsoft LifeCam\MSCamS32.exe
    c:\program files\CyberLink\Shared Files\RichVideo.exe
    c:\program files\TeamViewer\Version5\TeamViewer_Service.exe
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
    c:\acer\Empowering Technology\ePower\ePowerSvc.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\windows\system32\conime.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\windows\system32\WerFault.exe
    .
    **************************************************************************
    .
    Heure de fin: 2010-09-14 19:47:29 - La machine a redémarré
    ComboFix-quarantined-files.txt 2010-09-14 17:47
    ComboFix2.txt 2010-09-12 22:25

    Avant-CF: 29 288 906 752 octets libres
    Après-CF: 29 384 892 416 octets libres

    - - End Of File - - 94991C453D8B2329C5137A401EF72C43
    14 Septembre 2010 21:11:10

    re
    Citation :
    c:\windows\system32\drivers\tayudvzm.sys . . . . impossible à supprimer

    Il colle, on va faire autrement,
    télécharger avenger et l'enregistrer sur ton bureau

    http://swandog46.geekstogo.com/avenger2/avenger.zip






    2• extrait , dezippe le fichier , ça depend de ton extracteur de fichier zip , generalement clic droit , extraire ici



    3• Avis!!!! /!\ il est important de bien tout suivre scrupuleusement et à la lettre /!\

    double clic alors sur l'epée avenger,sous vista clic droit executer en tant qu'administrateur, accepte par ok au message kernel truc qui s'affiche et clic droit copier l'integralité du cadre ci dessous

    Files to delete:
    c:\windows\system32\drivers\tayudvzm.sys



    puis Dans le cadre , sous input script here: ,clic droit coller et clic execute




    *Après le re-démarrage, il crée un fichier log qui s'ouvrira, faisant apparaitre les actions exécutées par The Avenger. Ce fichier log se trouve ici : C:\avenger.txt
    * The Avenger aura également sauvegardé tous les fichiers, etc., que vous lui avez demandé de supprimer, les aura compactés (zipped) et tranféré l'archive zip ici : C:\avenger\backup.zip.

    15 Septembre 2010 20:15:37

    RE! Voila je post le rapport XD


    Logfile of The Avenger Version 2.0, (c) by Swandog46
    http://swandog46.geekstogo.com

    Platform: Windows Vista

    *******************

    Script file opened successfully.
    Script file read successfully.

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    Rootkit scan active.
    No rootkits found!

    File "c:\windows\system32\drivers\tayudvzm.sys" deleted successfully.

    Completed script processing.

    *******************

    Finished! Terminate.

    Il a été supprimer !
    Merci de votre aide =)
    15 Septembre 2010 21:49:35

    re
    on va vérifier...

    1

    Télécharge SystemLook à partir d'un des liens ci dessous sur ton Bureau.
    http://jpshortstuff.247fixes.com/SystemLook.exe

    * Double-click SystemLook.exe pour le lancer.
    * Clic droit/copier le contenu du cadre ci dessous ,et clic droit/coller dans le cadre blanc de SystemLook:

    :filefind
    tayudvzm.sys


    * Click le bouton Look pour commencer le scan.
    * Copie-colle dans ta prochaine réponse le rapport\contenu du fichier texte qui s'affiche

    Note: Le rapport peut aussi être trouvé sur ton Bureau nommé SystemLook.txt


    2

    Télécharge GMER à partir de ce lien : http://www.gmer.net/files.php - clic sur "Download EXE" et télécharge le fichier sur ton bureau.
    Voir le tutorial GMER, ça peut peut-être t'aider : http://www.malekal.com/tutorial_GMER.php

  • Désactive tes logiciels de protection (antivirus, antispyware etc) et ferme tous les programmes ouverts.
  • Double-clique sur le fichier GMER téléchargé.
    IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
  • Clique sur l'onglet "rootkit"
  • A droite, coche tout.
  • Clique maintenant sur Scan.
  • Lorsque le scan est terminé, clique sur Copy.
  • Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
    Le rapport doit alors apparaître.
  • Enregistre le fichier sur ton Bureau et poste le contenu ici.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS