Franzo

Bonjour, J'ai exécuté le script combofix hier soir ; après le scan, il a tenté un redémarrage, mais s'est planté : j'ai dû redémarrer "à la main" et je n'ai pas eu de rapport final... MAIS depuis, Antivir ne détecte plus rien, et se met à jour automatiquement, ce qu'il ne faisait pas avant ! J'ai donc l'impression qu'on est venu à bout de la vermine. Pensez-vous que je dois quand-même réexécuter quelque chose pour terminer la procédure "proprement" ? Sans modifications de l'état actuel, je considérerai donc mon problème comme résolu Je souhaite vous remercier, Pear, pour votre implication et pour le temps que vous avez passé à m'aider. Vous méritez en tout cas un ballotin de pralines virtuel (traduction française : "une boîte de chocolats belges) .

Voici le résultat du "reg.bat" (où on voit le fameux "ilb.old") - je m'occuperai du nettoyage combofix ce soir ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Currentversion\Drivers32 midimapper REG_SZ midimap.dll msacm.imaadpcm REG_SZ imaadp32.acm msacm.msadpcm REG_SZ msadp32.acm msacm.msg711 REG_SZ msg711.acm msacm.msgsm610 REG_SZ msgsm32.acm msacm.trspch REG_SZ tssoft32.acm vidc.cvid REG_SZ iccvid.dll VIDC.I420 REG_SZ msh263.drv vidc.iv31 REG_SZ ir32_32.dll vidc.iv32 REG_SZ ir32_32.dll vidc.iv41 REG_SZ ir41_32.ax VIDC.IYUV REG_SZ iyuv_32.dll vidc.mrle REG_SZ msrle32.dll vidc.msvc REG_SZ msvidc32.dll VIDC.UYVY REG_SZ msyuv.dll VIDC.YUY2 REG_SZ msyuv.dll VIDC.YVU9 REG_SZ tsbyuv.dll VIDC.YVYU REG_SZ msyuv.dll wavemapper REG_SZ msacm32.drv msacm.msg723 REG_SZ msg723.acm vidc.M263 REG_SZ msh263.drv vidc.M261 REG_SZ msh261.drv msacm.msaudio1 REG_SZ msaud32.acm msacm.sl_anet REG_SZ sl_anet.acm msacm.iac2 REG_SZ C:\WINDOWS\system32\iac25_32.ax vidc.iv50 REG_SZ ir50_32.dll msacm.l3acm REG_SZ C:\WINDOWS\system32\l3codeca.acm msacm.voxacm160 REG_SZ vct3216.acm msacm.scg726 REG_SZ scg726.acm msacm.alf2cd REG_SZ alf2cd.acm msacm.ac3acm REG_SZ AC3ACM.acm vidc.dvsd REG_SZ mcdvd_32.dll vidc.xvid REG_SZ xvidvfw.dll vidc.DIVX REG_SZ DivX.dll vidc.mpg4 REG_SZ mpg4c32.dll vidc.mp42 REG_SZ mpg4c32.dll vidc.mp43 REG_SZ mpg4c32.dll msacm.lhacm REG_SZ lhacm.acm MSVideo8 REG_SZ VfWWDM32.dll aux REG_SZ wdmaud.drv midi REG_SZ wdmaud.drv mixer REG_SZ wdmaud.drv wave REG_SZ wdmaud.drv wave1 REG_SZ serwvdrv.dll midi9 REG_SZ C:\DOCUME~1\$MONNOM~1\LOCALS~1\Temp\ilb.old 2yGBEBNEED HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Currentversion\Drivers32\Terminal Server HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Currentversion\Drivers32\Terminal Server\RDP wave REG_SZ rdpsnd.dll mixer REG_SZ rdpsnd.dll MaxBandwidth REG_DWORD 0x56b9 wavemapper REG_SZ msacm32.drv EnableMP3Codec REG_DWORD 0x1 midimapper REG_SZ midimap.dll

Bonjour, 2 infos en plus du rapport précédent : 1° depuis l'exécution du script combofix, le Guard d'Antivir ne détecte plus TR/Spy.Gen2 Trojan, mais TR/Kates.AO Trojan 2° j'ai désinstallé/réinstallé Antivir et effectué un scan complet cette nuit, après désactivation de la restauration système. Il ne bloque plus sur le répertoire "System Volume Information", et voici le rapport : Avira AntiVir Personal Report file date: jeudi 18 février 2010 00:35 Scanning for 1769573 virus strains and unwanted programs. Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : PAPOU Version information: BUILD.DAT : 9.0.0.415 21609 Bytes 08/11/2009 10:00:00 AVSCAN.EXE : 9.0.3.10 466689 Bytes 13/10/2009 10:26:33 AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 09:58:24 LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:49 LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 09:58:52 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 16:47:14 VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 16:47:16 VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 16:47:16 VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 16:47:16 VBASE004.VDF : 7.10.3.76 2048 Bytes 26/01/2010 16:47:16 VBASE005.VDF : 7.10.3.77 2048 Bytes 26/01/2010 16:47:16 VBASE006.VDF : 7.10.3.78 2048 Bytes 26/01/2010 16:47:16 VBASE007.VDF : 7.10.3.79 2048 Bytes 26/01/2010 16:47:16 VBASE008.VDF : 7.10.3.80 2048 Bytes 26/01/2010 16:47:16 VBASE009.VDF : 7.10.3.81 2048 Bytes 26/01/2010 16:47:16 VBASE010.VDF : 7.10.3.82 2048 Bytes 26/01/2010 16:47:16 VBASE011.VDF : 7.10.3.83 2048 Bytes 26/01/2010 16:47:16 VBASE012.VDF : 7.10.3.84 2048 Bytes 26/01/2010 16:47:16 VBASE013.VDF : 7.10.3.85 2048 Bytes 26/01/2010 16:47:16 VBASE014.VDF : 7.10.3.122 172544 Bytes 29/01/2010 16:47:16 VBASE015.VDF : 7.10.3.149 79872 Bytes 01/02/2010 16:47:16 VBASE016.VDF : 7.10.3.174 68608 Bytes 03/02/2010 16:47:16 VBASE017.VDF : 7.10.3.199 76800 Bytes 04/02/2010 16:47:16 VBASE018.VDF : 7.10.3.222 64512 Bytes 05/02/2010 16:47:16 VBASE019.VDF : 7.10.3.243 75776 Bytes 08/02/2010 16:47:16 VBASE020.VDF : 7.10.4.6 81920 Bytes 09/02/2010 16:47:16 VBASE021.VDF : 7.10.4.30 78848 Bytes 11/02/2010 16:47:16 VBASE022.VDF : 7.10.4.50 107520 Bytes 15/02/2010 16:47:16 VBASE023.VDF : 7.10.4.62 105472 Bytes 15/02/2010 16:47:16 VBASE024.VDF : 7.10.4.63 2048 Bytes 15/02/2010 16:47:16 VBASE025.VDF : 7.10.4.64 2048 Bytes 15/02/2010 16:47:16 VBASE026.VDF : 7.10.4.65 2048 Bytes 15/02/2010 16:47:16 VBASE027.VDF : 7.10.4.66 2048 Bytes 15/02/2010 16:47:16 VBASE028.VDF : 7.10.4.67 2048 Bytes 15/02/2010 16:47:16 VBASE029.VDF : 7.10.4.68 2048 Bytes 15/02/2010 16:47:16 VBASE030.VDF : 7.10.4.69 2048 Bytes 15/02/2010 16:47:16 VBASE031.VDF : 7.10.4.83 120320 Bytes 17/02/2010 16:47:16 Engineversion : 8.2.1.170 AEVDF.DLL : 8.1.1.3 106868 Bytes 17/02/2010 16:47:14 AESCRIPT.DLL : 8.1.3.15 827771 Bytes 17/02/2010 16:47:14 AESCN.DLL : 8.1.4.0 127348 Bytes 17/02/2010 16:47:14 AESBX.DLL : 8.1.1.1 246132 Bytes 17/02/2010 16:47:14 AERDL.DLL : 8.1.4.2 479602 Bytes 17/02/2010 16:47:14 AEPACK.DLL : 8.2.0.8 426357 Bytes 17/02/2010 16:47:14 AEOFFICE.DLL : 8.1.0.38 196987 Bytes 17/02/2010 16:47:14 AEHEUR.DLL : 8.1.1.5 2326901 Bytes 17/02/2010 16:47:14 AEHELP.DLL : 8.1.10.0 237942 Bytes 17/02/2010 16:47:14 AEGEN.DLL : 8.1.1.86 369012 Bytes 17/02/2010 16:47:14 AEEMU.DLL : 8.1.1.0 393587 Bytes 17/02/2010 16:47:14 AECORE.DLL : 8.1.11.1 184694 Bytes 17/02/2010 16:47:14 AEBB.DLL : 8.1.0.3 53618 Bytes 17/02/2010 16:47:14 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:59 AVPREF.DLL : 9.0.3.0 44289 Bytes 26/08/2009 14:14:02 AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28 AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 09:32:09 AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:41 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:37:08 SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:21:33 NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 09:32:10 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15/05/2009 14:39:58 RCTEXT.DLL : 9.0.73.0 86785 Bytes 13/10/2009 11:25:47 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, F:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR, Start of the scan: jeudi 18 février 2010 00:35 Starting search for hidden objects. '52382' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'msmsgs.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'zlclient.exe' - '0' Module(s) have been scanned Scan process 'ProfilerU.exe' - '1' Module(s) have been scanned Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned Scan process 'wscntfy.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sqlwriter.exe' - '1' Module(s) have been scanned Scan process 'sqlservr.exe' - '1' Module(s) have been scanned Scan process 'jqs.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'vsmon.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 34 processes with 34 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Master boot sector HD2 [iNFO] No virus was found! Master boot sector HD3 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'F:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '57' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\Documents and Settings\$Mon Nom$\Local Settings\temp\ilb.old [DETECTION] Is the TR/Kates.AO Trojan Begin scan in 'F:\' <Philips External Hard Disk> Beginning disinfection: C:\Documents and Settings\$Mon Nom$\Local Settings\temp\ilb.old [DETECTION] Is the TR/Kates.AO Trojan [NOTE] The file was moved to '4bdee30e.qua'! End of the scan: jeudi 18 février 2010 07:48 Used time: 4:37:26 Hour(s) The scan has been done completely. 37216 Scanned directories 989140 Files were scanned 1 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 1 Files were moved to quarantine 0 Files were renamed 1 Files cannot be scanned 989138 Files not concerned 4179 Archives were scanned 1 Warnings 2 Notes 52382 Objects were scanned with rootkit scan 0 Hidden objects were found

Voici : ComboFix 10-02-12.01 - $Mon Nom$ 17/02/2010 19:03:25.3.2 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2046.1624 [GMT 1:00] Lancé depuis: c:\documents and settings\$Mon Nom$\Bureau\cbf.exe Commutateurs utilisés :: c:\documents and settings\$Mon Nom$\Bureau\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . ((((((((((((((((((((((((((((( Fichiers créés du 2010-01-17 au 2010-02-17 )))))))))))))))))))))))))))))))))))) . 2010-02-17 17:54 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-02-17 17:54 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-02-17 17:54 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-02-17 17:54 . 2010-02-17 17:54 -------- d-----w- c:\program files\Avira 2010-02-17 17:54 . 2010-02-17 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-02-16 21:34 . 2010-02-17 11:32 -------- d-----w- c:\program files\SH3 Commander 2010-02-16 10:50 . 2010-02-16 11:14 -------- d-----w- C:\631-CF 2010-02-08 18:41 . 2010-02-08 18:41 -------- d-----w- c:\program files\uTorrent 2010-02-08 18:40 . 2010-02-16 21:06 -------- d-----w- c:\documents and settings\$Mon Nom$\Application Data\uTorrent 2010-02-06 19:51 . 2010-02-06 19:51 -------- d-----w- c:\program files\Microsoft Speech SDK 5.1 2010-02-06 10:44 . 2007-06-25 14:02 475136 ----a-w- c:\windows\system32\SkinCrafter2.dll 2010-02-06 10:44 . 2006-08-01 14:01 438272 ----a-w- c:\windows\system32\SkinCrafter.dll 2010-02-06 10:44 . 2003-11-13 15:44 319488 ----a-w- c:\windows\system32\PolarZIPLight.dll 2010-02-06 10:44 . 2001-04-19 13:04 53248 ----a-w- c:\windows\system32\PRNGMIT.dll 2010-02-06 10:44 . 2003-06-22 18:57 94208 ----a-w- c:\windows\system32\CMDLGD6.dll 2010-02-06 10:33 . 2010-02-06 10:33 -------- d-----w- c:\program files\Aerosoft 2010-02-06 10:33 . 2002-03-13 21:46 53248 ----a-w- c:\windows\system32\zlib.dll 2010-02-03 20:06 . 2010-02-03 20:08 -------- d-----w- C:\Gmer 2010-02-03 19:40 . 2010-02-03 19:40 -------- d-----w- c:\program files\Navigraph 2010-02-03 17:28 . 2008-04-14 02:33 401408 ----a-w- c:\windows\system32\Copie de cmd.exe 2010-02-02 16:38 . 2010-02-02 16:38 -------- d-----w- c:\program files\iPod 2010-02-02 16:38 . 2010-02-02 16:39 -------- d-----w- c:\program files\iTunes 2010-02-01 18:09 . 2010-02-01 18:09 -------- d-----w- C:\_OTM 2010-02-01 17:34 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-02-01 17:34 . 2010-02-05 07:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-02-01 17:34 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-02-01 17:00 . 2010-02-01 17:00 -------- d-----w- c:\program files\7-Zip 2010-02-01 12:35 . 2010-02-01 12:35 -------- d-----w- c:\program files\gpedit 2010-02-01 11:58 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-01-31 23:48 . 2010-01-31 23:48 -------- d-----w- c:\documents and settings\$Mon Nom$\Application Data\IVAO 2010-01-31 10:53 . 2010-01-31 10:53 83040 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2010-01-31 10:52 . 2010-01-31 10:52 -------- d-----w- C:\15b4ce481bf7572184226a55f2b4 2010-01-31 10:30 . 2010-01-31 10:31 -------- d-----w- c:\program files\Fichiers communs\Merge Modules 2010-01-31 10:30 . 2010-01-31 10:32 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0 2010-01-31 10:29 . 2010-01-31 10:29 -------- d-----w- c:\program files\Microsoft SDKs 2010-01-31 09:42 . 2010-01-31 09:42 -------- d-----w- c:\documents and settings\$Mon Nom$\Local Settings\Application Data\{DD4E68DA-DBCD-4C1F-B85E-FF8A7BEBE383} 2010-01-31 09:35 . 2010-01-31 09:35 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-01-31 08:44 . 2009-10-15 16:32 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll 2010-01-31 08:44 . 2009-10-15 16:32 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll 2010-01-31 08:43 . 2009-11-21 15:58 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll 2010-01-31 08:40 . 2009-06-21 21:47 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2010-01-31 08:39 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2010-01-31 08:37 . 2008-12-16 12:31 354304 -c----w- c:\windows\system32\dllcache\winhttp.dll 2010-01-31 08:37 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe 2010-01-31 08:37 . 2009-03-06 14:20 286720 -c----w- c:\windows\system32\dllcache\pdh.dll 2010-01-31 08:37 . 2009-02-09 11:23 111104 -c----w- c:\windows\system32\dllcache\services.exe 2010-01-31 08:37 . 2009-02-09 10:53 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll 2010-01-31 08:37 . 2009-02-09 10:53 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll 2010-01-31 08:37 . 2009-06-25 08:26 736768 -c----w- c:\windows\system32\dllcache\lsasrv.dll 2010-01-31 08:37 . 2009-02-09 10:53 739840 -c----w- c:\windows\system32\dllcache\ntdll.dll 2010-01-31 08:37 . 2009-02-09 10:53 685568 -c----w- c:\windows\system32\dllcache\advapi32.dll 2010-01-31 08:37 . 2009-02-09 10:53 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll 2010-01-31 08:37 . 2008-04-21 21:15 219136 -c----w- c:\windows\system32\dllcache\wordpad.exe 2010-01-31 08:36 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2010-01-31 08:36 . 2009-07-31 04:33 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll 2010-01-31 00:28 . 2010-01-31 10:01 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-01-30 18:58 . 2010-01-30 18:58 -------- d-----w- c:\documents and settings\$Mon Nom$\Application Data\AVG8 2010-01-30 18:41 . 2008-04-14 02:33 221184 ----a-w- c:\windows\system32\wmpns.dll 2010-01-30 18:31 . 2010-01-30 18:31 -------- d-----w- c:\windows\l2schemas 2010-01-30 18:31 . 2010-01-30 18:31 -------- d-----w- c:\windows\system32\fr 2010-01-30 18:31 . 2010-01-30 18:31 -------- d-----w- c:\windows\system32\bits 2010-01-30 18:29 . 2010-01-30 18:31 -------- d-----w- c:\windows\ServicePackFiles 2010-01-30 18:26 . 2010-01-30 18:26 -------- d-----w- c:\windows\EHome 2010-01-30 18:20 . 2004-08-19 14:53 701440 ------w- c:\windows\system32\drivers\ati2mtag.sys 2010-01-30 15:38 . 2010-01-30 15:38 -------- d-----w- C:\2cd10e07c9020563c6b699295a 2010-01-23 15:11 . 2010-02-06 19:50 -------- d-----w- C:\Tempix 2010-01-23 14:44 . 2010-02-12 13:32 -------- d-----w- c:\program files\Medieval II Total War 2010-01-19 14:02 . 2010-01-19 14:04 -------- d-----w- c:\program files\NCalc5 2010-01-19 12:14 . 2010-01-19 12:14 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Application Updater 2010-01-19 12:02 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll 2010-01-19 12:02 . 1998-07-13 00:08 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL 2010-01-19 12:02 . 2010-01-19 12:15 -------- d-----w- c:\program files\PDFCreator 2010-01-19 12:02 . 1998-07-13 00:08 59904 ----a-w- c:\windows\system32\MSCC2FR.DLL 2010-01-19 12:02 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-17 18:37 . 2008-10-26 13:18 63879200 --sha-w- c:\windows\system32\drivers\fidbox.dat 2010-02-17 18:21 . 2008-10-26 13:18 753716 --sha-w- c:\windows\system32\drivers\fidbox.idx 2010-02-17 17:38 . 2006-12-23 15:00 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-02-16 14:35 . 2006-12-27 08:22 -------- d-----w- c:\program files\Flight Simulator 9 2010-02-12 19:29 . 2009-02-07 09:43 -------- d-----w- c:\program files\TOPCAT 2010-02-06 20:40 . 2008-12-14 19:11 -------- d-----w- c:\program files\Microsoft Silverlight 2010-02-03 19:40 . 2010-01-03 16:33 -------- d-----w- c:\documents and settings\$Mon Nom$\Application Data\Navigraph 2010-02-02 19:36 . 2009-09-03 15:26 -------- d-----w- c:\program files\Microsoft Games 2010-02-02 16:38 . 2009-08-08 18:09 -------- d-----w- c:\program files\Fichiers communs\Apple 2010-02-01 12:26 . 2007-05-05 11:14 -------- d-----w- c:\documents and settings\$Mon Nom$\Application Data\Skype 2010-01-31 23:48 . 2007-03-09 14:24 -------- d-----w- c:\program files\IVAO 2010-01-31 11:32 . 2006-12-26 15:34 27240 ----a-w- c:\documents and settings\$Mon Nom$\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-01-31 10:59 . 2007-08-31 11:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-01-31 10:52 . 2006-03-02 12:00 557032 ----a-w- c:\windows\system32\perfh00C.dat 2010-01-31 10:52 . 2006-03-02 12:00 102168 ----a-w- c:\windows\system32\perfc00C.dat 2010-01-31 10:34 . 2007-08-31 11:36 -------- d-----w- c:\program files\Microsoft SQL Server 2010-01-31 10:30 . 2007-08-31 11:33 -------- d-----w- c:\program files\Microsoft.NET 2010-01-31 10:10 . 2009-08-18 15:45 -------- d-----w- c:\program files\FSC 2010-01-31 10:10 . 2007-04-24 20:42 -------- d-----w- c:\documents and settings\$Mon Nom$\Application Data\DeepBurner 2010-01-30 21:14 . 2009-08-28 10:32 -------- d-----w- c:\program files\Microsoft Flight Simulator X 2010-01-30 18:34 . 2006-12-23 14:36 76507 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-01-21 20:08 . 2007-03-09 14:40 -------- d-----w- c:\documents and settings\$Mon Nom$\Application Data\teamspeak2 2010-01-17 19:17 . 2009-01-29 19:38 -------- d-----w- c:\documents and settings\$Mon Nom$\Application Data\gtk-2.0 2010-01-13 15:51 . 2010-01-13 15:51 -------- d-----w- c:\program files\ISO Image Burner 2010-01-10 13:55 . 2007-03-20 15:20 -------- d-----w- c:\documents and settings\$Mon Nom$\Application Data\Free Download Manager 2010-01-05 09:56 . 2006-03-02 12:00 832512 ------w- c:\windows\system32\wininet.dll 2010-01-05 09:56 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-01-05 09:56 . 2006-03-02 12:00 17408 ------w- c:\windows\system32\corpol.dll 2010-01-04 08:05 . 2006-12-28 16:05 -------- d-----w- c:\program files\Fichiers communs\Adobe 2010-01-02 22:35 . 2009-08-19 16:01 -------- d-----w- c:\program files\rcv4 2010-01-02 22:21 . 2009-08-26 15:16 -------- d-----w- c:\program files\FS Reliability Factor 2009-12-24 22:33 . 2009-10-07 20:13 18960 ---ha-w- c:\windows\system32\mlfcache.dat 2009-12-24 14:32 . 2008-12-22 15:56 -------- d-----w- c:\program files\Civilization 4 2009-12-23 09:33 . 2009-12-23 09:14 -------- d-----w- c:\program files\Brother's Keeper 6 2009-12-21 19:46 . 2009-12-21 19:46 -------- d-----w- c:\documents and settings\$Mon Nom$\Application Data\OpenOffice.org 2009-12-21 19:37 . 2009-12-21 19:37 -------- d-----w- c:\program files\OpenOffice.org 3 2009-12-21 19:36 . 2006-12-28 16:09 -------- d-----w- c:\program files\OpenOffice.org 2.1 2009-12-21 19:34 . 2006-12-28 16:13 -------- d-----w- c:\documents and settings\$Mon Nom$\Application Data\OpenOffice.org2 2009-12-04 07:53 . 2008-12-21 08:56 12401307 ----a-w- c:\windows\Internet Logs\tvDebug.zip 2009-11-21 15:58 . 2006-03-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll 1998-09-25 12:16 . 2010-01-03 11:31 270848 ----a-w- c:\program files\UNWISE.EXE 2009-08-29 07:21 . 2009-08-29 07:21 90 --sh--w- c:\windows\cnerolf.bin 2006-12-27 10:55 . 2006-12-27 10:55 90 --sh--w- c:\windows\cnerolf.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SW20"="c:\windows\system32\sw20.exe" [2006-05-18 208896] "SW24"="c:\windows\system32\sw24.exe" [2006-05-17 69632] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776] "Profiler"="c:\program files\Saitek\Software\ProfilerU.exe" [2005-10-18 163840] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-12 1657376] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2007-5-11 738968] Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2008-10-15 39792] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "midi9"=c:\docume~1\OTTENF~1\LOCALS~1\Temp\ilb.old 2yGBEBNEED [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] 2009-03-02 11:08 209153 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-01-22 18:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2007-03-30 11:34 25263144 ----a-w- c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Flight Simulator 9\\fs9.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\Program Files\\IVAO\\IvAp\\ivapnetint.exe"= "c:\\Program Files\\Teamspeak2_RC2\\TeamSpeak.exe"= "c:\\Program Files\\IVAO\\IvAe\\IvAe.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Civilization 4\\Civilization4.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [31/01/2010 10:35 360584] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [17/02/2010 18:54 108289] R3 rxpvbus;Reality XP Avionics Bus Driver;c:\windows\system32\drivers\rxpvbus.sys [4/11/2005 8:35 44032] S2 avg9wd;AVG Free WatchDog;"c:\program files\AVG\AVG9\avgwdsvc.exe" --> c:\program files\AVG\AVG9\avgwdsvc.exe [?] S3 Asushwio;Asushwio;c:\windows\system32\drivers\ASUSHWIO.SYS [23/12/2006 15:47 5824] S3 chdrvr01;CH Control Manager Driver 1;c:\windows\system32\DRIVERS\chdrvr01.sys --> c:\windows\system32\DRIVERS\chdrvr01.sys [?] S3 chdrvr02;CH Control Manager Driver 2;c:\windows\system32\DRIVERS\chdrvr02.sys --> c:\windows\system32\DRIVERS\chdrvr02.sys [?] S3 chdrvr03;CH Control Manager Driver 3;c:\windows\system32\DRIVERS\chdrvr03.sys --> c:\windows\system32\DRIVERS\chdrvr03.sys [?] S3 SaiH075C;SaiH075C;c:\windows\system32\drivers\SaiH075C.sys [13/03/2007 13:58 176640] S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?] S3 UXDCMN;UXDCMN;\??\c:\documents and settings\$Mon Nom$\Bureau\Ultra-X Winstress\UXDCMN.SYS --> c:\documents and settings\$Mon Nom$\Bureau\Ultra-X Winstress\UXDCMN.SYS [?] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - SSMDRV . Contenu du dossier 'Tâches planifiées' 2010-02-08 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html FF - ProfilePath - c:\documents and settings\$Mon Nom$\Application Data\Mozilla\Firefox\Profiles\0b4rrv2y.default\ FF - prefs.js: browser.startup.homepage - about:blank FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-17 19:35 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(2460) c:\windows\system32\msi.dll c:\windows\system32\eappprxy.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\wscntfy.exe c:\windows\system32\RUNDLL32.EXE . ************************************************************************** . Heure de fin: 2010-02-17 19:46:40 - La machine a redémarré ComboFix-quarantined-files.txt 2010-02-17 18:46 ComboFix2.txt 2010-02-16 11:14 Avant-CF: 44 554 399 744 octets libres Après-CF: 44 510 818 304 octets libres Current=2 Default=2 Failed=1 LastKnownGood=3 Sets=1,2,3,4 - - End Of File - - E0C3D3681D6C2AD4BF63440811D0EBE1

Notes : L'installation s'est passée de manière un peu différente (quasi automatique, je n'ai pas eu à relancer combofix). Durant l'exécution, j'ai eu un plantage du processus "pev.cfxxe" Voici le rapport : ComboFix 10-02-12.01 - $Mon Nom$ 16/02/2010 12:03:33.1.2 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2046.1469 [GMT 1:00] Lancé depuis: c:\documents and settings\$Mon Nom$\Bureau\631-CF.exe AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\INSTALL.LOG C:\Thumbs.db c:\windows\regedit.com c:\windows\system32\Drivers\gkotb.sys c:\windows\system32\SCLabel.ocx . ((((((((((((((((((((((((((((( Fichiers créés du 2010-01-16 au 2010-02-16 )))))))))))))))))))))))))))))))))))) . 2010-02-08 18:41 . 2010-02-08 18:41 -------- d-----w- c:\program files\uTorrent 2010-02-08 18:40 . 2010-02-13 09:48 -------- d-----w- c:\documents and settings\$Mon Nom$\Application Data\uTorrent 2010-02-06 19:51 . 2010-02-06 19:51 -------- d-----w- c:\program files\Microsoft Speech SDK 5.1 2010-02-06 10:44 . 2007-06-25 14:02 475136 ----a-w- c:\windows\system32\SkinCrafter2.dll 2010-02-06 10:44 . 2006-08-01 14:01 438272 ----a-w- c:\windows\system32\SkinCrafter.dll 2010-02-06 10:44 . 2003-11-13 15:44 319488 ----a-w- c:\windows\system32\PolarZIPLight.dll 2010-02-06 10:44 . 2001-04-19 13:04 53248 ----a-w- c:\windows\system32\PRNGMIT.dll 2010-02-06 10:44 . 2003-06-22 18:57 94208 ----a-w- c:\windows\system32\CMDLGD6.dll 2010-02-06 10:33 . 2010-02-06 10:33 -------- d-----w- c:\program files\Aerosoft 2010-02-06 10:33 . 2002-03-13 21:46 53248 ----a-w- c:\windows\system32\zlib.dll 2010-02-05 12:13 . 2010-02-03 13:45 53618 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aebb.dll 2010-02-03 20:06 . 2010-02-03 20:08 -------- d-----w- C:\Gmer 2010-02-03 19:41 . 2010-02-03 19:41 74083 ----a-r- c:\documents and settings\$Mon Nom$\Application Data\Microsoft\Installer\{304A07DC-4B92-49C6-BC06-DDB8044E91C1}\ARPPRODUCTICON.exe 2010-02-03 19:41 . 2010-02-03 19:41 73728 ----a-r- c:\documents and settings\$Mon Nom$\Application Data\Microsoft\Installer\{304A07DC-4B92-49C6-BC06-DDB8044E91C1}\ndac.exe1_0D54DE165360499A9175C95A7F3C5401.exe 2010-02-03 19:41 . 2010-02-03 19:41 73728 ----a-r- c:\documents and settings\$Mon Nom$\Application Data\Microsoft\Installer\{304A07DC-4B92-49C6-BC06-DDB8044E91C1}\ndac.exe_0BD1ADA496834929AD856F9834E3E161.exe 2010-02-03 19:40 . 2010-02-03 19:40 -------- d-----w- c:\program files\Navigraph 2010-02-03 17:28 . 2008-04-14 02:33 401408 ----a-w- c:\windows\system32\Copie de cmd.exe 2010-02-02 16:38 . 2010-02-02 16:38 -------- d-----w- c:\program files\iPod 2010-02-02 16:38 . 2010-02-02 16:39 -------- d-----w- c:\program files\iTunes 2010-02-01 18:09 . 2010-02-01 18:09 -------- d-----w- C:\_OTM 2010-02-01 17:34 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-02-01 17:34 . 2010-02-05 07:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-02-01 17:34 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-02-01 17:00 . 2010-02-01 17:00 -------- d-----w- c:\program files\7-Zip 2010-02-01 12:35 . 2010-02-01 12:35 -------- d-----w- c:\program files\gpedit 2010-02-01 11:58 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-02-01 11:58 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-02-01 11:58 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-02-01 11:58 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-02-01 11:58 . 2010-02-01 11:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-02-01 11:58 . 2010-02-01 11:58 -------- d-----w- c:\program files\Avira 2010-01-31 23:48 . 2010-01-31 23:48 -------- d-----w- c:\documents and settings\$Mon Nom$\Application Data\IVAO 2010-01-31 10:53 . 2010-01-31 10:53 83040 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2010-01-31 10:52 . 2010-01-31 10:52 -------- d-----w- C:\15b4ce481bf7572184226a55f2b4 2010-01-31 10:33 . 2010-01-31 10:59 113280 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VCExpress\9.0\1036\ResourceCache.dll 2010-01-31 10:33 . 2010-01-31 10:58 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1036\ResourceCache.dll 2010-01-31 10:30 . 2010-01-31 10:31 -------- d-----w- c:\program files\Fichiers communs\Merge Modules 2010-01-31 10:30 . 2010-01-31 10:32 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0 2010-01-31 10:29 . 2010-01-31 10:29 -------- d-----w- c:\program files\Microsoft SDKs 2010-01-31 09:42 . 2010-01-31 09:42 -------- d-----w- c:\documents and settings\$Mon Nom$\Local Settings\Application Data\{DD4E68DA-DBCD-4C1F-B85E-FF8A7BEBE383} 2010-01-31 09:35 . 2010-01-31 09:35 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-01-31 08:44 . 2009-10-15 16:32 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll 2010-01-31 08:44 . 2009-10-15 16:32 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll 2010-01-31 08:43 . 2009-11-21 15:58 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll 2010-01-31 08:40 . 2009-06-21 21:47 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2010-01-31 08:39 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2010-01-31 08:37 . 2008-12-16 12:31 354304 -c----w- c:\windows\system32\dllcache\winhttp.dll 2010-01-31 08:37 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe 2010-01-31 08:37 . 2009-03-06 14:20 286720 -c----w- c:\windows\system32\dllcache\pdh.dll 2010-01-31 08:37 . 2009-02-09 11:23 111104 -c----w- c:\windows\system32\dllcache\services.exe 2010-01-31 08:37 . 2009-02-09 10:53 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll 2010-01-31 08:37 . 2009-02-09 10:53 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll 2010-01-31 08:37 . 2009-06-25 08:26 736768 -c----w- c:\windows\system32\dllcache\lsasrv.dll 2010-01-31 08:37 . 2009-02-09 10:53 739840 -c----w- c:\windows\system32\dllcache\ntdll.dll 2010-01-31 08:37 . 2009-02-09 10:53 685568 -c----w- c:\windows\system32\dllcache\advapi32.dll 2010-01-31 08:37 . 2009-02-09 10:53 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll 2010-01-31 08:37 . 2008-04-21 21:15 219136 -c----w- c:\windows\system32\dllcache\wordpad.exe 2010-01-31 08:36 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2010-01-31 08:36 . 2009-07-31 04:33 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll 2010-01-31 00:28 . 2010-01-31 10:01 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-01-30 18:58 . 2010-01-30 18:58 -------- d-----w- c:\documents and settings\$Mon Nom$\Application Data\AVG8 2010-01-30 18:41 . 2008-04-14 02:33 221184 ----a-w- c:\windows\system32\wmpns.dll 2010-01-30 18:31 . 2010-01-30 18:31 -------- d-----w- c:\windows\l2schemas 2010-01-30 18:31 . 2010-01-30 18:31 -------- d-----w- c:\windows\system32\fr 2010-01-30 18:31 . 2010-01-30 18:31 -------- d-----w- c:\windows\system32\bits 2010-01-30 18:29 . 2010-01-30 18:31 -------- d-----w- c:\windows\ServicePackFiles 2010-01-30 18:26 . 2010-01-30 18:26 -------- d-----w- c:\windows\EHome 2010-01-30 18:20 . 2004-08-19 14:53 701440 ------w- c:\windows\system32\drivers\ati2mtag.sys 2010-01-30 15:38 . 2010-01-30 15:38 -------- d-----w- C:\2cd10e07c9020563c6b699295a 2010-01-23 15:11 . 2010-02-06 19:50 -------- d-----w- C:\Tempix 2010-01-23 14:44 . 2010-02-12 13:32 -------- d-----w- c:\program files\Medieval II Total War 2010-01-22 18:51 . 2010-01-22 18:51 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe 2010-01-19 14:02 . 2010-01-19 14:04 -------- d-----w- c:\program files\NCalc5 2010-01-19 12:14 . 2010-01-19 12:14 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Application Updater 2010-01-19 12:02 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll 2010-01-19 12:02 . 1998-07-13 00:08 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL 2010-01-19 12:02 . 2010-01-19 12:15 -------- d-----w- c:\program files\PDFCreator 2010-01-19 12:02 . 1998-07-13 00:08 59904 ----a-w- c:\windows\system32\MSCC2FR.DLL 2010-01-19 12:02 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-16 11:12 . 2008-10-26 13:18 62650400 --sha-w- c:\windows\system32\drivers\fidbox.dat 2010-02-16 10:41 . 2009-12-21 19:46 1 ----a-w- c:\documents and settings\$Mon Nom$\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-02-15 20:27 . 2008-10-26 13:18 738236 --sha-w- c:\windows\system32\drivers\fidbox.idx 2010-02-12 19:29 . 2009-02-07 09:43 -------- d-----w- c:\program files\TOPCAT 2010-02-06 20:40 . 2008-12-14 19:11 -------- d-----w- c:\program files\Microsoft Silverlight 2010-02-06 10:33 . 2006-12-23 15:00 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-02-03 21:11 . 2006-12-27 08:22 -------- d-----w- c:\program files\Flight Simulator 9 2010-02-03 19:40 . 2010-01-03 16:33 -------- d-----w- c:\documents and settings\$Mon Nom$\Application Data\Navigraph 2010-02-03 13:45 . 2010-02-03 16:57 823674 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aescript.dll 2010-02-03 13:45 . 2010-02-03 16:57 479605 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aerdl.dll 2010-02-03 13:45 . 2010-02-03 16:57 246132 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aesbx.dll 2010-02-03 13:45 . 2010-02-03 16:57 127348 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aescn.dll 2010-02-03 13:45 . 2010-02-03 16:57 106868 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aevdf.dll 2010-02-03 13:45 . 2010-02-03 16:57 422262 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aepack.dll 2010-02-03 13:45 . 2010-02-03 16:57 393587 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeemu.dll 2010-02-03 13:45 . 2010-02-03 16:57 369012 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aegen.dll 2010-02-03 13:45 . 2010-02-03 16:57 237942 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aehelp.dll 2010-02-03 13:45 . 2010-02-03 16:57 2326899 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeheur.dll 2010-02-03 13:45 . 2010-02-03 16:57 196987 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeoffice.dll 2010-02-03 13:45 . 2010-02-03 16:57 184694 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aecore.dll 2010-02-02 19:36 . 2009-09-03 15:26 -------- d-----w- c:\program files\Microsoft Games 2010-02-02 16:38 . 2009-08-08 18:09 -------- d-----w- c:\program files\Fichiers communs\Apple 2010-02-01 12:26 . 2007-05-05 11:14 -------- d-----w- c:\documents and settings\$Mon Nom$\Application Data\Skype 2010-01-31 23:48 . 2007-03-09 14:24 -------- d-----w- c:\program files\IVAO 2010-01-31 11:32 . 2006-12-26 15:34 27240 ----a-w- c:\documents and settings\$Mon Nom$\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-01-31 10:59 . 2007-08-31 11:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-01-31 10:52 . 2006-03-02 12:00 557032 ----a-w- c:\windows\system32\perfh00C.dat 2010-01-31 10:52 . 2006-03-02 12:00 102168 ----a-w- c:\windows\system32\perfc00C.dat 2010-01-31 10:34 . 2007-08-31 11:36 -------- d-----w- c:\program files\Microsoft SQL Server 2010-01-31 10:30 . 2007-08-31 11:33 -------- d-----w- c:\program files\Microsoft.NET 2010-01-31 10:10 . 2009-08-18 15:45 -------- d-----w- c:\program files\FSC 2010-01-31 10:10 . 2007-04-24 20:42 -------- d-----w- c:\documents and settings\$Mon Nom$\Application Data\DeepBurner 2010-01-30 21:14 . 2009-08-28 10:32 -------- d-----w- c:\program files\Microsoft Flight Simulator X 2010-01-30 18:34 . 2006-12-23 14:36 76507 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-01-21 20:08 . 2007-03-09 14:40 -------- d-----w- c:\documents and settings\$Mon Nom$\Application Data\teamspeak2 2010-01-17 19:17 . 2009-01-29 19:38 -------- d-----w- c:\documents and settings\$Mon Nom$\Application Data\gtk-2.0 2010-01-13 15:51 . 2010-01-13 15:51 -------- d-----w- c:\program files\ISO Image Burner 2010-01-10 13:55 . 2007-03-20 15:20 -------- d-----w- c:\documents and settings\$Mon Nom$\Application Data\Free Download Manager 2010-01-05 09:56 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll 2010-01-05 09:56 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-01-05 09:56 . 2006-03-02 12:00 17408 ------w- c:\windows\system32\corpol.dll 2010-01-04 08:05 . 2006-12-28 16:05 -------- d-----w- c:\program files\Fichiers communs\Adobe 2010-01-02 22:35 . 2009-08-19 16:01 -------- d-----w- c:\program files\rcv4 2010-01-02 22:21 . 2009-08-26 15:16 -------- d-----w- c:\program files\FS Reliability Factor 2009-12-24 22:33 . 2009-10-07 20:13 18960 ---ha-w- c:\windows\system32\mlfcache.dat 2009-12-24 14:32 . 2008-12-22 15:56 -------- d-----w- c:\program files\Civilization 4 2009-12-23 09:33 . 2009-12-23 09:14 -------- d-----w- c:\program files\Brother's Keeper 6 2009-12-21 19:46 . 2009-12-21 19:46 -------- d-----w- c:\documents and settings\$Mon Nom$\Application Data\OpenOffice.org 2009-12-21 19:37 . 2009-12-21 19:37 -------- d-----w- c:\program files\OpenOffice.org 3 2009-12-21 19:36 . 2006-12-28 16:09 -------- d-----w- c:\program files\OpenOffice.org 2.1 2009-12-21 19:34 . 2006-12-28 16:13 -------- d-----w- c:\documents and settings\$Mon Nom$\Application Data\OpenOffice.org2 2009-12-18 12:37 . 2007-01-07 09:51 -------- d-----w- c:\documents and settings\Laurence\Application Data\OpenOffice.org2 2009-12-04 07:53 . 2008-12-21 08:56 12401307 ----a-w- c:\windows\Internet Logs\tvDebug.zip 2009-11-23 18:47 . 2009-11-23 18:47 152576 ----a-w- c:\documents and settings\$Mon Nom$\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-11-23 18:47 . 2009-11-23 18:47 79488 ----a-w- c:\documents and settings\$Mon Nom$\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2009-11-21 15:58 . 2006-03-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll 1998-09-25 12:16 . 2010-01-03 11:31 270848 ----a-w- c:\program files\UNWISE.EXE 2009-08-29 07:21 . 2009-08-29 07:21 90 --sh--w- c:\windows\cnerolf.bin 2006-12-27 10:55 . 2006-12-27 10:55 90 --sh--w- c:\windows\cnerolf.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SW20"="c:\windows\system32\sw20.exe" [2006-05-18 208896] "SW24"="c:\windows\system32\sw24.exe" [2006-05-17 69632] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776] "Profiler"="c:\program files\Saitek\Software\ProfilerU.exe" [2005-10-18 163840] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-12 1657376] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2007-5-11 738968] Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2008-10-15 39792] [HKLM\~\startupfolder\C:^Documents and Settings^$Mon Nom$^Menu Démarrer^Programmes^Démarrage^ikowin32.exe] path=c:\documents and settings\$Mon Nom$\Menu Démarrer\Programmes\Démarrage\ikowin32.exe backup=c:\windows\pss\ikowin32.exeStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] 2009-03-02 11:08 209153 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-01-22 18:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2007-03-30 11:34 25263144 ----a-w- c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Flight Simulator 9\\fs9.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\Program Files\\IVAO\\IvAp\\ivapnetint.exe"= "c:\\Program Files\\Teamspeak2_RC2\\TeamSpeak.exe"= "c:\\Program Files\\IVAO\\IvAe\\IvAe.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Civilization 4\\Civilization4.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [31/01/2010 10:35 360584] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [1/02/2010 12:58 108289] R3 rxpvbus;Reality XP Avionics Bus Driver;c:\windows\system32\drivers\rxpvbus.sys [4/11/2005 8:35 44032] S2 avg9wd;AVG Free WatchDog;"c:\program files\AVG\AVG9\avgwdsvc.exe" --> c:\program files\AVG\AVG9\avgwdsvc.exe [?] S3 Asushwio;Asushwio;c:\windows\system32\drivers\ASUSHWIO.SYS [23/12/2006 15:47 5824] S3 chdrvr01;CH Control Manager Driver 1;c:\windows\system32\DRIVERS\chdrvr01.sys --> c:\windows\system32\DRIVERS\chdrvr01.sys [?] S3 chdrvr02;CH Control Manager Driver 2;c:\windows\system32\DRIVERS\chdrvr02.sys --> c:\windows\system32\DRIVERS\chdrvr02.sys [?] S3 chdrvr03;CH Control Manager Driver 3;c:\windows\system32\DRIVERS\chdrvr03.sys --> c:\windows\system32\DRIVERS\chdrvr03.sys [?] S3 SaiH075C;SaiH075C;c:\windows\system32\drivers\SaiH075C.sys [13/03/2007 13:58 176640] S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?] S3 UXDCMN;UXDCMN;\??\c:\documents and settings\$Mon Nom$\Bureau\Ultra-X Winstress\UXDCMN.SYS --> c:\documents and settings\$Mon Nom$\Bureau\Ultra-X Winstress\UXDCMN.SYS [?] . Contenu du dossier 'Tâches planifiées' 2010-02-08 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html FF - ProfilePath - c:\documents and settings\$Mon Nom$\Application Data\Mozilla\Firefox\Profiles\0b4rrv2y.default\ FF - prefs.js: browser.startup.homepage - about:blank FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . - - - - ORPHELINS SUPPRIMES - - - - Notify-avgrsstarter - avgrsstx.dll MSConfigStartUp-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe AddRemove-Belg7000 V2.3 (Belgium 2004) - c:\program files\Flight Simulator\Addon Scenery\Belg7000V2.3\Uninstal.exe AddRemove-Belg7000 V2.3_ Exclude - c:\program files\Flight Simulator\Addon Scenery\Belg7000V2.3_ Exclude\Uninstal.exe AddRemove-CYWG (Winnipeg Int Airport) V1.01 for FS2004 - c:\program files\Flight Simulator 9\Addon Scenery\CYWG\Uninstal.exe AddRemove-Djerba 2005 - c:\program files\Flight Simulator 9\Uninstal.exe AddRemove-Flight Simulator 9.0 - c:\program files\Flight Simulator 9\UNINSTAL.EXE AddRemove-HijackThis - c:\downloads\HijackThis.exe AddRemove-Juanda Scenery - c:\program files\Flight Simulator 9\Addon Scenery\Juanda\Uninstal Juanda.exe AddRemove-Mordor 2: Darkness Awakening - c:\program files\Mordor II\DeIsL1.isu AddRemove-Q-TEC WEBCAM 100 USB - c:\windows\CleanDev.exe AddRemove-Real Airports - c:\progra~1\FLIGHT~1\Setup.exe AddRemove-Suisse2004 Base - c:\program files\Flight Simulator 9\Uninstal.exe AddRemove-Suisse2004 Nord-Est - c:\program files\Flight Simulator 9\Uninstal.exe AddRemove-Suisse2004 Sud-Ouest - c:\program files\Flight Simulator 9\Uninstal.exe AddRemove-Flight1 Downloader - c:\documents and settings\$Mon Nom$\Mes documents\B727\Uninstall.exe AddRemove-uTorrent - f:\dwd\Pgm\uTorrent.exe ************************************************************************** Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: ************************************************************************** . Heure de fin: 2010-02-16 12:14:31 ComboFix-quarantined-files.txt 2010-02-16 11:14 Avant-CF: 44 750 327 808 octets libres Après-CF: 44 762 865 664 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect [spybotsd] timeout.old=30 Current=2 Default=2 Failed=1 LastKnownGood=3 Sets=1,2,3,4 - - End Of File - - ABBE2E4E087E8BBB5444796DD9438731

Existe-t-il un autre moyen de scanner ce répertoire ? De surcroît, à chaque démarrage, le "Guard" Antivir détecte TR/Spy.Gen2 dans le répertoire C:\Documents and Settings\$Mon Nom$\Local Settings\Temp\ilb.old Je le mets en quarantaine en cochant la case "toujours répéter cette opération" (sinon, il revient tout le temps), ce qui me permet au moins de lancer mes applications...

Bonjour, J'ai désactivé la restauration système et fait tourné le scan toute une nuit : il reste bloqué sur le fichier C:\System Volume Information\tracking.log. 8 heures de scan sur un fichier, cela me paraît beaucoup ...

Bonjour, Partie 1 : rapport Antivir : Note : le scan bloquait sur C:\System Volume Information\ et F:\System Volume Information et je les ai donc exclus des répertoires à examiner. MAIS le "Guard" détecte dans ce répertoire : Dernier fichier infecté: C:\System Volume Information\_restore{D5889A44-CDAF-4A5B-824B-8E0F4F528AB6}\RP236\A0058477.exe Dernier logiciel malveillant trouvé : TR/Agent.577601.A Avira AntiVir Personal Date de création du fichier de rapport : vendredi 5 février 2010 00:32 La recherche porte sur 1723870 souches de virus. Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus Numéro de série : 0000149996-ADJIE-0000001 Plateforme : Windows XP Version de Windows : (Service Pack 3) [5.1.2600] Mode Boot : Démarré normalement Identifiant : SYSTEM Nom de l'ordinateur : PAPOU Informations de version : BUILD.DAT : 9.0.0.74 21698 Bytes 04/12/2009 13:56:00 AVSCAN.EXE : 9.0.3.10 466689 Bytes 13/10/2009 10:25:46 AVSCAN.DLL : 9.0.3.0 49409 Bytes 03/03/2009 09:21:02 LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:11 LUKERES.DLL : 9.0.2.0 13569 Bytes 03/03/2009 09:21:31 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 13:45:14 VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 13:45:14 VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 13:45:14 VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 13:45:14 VBASE004.VDF : 7.10.3.76 2048 Bytes 26/01/2010 13:45:14 VBASE005.VDF : 7.10.3.77 2048 Bytes 26/01/2010 13:45:14 VBASE006.VDF : 7.10.3.78 2048 Bytes 26/01/2010 13:45:14 VBASE007.VDF : 7.10.3.79 2048 Bytes 26/01/2010 13:45:14 VBASE008.VDF : 7.10.3.80 2048 Bytes 26/01/2010 13:45:14 VBASE009.VDF : 7.10.3.81 2048 Bytes 26/01/2010 13:45:14 VBASE010.VDF : 7.10.3.82 2048 Bytes 26/01/2010 13:45:14 VBASE011.VDF : 7.10.3.83 2048 Bytes 26/01/2010 13:45:14 VBASE012.VDF : 7.10.3.84 2048 Bytes 26/01/2010 13:45:14 VBASE013.VDF : 7.10.3.85 2048 Bytes 26/01/2010 13:45:14 VBASE014.VDF : 7.10.3.122 172544 Bytes 29/01/2010 13:45:14 VBASE015.VDF : 7.10.3.149 79872 Bytes 01/02/2010 13:45:14 VBASE016.VDF : 7.10.3.174 68608 Bytes 03/02/2010 13:45:14 VBASE017.VDF : 7.10.3.175 2048 Bytes 03/02/2010 13:45:14 VBASE018.VDF : 7.10.3.176 2048 Bytes 03/02/2010 13:45:14 VBASE019.VDF : 7.10.3.177 2048 Bytes 03/02/2010 13:45:14 VBASE020.VDF : 7.10.3.178 2048 Bytes 03/02/2010 13:45:14 VBASE021.VDF : 7.10.3.179 2048 Bytes 03/02/2010 13:45:14 VBASE022.VDF : 7.10.3.180 2048 Bytes 03/02/2010 13:45:14 VBASE023.VDF : 7.10.3.181 2048 Bytes 03/02/2010 13:45:14 VBASE024.VDF : 7.10.3.182 2048 Bytes 03/02/2010 13:45:14 VBASE025.VDF : 7.10.3.183 2048 Bytes 03/02/2010 13:45:14 VBASE026.VDF : 7.10.3.184 2048 Bytes 03/02/2010 13:45:14 VBASE027.VDF : 7.10.3.185 2048 Bytes 03/02/2010 13:45:14 VBASE028.VDF : 7.10.3.186 2048 Bytes 03/02/2010 13:45:14 VBASE029.VDF : 7.10.3.187 2048 Bytes 03/02/2010 13:45:14 VBASE030.VDF : 7.10.3.188 2048 Bytes 03/02/2010 13:45:14 VBASE031.VDF : 7.10.3.190 32768 Bytes 03/02/2010 13:45:14 Version du moteur : 8.2.1.158 AEVDF.DLL : 8.1.1.3 106868 Bytes 03/02/2010 13:45:14 AESCRIPT.DLL : 8.1.3.13 823674 Bytes 03/02/2010 13:45:14 AESCN.DLL : 8.1.4.0 127348 Bytes 03/02/2010 13:45:14 AESBX.DLL : 8.1.1.1 246132 Bytes 03/02/2010 13:45:14 AERDL.DLL : 8.1.3.4 479605 Bytes 03/02/2010 13:45:14 AEPACK.DLL : 8.2.0.5 422262 Bytes 03/02/2010 13:45:14 AEOFFICE.DLL : 8.1.0.38 196987 Bytes 03/02/2010 13:45:14 AEHEUR.DLL : 8.1.1.4 2326899 Bytes 03/02/2010 13:45:14 AEHELP.DLL : 8.1.10.0 237942 Bytes 03/02/2010 13:45:14 AEGEN.DLL : 8.1.1.86 369012 Bytes 03/02/2010 13:45:14 AEEMU.DLL : 8.1.1.0 393587 Bytes 03/02/2010 13:45:14 AECORE.DLL : 8.1.11.1 184694 Bytes 03/02/2010 13:45:14 AEBB.DLL : 8.1.0.3 53618 Bytes 03/02/2010 13:45:12 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:30 AVPREF.DLL : 9.0.3.0 44289 Bytes 26/08/2009 14:13:31 AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28 AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 14:24:42 AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:22 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:36:37 SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:20:57 NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 14:40:59 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 17/06/2009 12:44:26 RCTEXT.DLL : 9.0.73.0 88321 Bytes 02/11/2009 15:58:32 Configuration pour la recherche actuelle : Nom de la tâche...............................: Contrôle intégral du système Fichier de configuration......................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp Documentation.................................: bas Action principale.............................: interactif Action secondaire.............................: ignorer Recherche sur les secteurs d'amorçage maître..: marche Recherche sur les secteurs d'amorçage.........: marche Secteurs d'amorçage...........................: C:, F:, Recherche dans les programmes actifs..........: marche Recherche en cours sur l'enregistrement.......: marche Recherche de Rootkits.........................: marche Contrôle d'intégrité de fichiers système......: arrêt Fichier mode de recherche.....................: Tous les fichiers Recherche sur les archives....................: marche Limiter la profondeur de récursivité..........: 20 Archive Smart Extensions......................: marche Heuristique de macrovirus.....................: marche Heuristique fichier...........................: moyen Fichiers à exclure............................: C:\System Volume Information, F:\System Volume Information, Catégories de dangers divergentes.............: +JOKE,+PCK,+PFS, Début de la recherche : vendredi 5 février 2010 00:32 La recherche d'objets cachés commence. '57032' objets ont été contrôlés, '0' objets cachés ont été trouvés. La recherche sur les processus démarrés commence : Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés Processus de recherche 'msmsgs.exe' - '1' module(s) sont contrôlés Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés Processus de recherche 'rundll32.exe' - '1' module(s) sont contrôlés Processus de recherche 'zlclient.exe' - '0' module(s) sont contrôlés Processus de recherche 'ProfilerU.exe' - '1' module(s) sont contrôlés Processus de recherche 'SMax4.exe' - '1' module(s) sont contrôlés Processus de recherche 'smax4pnp.exe' - '1' module(s) sont contrôlés Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés Processus de recherche 'wscntfy.exe' - '1' module(s) sont contrôlés Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés Processus de recherche 'wdfmgr.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'sqlwriter.exe' - '1' module(s) sont contrôlés Processus de recherche 'sqlservr.exe' - '1' module(s) sont contrôlés Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés Processus de recherche 'mDNSResponder.exe' - '1' module(s) sont contrôlés Processus de recherche 'AppleMobileDeviceService.exe' - '1' module(s) sont contrôlés Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés Processus de recherche 'vsmon.exe' - '0' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'nvsvc32.exe' - '1' module(s) sont contrôlés Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés Processus de recherche 'services.exe' - '1' module(s) sont contrôlés Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés '34' processus ont été contrôlés avec '34' modules La recherche sur les secteurs d'amorçage maître commence : Secteur d'amorçage maître HD0 [iNFO] Aucun virus trouvé ! Secteur d'amorçage maître HD1 [iNFO] Aucun virus trouvé ! Secteur d'amorçage maître HD2 [iNFO] Aucun virus trouvé ! Secteur d'amorçage maître HD3 [iNFO] Aucun virus trouvé ! La recherche sur les secteurs d'amorçage commence : Secteur d'amorçage 'C:\' [iNFO] Aucun virus trouvé ! Secteur d'amorçage 'F:\' [iNFO] Aucun virus trouvé ! La recherche sur les renvois aux fichiers exécutables (registre) commence : Le registre a été contrôlé ( '57' fichiers). La recherche sur les fichiers sélectionnés commence : Recherche débutant dans 'C:\' C:\pagefile.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! [REMARQUE] Ce fichier est un fichier système Windows. [REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche. C:\Documents and Settings\$Mon Nom$\Local Settings\Temp\ilb.old [RESULTAT] Contient le cheval de Troie TR/Spy.Gen2 C:\SDFix\backups\backups.zip [0] Type d'archive: ZIP --> backups/braviax.exe [RESULTAT] Contient le cheval de Troie TR/Fake.ids.11264 --> backups/figaro.sys [RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen C:\SDFix\backups\catchme.zip [0] Type d'archive: ZIP --> braviax.exe [RESULTAT] Contient le cheval de Troie TR/Fake.ids.11264 Le répertoire 'C:\System Volume Information\' a été exclu par la recherche ! Recherche débutant dans 'F:\' <Philips External Hard Disk> Le répertoire 'F:\System Volume Information\' a été exclu par la recherche ! Début de la désinfection : C:\Documents and Settings\$Mon Nom$\Local Settings\Temp\ilb.old [RESULTAT] Contient le cheval de Troie TR/Spy.Gen2 [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4bcdc5e6.qua' ! C:\SDFix\backups\backups.zip [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4bcec5db.qua' ! C:\SDFix\backups\catchme.zip [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4bdfc5db.qua' ! Fin de la recherche : vendredi 5 février 2010 08:15 Temps nécessaire: 2:44:00 Heure(s) La recherche a été effectuée intégralement 24847 Les répertoires ont été contrôlés 624472 Des fichiers ont été contrôlés 4 Des virus ou programmes indésirables ont été trouvés 0 Des fichiers ont été classés comme suspects 0 Des fichiers ont été supprimés 0 Des virus ou programmes indésirables ont été réparés 3 Les fichiers ont été déplacés dans la quarantaine 0 Les fichiers ont été renommés 1 Impossible de contrôler des fichiers 624467 Fichiers non infectés 3694 Les archives ont été contrôlées 1 Avertissements 4 Consignes 57032 Des objets ont été contrôlés lors du Rootkitscan 0 Des objets cachés ont été trouvés Partie 2 : scan par MBAM : (il ne trouve rien) Note : l'icône de Antivir n'apparaît pas comme indiqué dans les notes pour désactiver l'antivirus. J'ai donc désactivé le "Guard" via le centre de contrôle.. Malwarebytes' Anti-Malware 1.44 Version de la base de données: 3691 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 5/02/2010 9:05:01 mbam-log-2010-02-05 (09-05-00).txt Type de recherche: Examen rapide Eléments examinés: 129346 Temps écoulé: 5 minute(s), 40 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)

J'ai effectué le test GMER, mais rien ne s'affiche en rouge : GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-02-03 21:36:43 Windows 5.1.2600 Service Pack 3 Running: gmer.exe; Driver: C:\DOCUME~1\$ Mon Nom $F~1\LOCALS~1\Temp\pxtdapog.sys ---- Modules - GMER 1.0.15 ---- Module sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) B8338000-B833E000 (24576 bytes) Module nvata.sys (NVIDIA® nForce IDE Performance Driver/NVIDIA Corporation) B7F17000-B7F30000 (102400 bytes) Module PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) B80F8000-B8102000 (40960 bytes) Module srescan.sys B7E00000-B7E14000 (81920 bytes) Module sfhlp02.sys (StarForce Protection Helper Driver/Protection Technology) B8340000-B8348000 (32768 bytes) Module sfdrv01.sys (StarForce Protection Environment Driver/Protection Technology) B7DEF000-B7E00000 (69632 bytes) Module \SystemRoot\System32\Drivers\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) B8408000-B840E000 (24576 bytes) Module \SystemRoot\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows ® Server 2003 DDK provider) B6BC2000-B6BEA000 (163840 bytes) Module \SystemRoot\system32\DRIVERS\nvnetbus.sys (NVIDIA Networking Bus Driver./NVIDIA Corporation) B772C000-B7735000 (36864 bytes) Module \SystemRoot\system32\DRIVERS\NVNRM.SYS (NVIDIA Network Resource Manager./NVIDIA Corporation) B6ABD000-B6BC2000 (1069056 bytes) Module \SystemRoot\system32\DRIVERS\NVSNPU.SYS (NVIDIA Networking Soft-NPU Driver./NVIDIA Corporation) B6A6A000-B6ABD000 (339968 bytes) Module \SystemRoot\system32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 190.62 /NVIDIA Corporation) B630A000-B6A6A000 (7733248 bytes) Module \SystemRoot\system32\DRIVERS\ASACPI.sys B85C8000-B85CA000 (8192 bytes) Module \SystemRoot\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) B8418000-B841D000 (20480 bytes) Module \SystemRoot\system32\drivers\SaiBus.sys (Saitek Magic Bus/Saitek) B8278000-B8281000 (36864 bytes) Module \SystemRoot\system32\DRIVERS\rxpvbus.sys (Avionics Bus Driver/Reality XP) B8288000-B8293000 (45056 bytes) Module \SystemRoot\system32\DRIVERS\SaiMini.sys (Saitek Magic Mini Driver/Saitek) B855C000-B8560000 (16384 bytes) Module \SystemRoot\system32\drivers\ADIHdAud.sys (High Definition Audio Function Driver/Analog Devices, Inc.) B620E000-B624B000 (249856 bytes) Module \SystemRoot\system32\drivers\AEAudio.sys (Audio Noise Filtering Driver (32-bit)/Andrea Electronics Corporation) B61D3000-B61EA000 (94208 bytes) Module \SystemRoot\system32\drivers\Senfilt.sys (Sensaura WDM 3D Audio Driver/Sensaura) B6173000-B61D3000 (393216 bytes) Module \SystemRoot\system32\DRIVERS\NVENETFD.sys (NVIDIA Networking Function Driver./NVIDIA Corporation) B81E8000-B81F5000 (53248 bytes) Module \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter/Kaspersky Lab) AFA96000-AFAB9000 (143360 bytes) Module \SystemRoot\System32\Drivers\avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AF965000-AF9BC000 (356352 bytes) Module \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) AF905000-AF965000 (393216 bytes) Module \SystemRoot\system32\DRIVERS\ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) B83F0000-B83F6000 (24576 bytes) Module \SystemRoot\system32\DRIVERS\avipbb.sys (Avira Driver for RootKit Detection/Avira GmbH) AF82C000-AF848000 (114688 bytes) Module \??\C:\Program_Files\Avira\AntiVir_Desktop\avgio.sys (Avira AntiVir Support for Minifilter/Avira GmbH) B8662000-B8664000 (8192 bytes) Module \SystemRoot\System32\nv4_disp.dll (NVIDIA Compatible Windows 2000 Display driver, Version 190.62 /NVIDIA Corporation) BD012000-BD5A6000 (5849088 bytes) Module \SystemRoot\system32\DRIVERS\avgntflt.sys (Avira Minifilter Driver/Avira GmbH) AF06B000-AF07F000 (81920 bytes) Module \SystemRoot\System32\ATMFD.DLL (Windows NT OpenType/Type 1 Font Driver/Adobe Systems Incorporated) BFFA0000-BFFE6000 (286720 bytes) Module \SystemRoot\system32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) AED6F000-AED79000 (40960 bytes) Module \??\C:\DOCUME~1\$ Mon Nom $F~1\LOCALS~1\Temp\pxtdapog.sys (GMER) AC72F000-AC746000 (94208 bytes) ---- Processes - GMER 1.0.15 ---- Process C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 190.62/NVIDIA Corporation) 920 Library C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 190.62/NVIDIA Corporation) 0x00400000 Library C:\WINDOWS\system32\nvapi.dll (NVIDIA NVAPI Library, Version 190.62 /NVIDIA Corporation) 0x00960000 Process C:\Program Files\iPod\bin\iPodService.exe (iPodService Module (32-bit)/Apple Inc.) 1052 Library C:\Program Files\iPod\bin\iPodService.exe (iPodService Module (32-bit)/Apple Inc.) 0x00400000 Library C:\Program Files\iPod\bin\iPodService.Resources\fr.lproj\iPodServiceLocalized.DLL (Bibliothèque de ressources iPodService (32 bits)/Apple Inc.) 0x10000000 Library C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL (iPodService Resource Library (32-bit)/Apple Inc.) 0x00920000 Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1068 Library C:\Program Files\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x16080000 Process C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1164 Library C:\Program Files\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x16080000 Process C:\WINDOWS\system32\ZoneLabs\vsmon.exe (TrueVector Service/Zone Labs, LLC) 1412 Library C:\WINDOWS\system32\ZoneLabs\vsmon.exe (TrueVector Service/Zone Labs, LLC) 0x00400000 Library C:\WINDOWS\system32\VSUTIL.dll (TrueVector Service/Zone Labs, LLC) 0x10000000 Library C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC) 0x00330000 Library C:\WINDOWS\system32\zpeng24.dll (Python Core/Python Software Foundation) 0x1E000000 Library C:\WINDOWS\system32\VSUTIL_Loc040c.dll (TrueVector Service/Zone Labs Inc.) 0x010E0000 Library C:\WINDOWS\system32\zonelabs\lib\pyd\signedDll.pyd 0x01400000 Library C:\WINDOWS\system32\zonelabs\lib\pyd\pyvsinit.pyd 0x01410000 Library C:\WINDOWS\system32\zonelabs\lib\pyd\pyexpat.pyd 0x1D100000 Library C:\WINDOWS\system32\zonelabs\lib\pyd\_socket.pyd 0x1E1D0000 Library C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll (vsmon plug-in/Zone Labs, LLC) 0x01420000 Library C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll (RPC Server plug-in/Zone Labs, LLC) 0x01430000 Library C:\WINDOWS\system32\ZoneLabs\vsmondll.dll (TrueVector Service/Zone Labs, LLC) 0x01640000 Library C:\WINDOWS\system32\VSDATA.dll (TrueVector Service DLL/Zone Labs, LLC) 0x01850000 Library C:\WINDOWS\system32\ZoneLabs\ssleay32.dll (TrueVector Service/Zone Labs, LLC) 0x01870000 Library C:\WINDOWS\system32\vsxml.dll (TrueVector Service/Zone Labs, LLC) 0x01A60000 Library C:\WINDOWS\system32\ZoneLabs\fbl.dll (Feature based licensing library/Zone Labs, LLC) 0x01BA0000 Library C:\WINDOWS\system32\zlcomm.dll (ZLComm/Zone Labs, LLC) 0x01BC0000 Library C:\WINDOWS\system32\ZLCommDB.dll (ZLCommDB/Zone Labs, LLC) 0x01BE0000 Library C:\WINDOWS\system32\ZoneLabs\vsdb.dll (TrueVector Service/Zone Labs, LLC) 0x01C00000 Library C:\WINDOWS\system32\ZoneLabs\VSRULEDB.DLL (TrueVector Service/Zone Labs, LLC) 0x01E20000 Library C:\WINDOWS\system32\ZoneLabs\VSRULEDB_Loc040c.dll (TrueVector Service/Zone Labs Inc.) 0x01F70000 Library C:\WINDOWS\system32\ZoneLabs\vsvault.dll (TrueVector Service/Zone Labs, LLC) 0x025A0000 Library C:\WINDOWS\system32\vswmi.dll (vsmon component/Zone Labs, LLC) 0x027F0000 Library C:\WINDOWS\system32\ZoneLabs\av.dll (av feature plug-in/Zone Labs, LLC) 0x03720000 Library C:\WINDOWS\system32\ZoneLabs\av_Loc040c.dll (av feature plug-in/Zone Labs Inc.) 0x03780000 Library C:\WINDOWS\system32\ZoneLabs\imsecure.dll (TrueVector Service/Zone Labs, LLC) 0x03BC0000 Library C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll (zlquarantine/Zone Labs, LLC) 0x037A0000 Library C:\WINDOWS\system32\ZoneLabs\zlquarantine_Loc040c.dll (zlquarantine/Zone Labs Inc.) 0x03C10000 Library C:\WINDOWS\system32\ZoneLabs\qrbase.dll (qrbase/Zone Labs, LLC) 0x03C20000 Library C:\WINDOWS\system32\ZoneLabs\scheduler.dll (scheduler feature plug-in/Zone Labs, LLC) 0x03CD0000 Library C:\WINDOWS\system32\ZoneLabs\zlsre.dll (zlsre/Zone Labs, LLC) 0x03D00000 Library C:\WINDOWS\system32\ZoneLabs\zlsre_Loc040c.dll (zlsre/Zone Labs Inc.) 0x03D60000 Library C:\WINDOWS\system32\ZoneLabs\srescan.dll (srescan/Zone Labs, LLC) 0x03D70000 Library C:\WINDOWS\system32\ZoneLabs\zlupdate.dll (ZLUpdate feature plug-in/Zone Labs, LLC) 0x03FE0000 Library C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll (HttpBlocker plug-in/Zone Labs, LLC) 0x04000000 Library C:\WINDOWS\system32\LIBEAY32_0.9.6l.dll 0x04040000 Library C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp.dll (ZoneAlarm IMsecure components for securing MSN/AIM-OSCAR/YIM protocols/Zone Labs, LLC) 0x04110000 Library C:\WINDOWS\system32\ZoneLabs\camupd.dll (camupd feature plug-in/Zone Labs, LLC) 0x04550000 Library C:\Program Files\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x16080000 Process C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH) 1452 Library C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH) 0x00400000 Library C:\Program Files\Avira\AntiVir Desktop\AVEvtLog.dll (Event Logger/Avira GmbH) 0x10000000 Library C:\Program Files\Avira\AntiVir Desktop\guardmsg.dll (AVGuard Messages (Deutsch)/Avira GmbH) 0x00980000 Library C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll 0x00990000 Library C:\Program Files\Avira\AntiVir Desktop\AVPREF.DLL (Prefix DLL/Avira GmbH) 0x00E10000 Library C:\Program Files\Avira\AntiVir Desktop\SMTPLIB.DLL (SMTPLIB/Avira GmbH) 0x00E30000 Library C:\Program Files\Avira\AntiVir Desktop\AVGIO.DLL (On-access scan support/Avira GmbH) 0x01090000 Library C:\Program Files\Avira\AntiVir Desktop\aecore.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x010C0000 Library C:\Program Files\Avira\AntiVir Desktop\aevdf.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01100000 Library C:\Program Files\Avira\AntiVir Desktop\aescript.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01460000 Library C:\Program Files\Avira\AntiVir Desktop\aescn.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01530000 Library C:\Program Files\Avira\AntiVir Desktop\aesbx.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01550000 Library C:\Program Files\Avira\AntiVir Desktop\aerdl.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x015A0000 Library C:\Program Files\Avira\AntiVir Desktop\aepack.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01630000 Library C:\Program Files\Avira\AntiVir Desktop\unacev2.dll (UNACE Dynamic Link Library/ACE Compression Software) 0x016B0000 Library C:\Program Files\Avira\AntiVir Desktop\aeoffice.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01710000 Library C:\Program Files\Avira\AntiVir Desktop\aeheur.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01760000 Library C:\Program Files\Avira\AntiVir Desktop\aehelp.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x019B0000 Library C:\Program Files\Avira\AntiVir Desktop\aegen.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01A00000 Library C:\Program Files\Avira\AntiVir Desktop\aeemu.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01A70000 Library C:\Program Files\Avira\AntiVir Desktop\aebb.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01AF0000 Library C:\Program Files\Avira\AntiVir Desktop\avipc.dll (AVIRA IPC Library/Avira GmbH) 0x01B10000 Process C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device Service/Apple Inc.) 1464 Library C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device Service/Apple Inc.) 0x00400000 Process C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) 1492 Library C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) 0x00400000 Process C:\Program Files\Avira\AntiVir Desktop\avcenter.exe (Antivirus Control Center/Avira GmbH) 1640 Library C:\Program Files\Avira\AntiVir Desktop\avcenter.exe (Antivirus Control Center/Avira GmbH) 0x00400000 Library C:\Program Files\Avira\AntiVir Desktop\cclib.dll (Antivirus Control Center Common Library/Avira GmbH) 0x10000000 Library C:\Program Files\Avira\AntiVir Desktop\cctpc.dll (Control Center TaskPanelCtrl/Avira GmbH) 0x00350000 Library c:\program files\avira\antivir desktop\ccmainrc.dll (Control Center Resources/Avira GmbH) 0x00B40000 Library c:\program files\avira\antivir desktop\ccgen.dll (Control Center General Plugin/Avira GmbH) 0x00C30000 Library c:\program files\avira\antivir desktop\ccgenrc.dll (Control Center General Plugin Resources/Avira GmbH) 0x00CB0000 Library c:\program files\avira\antivir desktop\ccprofil.dll (Control Center Scanner Plugin/Avira GmbH) 0x00CC0000 Library c:\program files\avira\antivir desktop\ccscanrc.dll (Control Center Scanner Plugin Resources/Avira GmbH) 0x00D50000 Library c:\program files\avira\antivir desktop\ccguard.dll (Control Center Guard Plugin/Avira GmbH) 0x00D60000 Library c:\program files\avira\antivir desktop\ccgrdrc.dll (Control Center Guard Plugin Resources/Avira GmbH) 0x00DC0000 Library c:\program files\avira\antivir desktop\avipc.dll (AVIRA IPC Library/Avira GmbH) 0x00DD0000 Library c:\program files\avira\antivir desktop\ccquamgr.dll (Control Center Quarantine Manager Plugin/Avira GmbH) 0x00E00000 Library c:\program files\avira\antivir desktop\ccquarc.dll (Control Center Quarantine Manager Plugin Resources/Avira GmbH) 0x010C0000 Library c:\program files\avira\antivir desktop\ccsched.dll (Control Center Scheduler Plugin/Avira GmbH) 0x010D0000 Library c:\program files\avira\antivir desktop\ccscherc.dll (Control Center Scheduler Plugin Resources/Avira GmbH) 0x01140000 Library c:\program files\avira\antivir desktop\ccreport.dll (Control Center Report Plugin/Avira GmbH) 0x01150000 Library c:\program files\avira\antivir desktop\ccreporc.dll (Control Center Report Plugin Resources/Avira GmbH) 0x011C0000 Library c:\program files\avira\antivir desktop\ccev.dll (Control Center Event Plugin/Avira GmbH) 0x011D0000 Library c:\program files\avira\antivir desktop\ccevrc.dll (Control Center Event Plugin Resources/Avira GmbH) 0x01250000 Library c:\program files\avira\antivir desktop\ccupdate.dll (Control Center Updater Plugin/Avira GmbH) 0x012E0000 Library c:\program files\avira\antivir desktop\ccupdrc.dll (Control Center Updater Plugin Resources/Avira GmbH) 0x012B0000 Library c:\program files\avira\antivir desktop\cclic.dll (Control Center License Plugin/Avira GmbH) 0x01310000 Library c:\program files\avira\antivir desktop\cclicrc.dll (Control Center License Plugin Resources/Avira GmbH) 0x01350000 Library c:\program files\avira\antivir desktop\avevtlog.dll (Event Logger/Avira GmbH) 0x01B40000 Library c:\program files\avira\antivir desktop\sqlite3.dll 0x01C80000 Library c:\program files\avira\antivir desktop\updaterc.dll (product updater resource library/Avira GmbH) 0x01CF0000 Library c:\program files\avira\antivir desktop\guardmsg.dll (AVGuard Messages (Deutsch)/Avira GmbH) 0x01D10000 Library c:\program files\avira\antivir desktop\schedr.dll (avschdr Dynamic Link Library/Avira GmbH) 0x01D20000 Library c:\program files\avira\antivir desktop\avscan.dll (Workstation On-Demand Scanner/Avira GmbH) 0x01D30000 Process C:\WINDOWS\Explorer.EXE (Explorateur Windows/Microsoft Corporation) 1648 Library C:\PROGRA~1\WINDOW~2\wmpband.dll (Windows Media Player/Microsoft Corporation) 0x4C5A0000 Library C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (Sun Microsystems, Inc.) 0x5EE60000 Library C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\stlport_vc7145.dll (STLport/STLport Consulting, Inc.) 0x5E470000 Library C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll (PDF Shell Extension/Adobe Systems, Inc.) 0x01A30000 Library C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA (PDF Shell Extension/Adobe Systems, Inc.) 0x02170000 Library C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe PDF Helper for Internet Explorer/Adobe Systems Incorporated) 0x018F0000 Process C:\Program Files\Java\jre6\bin\jqs.exe (Java Quick Starter Service/Sun Microsystems, Inc.) 1820 Library C:\Program Files\Java\jre6\bin\jqs.exe (Java Quick Starter Service/Sun Microsystems, Inc.) 0x00400000 Process C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) 1916 Library C:\WINDOWS\system32\CNMLM78.DLL (IJ Language Monitor/CANON INC.) 0x66F40000 Library C:\WINDOWS\system32\CNMLM64.DLL (BJ Language Monitor/CANON INC.) 0x00BE0000 Library C:\WINDOWS\system32\pdfcmnnt.dll 0x00DE0000 Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD78.DLL (IJ Print Processor Dispatcher/CANON INC.) 0x00C10000 Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD64.DLL (Canon BJ Print Processor Dispatcher/CANON INC.) 0x00E50000 Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll (Print Filter Pipeline Proxy/Microsoft Corporation) 0x3F420000 Library C:\Program Files\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x16080000 Process C:\Program Files\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH) 1976 Library C:\Program Files\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH) 0x00400000 Library C:\Program Files\Avira\AntiVir Desktop\schedr.dll (avschdr Dynamic Link Library/Avira GmbH) 0x00CD0000 Library C:\Program Files\Avira\AntiVir Desktop\avevtlog.dll (Event Logger/Avira GmbH) 0x00CE0000 Library C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll 0x01080000 Process C:\Gmer\gmer.exe 2760 Library C:\Gmer\gmer.exe 0x00400000 Process C:\Program Files\Analog Devices\Core\smax4pnp.exe (SMax4PNP/Analog Devices, Inc.) 3164 Library C:\Program Files\Analog Devices\Core\smax4pnp.exe (SMax4PNP/Analog Devices, Inc.) 0x00400000 Library C:\Program Files\Analog Devices\Core\SMWDMIF.dll (SMWDM Interface DLL/Analog Devices, Inc.) 0x10000000 Process C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Audio Control Panel/Analog Devices, Inc.) 3172 Library C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Audio Control Panel/Analog Devices, Inc.) 0x00400000 Process C:\Program Files\Saitek\Software\ProfilerU.exe (Manual Configuration/Saitek) 3184 Library C:\Program Files\Saitek\Software\ProfilerU.exe (Manual Configuration/Saitek) 0x00400000 Library C:\Program Files\Saitek\Software\SAIVSR.dll (Saitek Special Sauce Component/Saitek) 0x10000000 Library C:\Program Files\Saitek\Software\SAICFG.dll 0x00990000 Process C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (ZoneAlarm Client/Zone Labs, LLC) 3216 Library C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (ZoneAlarm Client/Zone Labs, LLC) 0x00400000 Library C:\WINDOWS\system32\VSUTIL.dll (TrueVector Service/Zone Labs, LLC) 0x10000000 Library C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC) 0x00340000 Library C:\WINDOWS\system32\VSPUBAPI.dll (TrueVector Service/Zone Labs, LLC) 0x00370000 Library C:\Program Files\Zone Labs\ZoneAlarm\framewrk.dll (ZoneAlarm Framework Module/Zone Labs, LLC) 0x004E0000 Library C:\WINDOWS\system32\zpeng24.dll (Python Core/Python Software Foundation) 0x1E000000 Library C:\WINDOWS\system32\VSUTIL_Loc040c.dll (TrueVector Service/Zone Labs Inc.) 0x00FD0000 Library C:\Program Files\Zone Labs\ZoneAlarm\framewrk_Loc040c.dll (ZoneAlarm Framework Module/Zone Labs Inc.) 0x00FF0000 Library C:\WINDOWS\system32\ZoneLabs\fbl.dll (Feature based licensing library/Zone Labs, LLC) 0x01170000 Library C:\WINDOWS\system32\vsdata.dll (TrueVector Service DLL/Zone Labs, LLC) 0x01190000 Library C:\WINDOWS\system32\vsxml.dll (TrueVector Service/Zone Labs, LLC) 0x011C0000 Library C:\WINDOWS\system32\ZoneLabs\lib\pyd\zpui.pyd 0x014E0000 Library C:\WINDOWS\system32\ZoneLabs\lib\pyd\pyexpat.pyd 0x1D100000 Library C:\Program Files\Zone Labs\ZoneAlarm\zlclient_Loc040c.dll (ZoneAlarm/Zone Labs Inc.) 0x01510000 Library C:\WINDOWS\system32\vsmonapi.dll (TrueVector Client Interface/Zone Labs, LLC) 0x01830000 Library C:\WINDOWS\system32\zlcomm.dll (ZLComm/Zone Labs, LLC) 0x01860000 Library C:\WINDOWS\system32\ZLCommDB.dll (ZLCommDB/Zone Labs, LLC) 0x01880000 Library C:\WINDOWS\system32\ZoneLabs\scheduler.dll (scheduler feature plug-in/Zone Labs, LLC) 0x018A0000 Library C:\Program Files\Zone Labs\ZoneAlarm\alert.zap (Alerts Plugin Module/Zone Labs, LLC) 0x60000000 Library C:\Program Files\Zone Labs\ZoneAlarm\alert_Loc040c.zap (Alerts Plugin Module/Zone Labs Inc.) 0x01900000 Library C:\Program Files\Zone Labs\ZoneAlarm\cam.zap (Anti-Virus Monitoring Module/Zone Labs, LLC) 0x01910000 Library C:\Program Files\Zone Labs\ZoneAlarm\cam_Loc040c.zap (Module de surveillance de l'antivirus/Zone Labs Inc.) 0x01930000 Library C:\Program Files\Zone Labs\ZoneAlarm\email.zap (Email Plugin Module/Zone Labs, LLC) 0x01940000 Library C:\Program Files\Zone Labs\ZoneAlarm\email_Loc040c.zap (Email Plugin Module/Zone Labs Inc.) 0x01960000 Library C:\Program Files\Zone Labs\ZoneAlarm\filter.zap (Filter Plugin Module/Zone Labs, LLC) 0x01970000 Library C:\Program Files\Zone Labs\ZoneAlarm\filter_Loc040c.zap (Filter Plugin Module/Zone Labs Inc.) 0x01980000 Library C:\Program Files\Zone Labs\ZoneAlarm\firewall.zap (Firewall Plugin Module/Zone Labs, LLC) 0x01990000 Library C:\Program Files\Zone Labs\ZoneAlarm\firewall_Loc040c.zap (Firewall Plugin Module/Zone Labs Inc.) 0x019C0000 Library C:\Program Files\Zone Labs\ZoneAlarm\idlock.zap (ZoneAlarmPro/Zone Labs, LLC) 0x019D0000 Library C:\Program Files\Zone Labs\ZoneAlarm\idlock_Loc040c.zap (ZoneAlarmPro/Zone Labs Inc.) 0x01A10000 Library C:\Program Files\Zone Labs\ZoneAlarm\privacy.zap (Privacy Plugin Module/Zone Labs, LLC) 0x01A30000 Library C:\Program Files\Zone Labs\ZoneAlarm\privacy_Loc040c.zap (Privacy Plugin Module/Zone Labs Inc.) 0x01A60000 Library C:\Program Files\Zone Labs\ZoneAlarm\programs.zap (Programs Plugin Module/Zone Labs, LLC) 0x01A70000 Library C:\Program Files\Zone Labs\ZoneAlarm\programs_Loc040c.zap (Programs Plugin Module/Zone Labs Inc.) 0x01AC0000 Library C:\WINDOWS\system32\ZoneLabs\av.dll (av feature plug-in/Zone Labs, LLC) 0x01B80000 Library C:\WINDOWS\system32\ZoneLabs\av_Loc040c.dll (av feature plug-in/Zone Labs Inc.) 0x01BE0000 Library C:\Program Files\Zone Labs\ZoneAlarm\security.zap (Overview Plugin Module/Zone Labs, LLC) 0x01AF0000 Library C:\Program Files\Zone Labs\ZoneAlarm\security_Loc040c.zap (Overview Plugin Module/Zone Labs Inc.) 0x01BF0000 Library C:\WINDOWS\system32\ZoneLabs\camupd.dll (camupd feature plug-in/Zone Labs, LLC) 0x01C40000 Process C:\WINDOWS\system32\RUNDLL32.EXE (Exécuter une DLL en tant qu'application/Microsoft Corporation) 3296 Library C:\WINDOWS\system32\NvMcTray.dll (NVIDIA Media Center Library/NVIDIA Corporation) 0x10000000 Library C:\WINDOWS\system32\nvapi.dll (NVIDIA NVAPI Library, Version 190.62 /NVIDIA Corporation) 0x00A50000 Library C:\WINDOWS\system32\NVRSFR.DLL (NVIDIA French language resource library/NVIDIA Corporation) 0x00D90000 Process C:\Program Files\Java\jre6\bin\jusched.exe (Java Platform SE binary/Sun Microsystems, Inc.) 3308 Library C:\Program Files\Java\jre6\bin\jusched.exe (Java Platform SE binary/Sun Microsystems, Inc.) 0x00400000 Process C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Acrobat SpeedLauncher/Adobe Systems Incorporated) 3316 Library C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Acrobat SpeedLauncher/Adobe Systems Incorporated) 0x00400000 Process C:\Program Files\iTunes\iTunesHelper.exe (iTunesHelper/Apple Inc.) 3328 Library C:\Program Files\iTunes\iTunesHelper.exe (iTunesHelper/Apple Inc.) 0x00400000 Library C:\Program Files\iTunes\iTunesHelper.dll (iTunesHelper DLL/Apple Inc.) 0x10000000 Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\CoreFoundation.dll (CoreFoundation/Apple Inc.) 0x009C0000 Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\pthreadVC2.dll (POSIX Threads for Windows32 Library/Open Source Software community project) 0x00940000 Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\objc.dll (Objective-C Runtime Library/Apple Inc.) 0x00950000 Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\icuin40.dll (IBM ICU I18N DLL/IBM Corporation and others) 0x00A90000 Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\icuuc40.dll (IBM ICU Common DLL/IBM Corporation and others) 0x00B90000 Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\icudt40.dll (ICU Data DLL/IBM Corporation and others) 0x4AD00000 Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\ASL.dll 0x009A0000 Library C:\Program Files\iTunes\iTunesHelper.Resources\fr.lproj\iTunesHelperLocalized.DLL (Bibliothèque de ressources iTunesHelper/Apple Inc.) 0x01330000 Library C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL (iTunesHelper Resource Library/Apple Inc.) 0x01360000 Library C:\Program Files\QuickTime\QTSystem\QuickTime.qts (QuickTime/Apple Inc.) 0x66800000 Library C:\Program Files\QuickTime\QTSystem\QTCF.dll (QuickTime CoreFoundation/Apple Inc.) 0x68A40000 Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\CFNetwork.DLL (CFNetwork/Apple, Inc.) 0x01840000 Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\SQLite3.dll (SQLite3 Dynamic Link Library/Apple Inc.) 0x018F0000 Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\zlib1.dll 0x01970000 Library C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\iTunesMobileDevice.dll (iTunesMobileDevice/Apple Inc.) 0x020B0000 Process C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) 4092 Library C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) 0x00400000 Library C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) 0x10000000 Library C:\Program Files\Mozilla Firefox\sqlite3.dll (SQLite Database Library/sqlite.org) 0x00280000 Library C:\Program Files\Mozilla Firefox\MOZCRT19.dll (User-Generated Microsoft ® C/C++ Runtime Library/Mozilla Foundation) 0x78130000 Library C:\Program Files\Mozilla Firefox\js3250.dll 0x00300000 Library C:\Program Files\Mozilla Firefox\nspr4.dll (NSPR Library/Mozilla Foundation) 0x004E0000 Library C:\Program Files\Mozilla Firefox\smime3.dll (NSS S/MIME Library/Mozilla Foundation) 0x00510000 Library C:\Program Files\Mozilla Firefox\nss3.dll (NSS Base Library/Mozilla Foundation) 0x00530000 Library C:\Program Files\Mozilla Firefox\nssutil3.dll (NSS Utility Library/Mozilla Foundation) 0x005D0000 Library C:\Program Files\Mozilla Firefox\plc4.dll (PLC Library/Mozilla Foundation) 0x005F0000 Library C:\Program Files\Mozilla Firefox\plds4.dll (PLDS Library/Mozilla Foundation) 0x00600000 Library C:\Program Files\Mozilla Firefox\ssl3.dll (NSS SSL Library/Mozilla Foundation) 0x00610000 Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000 Library C:\Program Files\Mozilla Firefox\xpcom.dll (Mozilla Foundation) 0x00630000 Library C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll (Mozilla Foundation) 0x01150000 Library C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll (Mozilla Foundation) 0x014B0000 Library C:\Program Files\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x16080000 Library C:\Program Files\Mozilla Firefox\softokn3.dll (NSS PKCS #11 Library/Mozilla Foundation) 0x02D10000 Library C:\Program Files\Mozilla Firefox\nssdbm3.dll (Legacy Database Driver/Mozilla Foundation) 0x02D40000 Library C:\Program Files\Mozilla Firefox\freebl3.dll (NSS freebl Library/Mozilla Foundation) 0x02D60000 Library C:\Program Files\Mozilla Firefox\nssckbi.dll (NSS Builtin Trusted Root CAs/Mozilla Foundation) 0x03600000 Library C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll 0x05200000 ---- Services - GMER 1.0.15 ---- Service C:\WINDOWS\system32\drivers\ADIHdAud.sys (High Definition Audio Function Driver/Analog Devices, Inc.) [MANUAL] ADIHdAudAddService Service C:\WINDOWS\system32\drivers\AEAudio.sys (Audio Noise Filtering Driver (32-bit)/Andrea Electronics Corporation) [MANUAL] AEAudio Service C:\Program Files\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH) [AUTO] AntiVirSchedulerService Service C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH) [AUTO] AntiVirService Service C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device Service/Apple Inc.) [AUTO] Apple Mobile Device Service C:\WINDOWS\system32\drivers\Asushwio.sys [MANUAL] Asushwio Service AVG Service avg9emc Service C:\Program Files\AVG\AVG9\avgwdsvc.exe [AUTO] avg9wd Service C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira AntiVir Support for Minifilter/Avira GmbH) [sYSTEM] avgio Service AvgLdx86 Service AvgMfx86 Service C:\WINDOWS\system32\DRIVERS\avgntflt.sys (Avira Minifilter Driver/Avira GmbH) [AUTO] avgntflt Service C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) [sYSTEM] AvgTdiX Service C:\WINDOWS\system32\DRIVERS\avipbb.sys (Avira Driver for RootKit Detection/Avira GmbH) [sYSTEM] avipbb Service C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) [AUTO] Bonjour Service Service C:\DOCUME~1\$ Mon Nom $F~1\LOCALS~1\Temp\catchme.sys [MANUAL] catchme Service C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Camera Access Library 8/Canon Inc.) [AUTO] CCALib8 Service system32\DRIVERS\chdrvr01.sys [MANUAL] chdrvr01 Service system32\DRIVERS\chdrvr02.sys [MANUAL] chdrvr02 Service system32\DRIVERS\chdrvr03.sys [MANUAL] chdrvr03 Service C:\WINDOWS\system32\DRIVERS\ENTECH.sys (PowerStrip support NT kernel-mode driver/EnTech Taiwan) [MANUAL] ENTECH Service C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Activation Licensing Service/Acresso Software Inc.) [MANUAL] FLEXnet Licensing Service Service C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) [MANUAL] GEARAspiWDM Service D:\INSTALL\GMSIPCI.SYS [MANUAL] GMSIPCI Service C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows ® Server 2003 DDK provider) [MANUAL] HDAudBus Service C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe (IDriverT Module/Macrovision Corporation) [MANUAL] IDriverT Service C:\Program Files\iPod\bin\iPodService.exe (iPodService Module (32-bit)/Apple Inc.) [MANUAL] iPod Service Service C:\Program Files\Java\jre6\bin\jqs.exe (Java Quick Starter Service/Sun Microsystems, Inc.) [AUTO] JavaQuickStarterService Service C:\WINDOWS\system32\DRIVERS\klif.sys (Klif Mini-Filter/Kaspersky Lab) [sYSTEM] KLIF Service MSDTC Bridge 3.0.0.0 Service D:\install4\MSICPL.sys [MANUAL] MSICPL Service C:\WINDOWS\system32\DRIVERS\ASACPI.sys [MANUAL] MTsensor Service nm Service D:\NTACCESS.sys [MANUAL] NTACCESS Service C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 190.62 /NVIDIA Corporation) [MANUAL] nv Service C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA® nForce IDE Performance Driver/NVIDIA Corporation) [bOOT] nvata Service C:\WINDOWS\system32\DRIVERS\NVENETFD.sys (NVIDIA Networking Function Driver./NVIDIA Corporation) [MANUAL] NVENETFD Service C:\WINDOWS\system32\DRIVERS\nvnetbus.sys (NVIDIA Networking Bus Driver./NVIDIA Corporation) [MANUAL] nvnetbus Service C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 190.62/NVIDIA Corporation) [AUTO] NVSvc Service C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink Service C:\WINDOWS\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) [bOOT] PxHelp20 Service C:\WINDOWS\system32\DRIVERS\rxpvbus.sys (Avionics Bus Driver/Reality XP) [MANUAL] rxpvbus Service C:\WINDOWS\system32\DRIVERS\SaiH075C.sys (Saitek Hid Driver/Saitek) [MANUAL] SaiH075C Service C:\WINDOWS\system32\DRIVERS\SaiMini.sys (Saitek Magic Mini Driver/Saitek) [MANUAL] SaiMini Service C:\WINDOWS\system32\drivers\SaiBus.sys (Saitek Magic Bus/Saitek) [MANUAL] SaiNtBus Service C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [AUTO] Secdrv Service C:\WINDOWS\system32\drivers\Senfilt.sys (Sensaura WDM 3D Audio Driver/Sensaura) [MANUAL] SenFiltService Service ServiceModelEndpoint 3.0.0.0 Service ServiceModelOperation 3.0.0.0 Service ServiceModelService 3.0.0.0 Service D:\NTGLM7X.sys [MANUAL] SetupNTGLM7X Service C:\WINDOWS\System32\drivers\sfdrv01.sys (StarForce Protection Environment Driver/Protection Technology) [bOOT] sfdrv01 Service C:\WINDOWS\System32\drivers\sfhlp02.sys (StarForce Protection Helper Driver/Protection Technology) [bOOT] sfhlp02 Service C:\WINDOWS\System32\drivers\sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) [bOOT] sfsync02 Service SMSvcHost 3.0.0.0 Service C:\WINDOWS\system32\DRIVERS\pfc027.sys [MANUAL] SoC PC-Camera Service Service C:\WINDOWS\system32\ZoneLabs\srescan.sys (srescan/Zone Labs, LLC) [bOOT] srescan Service C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) [sYSTEM] ssmdrv Service C:\WINDOWS\system32\DRIVERS\StreamIP.sys (Microsoft IP Test Driver/Microsoft Corporation) [MANUAL] streamip Service C:\Program Files\Fichiers communs\Supportsoft\bin\ssrc.exe (ssrc Module/SupportSoft, Inc.) [AUTO] SupportSoft RemoteAssist Service C:\Documents and Settings\$ Mon Nom $ \Bureau\Ultra-X Winstress\UXDCMN.SYS [MANUAL] UXDCMN Service C:\WINDOWS\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) [sYSTEM] vsdatant Service C:\WINDOWS\system32\ZoneLabs\vsmon.exe (TrueVector Service/Zone Labs, LLC) [AUTO] vsmon Service Windows Workflow Foundation 3.0.0.0 Service Wmi ---- EOF - GMER 1.0.15 ----

C'est le "guard" d'antivir qui me trouve cela (pas le scan) ; le message est celui ci : Dans le fichier 'C:\Documents and Settings\ $Mon Nom$ \Local Settings\Temp\ilb.old' un virus ou un programme indésirable 'TR/Spy.Gen2' [trojan] a été détecté. Action exécutée : Déplacer le fichier en quarantaine Il m'en a trouvé 30 depuis 1 heure à peu près... Et depuis que ce "guard" fonctionne, je peux à nouveau lancer mes programmes exe et bat qui ne fonctionnaient plus ; seulement, à chaque fois que je les lance, le "guard" me crée une nouvelle instance de TR/Spy.gen2. Cette petite bête semble donc être la cause de mes maux... Il ne reste plus qu'à s'en débarasser

Petite info complémentaire : j'ai réussi à mettre à jour "manuellement" antivir - il a déniché un TR/Spy.gen2 dans un fichier "ilb.old" qui se trouve dans le répertoire temporaire...

Voici : All processes killed ========== REGISTRY ========== Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\braviax not found. Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\braviax not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes User: Jean ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 3861371 bytes User: Laux ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 6194388 bytes ->Java cache emptied: 25493434 bytes User: LocalService ->Temp folder emptied: 65984 bytes ->Temporary Internet Files folder emptied: 33172 bytes User: NetworkService ->Temp folder emptied: 442368 bytes ->Temporary Internet Files folder emptied: 1368953 bytes User: Franz ->Temp folder emptied: 1928201436 bytes ->Temporary Internet Files folder emptied: 17158698 bytes ->Java cache emptied: 78032779 bytes ->FireFox cache emptied: 72916295 bytes ->Google Chrome cache emptied: 856432 bytes ->Apple Safari cache emptied: 159257813 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 30332647 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 3056128 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 2 219,00 mb OTM by OldTimer - Version 3.1.7.1 log created on 02012010_190905 Files moved on Reboot... File C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_7b8.dat not found! File C:\WINDOWS\temp\ZLT01998.TMP not found! File C:\WINDOWS\temp\ZLT0212e.TMP not found! Registry entries deleted on Reboot...

Merci Pear de prendre mon cas en considération Test négatif. J'ai eu il y a 6 mois le "Braviax" en question, que j'ai extirpé "à la hussarde". C'est peut-être pourquoi vous en voyez encore des traces... D'autre part, Antivir (que je viens d'installer, mais qui n'arrive pas à s'updater), m'a trouvé entre temps ceci : TR/Agent.577601.A , que j'ai mis en quarantaine. Voici le rapport : Malwarebytes' Anti-Malware 1.44 Version de la base de données: 3673 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 1/02/2010 18:44:44 mbam-log-2010-02-01 (18-44-44).txt Type de recherche: Examen rapide Eléments examinés: 132382 Temps écoulé: 9 minute(s), 4 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Retour à la case départ, donc

Bonjour à tous , Je pense que ma machine abrite un hôte indésirable ! Depuis un certain temps, je n'arrive plus à lancer des utilitaires ".bat" que j'avais créé. Au lieu de s'exécuter, le bureau s'efface et se réaffiche quelques secondes plus tard. Certaines applications ne se lancent plus. J'avais aussi remarqué qu'Avast ne se mettait plus à jour. Par contre, il me causait régulièrement des "blocages" de la navigation internet, si bien que je devais le désactiver pour surfer. J'ai donc désinstallé Avast. J'ai voulu le remplacer par AVG, mais AVG ne s'installe pas. J'ai essayé Antivir, mais antivir refuse de se mettre à jour. Me voici donc nu, sans antivirus. J'ai fait tourner quelques outils de scan glanés ci et là, sans succès. Et je viens de constater que ni cmd.exe, ni regedit.exe ne se lancent. Après une recherche sur le net, qui foisonne de forums brouillons et parfois hystériques sur ce genre de sujet, je me suis arrêté chez vous : cet espace me paraît suffisamment zen et rationnel pour chercher une solution à mes déboires Merci d'avance à tout contributeur Voici le rapport "hijackthis" que j'ai obtenu. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:19:21, on 1/02/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16981) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Application Updater\ApplicationUpdater.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\Explorer.EXE c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\Saitek\Software\ProfilerU.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Downloads\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll O4 - HKLM\..\Run: [sW20] C:\WINDOWS\system32\sw20.exe O4 - HKLM\..\Run: [sW24] C:\WINDOWS\system32\sw24.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\ProfilerU.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [searchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [braviax] (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [braviax] (User 'Default user') O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1264865145437 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: winmm.dll O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing) O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe O23 - Service: AVG Free WatchDog (avg9wd) - Unknown owner - C:\Program Files\AVG\AVG9\avgwdsvc.exe (file missing) O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Fichiers communs\Supportsoft\bin\ssrc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 8591 bytes