axurit

J'ai suivi vos instructions. Le fichier ugyktmmw.sys a enfin disparu. J'ai redémarré Antivirus et pare-feu. Voici le rapport Combofix: ComboFix 10-06-22.03 - MAURICE 23/06/2010 14:00:42.1.4 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3326.1808 [GMT 2:00] Lancé depuis: E:\LOGICIELS TÉLÉCHARGÉS\Antivirus\Combofix\ComboFix.exe SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ADS - Windows: deleted 24 bytes in 1 streams. /wow section - STAGE 1 (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\$WINDOWS.~Q\DATA\WINDOWS\OPTIONS\CABS\_desktop.ini C:\90210.exe C:\apnet.exe C:\Users\MAURICE\AppData\Roaming\Desktopicon C:\Users\MAURICE\AppData\Roaming\Desktopicon\config.ini C:\Users\MAURICE\AppData\Roaming\inst.exe C:\Windows\Fonts\NfoViewer.ttf C:\Windows\OPTIONS\CABS\_desktop.ini C:\Windows\system32\VB6KO.DLL I:\install.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2010-05-23 au 2010-06-23 )))))))))))))))))))))))))))))))))))) . 2010-06-23 12:17:40 . 2010-06-23 12:17:40 -------- d-----w- C:\Users\Default\AppData\Local\temp 2010-06-23 09:56:24 . 2007-07-09 14:20:34 99392 ----a-w- C:\Users\MAURICE\AppData\Roaming\U3\0000183D877432C7\FEFECB84-0E05-42d8-B044-F2D0FCFF8C15\Exec\ThunderbirdForU3Stop.exe 2010-06-23 09:56:24 . 2007-07-09 14:20:00 99402 ----a-w- C:\Users\MAURICE\AppData\Roaming\U3\0000183D877432C7\FEFECB84-0E05-42d8-B044-F2D0FCFF8C15\Exec\ThunderbirdForU3Clean.exe 2010-06-23 09:56:24 . 2006-12-11 08:20:04 180224 ----a-w- C:\Users\MAURICE\AppData\Roaming\U3\0000183D877432C7\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\U3AppWrapper.exe 2010-06-23 09:56:24 . 2006-12-11 08:20:02 983829 ----a-w- C:\Users\MAURICE\AppData\Roaming\U3\0000183D877432C7\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\master.exe 2010-06-23 09:56:24 . 2006-12-11 08:20:02 72192 ----a-w- C:\Users\MAURICE\AppData\Roaming\U3\0000183D877432C7\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\TASKLIST.EXE 2010-06-23 09:56:24 . 2006-12-11 08:20:02 72192 ----a-w- C:\Users\MAURICE\AppData\Roaming\U3\0000183D877432C7\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\TASKKILL.EXE 2010-06-23 09:56:24 . 2006-12-11 08:20:02 325 ----a-w- C:\Users\MAURICE\AppData\Roaming\U3\0000183D877432C7\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\stopApp.bat 2010-06-23 09:56:24 . 2006-12-11 08:20:02 15 ----a-w- C:\Users\MAURICE\AppData\Roaming\U3\0000183D877432C7\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\run_me.bat 2010-06-23 09:56:24 . 2006-12-04 13:47:08 241664 ----a-w- C:\Users\MAURICE\AppData\Roaming\U3\0000183D877432C7\FEFECB84-0E05-42d8-B044-F2D0FCFF8C15\Exec\U3Action.exe 2010-06-23 09:56:22 . 2006-12-11 08:20:04 40960 ----a-w- C:\Users\MAURICE\AppData\Roaming\U3\0000183D877432C7\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\appstop.exe 2010-06-23 08:13:36 . 2010-06-23 08:13:36 501936 ----a-w- C:\ProgramData\Google\Google Toolbar\Update\gtbA12F.tmp.exe 2010-06-21 14:33:15 . 2010-06-21 14:33:15 99678 ----a-r- C:\Users\MAURICE\AppData\Roaming\Microsoft\Installer\{368F45F4-3556-4A6B-956C-C0F9EAF4C517}\_60A70E18AA19BAE8870962.exe 2010-06-21 14:32:19 . 2010-06-21 14:33:15 -------- d-----w- C:\Program Files\Virus Effect Remover 2010-06-21 13:56:34 . 2010-06-21 13:56:34 63488 ----a-w- C:\Users\MAURICE\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll 2010-06-21 13:56:33 . 2010-06-21 13:56:33 52224 ----a-w- C:\Users\MAURICE\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-06-21 13:56:32 . 2010-06-21 13:56:32 117760 ----a-w- C:\Users\MAURICE\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-06-21 13:55:32 . 2010-06-21 13:55:32 -------- d-----w- C:\Users\MAURICE\AppData\Roaming\SUPERAntiSpyware.com 2010-06-21 13:55:32 . 2010-06-21 13:55:32 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com 2010-06-21 13:55:27 . 2010-06-21 13:55:28 -------- d-----w- C:\Program Files\SUPERAntiSpyware 2010-06-18 12:37:44 . 2010-06-18 12:37:44 -------- d-----w- C:\Program Files\Unlocker 2010-06-17 09:21:43 . 2009-06-30 07:37:16 28552 ----a-w- C:\Windows\system32\drivers\pavboot.sys 2010-06-17 09:21:42 . 2010-06-17 09:21:42 -------- d-----w- C:\Program Files\Panda Security 2010-06-17 08:32:41 . 2010-05-01 14:13:48 2037248 ----a-w- C:\Windows\system32\win32k.sys 2010-05-27 09:40:29 . 2010-04-23 14:13:55 2048 ----a-w- C:\Windows\system32\tzres.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-23 09:58:39 . 2006-11-02 15:48:33 683474 ----a-w- C:\Windows\system32\perfh00C.dat 2010-06-23 09:58:39 . 2006-11-02 15:48:33 130186 ----a-w- C:\Windows\system32\perfc00C.dat 2010-06-23 09:56:50 . 2009-03-15 14:01:37 24944 ----a-w- C:\Windows\system32\drivers\GVTDrv.sys 2010-06-23 09:56:36 . 2007-10-22 16:39:43 16608 ----a-w- C:\Windows\gdrv.sys 2010-06-23 08:10:34 . 2007-10-23 12:40:06 -------- d-----w- C:\ProgramData\Google Updater 2010-06-17 16:03:07 . 2006-11-02 11:18:33 -------- d-----w- C:\Program Files\Windows Mail 2010-06-17 16:03:05 . 2008-12-28 17:11:10 -------- d-----w- C:\Program Files\Microsoft Silverlight 2010-06-17 09:50:11 . 2008-12-06 14:37:01 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware 2010-05-30 09:48:24 . 2007-11-12 09:13:00 -------- d-----w- C:\Program Files\CCleaner 2010-05-26 17:06:41 . 2010-06-17 08:33:20 34304 ----a-w- C:\Windows\system32\atmlib.dll 2010-05-26 14:47:41 . 2010-06-17 08:33:20 289792 ----a-w- C:\Windows\system32\atmfd.dll 2010-05-21 12:14:28 . 2009-10-03 09:38:33 221568 ------w- C:\Windows\system32\MpSigStub.exe 2010-05-18 12:23:24 . 2010-05-18 12:23:24 -------- d-----w- C:\Program Files\Karen's Power Tools 2010-05-18 12:22:48 . 2010-05-18 12:22:48 -------- d-----w- C:\ProgramData\Karen's Power Tools 2010-05-18 09:10:09 . 2010-05-18 09:10:09 -------- d-----w- C:\ProgramData\GARMIN 2010-05-18 09:09:22 . 2008-12-20 16:26:54 -------- d-----w- C:\Users\MAURICE\AppData\Roaming\GARMIN 2010-05-17 17:43:17 . 2010-05-17 08:37:50 -------- d-----w- C:\Users\MAURICE\AppData\Roaming\Download Manager 2010-05-17 13:55:39 . 2010-03-03 17:10:23 1 ----a-w- C:\Users\MAURICE\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-05-16 17:24:15 . 2008-12-20 16:26:01 -------- d-----w- C:\Program Files\Garmin GPS Plugin 2010-05-16 17:14:41 . 2010-05-16 17:14:41 -------- d-----w- C:\Program Files\DIFX 2010-05-16 17:14:31 . 2010-05-16 17:14:31 -------- d-----w- C:\Program Files\Garmin 2010-05-15 13:52:02 . 2007-10-23 12:40:05 -------- d-----w- C:\Program Files\Google 2010-05-08 08:32:32 . 2010-05-08 08:32:32 -------- d-----w- C:\ProgramData\TomTom 2010-05-08 08:32:09 . 2010-05-08 08:32:09 -------- d-----w- C:\Users\MAURICE\AppData\Roaming\TomTom 2010-05-08 08:32:03 . 2010-05-08 08:32:03 -------- d-----w- C:\Program Files\TomTom International B.V 2010-05-08 08:31:57 . 2010-05-08 08:31:54 -------- d-----w- C:\Program Files\TomTom HOME 2 2010-05-05 16:30:50 . 2008-05-27 14:36:15 -------- d-----w- C:\Users\MAURICE\AppData\Roaming\U3 2010-05-04 05:59:21 . 2010-06-17 08:33:27 916480 ----a-w- C:\Windows\system32\wininet.dll 2010-05-04 05:55:42 . 2010-06-17 08:33:27 71680 ----a-w- C:\Windows\system32\iesetup.dll 2010-05-04 05:55:42 . 2010-06-17 08:33:27 109056 ----a-w- C:\Windows\system32\iesysprep.dll 2010-05-04 04:31:05 . 2010-06-17 08:33:27 133632 ----a-w- C:\Windows\system32\ieUnatt.exe 2010-05-03 14:19:35 . 2009-03-29 17:33:05 -------- d-----w- C:\Program Files\Java 2010-04-29 13:39:38 . 2008-12-06 14:37:02 38224 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys 2010-04-29 13:39:26 . 2008-12-06 14:37:05 20952 ----a-w- C:\Windows\system32\drivers\mbam.sys 2010-04-28 15:45:14 . 2010-04-28 15:41:37 -------- d-----w- C:\ProgramData\CopyTransControlCenter 2010-04-28 15:42:45 . 2010-04-28 15:42:45 -------- d-----w- C:\Program Files\CopyTrans Suite 2010-04-28 15:41:37 . 2010-04-28 15:41:37 -------- d-----w- C:\Users\MAURICE\AppData\Roaming\CopyTransControlCenter 2010-04-19 16:19:06 . 2010-04-19 16:19:04 208896 ----a-w- C:\Users\MAURICE\lame_enc.dll 2010-04-12 15:29:19 . 2010-05-03 14:19:37 411368 ----a-w- C:\Windows\system32\deployJava1.dll 2010-04-05 17:01:01 . 2010-06-17 08:33:23 67072 ----a-w- C:\Windows\system32\asycfilt.dll 2008-12-07 10:42:20 . 2008-12-07 10:42:20 119 --sh--w- C:\Windows\cnerolf.bin 2008-12-28 15:04:58 . 2008-12-28 15:04:58 23 --sha-w- C:\Windows\System32\cbaecdb_z.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2009-04-11 06:28:03 1233920] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-23 12:40:06 68856] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 07:33:39 202240] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2009-02-04 11:27:34 23975720] "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 08:16:32 2363392] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 03:16:34 203928] "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 11:31:12 247144] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "36X Raid Configurer"="C:\WINDOWS\system32\JMRaidSetup.exe" [2007-02-06 12:08:36 1953792] "JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 12:44:18 36864] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 19:52:38 49152] "RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 10:27:04 4702208] "ResModify"="C:\Program Files\USBToolbox\ResModify.EXE" [2003-12-23 16:10:28 65536] "PinnacleDriverCheck"="C:\Windows\system32\\PSDrvCheck.exe" [2004-03-10 23:26:10 406016] "Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdSync.exe" [2006-11-02 09:45:59 215552] "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 14:33:22 563984] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 14:37:32 2178832] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 03:28:00 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 03:28:00 8497696] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 03:28:00 81920] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 23:52:10 849280] "TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-07 16:01:08 2620336] "AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-07 16:36:58 904880] "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-07 16:08:54 140568] "EasyTuneVI"="C:\Program Files\GIGABYTE\ET6\ETcall.exe" [2007-07-26 14:05:20 20480] "LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2009-11-02 16:23:03 557056] "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 22:20:49 57344] "BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe" [2007-11-16 10:20:26 91432] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-10-28 07:35:48 72736] "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 10:06:20 62760] "InstantBurn"="C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe" [2007-06-04 16:24:44 599600] "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 09:43:18 248040] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 05:42:51 36272] "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 18:17:47 952768] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2010-02-15 17:50:12 417792] C:\Users\MAURICE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360] LaunchU3.exe.lnk - C:\Windows\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2008-5-29 22486] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] 2009-03-02 11:08:11 209153 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2010-04-29 13:39:32 1090952 ----a-w- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2008-01-21 11:17:18 61440 ----a-w- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2010-06-07 17:13:53 2403568 ----a-w- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] 2010-03-09 02:52:48 15872 ----a-w- C:\Program Files\Unlocker\UnlockerAssistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-19 07:38:38 1008184 ----a-w- C:\Program Files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):34,55,4a,7e,9c,4a,ca,01 R0 GVTDrv;GVTDrv; [x] R0 sptd;sptd;C:\Windows\System32\Drivers\sptd.sys [2009-10-05 17:09:25 721904] R2 gupdate;Service Google Update (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-13 16:32:51 133104] R3 SaiH0BAC;SaiH0BAC;C:\Windows\system32\DRIVERS\SaiH0BAC.sys [2007-07-02 07:36:46 135168] R4 ugyktmmw;ugyktmmw; [x] S0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2009-06-30 07:37:16 28552] S1 CLBStor;InstantBurn Storage Helper Driver; [x] S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 18:25:48 12872] S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 18:41:30 67656] S2 AntiVirSchedulerService;Avira AntiVir Planificateur;C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 14:47:40 108289] S2 Apache2.2;Apache2.2;C:\xampp\apache\bin\httpd.exe [2009-12-19 23:00:00 29416] S2 CLBUDF;CyberLink InstantBurn UDF Filesystem; [x] S2 GEST Service;GEST Service for program management.;C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe [2008-08-08 13:24:42 80392] S2 TomTomHOMEService;TomTomHOMEService;C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 11:31:14 92008] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 08:14:42 451872 ----a-w- C:\Program Files\Common Files\LightScribe\LSRunOnce.exe . Contenu du dossier 'Tâches planifiées' 2010-06-23 C:\Windows\Tasks\Google Software Updater.job - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-23 12:40:05 . 2009-03-26 10:21:01] 2010-06-23 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-13 16:32:52 . 2009-11-13 16:32:51] 2010-06-23 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-13 16:32:52 . 2009-11-13 16:32:51] 2010-06-23 C:\Windows\Tasks\User_Feed_Synchronization-{F7920685-4576-4F09-A0E4-27B0369B0C92}.job - C:\Windows\system32\msfeedssync.exe [2010-06-17 08:33:27 . 2010-05-04 04:30:19] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.orange.fr/ uInternet Settings,ProxyOverride = *.local IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html FF - ProfilePath - C:\Users\MAURICE\AppData\Roaming\Mozilla\Firefox\Profiles\1lumju02.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.orange.fr/ FF - plugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: C:\Program Files\Photodex Presenter\npPxPlay.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-Rainlendar2 - K:\Rainlendar\Rainlendar2\Rainlendar2.exe HKCU-Run-Power2GoExpress - (no file) HKLM-Run-CmPCIaudio - CMICNFG3.CPL MSConfigStartUp-66147933 - C:\ProgramData\66147933\66147933.exe AddRemove-Mozilla Firefox (3.0.10) - K:\portableFirefox\firefox\uninstall\helper.exe AddRemove-Mozilla Thunderbird (2.0.0.19) - K:\System\Apps\FEFECB84-0E05-42d8-B044-F2D0FCFF8C15\Exec\thunderbird\uninstall\helper.exe AddRemove-Rainlendar2 - K:\Rainlendar\Rainlendar2\uninst.exe AddRemove-FlightPyrénées Orientales Collection - D:\Programmes\Microsoft Flight Simulator X\uninstal_fpobp.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-06-23 14:17:55 Windows 6.0.6002 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}] "ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'lsass.exe'(1132) C:\Windows\system32\relog_ap.dll . Heure de fin: 2010-06-23 14:21:09 ComboFix-quarantined-files.txt 2010-06-23 12:21:06 Avant-CF: 35 130 347 520 octets libres Après-CF: 35 157 983 232 octets libres - - End Of File - - F016B0C0EC2199C479091CF0D2D37F86 Tout est-il correct maintenant? Merci.

Mes excuses: le rapport d'Antivir est: Avira AntiVir Personal Date de création du fichier de rapport : mardi 22 juin 2010 15:44 La recherche porte sur 2228330 souches de virus. Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus Numéro de série : 0000149996-ADJIE-0000001 Plateforme : Windows Vista Version de Windows : (Service Pack 2) [6.0.6002] Mode Boot : Démarré normalement Identifiant : MAURICE Nom de l'ordinateur : MAURICE-VISTA Informations de version : BUILD.DAT : 9.0.0.75 Bytes 22/01/2010 23:14:00 AVSCAN.EXE : 9.0.3.10 466689 Bytes 13/10/2009 10:25:46 AVSCAN.DLL : 9.0.3.0 49409 Bytes 03/03/2009 09:21:02 LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:11 LUKERES.DLL : 9.0.2.0 13569 Bytes 03/03/2009 09:21:31 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 06:35:52 VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 17:00:44 VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 17:01:22 VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 17:01:34 VBASE004.VDF : 7.10.4.203 1579008 Bytes 05/03/2010 17:01:52 VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 07:49:54 VBASE006.VDF : 7.10.7.218 2294784 Bytes 02/06/2010 08:22:46 VBASE007.VDF : 7.10.7.219 2048 Bytes 02/06/2010 08:22:46 VBASE008.VDF : 7.10.7.220 2048 Bytes 02/06/2010 08:22:46 VBASE009.VDF : 7.10.7.221 2048 Bytes 02/06/2010 08:22:46 VBASE010.VDF : 7.10.7.222 2048 Bytes 02/06/2010 08:22:47 VBASE011.VDF : 7.10.7.223 2048 Bytes 02/06/2010 08:22:47 VBASE012.VDF : 7.10.7.224 2048 Bytes 02/06/2010 08:22:47 VBASE013.VDF : 7.10.8.37 270336 Bytes 10/06/2010 08:22:49 VBASE014.VDF : 7.10.8.69 138752 Bytes 14/06/2010 08:22:50 VBASE015.VDF : 7.10.8.102 130560 Bytes 16/06/2010 08:22:20 VBASE016.VDF : 7.10.8.103 2048 Bytes 16/06/2010 08:22:21 VBASE017.VDF : 7.10.8.104 2048 Bytes 16/06/2010 08:22:21 VBASE018.VDF : 7.10.8.105 2048 Bytes 16/06/2010 08:22:21 VBASE019.VDF : 7.10.8.106 2048 Bytes 16/06/2010 08:22:21 VBASE020.VDF : 7.10.8.107 2048 Bytes 16/06/2010 08:22:21 VBASE021.VDF : 7.10.8.108 2048 Bytes 16/06/2010 08:22:21 VBASE022.VDF : 7.10.8.109 2048 Bytes 16/06/2010 08:22:21 VBASE023.VDF : 7.10.8.110 2048 Bytes 16/06/2010 08:22:21 VBASE024.VDF : 7.10.8.111 2048 Bytes 16/06/2010 08:22:21 VBASE025.VDF : 7.10.8.112 2048 Bytes 16/06/2010 08:22:22 VBASE026.VDF : 7.10.8.113 2048 Bytes 16/06/2010 08:22:22 VBASE027.VDF : 7.10.8.114 2048 Bytes 16/06/2010 08:22:22 VBASE028.VDF : 7.10.8.115 2048 Bytes 16/06/2010 08:22:22 VBASE029.VDF : 7.10.8.116 2048 Bytes 16/06/2010 08:22:23 VBASE030.VDF : 7.10.8.117 2048 Bytes 16/06/2010 08:22:23 VBASE031.VDF : 7.10.8.131 114176 Bytes 21/06/2010 13:54:22 Version du moteur : 8.2.2.6 AEVDF.DLL : 8.1.2.0 106868 Bytes 24/04/2010 08:13:40 AESCRIPT.DLL : 8.1.3.31 1352058 Bytes 17/06/2010 08:23:36 AESCN.DLL : 8.1.6.1 127347 Bytes 13/05/2010 08:12:13 AESBX.DLL : 8.1.3.1 254324 Bytes 24/04/2010 08:13:40 AERDL.DLL : 8.1.4.6 541043 Bytes 17/04/2010 07:50:33 AEPACK.DLL : 8.2.1.1 426358 Bytes 24/03/2010 17:02:31 AEOFFICE.DLL : 8.1.1.0 201081 Bytes 13/05/2010 08:12:12 AEHEUR.DLL : 8.1.1.33 2724214 Bytes 17/06/2010 08:23:31 AEHELP.DLL : 8.1.11.5 242038 Bytes 17/06/2010 08:23:02 AEGEN.DLL : 8.1.3.10 377205 Bytes 17/06/2010 08:23:01 AEEMU.DLL : 8.1.2.0 393588 Bytes 24/04/2010 08:13:34 AECORE.DLL : 8.1.15.3 192886 Bytes 13/05/2010 08:12:04 AEBB.DLL : 8.1.1.0 53618 Bytes 24/04/2010 08:13:33 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:30 AVPREF.DLL : 9.0.3.0 44289 Bytes 26/08/2009 14:13:31 AVREP.DLL : 8.0.0.7 159784 Bytes 24/03/2010 17:02:42 AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 14:24:42 AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:22 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:36:37 SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:20:57 NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 14:40:59 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 17/06/2009 12:44:26 RCTEXT.DLL : 9.0.73.0 88321 Bytes 02/11/2009 15:58:32 Configuration pour la recherche actuelle : Nom de la tâche...............................: ShlExt Fichier de configuration......................: C:\Users\MAURICE\AppData\Local\Temp\1059be08.avp Documentation.................................: bas Action principale.............................: interactif Action secondaire.............................: ignorer Recherche sur les secteurs d'amorçage maître..: marche Recherche sur les secteurs d'amorçage.........: marche Secteurs d'amorçage...........................: C:, Recherche dans les programmes actifs..........: arrêt Recherche en cours sur l'enregistrement.......: arrêt Recherche de Rootkits.........................: arrêt Contrôle d'intégrité de fichiers système......: arrêt Fichier mode de recherche.....................: Sélection de fichiers intelligente Recherche sur les archives....................: marche Limiter la profondeur de récursivité..........: 20 Archive Smart Extensions......................: marche Heuristique de macrovirus.....................: marche Heuristique fichier...........................: moyen Début de la recherche : mardi 22 juin 2010 15:44 La recherche sur les fichiers sélectionnés commence : Recherche débutant dans 'C:\Windows\System32\drivers\ugyktmmw.sys' C:\Windows\System32\drivers\ugyktmmw.sys [RESULTAT] Contient le modèle de détection du rootkit RKIT/Bubnix.AU [AVERTISSEMENT] Impossible d'ouvrir le fichier ! Début de la désinfection : C:\Windows\System32\drivers\ugyktmmw.sys [RESULTAT] Contient le modèle de détection du rootkit RKIT/Bubnix.AU [AVERTISSEMENT] Fichier ignoré. Fin de la recherche : mardi 22 juin 2010 15:44 Temps nécessaire: 00:02 Minute(s) La recherche a été effectuée intégralement 0 Les répertoires ont été contrôlés 2 Des fichiers ont été contrôlés 1 Des virus ou programmes indésirables ont été trouvés 0 Des fichiers ont été classés comme suspects 0 Des fichiers ont été supprimés 0 Des virus ou programmes indésirables ont été réparés 0 Les fichiers ont été déplacés dans la quarantaine 0 Les fichiers ont été renommés 1 Impossible de contrôler des fichiers 0 Fichiers non infectés 0 Les archives ont été contrôlées 1 Avertissements 0 Consignes

Antivir me répond simplement: Lors de la recherche des programmes indésirables ou virus ont été trouvés! Sélectionnez l'action a exécuter; Objet: ugyktmmw.sys Resultat positif: RKIT/Bubnix.AU Le chemin du rootkit est C:\Windows\System32\Drivers\ugyktmmw.sys Merci de votre aide.

Bonjour, Je suis tout nouveau sur votre site. J'ai un problème pour lequel vous pourrez sans doute m'aider. Antivir me détecte un malware "RKIT/Bubnix.AU" sur un fichier "ugyktmmw.sys" qu'il ne peut éradiquer. Des tentatives pour le fixer avec MBAM, SUPERAntispyware, Unlocker, Virus Effect Remover, ont échoué; ugyktmmw.sys est toujours présent sur ma partition système. Voici ma config: Carte Mère : Gigabyte EP45-UD3R Chipset : Intel Corporation Processeur : Intel Core 2 Quad Q9450 @ 2666 MHz Mémoire physique : 4096 Mo Carte graphique : ATI Technologies Inc ASUS EAH4850 series Disque dur : Hitachi (1000 Go) Disque dur : MAXTOR (250 Go) Disque dur : ST3500830AS (500 Go) Disque dur : STM3500418AS (500 Go) Lecteur CD-Rom : SanDisk U3 Cruzer Micro USB Device Lecteur DVD-Rom : HL-DT-ST BD-RE GGW-H20L ATA Device Lecteur DVD-Rom : SXYNOZE ANW5AFCP67 SCSI CdRom Device Type de moniteur : L24W-2 - 24 pouces Carte réseau : Realtek Semiconductor RTL8168/8111 PCI-E Gigabit Ethernet NIC Système d'Exploitation : Windows Vista Home Premium Edition Familiale 6.00.6002 Service Pack 2 DirectX : Version 10.00 Windows Performance Index : 5.1 Voici le log de HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:29:00, on 21/06/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18928) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\RtHDVCpl.exe C:\Program Files\USBToolbox\ResModify.EXE C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe C:\Program Files\CyberLink\Shared Files\brs.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\CyberLink\InstantBurn\Win2K\IBurn.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\ProgramData\U3\U3Launcher\LaunchU3.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Users\MAURICE\AppData\Roaming\U3\0000183D877432C7\LaunchPad.exe C:\Windows\System32\mobsync.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\GIGABYTE\ET6\GUI.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Windows\system32\conime.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe E:\LOGICIELS TÉLÉCHARGÉS\Antivirus\HijackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Portail Orange R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\System32\dvmurl.dll O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [ResModify] C:\Program Files\USBToolbox\ResModify.EXE O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\Windows\system32\\PSDrvCheck.exe O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [EasyTuneVI] C:\Program Files\GIGABYTE\ET6\ETcall.exe O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [instantBurn] C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Rainlendar2] K:\Rainlendar\Rainlendar2\Rainlendar2.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -s O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: LaunchU3.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing) O13 - Gopher Prefix: O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.4.cab O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Ad-Aware 2007\aawservice.exe O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\httpd.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: MySQL - MySQL AB - C:\xampp\mysql\bin\mysqld.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- End of file - 12396 bytes J'ai téléchargé combofix mais je ne l'ai pas encore installé. Merci à l'avance de ce que vous pourrez faire pour moi.