carad'oc

cher Falkra, ... un grand merci pour ton aide précieuse, réactive et pertinente .... ps : combofix je l'avais renommé tralala sur le bureau ...donc je fais tralala /u right ? )

non plus de symptomes ...

bon .. pour antivir, j'ai été cherché la base de données sur le site avira pour un update manuel --> résolu so far !

bonjour Falkra un petit mot de plus sur ce qu'il se passe avec Antivir, qui me met un avertissement me disant que la mise à jour date de plus de 3 jours, mais quand je fais "update", la mise à jour semble ne se faire QUE sur le programme et pas sur la base virale. Du coup , l'icone de la ligne "update" reste un triangle rouge sur la console Antivir, et en d"taillant je constate que la version de la base virale date de juin 2008. What's up doc? ... en te rappelant que lors de l'install d'antivir, mon win defender a disparu ... tu sais celui qui m'envoie une notif à chaque modif du registre

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:59:03, on 20/11/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Documents and Settings\Jean-Louis\Bureau\HiJackThis2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [instantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: StarOffice 7.lnk = C:\Program Files\StarOffice7\program\quickstart.exe (User 'SYSTEM') O4 - .DEFAULT Startup: StarOffice 7.lnk = C:\Program Files\StarOffice7\program\quickstart.exe (User 'Default user') O4 - .DEFAULT User Startup: StarOffice 7.lnk = C:\Program Files\StarOffice7\program\quickstart.exe (User 'Default user') O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/ O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1113563795718 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187967080015 O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon777.free.fr/plugins/hardwared...ion_2_0_4_8.cab O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/a...zylomloader.cab O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: RDFLabel - Unknown owner - C:\Program Files\ICRAplus\RDFLabel\RDFLabel.exe -- End of file - 10631 bytes

tu vx que je refasse avec la nouvelle version ?

Logfile of HijackThis v1.99.1 Scan saved at 23:31:29, on 20/11/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE C:\WINDOWS\system32\wbem\wmiapsrv.exe c:\program files\avira\antivir personaledition classic\avcenter.exe C:\Program Files\highjackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [instantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/ O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1113563795718 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187967080015 O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon777.free.fr/plugins/hardwared...ion_2_0_4_8.cab O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/a...zylomloader.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: RDFLabel - Unknown owner - C:\Program Files\ICRAplus\RDFLabel\RDFLabel.exe

sauf que malgré que j'ai fait la mise à jour, j'ai l'icone update qui reste rouge ...

j'avais un peu anticipé .... voici le log Avira AntiVir Personal Report file date: jeudi 20 novembre 2008 21:46 Scanning for 1369550 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 3) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: LOCAL-0D522026B Version information: BUILD.DAT : 8.2.0.334 16933 Bytes 16/10/2008 14:55:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 09:57:53 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 11:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 14:54:15 ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 30/06/2008 06:20:53 ANTIVIR3.VDF : 7.0.5.23 17408 Bytes 30/06/2008 10:24:47 Engineversion : 8.2.0.4 AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 11:05:56 AESCRIPT.DLL : 8.1.1.8 319866 Bytes 16/10/2008 12:43:34 AESCN.DLL : 8.1.1.3 123252 Bytes 14/10/2008 11:05:56 AERDL.DLL : 8.1.1.2 438644 Bytes 12/09/2008 07:06:02 AEPACK.DLL : 8.1.2.4 369014 Bytes 14/10/2008 11:05:56 AEOFFICE.DLL : 8.1.0.28 196987 Bytes 14/10/2008 11:05:56 AEHEUR.DLL : 8.1.0.59 1438071 Bytes 18/09/2008 10:07:50 AEHELP.DLL : 8.1.1.2 115062 Bytes 14/10/2008 11:05:56 AEGEN.DLL : 8.1.0.41 319861 Bytes 14/10/2008 11:05:56 AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 11:05:56 AECORE.DLL : 8.1.2.6 172406 Bytes 14/10/2008 11:05:56 AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 11:05:56 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01 AVREP.DLL : 7.0.0.1 155688 Bytes 30/06/2008 15:35:20 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: jeudi 20 novembre 2008 21:46 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned Scan process 'YahooMessenger.exe' - '1' Module(s) have been scanned Scan process 'iexplore.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'LVComSer.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'PCLETray.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'daemon.exe' - '1' Module(s) have been scanned Scan process 'apdproxy.exe' - '1' Module(s) have been scanned Scan process 'soundman.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned Scan process 'CALMAIN.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'LVComSer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'ATKKBService.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 45 processes with 45 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD2 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD3 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD4 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '60' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\autre\Bureau\img091307-www.photoshop.com [DETECTION] Is the TR/Crypt.ULPM.Gen Trojan [NOTE] The file was moved to '498cd0a1.qua'! C:\Documents and Settings\Jean-Louis\Bureau\cohtrnmg.exe [DETECTION] Is the TR/Agent.231424.A Trojan [NOTE] The file was moved to '498dd21b.qua'! C:\Documents and Settings\Jean-Louis\Bureau\company_of_heroes_cohtrainer12ch\cohtrnmg.exe [DETECTION] Is the TR/Agent.231424.A Trojan [NOTE] The file was moved to '498dd23c.qua'! C:\Qoobox\Quarantine\C\Documents and Settings\Jean-Louis\Application Data\m\flec006.exe.vir [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '498adcc5.qua'! C:\Qoobox\Quarantine\C\WINDOWS\system32\mdelk.exe.vir [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '498adce2.qua'! C:\Qoobox\Quarantine\C\WINDOWS\system32\wintems.exe.vir [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4993dceb.qua'! C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_srosa_.sys.zip [0] Archive type: ZIP --> srosa.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '4997dcf7.qua'! C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\101734.exe.vir [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4956dcb6.qua'! C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\104968.exe.vir [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4959dcb8.qua'! C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\128968.exe.vir [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '495ddcbc.qua'! C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\136562.exe.vir [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '495bdcbf.qua'! C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\151218.exe.vir [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4956dcc3.qua'! C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\151390.exe.vir [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4956dcc6.qua'! C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\161859.exe.vir [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4956dcca.qua'! C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\172750.exe.vir [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4957dccd.qua'! C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\246765.exe.vir [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '495bdcd2.qua'! C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\249000.exe.vir [DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm [NOTE] The file was moved to '495edcd2.qua'! C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\428328.exe.vir [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '495ddcd1.qua'! C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\488203.exe.vir [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '495ddcd8.qua'! C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\525484.exe.vir [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '495adcd2.qua'! C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\65843.exe.vir [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '495ddcd6.qua'! C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\68750.exe.vir [DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm [NOTE] The file was moved to '495cdcd9.qua'! C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\70515.exe.vir [DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm [NOTE] The file was moved to '4d942bdb.qua'! C:\System Volume Information\_restore{4BAB21B4-BDA1-4B55-B0DD-AE80210EE96A}\RP836\A0215443.exe [DETECTION] Is the TR/Agent.231424.A Trojan [NOTE] The file was moved to '4957de64.qua'! C:\System Volume Information\_restore{4BAB21B4-BDA1-4B55-B0DD-AE80210EE96A}\RP847\A0217427.exe [DETECTION] Is the TR/Crypt.PEPM.Gen Trojan [NOTE] The file was moved to '4957de93.qua'! C:\System Volume Information\_restore{4BAB21B4-BDA1-4B55-B0DD-AE80210EE96A}\RP847\A0220419.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '4957de96.qua'! C:\System Volume Information\_restore{4BAB21B4-BDA1-4B55-B0DD-AE80210EE96A}\RP848\A0220471.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4957de99.qua'! C:\System Volume Information\_restore{4BAB21B4-BDA1-4B55-B0DD-AE80210EE96A}\RP848\A0220473.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4d9d0612.qua'! C:\System Volume Information\_restore{4BAB21B4-BDA1-4B55-B0DD-AE80210EE96A}\RP849\A0220520.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4957de9a.qua'! C:\System Volume Information\_restore{4BAB21B4-BDA1-4B55-B0DD-AE80210EE96A}\RP849\A0220522.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4957de9b.qua'! C:\System Volume Information\_restore{4BAB21B4-BDA1-4B55-B0DD-AE80210EE96A}\RP849\A0220543.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '4d9d0614.qua'! C:\System Volume Information\_restore{4BAB21B4-BDA1-4B55-B0DD-AE80210EE96A}\RP849\A0220547.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4957de9c.qua'! C:\System Volume Information\_restore{4BAB21B4-BDA1-4B55-B0DD-AE80210EE96A}\RP849\A0220548.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4957de9d.qua'! C:\System Volume Information\_restore{4BAB21B4-BDA1-4B55-B0DD-AE80210EE96A}\RP849\A0221534.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '4d9d0616.qua'! C:\System Volume Information\_restore{4BAB21B4-BDA1-4B55-B0DD-AE80210EE96A}\RP849\A0221539.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4957de9e.qua'! C:\System Volume Information\_restore{4BAB21B4-BDA1-4B55-B0DD-AE80210EE96A}\RP849\A0221540.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4d9d0617.qua'! C:\System Volume Information\_restore{4BAB21B4-BDA1-4B55-B0DD-AE80210EE96A}\RP849\A0222556.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '4957de9f.qua'! C:\System Volume Information\_restore{4BAB21B4-BDA1-4B55-B0DD-AE80210EE96A}\RP849\A0222562.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4957dea0.qua'! C:\System Volume Information\_restore{4BAB21B4-BDA1-4B55-B0DD-AE80210EE96A}\RP849\A0222563.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4d9d0629.qua'! C:\System Volume Information\_restore{4BAB21B4-BDA1-4B55-B0DD-AE80210EE96A}\RP849\A0222564.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4957dea2.qua'! C:\System Volume Information\_restore{4BAB21B4-BDA1-4B55-B0DD-AE80210EE96A}\RP850\A0222598.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4957dea4.qua'! C:\System Volume Information\_restore{4BAB21B4-BDA1-4B55-B0DD-AE80210EE96A}\RP850\A0222600.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4957dea5.qua'! C:\System Volume Information\_restore{4BAB21B4-BDA1-4B55-B0DD-AE80210EE96A}\RP850\A0222604.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4d9d062e.qua'! C:\System Volume Information\_restore{4BAB21B4-BDA1-4B55-B0DD-AE80210EE96A}\RP850\A0222605.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4957dea6.qua'! C:\System Volume Information\_restore{4BAB21B4-BDA1-4B55-B0DD-AE80210EE96A}\RP850\A0222607.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4d9d062f.qua'! C:\System Volume Information\_restore{4BAB21B4-BDA1-4B55-B0DD-AE80210EE96A}\RP850\A0222608.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4957deb8.qua'! C:\System Volume Information\_restore{4BAB21B4-BDA1-4B55-B0DD-AE80210EE96A}\RP850\A0222610.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4957dea7.qua'! C:\System Volume Information\_restore{4BAB21B4-BDA1-4B55-B0DD-AE80210EE96A}\RP850\A0222615.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4d9d0620.qua'! C:\System Volume Information\_restore{4BAB21B4-BDA1-4B55-B0DD-AE80210EE96A}\RP850\A0222620.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4957dea9.qua'! C:\System Volume Information\_restore{4BAB21B4-BDA1-4B55-B0DD-AE80210EE96A}\RP850\A0222621.exe [DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm [NOTE] The file was moved to '4957dea8.qua'! C:\System Volume Information\_restore{4BAB21B4-BDA1-4B55-B0DD-AE80210EE96A}\RP850\A0222630.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4d9d0622.qua'! C:\System Volume Information\_restore{4BAB21B4-BDA1-4B55-B0DD-AE80210EE96A}\RP850\A0222633.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4957deab.qua'! C:\System Volume Information\_restore{4BAB21B4-BDA1-4B55-B0DD-AE80210EE96A}\RP850\A0222636.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4957deaa.qua'! C:\System Volume Information\_restore{4BAB21B4-BDA1-4B55-B0DD-AE80210EE96A}\RP850\A0222643.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4d9d0623.qua'! C:\System Volume Information\_restore{4BAB21B4-BDA1-4B55-B0DD-AE80210EE96A}\RP850\A0222644.exe [DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm [NOTE] The file was moved to '4d9d0624.qua'! C:\System Volume Information\_restore{4BAB21B4-BDA1-4B55-B0DD-AE80210EE96A}\RP850\A0222645.exe [DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm [NOTE] The file was moved to '4957dead.qua'! C:\System Volume Information\_restore{4BAB21B4-BDA1-4B55-B0DD-AE80210EE96A}\RP850\A0222651.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4957deac.qua'! C:\System Volume Information\_restore{4BAB21B4-BDA1-4B55-B0DD-AE80210EE96A}\RP850\A0222652.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4d9d0625.qua'! C:\System Volume Information\_restore{4BAB21B4-BDA1-4B55-B0DD-AE80210EE96A}\RP850\A0222653.exe [DETECTION] Is the TR/Bagle.Gen.B Trojan [NOTE] The file was moved to '4d9d0626.qua'! C:\System Volume Information\_restore{4BAB21B4-BDA1-4B55-B0DD-AE80210EE96A}\RP853\A0224383.exe [DETECTION] Is the TR/Crypt.PEPM.Gen Trojan [NOTE] The file was moved to '4957ded8.qua'! C:\System Volume Information\_restore{4BAB21B4-BDA1-4B55-B0DD-AE80210EE96A}\RP854\A0225490.com [DETECTION] Is the TR/Crypt.ULPM.Gen Trojan [NOTE] The file was moved to '4957dee3.qua'! C:\System Volume Information\_restore{4BAB21B4-BDA1-4B55-B0DD-AE80210EE96A}\RP854\A0225493.exe [DETECTION] Is the TR/Agent.231424.A Trojan [NOTE] The file was moved to '4d9d066c.qua'! C:\System Volume Information\_restore{4BAB21B4-BDA1-4B55-B0DD-AE80210EE96A}\RP854\A0225494.exe [DETECTION] Is the TR/Agent.231424.A Trojan [NOTE] The file was moved to '4957dee5.qua'! End of the scan: jeudi 20 novembre 2008 23:21 Used time: 1:34:41 Hour(s) The scan has been done completely. 14984 Scanning directories 500534 Files were scanned 63 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 63 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 500470 Files not concerned 4018 Archives were scanned 5 Warnings 63 Notes

en mettant antivir, ça m'a viré Win defender .... bizarre ... et aussi quand je fais le task manager j'ai plus les 3 onglets comme avant ... faut ptet que je remette windows à jour non ?

hello Falkra, ... tu as vu le 1er log de MBAM ?

c'est fait me voilà avec antivir ... j'voulais pas rester sans protec trop longtemps ....

re-salut grand gourou ! voilou le rapport précédent : Malwarebytes' Anti-Malware 1.30 Version de la base de données: 1412 Windows 5.1.2600 Service Pack 3 19/11/2008 19:48:56 mbam-log-2008-11-19 (19-48-56).txt Type de recherche: Examen rapide Eléments examinés: 64674 Temps écoulé: 5 minute(s), 46 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 5 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winbjv32 (Dialer) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\winbjv32.dll (Dialer) -> Quarantined and deleted successfully. voici le rapport précédent BMAM Malwarebytes' Anti-Malware 1.30 Version de la base de données: 1412 Windows 5.1.2600 Service Pack 3 19/11/2008 19:48:56 mbam-log-2008-11-19 (19-48-56).txt Type de recherche: Examen rapide Eléments examinés: 64674 Temps écoulé: 5 minute(s), 46 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 5 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winbjv32 (Dialer) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\winbjv32.dll (Dialer) -> Quarantined and deleted successfully.

je peux télécherger Antivir dès que je rentre ...?? ou bien j'attends ton feu vert ???

Salut Falkra, bien dormi ?? j'avais fait un MBAM "rapide" (sur fichiers système) et c'est lui qui m'avait trouvé qq trucs : je t'envoie le rapport en fin d'ap midi (suis au boulot là !!) Le rapport "vide" que je t'ai envoyé c'est le dernier fait, scan complet sur le C, avant le dernier CF. Tant que j'y suis AntiVir comme AV pour remplacer AVAST t'en penses quoi ? Merci encore de ton aide

et le log MBAM ... Malwarebytes' Anti-Malware 1.30 Version de la base de données: 1412 Windows 5.1.2600 Service Pack 3 19/11/2008 22:18:19 mbam-log-2008-11-19 (22-18-19).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 275419 Temps écoulé: 2 hour(s), 28 minute(s), 32 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)

ok avast désinstallé puis combofix refait en suivant la procédure voici le log combo ComboFix 08-11-18.A2 - Jean-Louis 2008-11-19 23:28:28.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.652 [GMT 1:00] Lancé depuis: c:\documents and settings\Jean-Louis\Bureau\tralala.exe Commutateurs utilisés :: c:\documents and settings\Jean-Louis\Bureau\CFScript.txt * Un nouveau point de restauration a été créé FILE :: c:\windows\system32\drivers\srosa2.sys . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\aamwjkqu.ini c:\windows\system32\eknmelje.ini c:\windows\system32\jnwnrjqo.ini c:\windows\system32\jocrmkme.ini c:\windows\system32\kltogarn.ini c:\windows\system32\lioyysje.ini c:\windows\system32\mljaovcv.ini c:\windows\system32\oualcggb.ini c:\windows\system32\pdutqdsv.ini c:\windows\system32\rbvwwjpu.ini c:\windows\system32\ujcqfbon.ini c:\windows\system32\xjmokrbj.ini c:\windows\system32\xwcayysu.ini c:\windows\system32\yagbuqeu.ini . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ASWSP -------\Legacy_BOONTY_GAMES -------\Legacy_PNICML -------\Service_Boonty Games -------\Service_pnicml ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-19 au 2008-11-19 )))))))))))))))))))))))))))))))))))) . 2008-11-19 19:39 . 2008-11-19 19:39 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-19 19:39 . 2008-11-19 19:39 <REP> d-------- c:\documents and settings\Jean-Louis\Application Data\Malwarebytes 2008-11-19 19:39 . 2008-11-19 19:39 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-19 19:39 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-19 19:39 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-19 18:41 . 2008-11-19 18:44 <REP> d-------- C:\ToolBar SD 2008-11-14 19:45 . 2008-11-14 19:45 <REP> d-------- c:\documents and settings\All Users\Application Data\SecretsOfOlympus 2008-11-14 17:55 . 2008-11-14 17:55 <REP> d-------- c:\program files\Yahoo! Europe 2008-11-13 18:24 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-13 18:23 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2008-11-03 16:20 . 2008-11-03 16:20 <REP> d-------- c:\documents and settings\Jean-Louis\Application Data\Genimo 2008-11-03 16:19 . 2008-11-03 17:59 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2008-11-03 16:18 . 2008-11-03 16:19 <REP> d-------- c:\program files\Puzzle Hero 2008-11-03 11:33 . 2008-11-03 11:33 <REP> d-------- c:\windows\system32\Adobe 2008-10-30 21:36 . 2008-10-30 21:36 <REP> d-------- c:\documents and settings\Jean-Louis\Application Data\RealArcade 2008-10-23 18:46 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-19 22:17 --------- d-----w c:\program files\Alwil Software 2008-11-19 20:01 --------- d-----w c:\program files\highjackthis 2008-11-19 17:07 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-11-19 17:07 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-17 21:17 --------- d-----w c:\program files\Zylom Games 2008-11-17 21:17 --------- d-----w c:\documents and settings\Jean-Louis\Application Data\Zylom 2008-11-17 20:57 --------- d-----w c:\program files\PopCap Games 2008-11-17 20:53 --------- d-----w c:\program files\PlayFirst 2008-11-14 18:44 --------- d-----w c:\program files\BoontyGames 2008-11-14 16:50 --------- d-----w c:\program files\Canon 2008-11-03 14:46 --------- d-----w c:\documents and settings\Jean-Louis\Application Data\Corel 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-21 20:18 --------- d-----w c:\program files\Microsoft Silverlight 2008-10-08 12:44 --------- d-----w c:\documents and settings\Brigitte\Application Data\Yahoo! 2008-10-05 08:59 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! 2008-10-04 15:55 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-04 15:54 --------- d-----w c:\program files\Sokoban 2008-10-04 15:53 --------- d-----w c:\program files\ChickenInvadersROTYXmas 2008-10-03 14:34 --------- d-----w c:\program files\THQ 2008-09-28 19:47 --------- d-----w c:\documents and settings\Jean-Louis\Application Data\PlayFirst 2008-09-28 19:47 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst 2008-09-28 19:46 --------- d-----w c:\program files\Google 2008-09-28 15:44 --------- d-----w c:\documents and settings\Jean-Louis\Application Data\Yahoo! 2008-09-26 15:34 --------- d-----w c:\documents and settings\Jean-Louis\Application Data\iWin 2008-09-26 15:33 --------- d-----w c:\program files\iWin 2008-09-25 11:27 --------- d-----w c:\documents and settings\autre\Application Data\Yahoo! 2008-09-21 21:29 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion 2008-09-21 21:24 --------- d-----w c:\program files\Yahoo! 2008-09-20 20:24 --------- d-----w c:\program files\StarOffice7 2007-01-18 21:55 1,148 ----a-w c:\documents and settings\Brigitte\Application Data\wklnhst.dat 2006-09-18 18:55 462 ----a-w c:\documents and settings\Alexandre\Application Data\wklnhst.dat 2006-02-24 13:30 8 ----a-w c:\documents and settings\Alexandre\.bztarotcumul.dat 2006-01-30 18:35 8 ----a-w c:\documents and settings\Jean-Louis\.bztarotcumul.dat 2006-01-07 12:32 16 -c-ha-w c:\program files\mxfilerelatedcache.mxc2 2005-07-18 10:19 162 ----a-w c:\documents and settings\Jean-Louis\Application Data\wklnhst.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "InstantTray"="c:\program files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe" [2004-09-02 770048] "Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2008-09-19 4347120] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-09 68856] "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2008-09-19 4347120] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432] "LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 505368] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 57344] "ISUSPM Startup"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856] "Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600] "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-03-12 81920] "nwiz"="nwiz.exe" [2007-06-28 c:\windows\system32\nwiz.exe] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968] c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\ StarOffice 7.lnk - c:\program files\StarOffice7\program\quickstart.exe [2003-11-01 122880] c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\ StarOffice 7.lnk - c:\program files\StarOffice7\program\quickstart.exe [2003-11-01 122880] c:\documents and settings\Alexandre\Menu D‚marrer\Programmes\D‚marrage\ StarOffice 7.lnk - c:\program files\StarOffice7\program\quickstart.exe [2003-11-01 122880] c:\documents and settings\autre\Menu D‚marrer\Programmes\D‚marrage\ StarOffice 7.lnk - c:\program files\StarOffice7\program\quickstart.exe [2003-11-01 122880] c:\documents and settings\Brigitte\Menu D‚marrer\Programmes\D‚marrage\ StarOffice 7.lnk - c:\program files\StarOffice7\program\quickstart.exe [2003-11-01 122880] c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\ StarOffice 7.lnk - c:\program files\StarOffice7\program\quickstart.exe [2003-11-01 122880] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2008-10-09 22:51 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Microsoft Games\\Conqueror extension\\Rise of Nations\\rise.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"= R0 d346bus;d346bus;c:\windows\system32\DRIVERS\d346bus.sys [2007-04-27 156800] R0 d346prt;d346prt;c:\windows\system32\Drivers\d346prt.sys [2007-04-27 5248] R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-08-08 28544] R1 SSHDRV85;SSHDRV85;\??\c:\windows\system32\drivers\SSHDRV85.sys [2005-05-30 78848] R2 cvintdrv;cvintdrv;c:\windows\system32\drivers\cvintdrv.sys [2006-09-15 7140] R3 WmaCDriverV32;WmaCDriverV32;c:\windows\system32\drivers\WmaCDriverV32.sys [2007-02-03 513152] S2 RDFLabel;RDFLabel;c:\program files\ICRAplus\RDFLabel\RDFLabel.exe -PICRAplusID01F [] S3 se57bus;Sony Ericsson Device 087 driver (WDM);c:\windows\system32\DRIVERS\se57bus.sys [2007-08-01 61536] S3 se57mdfl;Sony Ericsson Device 087 USB WMC Modem Filter;c:\windows\system32\DRIVERS\se57mdfl.sys [2007-08-01 9360] S3 se57mdm;Sony Ericsson Device 087 USB WMC Modem Driver;c:\windows\system32\DRIVERS\se57mdm.sys [2007-08-01 97088] . Contenu du dossier 'Tâches planifiées' 2008-08-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2008-11-19 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20] . - - - - ORPHELINS SUPPRIMES - - - - BHO-{07FD8DEA-1C83-46AC-9FA3-7815CC283756} - (no file) BHO-{10C4D6A9-EB08-4C00-A8F6-6CCE89821DAF} - (no file) BHO-{2B4BFF92-7711-423A-A5AF-4ED9E5F313D2} - (no file) BHO-{316E0CBD-5700-41F1-BD44-29B49B4FF6C8} - (no file) BHO-{317F8DE1-2394-4E0F-8FDB-590847FB9ABB} - (no file) BHO-{380FF93B-9B64-45AD-9A99-8BB0B3AA9415} - (no file) BHO-{4396E38F-B26A-4BE1-9FBE-570418635294} - (no file) BHO-{48F6BEFE-23ED-48FC-87C3-E1D362145C37} - (no file) BHO-{49EC7FCE-6701-4FFF-83FD-02F417B3686B} - (no file) BHO-{4D689B1C-D5C2-4CAA-A0E9-568CF23DFD98} - (no file) BHO-{4DBD7665-DEE2-4B33-AC39-5AEBFA4C0838} - (no file) BHO-{50B930A9-24BD-48F0-ACBE-F70ABCDEE216} - (no file) BHO-{5533A611-E4DD-49D3-9297-5680CEE0519A} - (no file) BHO-{575E9C71-FD27-45AD-95D1-671292548DED} - (no file) BHO-{63EF5A29-33AF-429D-A148-BF69009EBEA3} - (no file) BHO-{64C7E4E8-0D00-4327-9517-8F0F6FC9B00C} - (no file) BHO-{6D0316C2-13C7-40A2-AAFE-481E4A2A6BE5} - (no file) BHO-{7D0B455D-9E19-42E1-8F6C-C81607AF010F} - (no file) BHO-{81E02F00-4263-42CB-BD3F-DFC29A5FCD13} - (no file) BHO-{864D0FAB-80D4-4725-B204-9DB6C59698B6} - (no file) BHO-{89A015A8-70AA-44AE-AE8A-489A34150EDC} - (no file) BHO-{8EF6725B-F63D-4298-B5CC-1952EE7B0FA8} - (no file) BHO-{99FE6228-2B6A-4321-90E2-D4586DC33685} - (no file) BHO-{A3DF053D-E9CE-4FC1-A1A8-1B5D453304DC} - (no file) BHO-{C5DFE5B4-E748-473C-8CA9-8D7BA6842E3F} - (no file) BHO-{CA0BC097-1FD7-4793-9BFB-5D64812C4E67} - (no file) BHO-{D6B609A8-E6F1-4092-A456-47E24E2461DF} - (no file) BHO-{DF748EEA-A5D0-43B1-8BC4-BA4EAC492ABA} - (no file) BHO-{E26B4CFF-945E-4FD7-8157-5877CE691AEC} - (no file) BHO-{E8CBDA34-E33E-49B8-A10A-ECC378F77ED7} - (no file) BHO-{FA0F04DA-BC11-4F92-8EF6-2535889D70C9} - (no file) BHO-{FB961E53-C2F5-462D-9195-187518A8006F} - (no file) MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-19 23:32:01 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . c:\program files\Windows Defender\MsMpEng.exe c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\ATKKBService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\CTSVCCDA.EXE c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe c:\windows\system32\nvsvc32.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Canon\CAL\CALMAIN.exe c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe . ************************************************************************** . Heure de fin: 2008-11-19 23:46:21 - La machine a redémarré ComboFix-quarantined-files.txt 2008-11-19 22:46:17 ComboFix2.txt 2008-11-19 06:00:11 Avant-CF: 42 920 280 064 octets libres Après-CF: 42,929,156,096 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect 238 --- E O F --- 2008-11-19 16:43:39

avant de relancer Combofix je dois impérativement désinstaller AVAST ???

ouais c'était hyper lent hier .. mais peut-être parece que c'était très malade !!! à propos en rentrant ce soir j'ai fait un ccleaner pour nettoyer un epu .. et j'ai installé MBMA dont j'ai vu qu'on disait le plus grand bien. Il m'a trouvé 4 à 5 trucs que j'ai viré ...

ok ok ... je vais relancer ça cette nuit alors ... (si ça doit prendre aussi longtemps que la 1ère fois !!)

heu ... juste un truc... si je peux me permettre ... comme dit précédemment qd j'ai fait mon 1er combofix, j'ai pu éliminer assez de saletés pour ouvoir récupérer la capacité de restaurer le système ... ce que j'ai fait ... et ensuite de mettre à jour AVAST. Donc je me suis retrouvé avec la config que j'avais AVANT l'infection ... et donc sans les fichiers que tu me demandes de supprimer ... à l'exception du fichier d'AVAST aswSP. Est-ce donc bien nécessaire de faire ce 2ème nettoyage avec Combofix ???? Veux-tu un rapport log de highjackthis ? merci encore du temps que tu vx bien me consacrer ps : je suis désormais convaincu qu'AVAST n'est peut-etre plus le meilleur AV gratos et j'ai l'intention d'en changer asap

oups encore une fausse maneouvre .... ci-joint rapport combofix cher Falkra ... et merci de ton support ComboFix 08-11-16.05 - Jean-Louis 2008-11-18 21:15:06.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.741 [GMT 1:00] * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Jean-Louis\Application Data\m c:\documents and settings\Jean-Louis\Application Data\m\data.oct c:\documents and settings\Jean-Louis\Application Data\m\flec006.exe c:\documents and settings\Jean-Louis\Application Data\m\list.oct c:\documents and settings\Jean-Louis\Application Data\m\shared\3D All American Baby 1.0.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\4Musics_WAV_to_OGG_Converter_4.0_[Key+Serial].zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Acc_Compact_1.111.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Account_Buddy_(OS_X)_1.3.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Ace DivX Player 2.2.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Ace_File_Shredder_1.1_(Key+Serial).zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Akamai_Folder_Jockey_1.3_Key+Serial.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\All_Audio_Converter_2.0_Serial.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Alt_CD_Ripper_2.5_[Crack].zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Amelix File Cryptor Pro 1.0.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Animal_Screensaver_1.0.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\ASP Express Standard 4.1.5.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\ATR Timer 7.0.66.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Autobaup--Auto_File_Backup_Utility_2006.5.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Avast!.Skins.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Avast.Antivirus.Pro.v4.6.744.Keygen.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\AVG.Antivirus.7.143.+.Seriale.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Background_Buddy_Pro_3.04.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Bad_Daddy_2.1_[Key].zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Basic_HTML_Editor_1.0.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Battlefield_Vietnam_Beach_City_Map.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Bestel Video to DVD Creator 1.1.5.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Bird Watcher Professional 7.0.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\BriefAudit_1.0b_[Key+Serial].zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Chase_IP_1.0.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Claudio_6.3_Serial.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Cool Type Master 1.6.0.0.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\CSSTidy 1.3.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Date_Reminder_3.0.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\DeskPhoto beta 1.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Desktop Closet 4.0.0 [With Crack].zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Desktop Snowman Screensaver 1.0.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Digital Image Tool 1.2.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Dungeon_Siege_E3_2000_movie.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\DynamicDNS Updater 1.0.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\eM Client 1.1.2754.0.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\EmailArchitect_POP3_Pull_Service_0.9.2.1_Serial.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\eMailPal 5.0.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Enhanced_Controls_1.0_[Key].zip c:\documents and settings\Jean-Louis\Application Data\m\shared\eTIMER_4.01.02.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Extremely Simple Desktop Lock 1.0.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\EyeBrowse_Lite_1.29.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Ezefee_Pro_UK_7.001_(With_Crack).zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Fighter_Ace_II.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Flawless_Complexion_5.0_[With_Crack].zip c:\documents and settings\Jean-Louis\Application Data\m\shared\FM_Style_Maker_1.0.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\GCH Guitar Academy course (unit 1) 3.00 Patch.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\GeoShapes_1.0.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Hijacker_First_Contact_1.0.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Horsebeauty_1.0.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\HP0-757_-_HP_ProCurve_Security_Practice_Exam_Questions_1.0.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\HTML CaseChanger 1.0.23.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\iDriveRepair_4.2.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Imagizer 1.0.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Imgares 1.0.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Inside Tourette Syndrome 08.02.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\iResize_2.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\IsoSecretary_3.5.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Java Class Finder 1.0.1.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\LingvoSoft_Talking_Dictionary_2007_Spanish_-_Korean_4.0.22.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Linktip 1.0.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\LockWindows 1.0.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Lvbs_X_Professional_2.1.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Magic_Marks_1.0.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\MagicFivePlusLine_1.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\MailScan_4_for_Mail_Server_4.5a.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Math_Logic_4.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\MetaLAN 2 Beta.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Miraplacid Printer Driver 1.0 [Key+Serial].zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Moto_Racer_2_updated_demo.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Move MS SQL Server to Another MSSQL Database Software 7.0.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\MP3 to CD Burners Pro 2.50.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\mp3Extractor 04.11.18.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\MSDE_Database_Manager_1.1.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\MUZIK_MAKER_3.5_(Key+Serial).zip c:\documents and settings\Jean-Louis\Application Data\m\shared\My Fantasy Maker 5.0.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\My ScreenCam 2.1.1.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\MyScript_Notes_2.0.0.14.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\NBFree_MP3_to_WMA_Converter_2.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Network_Configuration_Management_4.70_KeyGen.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\NFO2txt 1.0.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Nichtraucher 0.1.14.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\ODBiC_Open_Database_Internet_Connector_1.6.4.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\OutLook_XP_Unlocker_1.0.0.6.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Palm_Finance_Genius_2.01.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\PGD Menu Creator 1.1b.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Phone_Card_Organizer_Mate_2.1.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Photographer 2.0.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Power_Layers_1.1.8.10.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\PSWriteNetLib for CLR 1.1 1.01.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\PwdDoubleCheck (Passwords) 1.0.1 With Crack.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\RamSmash_1.8.13.2007a_(With_Crack).zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Real Estate Assistant 5.0.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\ReEnter 0.1.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Remote_PC2_2.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Repedo One 2.1.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\RoyaltyFreeMusic_2.969.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Sage_1.3.10.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\save2pc Light (formerly YouTUBE downloader) 3.28.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Schedule_XP_with_Runtime_5.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Screen_Sirens_DeskMate_1.0_(Crack).zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Selten_Atlantics_End_Wallpaper_1.00.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Sepham FileXplorer 5 Libra Version.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\SerialGrabber_1.2_KeyGen.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Sharks_1_Slide_Show_1.0_(KeyGen).zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Shifty_1.0.188.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Soy And Isoflavones 1.0.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Sprinx CTI Client 2.0.1.05.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\SQL_Pretty_Printer_plugin_for_text_editor_2.0.1.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Stellar_FTP_1.0.11.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Sweet_Girls_screensaver_1.0.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Symantec.pcAnywhere.v10.5.Corporate.Edition.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\TabbyCalc 1.2.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\TeamTalk 3.4.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Technotone_2.0.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Toolbar Icon Set 2007.2 Key+Serial.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\TransType_2.1.1.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\TTWinShell32 1.0.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Update Rollup 1 for Windows 2000 SP4.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\VBOLock_4.1_KeyGen.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Visual_Audit_Trail_2.0.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Walking the Las Vegas Strip Screensaver 1.0.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Washington_DC_1.1.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\WaveL_CompressIt_1.5.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\WayBack Machine (undo 404's) 1.0.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\WinZip_Companion_for_Outlook_1.0_[KeyGen].zip c:\documents and settings\Jean-Louis\Application Data\m\shared\Wondershare_Flash_SlideShow_Builder_3.7.0.zip c:\documents and settings\Jean-Louis\Application Data\m\shared\xrEvidence_2.18.zip c:\documents and settings\Jean-Louis\Application Data\m\srvlist.oct c:\program files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe C:\sdlflzoip c:\windows\system32\aamwjkqu.ini c:\windows\system32\ban_list.txt c:\windows\system32\drivers\downld c:\windows\system32\drivers\downld\101734.exe c:\windows\system32\drivers\downld\104593.exe c:\windows\system32\drivers\downld\104968.exe c:\windows\system32\drivers\downld\106046.exe c:\windows\system32\drivers\downld\112312.exe c:\windows\system32\drivers\downld\118281.exe c:\windows\system32\drivers\downld\128968.exe c:\windows\system32\drivers\downld\136562.exe c:\windows\system32\drivers\downld\146750.exe c:\windows\system32\drivers\downld\151218.exe c:\windows\system32\drivers\downld\151390.exe c:\windows\system32\drivers\downld\159015.exe c:\windows\system32\drivers\downld\161859.exe c:\windows\system32\drivers\downld\162156.exe c:\windows\system32\drivers\downld\163468.exe c:\windows\system32\drivers\downld\165015.exe c:\windows\system32\drivers\downld\167187.exe c:\windows\system32\drivers\downld\172750.exe c:\windows\system32\drivers\downld\178640.exe c:\windows\system32\drivers\downld\206109.exe c:\windows\system32\drivers\downld\207343.exe c:\windows\system32\drivers\downld\227687.exe c:\windows\system32\drivers\downld\246765.exe c:\windows\system32\drivers\downld\249000.exe c:\windows\system32\drivers\downld\261343.exe c:\windows\system32\drivers\downld\266203.exe c:\windows\system32\drivers\downld\266390.exe c:\windows\system32\drivers\downld\271703.exe c:\windows\system32\drivers\downld\277187.exe c:\windows\system32\drivers\downld\289359.exe c:\windows\system32\drivers\downld\292125.exe c:\windows\system32\drivers\downld\309515.exe c:\windows\system32\drivers\downld\428328.exe c:\windows\system32\drivers\downld\436921.exe c:\windows\system32\drivers\downld\438687.exe c:\windows\system32\drivers\downld\488203.exe c:\windows\system32\drivers\downld\519265.exe c:\windows\system32\drivers\downld\521531.exe c:\windows\system32\drivers\downld\525484.exe c:\windows\system32\drivers\downld\530015.exe c:\windows\system32\drivers\downld\574312.exe c:\windows\system32\drivers\downld\575625.exe c:\windows\system32\drivers\downld\612359.exe c:\windows\system32\drivers\downld\630203.exe c:\windows\system32\drivers\downld\637734.exe c:\windows\system32\drivers\downld\65843.exe c:\windows\system32\drivers\downld\68750.exe c:\windows\system32\drivers\downld\70515.exe c:\windows\system32\drivers\downld\81796.exe c:\windows\system32\drivers\downld\83906.exe c:\windows\system32\drivers\downld\84203.exe c:\windows\system32\drivers\downld\85343.exe c:\windows\system32\drivers\srosa.sys c:\windows\system32\drivers\winfilse.exe c:\windows\system32\eknmelje.ini c:\windows\system32\jnwnrjqo.ini c:\windows\system32\jocrmkme.ini c:\windows\system32\kltogarn.ini c:\windows\system32\lioyysje.ini c:\windows\system32\mdelk.exe c:\windows\system32\mljaovcv.ini c:\windows\system32\MSINET.oca c:\windows\system32\oualcggb.ini c:\windows\system32\pdutqdsv.ini c:\windows\system32\rbvwwjpu.ini c:\windows\system32\ujcqfbon.ini c:\windows\system32\wintems.exe c:\windows\system32\xjmokrbj.ini c:\windows\system32\xwcayysu.ini c:\windows\system32\yagbuqeu.ini . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_SROSA -------\Legacy_SROSA -------\Legacy_BOONTY_GAMES -------\Service_Boonty Games ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-18 au 2008-11-18 )))))))))))))))))))))))))))))))))))) . 2008-11-17 23:16 . 2008-11-17 23:16 <REP> d-------- c:\documents and settings\Alexandre\Application Data\Yahoo! 2008-11-17 23:14 . 2004-02-16 01:03 864,264 --a------ c:\documents and settings\Alexandre\SOUNDMAN.EXE 2008-11-17 22:28 . 2004-02-16 01:03 864,264 --a------ c:\documents and settings\autre\SOUNDMAN.EXE 2008-11-14 19:45 . 2008-11-14 19:45 <REP> d-------- c:\documents and settings\All Users\Application Data\SecretsOfOlympus 2008-11-14 17:55 . 2008-11-14 17:55 <REP> d-------- c:\program files\Yahoo! Europe 2008-11-13 18:24 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-13 18:23 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2008-11-03 16:20 . 2008-11-03 16:20 <REP> d-------- c:\documents and settings\Jean-Louis\Application Data\Genimo 2008-11-03 16:19 . 2008-11-03 17:59 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2008-11-03 16:18 . 2008-11-03 16:19 <REP> d-------- c:\program files\Puzzle Hero 2008-11-03 11:33 . 2008-11-03 11:33 <REP> d-------- c:\windows\system32\Adobe 2008-10-30 21:36 . 2008-10-30 21:36 <REP> d-------- c:\documents and settings\Jean-Louis\Application Data\RealArcade 2008-10-23 18:46 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-17 21:17 --------- d-----w c:\program files\Zylom Games 2008-11-17 21:17 --------- d-----w c:\documents and settings\Jean-Louis\Application Data\Zylom 2008-11-17 20:57 --------- d-----w c:\program files\PopCap Games 2008-11-17 20:53 --------- d-----w c:\program files\PlayFirst 2008-11-14 18:44 --------- d-----w c:\program files\BoontyGames 2008-11-14 16:50 --------- d-----w c:\program files\Canon 2008-11-14 16:27 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-03 14:46 --------- d-----w c:\documents and settings\Jean-Louis\Application Data\Corel 2008-11-03 14:42 2,098 --sha-w c:\windows\system32\KGyGaAvL.sys 2008-10-24 20:03 107,888 ----a-w c:\windows\system32\CmdLineExt.dll 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-21 20:18 --------- d-----w c:\program files\Microsoft Silverlight 2008-10-08 12:44 --------- d-----w c:\documents and settings\Brigitte\Application Data\Yahoo! 2008-10-05 08:59 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! 2008-10-04 15:55 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-04 15:54 --------- d-----w c:\program files\Sokoban 2008-10-04 15:53 --------- d-----w c:\program files\ChickenInvadersROTYXmas 2008-10-03 14:34 --------- d-----w c:\program files\THQ 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-28 19:47 --------- d-----w c:\documents and settings\Jean-Louis\Application Data\PlayFirst 2008-09-28 19:47 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst 2008-09-28 19:46 --------- d-----w c:\program files\Google 2008-09-28 15:44 --------- d-----w c:\documents and settings\Jean-Louis\Application Data\Yahoo! 2008-09-26 15:34 --------- d-----w c:\documents and settings\Jean-Louis\Application Data\iWin 2008-09-26 15:33 --------- d-----w c:\program files\iWin 2008-09-25 11:27 --------- d-----w c:\documents and settings\autre\Application Data\Yahoo! 2008-09-21 21:29 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion 2008-09-21 21:24 --------- d-----w c:\program files\Yahoo! 2008-09-20 20:24 --------- d-----w c:\program files\StarOffice7 2008-09-20 10:30 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys 2008-09-10 01:15 1,307,648 ------w c:\windows\system32\msxml6.dll 2008-09-04 17:16 1,106,944 ----a-w c:\windows\system32\msxml3.dll 2008-08-26 08:11 826,368 ----a-w c:\windows\system32\wininet.dll 2007-01-18 21:55 1,148 ----a-w c:\documents and settings\Brigitte\Application Data\wklnhst.dat 2006-09-18 18:55 462 ----a-w c:\documents and settings\Alexandre\Application Data\wklnhst.dat 2006-02-24 13:30 8 ----a-w c:\documents and settings\Alexandre\.bztarotcumul.dat 2006-01-30 18:35 8 ----a-w c:\documents and settings\Jean-Louis\.bztarotcumul.dat 2006-01-07 12:32 16 -c-ha-w c:\program files\mxfilerelatedcache.mxc2 2005-07-18 10:19 162 ----a-w c:\documents and settings\Jean-Louis\Application Data\wklnhst.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-11-18 1832272] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-09 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-18 81000] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432] "LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 505368] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920] "ISUSPM Startup"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968] c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\ StarOffice 7.lnk - c:\program files\StarOffice7\program\quickstart.exe [2003-11-01 122880] c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\ StarOffice 7.lnk - c:\program files\StarOffice7\program\quickstart.exe [2003-11-01 122880] c:\documents and settings\Alexandre\Menu D‚marrer\Programmes\D‚marrage\ StarOffice 7.lnk - c:\program files\StarOffice7\program\quickstart.exe [2003-11-01 122880] c:\documents and settings\autre\Menu D‚marrer\Programmes\D‚marrage\ StarOffice 7.lnk - c:\program files\StarOffice7\program\quickstart.exe [2003-11-01 122880] c:\documents and settings\Brigitte\Menu D‚marrer\Programmes\D‚marrage\ StarOffice 7.lnk - c:\program files\StarOffice7\program\quickstart.exe [2003-11-01 122880] c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\ StarOffice 7.lnk - c:\program files\StarOffice7\program\quickstart.exe [2003-11-01 122880] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2005-06-23 20:33 57344 c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] --a------ 2004-03-12 21:43 81920 c:\program files\D-Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox] --a------ 2004-01-14 02:10 409600 c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] --ah----- 2008-09-19 16:34 4347120 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2008-10-09 22:51 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --ah----- 2008-09-19 16:34 4347120 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-06-28 23:43 1626112 c:\windows\system32\nwiz.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Microsoft Games\\Conqueror extension\\Rise of Nations\\rise.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"= R0 d346bus;d346bus;c:\windows\system32\DRIVERS\d346bus.sys [2007-04-27 156800] R0 d346prt;d346prt;c:\windows\system32\Drivers\d346prt.sys [2007-04-27 5248] R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-08-08 28544] R1 SSHDRV85;SSHDRV85;\??\c:\windows\system32\drivers\SSHDRV85.sys [2005-05-30 78848] R2 cvintdrv;cvintdrv;c:\windows\system32\drivers\cvintdrv.sys [2006-09-15 7140] R3 WmaCDriverV32;WmaCDriverV32;c:\windows\system32\drivers\WmaCDriverV32.sys [2007-02-03 513152] S1 aswSP;avast! Self Protection; [] S1 sK9Ou0s;sK9Ou0s;\??\c:\windows\system32\drivers\srosa2.sys [] S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [] S2 RDFLabel;RDFLabel;c:\program files\ICRAplus\RDFLabel\RDFLabel.exe -PICRAplusID01F [] S3 pnicml;pnicml;\??\c:\docume~1\JEAN-L~1\LOCALS~1\Temp\pnicml.sys [] S3 se57bus;Sony Ericsson Device 087 driver (WDM);c:\windows\system32\DRIVERS\se57bus.sys [2007-08-01 61536] S3 se57mdfl;Sony Ericsson Device 087 USB WMC Modem Filter;c:\windows\system32\DRIVERS\se57mdfl.sys [2007-08-01 9360] S3 se57mdm;Sony Ericsson Device 087 USB WMC Modem Driver;c:\windows\system32\DRIVERS\se57mdm.sys [2007-08-01 97088] . Contenu du dossier 'Tâches planifiées' 2008-08-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2008-11-17 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20] . - - - - ORPHELINS SUPPRIMES - - - - BHO-{07FD8DEA-1C83-46AC-9FA3-7815CC283756} - (no file) BHO-{10C4D6A9-EB08-4C00-A8F6-6CCE89821DAF} - (no file) BHO-{2B4BFF92-7711-423A-A5AF-4ED9E5F313D2} - (no file) BHO-{316E0CBD-5700-41F1-BD44-29B49B4FF6C8} - (no file) BHO-{317F8DE1-2394-4E0F-8FDB-590847FB9ABB} - (no file) BHO-{380FF93B-9B64-45AD-9A99-8BB0B3AA9415} - (no file) BHO-{4396E38F-B26A-4BE1-9FBE-570418635294} - (no file) BHO-{48F6BEFE-23ED-48FC-87C3-E1D362145C37} - (no file) BHO-{49EC7FCE-6701-4FFF-83FD-02F417B3686B} - (no file) BHO-{4D689B1C-D5C2-4CAA-A0E9-568CF23DFD98} - (no file) BHO-{4DBD7665-DEE2-4B33-AC39-5AEBFA4C0838} - (no file) BHO-{50B930A9-24BD-48F0-ACBE-F70ABCDEE216} - (no file) BHO-{5533A611-E4DD-49D3-9297-5680CEE0519A} - (no file) BHO-{575E9C71-FD27-45AD-95D1-671292548DED} - (no file) BHO-{63EF5A29-33AF-429D-A148-BF69009EBEA3} - (no file) BHO-{64C7E4E8-0D00-4327-9517-8F0F6FC9B00C} - (no file) BHO-{6D0316C2-13C7-40A2-AAFE-481E4A2A6BE5} - (no file) BHO-{7D0B455D-9E19-42E1-8F6C-C81607AF010F} - (no file) BHO-{81E02F00-4263-42CB-BD3F-DFC29A5FCD13} - (no file) BHO-{864D0FAB-80D4-4725-B204-9DB6C59698B6} - (no file) BHO-{89A015A8-70AA-44AE-AE8A-489A34150EDC} - (no file) BHO-{8EF6725B-F63D-4298-B5CC-1952EE7B0FA8} - (no file) BHO-{99FE6228-2B6A-4321-90E2-D4586DC33685} - (no file) BHO-{A3DF053D-E9CE-4FC1-A1A8-1B5D453304DC} - (no file) BHO-{C5DFE5B4-E748-473C-8CA9-8D7BA6842E3F} - (no file) BHO-{CA0BC097-1FD7-4793-9BFB-5D64812C4E67} - (no file) BHO-{D6B609A8-E6F1-4092-A456-47E24E2461DF} - (no file) BHO-{DF748EEA-A5D0-43B1-8BC4-BA4EAC492ABA} - (no file) BHO-{E26B4CFF-945E-4FD7-8157-5877CE691AEC} - (no file) BHO-{E8CBDA34-E33E-49B8-A10A-ECC378F77ED7} - (no file) BHO-{FA0F04DA-BC11-4F92-8EF6-2535889D70C9} - (no file) BHO-{FB961E53-C2F5-462D-9195-187518A8006F} - (no file) HKCU-Run-InstantTray - c:\program files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.aliceadsl.fr/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.aliceadsl.fr/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd c:\windows\system32\msvcrt.dll - c:\windows\system32\mfc42.dll c:\windows\system32\olepro32.dll c:\windows\system32\msvcp60.dll c:\windows\Downloaded Program Files\Housecall_ActiveX.dll O16 -: {215B8138-A3CF-44C5-803F-8226143CFC0A} hxxp://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab c:\windows\Downloaded Program Files\hcImpl.inf O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://charon777.free.fr/plugins/hardwaredetection_2_0_4_8.cab c:\windows\Downloaded Program Files\hardwaredetection.inf . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-18 21:22:39 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\ATKKBService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\CTSVCCDA.EXE c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe c:\windows\system32\nvsvc32.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Canon\CAL\CALMAIN.exe c:\windows\system32\rundll32.exe c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe . ************************************************************************** . Heure de fin: 2008-11-19 6:43:03 - La machine a redémarré ComboFix-quarantined-files.txt 2008-11-19 05:05:41 Avant-CF: 38,764,998,656 octets libres Après-CF: 43,251,081,216 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect 463 --- E O F --- 2008-11-13 18:12:46

oups ... me fais gronder làààà !!!!! bien reçu grand gourou, je te poste ça dès que je rentre ce soir ... et j'essaie de pas faire d'autres betises en attendant ... (ou juste un ptit ccleaner histoire de ...)

Bonjour, précision préalable : mon syst d'expl = Win Xp éd familiale J'ai chopé ce que je crois être bagle.gen il y a deux jours sur mon pc ... (comme un âne, je sais !) les symptomes : tous dispositifs de protection antivirus disparus (avast, win defender, ...) et impossible de les lancer (idem pr highjack) sans le message classique application win32 non valide .... et impossible de démarrer en mode sans échec .... ni de restaurer une config antérieure. Après avoir consulté différents forums, j'ai lancé hier soir un combofix .... qui a pris toute la nuit. A la fin du cambofix, et de son rapport "fourni" (!!!) j'ai rebooté une fois en constatant que l'AV n'était pas actif, même si les pare-feu win eux marchaient. J'ai lancé une restauration système à J-2 avant l'infection ... et là tout semble redevenu normal .... ! Avast fonctionne en particulier. Me conseillez-vous néanmoins de refaire un ch'ti coup de Findykill ??? au cas où ... ou de Eliglaba ??? Merci par avance.