ClupClap

Bonjour, Comment t'expliquer en plus que français a moins que tu ne soit un robot. Je ne PEUT PAS installer IE a la version supérieur car on me demande d'installer des mises a jour importante pour windows. Voila

Je ne peut pas installer IE7 il me demande de valider mon exemplaire de windows , que je ne peut pas faire

Pour les mises a jour de firefox pas de probléme sa me l'indique a chaque fois que y'en a une par contre pour IE8 impossible sa demande des mises a jour de windows En tout cas un grand merci de ton aide je m'en vais changer mes mdp

Je ne peut pas faire les mises a jour car je n'est pas un version Officiel de Windows XP , elle est "Cracké" et j'ai déjà essayer d'installer les mise a jour et sa ma m'indiquais en bas a droite de mon écran que ma version n'étais pas légal Et non je n'est plus d'alerte Et sinon a ton avis comment ai-je pu chopper ce virus ?

Bon pour le rapport de Malware il me redit d'activer les MAJ automatiques ce que j'ignore alors mon PC est complétement désinfecté ?

Oh non je vient de ravoir une alerte de Avira me disant sa : Dans le fichier 'C:\Qoobox\Quarantine\C\DOCUME~1\ADMINI~1\LOCALS~1\path.bak.vir' un virus ou un programme indésirable 'TR/Delf.pgk' [trojan] a été détecté. Action exécutée : Déplacer le fichier en quarantaine

Non antivir ne s'est pas manifesté car le fichier existe plus ^^ Analyse en cours par Malware je t'écrit le rapport dés que je l'est

Suis-je maintenant en sécurité ? puis-je maintenant changer mes mdp ?

Tu m'a donne un coup de chaud avec le mot keylogger , je vais être obliger de tout changer (bizarre que le hackeur n'est aller sur aucun de mes comptes) Rapport : ComboFix 09-10-27.08 - Administrateur 28/10/2009 19:09.1.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2047.1446 [GMT 1:00] Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\ADMINI~1\LOCALS~1\path.bak . ((((((((((((((((((((((((((((( Fichiers créés du 2009-09-28 au 2009-10-28 )))))))))))))))))))))))))))))))))))) . 2009-10-28 17:40 . 2009-10-28 17:40 -------- d-----w- C:\_OTM 2009-10-28 15:59 . 2009-10-28 15:59 2395944 ----a-w- c:\windows\system32\pbsvc_heroes.exe 2009-10-28 14:11 . 2009-10-28 14:16 -------- d-----w- c:\program files\Navilog1 2009-10-28 11:16 . 2009-10-28 11:46 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Mumble 2009-10-28 11:16 . 2009-10-28 12:00 -------- d-----w- c:\program files\Mumble 2009-10-27 20:36 . 2009-10-27 21:09 -------- d-----w- c:\windows\BDOSCAN8 2009-10-27 15:05 . 2009-10-27 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-10-27 15:05 . 2009-10-27 15:07 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-10-27 14:56 . 2009-10-27 14:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software 2009-10-27 12:43 . 2009-10-27 12:43 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes 2009-10-27 12:43 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-27 12:43 . 2009-10-27 12:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-27 12:43 . 2009-10-27 12:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-27 12:43 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-27 11:05 . 2009-07-28 15:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-10-27 11:05 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-10-27 11:05 . 2009-02-13 11:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-10-27 11:05 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-10-27 11:05 . 2009-10-27 11:05 -------- d-----w- c:\program files\Avira 2009-10-27 11:05 . 2009-10-27 11:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-10-27 10:33 . 2009-10-27 10:33 -------- d-----w- c:\program files\Trend Micro 2009-10-23 22:02 . 2009-10-23 22:02 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Mostick 2009-10-22 04:45 . 2009-10-27 12:08 4276 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\fdfcvu.dat 2009-10-21 19:14 . 2009-10-21 19:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple 2009-10-18 08:14 . 2009-10-18 08:14 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles 2009-10-14 16:25 . 2007-12-24 15:37 138384 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2009-10-14 16:24 . 2009-10-15 17:53 -------- d-----w- c:\documents and settings\Administrateur\Application Data\HouseCall 6.6 2009-10-14 16:24 . 2009-10-14 16:24 -------- d-----w- c:\windows\Sun 2009-10-11 19:18 . 2009-10-11 19:18 -------- d-----w- c:\documents and settings\Administrateur\Application Data\OpenOffice.org 2009-10-11 19:16 . 2009-10-18 09:35 -------- d-----w- c:\program files\OpenOffice.org 3 2009-10-11 19:16 . 2009-10-11 19:16 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-04 09:46 . 2009-10-04 09:46 -------- d-----w- c:\program files\AGEIA Technologies 2009-10-04 09:46 . 2009-10-04 09:46 -------- d-----w- c:\windows\system32\AGEIA 2009-10-04 09:46 . 2009-10-04 09:46 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard 2009-10-04 09:46 . 2009-10-04 09:46 -------- d-----w- c:\program files\OpenAL 2009-10-04 09:46 . 2009-10-04 09:46 444952 ----a-w- c:\windows\system32\wrap_oal.dll 2009-10-04 09:46 . 2009-10-04 09:46 109080 ----a-w- c:\windows\system32\OpenAL32.dll 2009-10-03 17:57 . 2009-10-03 17:57 -------- d-----w- c:\program files\Microsoft 2009-10-03 11:41 . 2009-10-03 11:41 -------- d-----w- c:\program files\Fichiers communs\Apple 2009-10-03 11:41 . 2009-10-03 11:41 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Apple 2009-10-03 11:41 . 2009-10-03 11:41 -------- d-----w- c:\program files\Apple Software Update 2009-10-03 11:41 . 2009-10-03 11:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-09-30 14:25 . 2009-09-30 14:25 -------- d-----w- c:\program files\AutoClic . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-28 17:36 . 2009-04-14 23:48 -------- d-----w- c:\program files\Steam 2009-10-28 15:59 . 2009-03-28 12:26 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-10-28 15:59 . 2009-03-28 12:26 138056 ----a-w- c:\documents and settings\Administrateur\Application Data\PnkBstrK.sys 2009-10-28 15:59 . 2009-03-28 12:25 189248 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-10-28 15:59 . 2009-03-28 12:25 75064 ----a-w- c:\windows\system32\PnkBstrA.exe 2009-10-28 08:20 . 2009-04-21 20:08 -------- d-----w- c:\documents and settings\Administrateur\Application Data\teamspeak2 2009-10-27 20:05 . 2009-02-18 22:32 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Skype 2009-10-27 19:17 . 2009-02-18 22:34 -------- d-----w- c:\documents and settings\Administrateur\Application Data\skypePM 2009-10-27 15:00 . 2009-03-15 19:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-10-27 13:50 . 2009-02-18 19:19 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin 2009-10-27 13:40 . 2009-09-26 14:27 -------- d-----w- c:\documents and settings\Administrateur\Application Data\vlc 2009-10-27 13:24 . 2009-03-25 14:16 -------- d-----w- c:\program files\BitComet 2009-10-26 22:34 . 2002-09-07 00:00 48856 ----a-w- c:\windows\system32\perfc00C.dat 2009-10-26 22:34 . 2002-09-07 00:00 368076 ----a-w- c:\windows\system32\perfh00C.dat 2009-10-24 11:05 . 2009-03-06 15:00 -------- d-----w- c:\program files\Fichiers communs\Adobe 2009-10-23 16:31 . 2009-04-14 22:53 -------- d-----w- c:\program files\CCleaner 2009-10-18 14:47 . 2009-02-18 22:32 -------- d-----r- c:\program files\Skype 2009-10-11 19:25 . 2009-02-18 19:14 17088 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-08 16:35 . 2009-04-21 20:08 -------- d-----w- c:\program files\Teamspeak2_RC2 2009-10-07 13:53 . 2009-10-07 13:53 -------- d-----w- c:\documents and settings\Administrateur\Application Data\The Creative Assembly 2009-10-03 11:42 . 2009-02-25 15:08 -------- d-----w- c:\program files\QuickTime 2009-10-03 11:42 . 2009-02-25 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-09-19 15:44 . 2009-09-19 15:44 -------- d-----w- c:\documents and settings\Administrateur\Application Data\TortoiseSVN 2009-09-19 15:33 . 2009-09-19 15:33 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Subversion 2009-09-19 15:31 . 2009-09-19 15:31 -------- d-----w- c:\program files\TortoiseSVN 2009-09-19 15:31 . 2009-09-19 15:31 -------- d-----w- c:\program files\Fichiers communs\TortoiseOverlays 2009-09-01 21:53 . 2009-02-18 10:19 -------- d--h--w- c:\program files\InstallShield Installation Information . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 07:26 80384 ----a-w- c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 07:26 80384 ----a-w- c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 07:26 80384 ----a-w- c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 07:26 80384 ----a-w- c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 07:26 80384 ----a-w- c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 07:26 80384 ----a-w- c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 07:26 80384 ----a-w- c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 07:26 80384 ----a-w- c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 07:26 80384 ----a-w- c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-22 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-05-14 29831168] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016] "ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-09-13 380928] "CamserviceDP"="c:\program files\Hercules\Dualpix Infinite\Camservice.exe" [2009-01-14 95528] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\winmm.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "midi9"=c:\docume~1\ADMINI~1\LOCALS~1\path.bak 2yMCOONHED [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\VIA\\VIAudioi\\HDADeck\\HDeck.exe"= "c:\\Program Files\\Steam\\steamapps\\counter_bike\\counter-strike source\\hl2.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\Steam\\steamapps\\counter_bike\\day of defeat source\\hl2.exe"= "c:\\Program Files\\Hercules\\Dualpix Infinite\\Station2.exe"= "c:\\Program Files\\Steam\\steamapps\\counter_bike\\condition zero\\hl.exe"= "c:\\Program Files\\Steam\\steamapps\\counter_bike\\counter-strike\\hl.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"= "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"= "c:\\Program Files\\Steam\\steamapps\\counter_bike\\team fortress 2\\hl2.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "15968:TCP"= 15968:TCP:BitComet 15968 TCP "15968:UDP"= 15968:UDP:BitComet 15968 UDP R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [27/10/2009 12:05 108289] R3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [25/02/2009 16:05 98432] R3 guillflt;Guillemot Audio Lower Filter;c:\windows\system32\drivers\guillflt.sys [25/02/2009 16:05 54656] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [18/02/2009 11:19 238080] --- Autres Services/Pilotes en mémoire --- *Deregistered* - mbr . Contenu du dossier 'Tâches planifiées' 2009-10-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-682003330-1240492647-500Core.job - c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-22 22:25] 2009-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-682003330-1240492647-500UA.job - c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-22 22:25] . . ------- Examen supplémentaire ------- . uInternet Connection Wizard,ShellNext = iexplore IE: Tout télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: Télécharger toutes les vidéos avec BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\cogcjjze.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/firefox?client=firefox-a&rls=org.mozilla:fr-FR:official FF - component: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\cogcjjze.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll FF - component: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\cogcjjze.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll FF - plugin: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\cogcjjze.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll FF - plugin: c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npBitCometAgent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\nppdf32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-28 19:12 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????????? Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(3128) c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll c:\program files\TortoiseSVN\bin\TortoiseStub.dll c:\program files\TortoiseSVN\bin\TortoiseSVN.dll c:\program files\TortoiseSVN\bin\intl3_tsvn.dll c:\windows\system32\msi.dll . ------------------------ Autres processus actifs ------------------------ . c:\combofix\CF9988.exe c:\program files\TortoiseSVN\bin\TSVNCache.exe c:\windows\system32\RUNDLL32.EXE c:\program files\Avira\AntiVir Desktop\avguard.exe c:\windows\ATKKBService.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\PnkBstrB.exe c:\windows\system32\wscntfy.exe c:\combofix\PEV.cfxxe . ************************************************************************** . Heure de fin: 2009-10-28 19:16 - La machine a redémarré ComboFix-quarantined-files.txt 2009-10-28 18:16 Avant-CF: 439 142 711 296 octets libres Après-CF: 439 116 001 280 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect - - End Of File - - F9395E61D87462D6DAF8263AF85EECDA

J'ai mis : :Processes explorer.exe :Files C:\Documents and Settings\Administrateur\Local Settings\path.bak :Reg :Commands [purity] [emptytemp] [start explorer] [reboot] Dans la case jaune aprés j'ai mis move it sa a redémarré , mais y'a toujours le fichier

JE sais pas si c'est sa j'ai copier le code j'ai mis MOVE IT sa a redémarré et j'ai reçu sa : All processes killed ========== PROCESSES ========== Process explorer.exe killed successfully! ========== FILES ========== C:\Documents and Settings\Administrateur\Local Settings\path.bak moved successfully. ========== REGISTRY ========== ========== COMMANDS ========== [EMPTYTEMP] User: Administrateur ->Temp folder emptied: 1027252 bytes ->Temporary Internet Files folder emptied: 398044834 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 87150833 bytes ->Google Chrome cache emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Invité ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->FireFox cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33594 bytes User: NetworkService ->Temp folder emptied: 0 bytes File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 463,76 mb OTM by OldTimer - Version 3.0.0.6 log created on 10282009_184042 Files moved on Reboot... Registry entries deleted on Reboot...

:s sa me fait peur : Fichier path.bak reçu le 2009.10.28 17:31:13 (UTC) Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.41 2009.10.28 Trojan.Delf!IK AhnLab-V3 5.0.0.2 2009.10.28 Win-Trojan/Xema.18432.Z AntiVir 7.9.1.50 2009.10.28 TR/Delf.pgk Antiy-AVL 2.0.3.7 2009.10.27 - Authentium 5.1.2.4 2009.10.28 W32/Agent.DU.gen!Eldorado Avast 4.8.1351.0 2009.10.28 Win32:Trojan-gen AVG 8.5.0.423 2009.10.28 Downloader.Generic_c.AUP BitDefender 7.2 2009.10.28 Trojan.PWS.Kates.B CAT-QuickHeal 10.00 2009.10.28 Trojan.Delf.prt ClamAV 0.94.1 2009.10.28 - Comodo 2757 2009.10.28 TrojWare.Win32.Daonol.F0 DrWeb 5.0.0.12182 2009.10.28 Trojan.DownLoad.51315 eSafe 7.0.17.0 2009.10.28 - eTrust-Vet 35.1.7087 2009.10.28 Win32/Daonol.L F-Prot 4.5.1.85 2009.10.28 W32/Agent.DU.gen!Eldorado F-Secure 9.0.15370.0 2009.10.27 Trojan.PWS.Kates.B Fortinet 3.120.0.0 2009.10.28 - GData 19 2009.10.28 Trojan.PWS.Kates.B Ikarus T3.1.1.72.0 2009.10.28 Trojan.Delf Jiangmin 11.0.800 2009.10.26 Trojan/PSW.Kates.as K7AntiVirus 7.10.881 2009.10.27 - Kaspersky 7.0.0.125 2009.10.28 Trojan-PSW.Win32.Kates.j McAfee 5784 2009.10.27 Lando McAfee+Artemis 5784 2009.10.27 Lando McAfee-GW-Edition 6.8.5 2009.10.28 Heuristic.LooksLike.Trojan.Delf.H Microsoft 1.5202 2009.10.28 Trojan:Win32/Daonol.I NOD32 4552 2009.10.28 Win32/Daonol.G Norman 6.03.02 2009.10.27 - nProtect 2009.1.8.0 2009.10.28 Trojan/W32.Daonol.18432 Panda 10.0.2.2 2009.10.27 - PCTools 4.4.2.0 2009.10.19 - Prevx 3.0 2009.10.28 High Risk Cloaked Malware Rising 21.53.24.00 2009.10.28 Backdoor.Win32.Mnless.ddm Sophos 4.46.0 2009.10.28 Troj/Delf-FDQ Sunbelt 3.2.1858.2 2009.10.27 - Symantec 1.4.4.12 2009.10.28 Packed.Generic.263 TheHacker 6.5.0.2.055 2009.10.27 - TrendMicro 8.950.0.1094 2009.10.28 TSPY_DAONOL.SMA VBA32 3.12.10.11 2009.10.27 Trojan.Win32.Delf.ptf ViRobot 2009.10.28.2009 2009.10.28 Trojan.Win32.Delf.18432.AR VirusBuster 4.6.5.0 2009.10.28 Trojan.Daonol.Gen.2 Information additionnelle File size: 18432 bytes MD5...: faaf54937f86b39e1298b733dfad02a8 SHA1..: 3d6aa4c5d80650dcb340a19e2a7e6c029d9c9ce8 SHA256: 08922a9a8921bdb2d1e5094e690ddc3efc0958a3358f6b64dd29c83c67a8eb23 ssdeep: 384:UAFO6SlmNev1Jg5t29kJPelH3rPQclzUls6HaUSkihAS8jasv:UbHlqeDsJP<br>43r9Ym6HUAjas<br> PEiD..: - PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x47e4<br>timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)<br>machinetype.......: 0x14c (I386)<br><br>( 6 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>CODE 0x1000 0x3874 0x3a00 6.66 4b4ab7b026086f05a28282ceabd235cc<br>DATA 0x5000 0x7c 0x200 1.20 807ebfb763a04681b5b1bdd671a1de41<br>BSS 0x6000 0xe71 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.idata 0x7000 0x39e 0x400 4.09 bec06cb1e49a1d53bc99e1a3c6f8c9b5<br>.reloc 0x8000 0x194 0x200 5.15 ebdde4ab50350705c0c7eea9bebdeff6<br>.rsrc 0x9000 0x180 0x200 2.65 303e3dfcca680824896e7bdcb745274d<br><br>( 3 imports ) <br>> kernel32.dll: GetCurrentThreadId, ExitProcess, UnhandledExceptionFilter, RtlUnwind, RaiseException, TlsSetValue, TlsGetValue, TlsFree, TlsAlloc, LocalFree, LocalAlloc, FreeLibrary, GetProcessHeap<br>> advapi32.dll: SetSecurityDescriptorDacl, RegSetValueExA, RegQueryValueExA, RegOpenKeyExA, RegDeleteValueA, RegCloseKey, InitializeSecurityDescriptor<br>> kernel32.dll: ReadFile, MapViewOfFile, LockResource, LoadResource, HeapFree, HeapAlloc, GetTickCount, GetProcessHeap, GetModuleFileNameA, GetFileSize, GetFileAttributesA, GetComputerNameA, FindResourceA, ExitProcess, CreateThread, CreateFileMappingA, CreateFileA, CloseHandle<br><br>( 0 exports ) <br> RDS...: NSRL Reference Data Set<br>- pdfid.: - trid..: Win32 Executable Generic (58.3%)<br>Win16/32 Executable Delphi generic (14.1%)<br>Generic Win/DOS Executable (13.7%)<br>DOS Executable Generic (13.6%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=CFCEC87A0006FBD748DE00E692217800B8BECDCB''>http://info.prevx.com/aboutprogramtext.asp?PX5=CFCEC87A0006FBD748DE00E692217800B8BECDCB' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=CFCEC87A0006FBD748DE00E692217800B8BECDCB</a>'>http://info.prevx.com/aboutprogramtext.asp?PX5=CFCEC87A0006FBD748DE00E692217800B8BECDCB</a> sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: _______________w<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br> Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.41 2009.10.28 Trojan.Delf!IK AhnLab-V3 5.0.0.2 2009.10.28 Win-Trojan/Xema.18432.Z AntiVir 7.9.1.50 2009.10.28 TR/Delf.pgk Antiy-AVL 2.0.3.7 2009.10.27 - Authentium 5.1.2.4 2009.10.28 W32/Agent.DU.gen!Eldorado Avast 4.8.1351.0 2009.10.28 Win32:Trojan-gen AVG 8.5.0.423 2009.10.28 Downloader.Generic_c.AUP BitDefender 7.2 2009.10.28 Trojan.PWS.Kates.B CAT-QuickHeal 10.00 2009.10.28 Trojan.Delf.prt ClamAV 0.94.1 2009.10.28 - Comodo 2757 2009.10.28 TrojWare.Win32.Daonol.F0 DrWeb 5.0.0.12182 2009.10.28 Trojan.DownLoad.51315 eSafe 7.0.17.0 2009.10.28 - eTrust-Vet 35.1.7087 2009.10.28 Win32/Daonol.L F-Prot 4.5.1.85 2009.10.28 W32/Agent.DU.gen!Eldorado F-Secure 9.0.15370.0 2009.10.27 Trojan.PWS.Kates.B Fortinet 3.120.0.0 2009.10.28 - GData 19 2009.10.28 Trojan.PWS.Kates.B Ikarus T3.1.1.72.0 2009.10.28 Trojan.Delf Jiangmin 11.0.800 2009.10.26 Trojan/PSW.Kates.as K7AntiVirus 7.10.881 2009.10.27 - Kaspersky 7.0.0.125 2009.10.28 Trojan-PSW.Win32.Kates.j McAfee 5784 2009.10.27 Lando McAfee+Artemis 5784 2009.10.27 Lando McAfee-GW-Edition 6.8.5 2009.10.28 Heuristic.LooksLike.Trojan.Delf.H Microsoft 1.5202 2009.10.28 Trojan:Win32/Daonol.I NOD32 4552 2009.10.28 Win32/Daonol.G Norman 6.03.02 2009.10.27 - nProtect 2009.1.8.0 2009.10.28 Trojan/W32.Daonol.18432 Panda 10.0.2.2 2009.10.27 - PCTools 4.4.2.0 2009.10.19 - Prevx 3.0 2009.10.28 High Risk Cloaked Malware Rising 21.53.24.00 2009.10.28 Backdoor.Win32.Mnless.ddm Sophos 4.46.0 2009.10.28 Troj/Delf-FDQ Sunbelt 3.2.1858.2 2009.10.27 - Symantec 1.4.4.12 2009.10.28 Packed.Generic.263 TheHacker 6.5.0.2.055 2009.10.27 - TrendMicro 8.950.0.1094 2009.10.28 TSPY_DAONOL.SMA VBA32 3.12.10.11 2009.10.27 Trojan.Win32.Delf.ptf ViRobot 2009.10.28.2009 2009.10.28 Trojan.Win32.Delf.18432.AR VirusBuster 4.6.5.0 2009.10.28 Trojan.Daonol.Gen.2 Information additionnelle File size: 18432 bytes MD5...: faaf54937f86b39e1298b733dfad02a8 SHA1..: 3d6aa4c5d80650dcb340a19e2a7e6c029d9c9ce8 SHA256: 08922a9a8921bdb2d1e5094e690ddc3efc0958a3358f6b64dd29c83c67a8eb23 ssdeep: 384:UAFO6SlmNev1Jg5t29kJPelH3rPQclzUls6HaUSkihAS8jasv:UbHlqeDsJP<br>43r9Ym6HUAjas<br> PEiD..: - PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x47e4<br>timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)<br>machinetype.......: 0x14c (I386)<br><br>( 6 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>CODE 0x1000 0x3874 0x3a00 6.66 4b4ab7b026086f05a28282ceabd235cc<br>DATA 0x5000 0x7c 0x200 1.20 807ebfb763a04681b5b1bdd671a1de41<br>BSS 0x6000 0xe71 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.idata 0x7000 0x39e 0x400 4.09 bec06cb1e49a1d53bc99e1a3c6f8c9b5<br>.reloc 0x8000 0x194 0x200 5.15 ebdde4ab50350705c0c7eea9bebdeff6<br>.rsrc 0x9000 0x180 0x200 2.65 303e3dfcca680824896e7bdcb745274d<br><br>( 3 imports ) <br>> kernel32.dll: GetCurrentThreadId, ExitProcess, UnhandledExceptionFilter, RtlUnwind, RaiseException, TlsSetValue, TlsGetValue, TlsFree, TlsAlloc, LocalFree, LocalAlloc, FreeLibrary, GetProcessHeap<br>> advapi32.dll: SetSecurityDescriptorDacl, RegSetValueExA, RegQueryValueExA, RegOpenKeyExA, RegDeleteValueA, RegCloseKey, InitializeSecurityDescriptor<br>> kernel32.dll: ReadFile, MapViewOfFile, LockResource, LoadResource, HeapFree, HeapAlloc, GetTickCount, GetProcessHeap, GetModuleFileNameA, GetFileSize, GetFileAttributesA, GetComputerNameA, FindResourceA, ExitProcess, CreateThread, CreateFileMappingA, CreateFileA, CloseHandle<br><br>( 0 exports ) <br> RDS...: NSRL Reference Data Set<br>- pdfid.: - trid..: Win32 Executable Generic (58.3%)<br>Win16/32 Executable Delphi generic (14.1%)<br>Generic Win/DOS Executable (13.7%)<br>DOS Executable Generic (13.6%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=CFCEC87A0006FBD748DE00E692217800B8BECDCB' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=CFCEC87A0006FBD748DE00E692217800B8BECDCB</a> sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: _______________w<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:16:56, on 28/10/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\ATKKBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Steam\Steam.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing) O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe O4 - HKLM\..\Run: [CamserviceDP] C:\Program Files\Hercules\Dualpix Infinite\Camservice.exe /startup O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: winmm.dll O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 5621 bytes Voila

Alors oui y'a encore les messages d'alertes qui me disent que le virus se trouve ici :C:\Documents and Settings\Administrateur\Local Settings\path.bak et quand je regarde il y est , mais en faite c'est quoi ce fichier ?

oui j'ai eu un message d'alerte au redémarrage mais jai mis mettre en quarantaine et j'ai cocher la case "mémoriser l'action" donc plus rien mais je vais redémarré pour essayer