TR/Crypt.ZPACK.Gen...svchosts et autres !

Merci à toi sKe69
Depuis ce matin je suis avec CCleaner .
Le nettoyage c'est bien effectué sauf pour 1 fichier (visiblement toujours le même N° d'extension); voici le message affiché par CCleaner:

L'extension de fichier {80b8c23c-16e0-4cd8-bbc3-cecec9a78b79} fait référence à un programme inexistant. Ce genre de référence est souvent laissé après la désinstallation d'un programme. 

 Solution : effacer la valeur du registre.

Je continue donc, cette seule ligne à la fois systématiquement....
Qu'en penses tu,
D'avance merci à toi...ou à quiconque me répondra ;-)

hello,

continue la manipe .... ( j'ai la même ligne qui revient chez moi ... un bug de CCleaner ^^ )

Re
Ok je continue donc......elle finit donc par s'effacer?

Re
Voici le rapport de OTM (je n'ai pu le charger sur www.cijoint.fr, on ne peut y charger des fichiers de ce type; donc:

All processes killed
========== FILES ==========
C:\WINDOWS\Tasks\At1.job moved successfully.
C:\WINDOWS\Tasks\At10.job moved successfully.
C:\WINDOWS\Tasks\At100.job moved successfully.
C:\WINDOWS\Tasks\At101.job moved successfully.
C:\WINDOWS\Tasks\At102.job moved successfully.
C:\WINDOWS\Tasks\At103.job moved successfully.
C:\WINDOWS\Tasks\At104.job moved successfully.
C:\WINDOWS\Tasks\At105.job moved successfully.
C:\WINDOWS\Tasks\At106.job moved successfully.
C:\WINDOWS\Tasks\At107.job moved successfully.
C:\WINDOWS\Tasks\At108.job moved successfully.
C:\WINDOWS\Tasks\At109.job moved successfully.
C:\WINDOWS\Tasks\At11.job moved successfully.
C:\WINDOWS\Tasks\At110.job moved successfully.
C:\WINDOWS\Tasks\At111.job moved successfully.
C:\WINDOWS\Tasks\At112.job moved successfully.
C:\WINDOWS\Tasks\At113.job moved successfully.
C:\WINDOWS\Tasks\At114.job moved successfully.
C:\WINDOWS\Tasks\At115.job moved successfully.
C:\WINDOWS\Tasks\At116.job moved successfully.
C:\WINDOWS\Tasks\At117.job moved successfully.
C:\WINDOWS\Tasks\At118.job moved successfully.
C:\WINDOWS\Tasks\At119.job moved successfully.
C:\WINDOWS\Tasks\At12.job moved successfully.
C:\WINDOWS\Tasks\At120.job moved successfully.
C:\WINDOWS\Tasks\At121.job moved successfully.
C:\WINDOWS\Tasks\At122.job moved successfully.
C:\WINDOWS\Tasks\At123.job moved successfully.
C:\WINDOWS\Tasks\At124.job moved successfully.
C:\WINDOWS\Tasks\At125.job moved successfully.
C:\WINDOWS\Tasks\At126.job moved successfully.
C:\WINDOWS\Tasks\At127.job moved successfully.
C:\WINDOWS\Tasks\At128.job moved successfully.
C:\WINDOWS\Tasks\At129.job moved successfully.
C:\WINDOWS\Tasks\At13.job moved successfully.
C:\WINDOWS\Tasks\At130.job moved successfully.
C:\WINDOWS\Tasks\At131.job moved successfully.
C:\WINDOWS\Tasks\At132.job moved successfully.
C:\WINDOWS\Tasks\At133.job moved successfully.
C:\WINDOWS\Tasks\At134.job moved successfully.
C:\WINDOWS\Tasks\At135.job moved successfully.
C:\WINDOWS\Tasks\At136.job moved successfully.
C:\WINDOWS\Tasks\At137.job moved successfully.
C:\WINDOWS\Tasks\At138.job moved successfully.
C:\WINDOWS\Tasks\At139.job moved successfully.
C:\WINDOWS\Tasks\At14.job moved successfully.
C:\WINDOWS\Tasks\At140.job moved successfully.
C:\WINDOWS\Tasks\At141.job moved successfully.
C:\WINDOWS\Tasks\At142.job moved successfully.
C:\WINDOWS\Tasks\At143.job moved successfully.
C:\WINDOWS\Tasks\At144.job moved successfully.
C:\WINDOWS\Tasks\At145.job moved successfully.
C:\WINDOWS\Tasks\At146.job moved successfully.
C:\WINDOWS\Tasks\At147.job moved successfully.
C:\WINDOWS\Tasks\At148.job moved successfully.
C:\WINDOWS\Tasks\At149.job moved successfully.
C:\WINDOWS\Tasks\At15.job moved successfully.
C:\WINDOWS\Tasks\At150.job moved successfully.
C:\WINDOWS\Tasks\At151.job moved successfully.
C:\WINDOWS\Tasks\At152.job moved successfully.
C:\WINDOWS\Tasks\At153.job moved successfully.
C:\WINDOWS\Tasks\At154.job moved successfully.
C:\WINDOWS\Tasks\At155.job moved successfully.
C:\WINDOWS\Tasks\At156.job moved successfully.
C:\WINDOWS\Tasks\At157.job moved successfully.
C:\WINDOWS\Tasks\At158.job moved successfully.
C:\WINDOWS\Tasks\At159.job moved successfully.
C:\WINDOWS\Tasks\At16.job moved successfully.
C:\WINDOWS\Tasks\At160.job moved successfully.
C:\WINDOWS\Tasks\At161.job moved successfully.
C:\WINDOWS\Tasks\At162.job moved successfully.
C:\WINDOWS\Tasks\At163.job moved successfully.
C:\WINDOWS\Tasks\At164.job moved successfully.
C:\WINDOWS\Tasks\At165.job moved successfully.
C:\WINDOWS\Tasks\At166.job moved successfully.
C:\WINDOWS\Tasks\At167.job moved successfully.
C:\WINDOWS\Tasks\At168.job moved successfully.
C:\WINDOWS\Tasks\At169.job moved successfully.
C:\WINDOWS\Tasks\At17.job moved successfully.
C:\WINDOWS\Tasks\At170.job moved successfully.
C:\WINDOWS\Tasks\At171.job moved successfully.
C:\WINDOWS\Tasks\At172.job moved successfully.
C:\WINDOWS\Tasks\At173.job moved successfully.
C:\WINDOWS\Tasks\At174.job moved successfully.
C:\WINDOWS\Tasks\At175.job moved successfully.
C:\WINDOWS\Tasks\At176.job moved successfully.
C:\WINDOWS\Tasks\At177.job moved successfully.
C:\WINDOWS\Tasks\At178.job moved successfully.
C:\WINDOWS\Tasks\At179.job moved successfully.
C:\WINDOWS\Tasks\At18.job moved successfully.
C:\WINDOWS\Tasks\At180.job moved successfully.
C:\WINDOWS\Tasks\At181.job moved successfully.
C:\WINDOWS\Tasks\At182.job moved successfully.
C:\WINDOWS\Tasks\At183.job moved successfully.
C:\WINDOWS\Tasks\At184.job moved successfully.
C:\WINDOWS\Tasks\At185.job moved successfully.
C:\WINDOWS\Tasks\At186.job moved successfully.
C:\WINDOWS\Tasks\At187.job moved successfully.
C:\WINDOWS\Tasks\At188.job moved successfully.
C:\WINDOWS\Tasks\At189.job moved successfully.
C:\WINDOWS\Tasks\At19.job moved successfully.
C:\WINDOWS\Tasks\At190.job moved successfully.
C:\WINDOWS\Tasks\At191.job moved successfully.
C:\WINDOWS\Tasks\At192.job moved successfully.
C:\WINDOWS\Tasks\At193.job moved successfully.
C:\WINDOWS\Tasks\At194.job moved successfully.
C:\WINDOWS\Tasks\At195.job moved successfully.
C:\WINDOWS\Tasks\At196.job moved successfully.
C:\WINDOWS\Tasks\At197.job moved successfully.
C:\WINDOWS\Tasks\At198.job moved successfully.
C:\WINDOWS\Tasks\At199.job moved successfully.
C:\WINDOWS\Tasks\At2.job moved successfully.
C:\WINDOWS\Tasks\At20.job moved successfully.
C:\WINDOWS\Tasks\At200.job moved successfully.
C:\WINDOWS\Tasks\At201.job moved successfully.
C:\WINDOWS\Tasks\At202.job moved successfully.
C:\WINDOWS\Tasks\At203.job moved successfully.
C:\WINDOWS\Tasks\At204.job moved successfully.
C:\WINDOWS\Tasks\At205.job moved successfully.
C:\WINDOWS\Tasks\At206.job moved successfully.
C:\WINDOWS\Tasks\At207.job moved successfully.
C:\WINDOWS\Tasks\At208.job moved successfully.
C:\WINDOWS\Tasks\At209.job moved successfully.
C:\WINDOWS\Tasks\At21.job moved successfully.
C:\WINDOWS\Tasks\At210.job moved successfully.
C:\WINDOWS\Tasks\At211.job moved successfully.
C:\WINDOWS\Tasks\At212.job moved successfully.
C:\WINDOWS\Tasks\At213.job moved successfully.
C:\WINDOWS\Tasks\At214.job moved successfully.
C:\WINDOWS\Tasks\At215.job moved successfully.
C:\WINDOWS\Tasks\At216.job moved successfully.
C:\WINDOWS\Tasks\At217.job moved successfully.
C:\WINDOWS\Tasks\At218.job moved successfully.
C:\WINDOWS\Tasks\At219.job moved successfully.
C:\WINDOWS\Tasks\At22.job moved successfully.
C:\WINDOWS\Tasks\At220.job moved successfully.
C:\WINDOWS\Tasks\At221.job moved successfully.
C:\WINDOWS\Tasks\At222.job moved successfully.
C:\WINDOWS\Tasks\At223.job moved successfully.
C:\WINDOWS\Tasks\At224.job moved successfully.
C:\WINDOWS\Tasks\At225.job moved successfully.
C:\WINDOWS\Tasks\At226.job moved successfully.
C:\WINDOWS\Tasks\At227.job moved successfully.
C:\WINDOWS\Tasks\At228.job moved successfully.
C:\WINDOWS\Tasks\At229.job moved successfully.
C:\WINDOWS\Tasks\At23.job moved successfully.
C:\WINDOWS\Tasks\At230.job moved successfully.
C:\WINDOWS\Tasks\At231.job moved successfully.
C:\WINDOWS\Tasks\At232.job moved successfully.
C:\WINDOWS\Tasks\At233.job moved successfully.
C:\WINDOWS\Tasks\At234.job moved successfully.
C:\WINDOWS\Tasks\At235.job moved successfully.
C:\WINDOWS\Tasks\At236.job moved successfully.
C:\WINDOWS\Tasks\At237.job moved successfully.
C:\WINDOWS\Tasks\At238.job moved successfully.
C:\WINDOWS\Tasks\At239.job moved successfully.
C:\WINDOWS\Tasks\At24.job moved successfully.
C:\WINDOWS\Tasks\At240.job moved successfully.
C:\WINDOWS\Tasks\At241.job moved successfully.
C:\WINDOWS\Tasks\At242.job moved successfully.
C:\WINDOWS\Tasks\At243.job moved successfully.
C:\WINDOWS\Tasks\At244.job moved successfully.
C:\WINDOWS\Tasks\At245.job moved successfully.
C:\WINDOWS\Tasks\At246.job moved successfully.
C:\WINDOWS\Tasks\At247.job moved successfully.
C:\WINDOWS\Tasks\At248.job moved successfully.
C:\WINDOWS\Tasks\At249.job moved successfully.
C:\WINDOWS\Tasks\At25.job moved successfully.
C:\WINDOWS\Tasks\At250.job moved successfully.
C:\WINDOWS\Tasks\At251.job moved successfully.
C:\WINDOWS\Tasks\At252.job moved successfully.
C:\WINDOWS\Tasks\At253.job moved successfully.
C:\WINDOWS\Tasks\At254.job moved successfully.
C:\WINDOWS\Tasks\At255.job moved successfully.
C:\WINDOWS\Tasks\At256.job moved successfully.
C:\WINDOWS\Tasks\At257.job moved successfully.
C:\WINDOWS\Tasks\At258.job moved successfully.
C:\WINDOWS\Tasks\At259.job moved successfully.
C:\WINDOWS\Tasks\At26.job moved successfully.
C:\WINDOWS\Tasks\At260.job moved successfully.
C:\WINDOWS\Tasks\At261.job moved successfully.
C:\WINDOWS\Tasks\At262.job moved successfully.
C:\WINDOWS\Tasks\At263.job moved successfully.
C:\WINDOWS\Tasks\At264.job moved successfully.
C:\WINDOWS\Tasks\At265.job moved successfully.
C:\WINDOWS\Tasks\At266.job moved successfully.
C:\WINDOWS\Tasks\At267.job moved successfully.
C:\WINDOWS\Tasks\At268.job moved successfully.
C:\WINDOWS\Tasks\At269.job moved successfully.
C:\WINDOWS\Tasks\At27.job moved successfully.
C:\WINDOWS\Tasks\At270.job moved successfully.
C:\WINDOWS\Tasks\At271.job moved successfully.
C:\WINDOWS\Tasks\At272.job moved successfully.
C:\WINDOWS\Tasks\At273.job moved successfully.
C:\WINDOWS\Tasks\At274.job moved successfully.
C:\WINDOWS\Tasks\At275.job moved successfully.
C:\WINDOWS\Tasks\At276.job moved successfully.
C:\WINDOWS\Tasks\At277.job moved successfully.
C:\WINDOWS\Tasks\At278.job moved successfully.
C:\WINDOWS\Tasks\At279.job moved successfully.
C:\WINDOWS\Tasks\At28.job moved successfully.
C:\WINDOWS\Tasks\At280.job moved successfully.
C:\WINDOWS\Tasks\At281.job moved successfully.
C:\WINDOWS\Tasks\At282.job moved successfully.
C:\WINDOWS\Tasks\At283.job moved successfully.
C:\WINDOWS\Tasks\At284.job moved successfully.
C:\WINDOWS\Tasks\At285.job moved successfully.
C:\WINDOWS\Tasks\At286.job moved successfully.
C:\WINDOWS\Tasks\At287.job moved successfully.
C:\WINDOWS\Tasks\At288.job moved successfully.
C:\WINDOWS\Tasks\At289.job moved successfully.
C:\WINDOWS\Tasks\At29.job moved successfully.
C:\WINDOWS\Tasks\At290.job moved successfully.
C:\WINDOWS\Tasks\At291.job moved successfully.
C:\WINDOWS\Tasks\At292.job moved successfully.
C:\WINDOWS\Tasks\At293.job moved successfully.
C:\WINDOWS\Tasks\At294.job moved successfully.
C:\WINDOWS\Tasks\At295.job moved successfully.
C:\WINDOWS\Tasks\At296.job moved successfully.
C:\WINDOWS\Tasks\At297.job moved successfully.
C:\WINDOWS\Tasks\At298.job moved successfully.
C:\WINDOWS\Tasks\At299.job moved successfully.
C:\WINDOWS\Tasks\At3.job moved successfully.
C:\WINDOWS\Tasks\At30.job moved successfully.
C:\WINDOWS\Tasks\At300.job moved successfully.
C:\WINDOWS\Tasks\At301.job moved successfully.
C:\WINDOWS\Tasks\At302.job moved successfully.
C:\WINDOWS\Tasks\At303.job moved successfully.
C:\WINDOWS\Tasks\At304.job moved successfully.
C:\WINDOWS\Tasks\At305.job moved successfully.
C:\WINDOWS\Tasks\At306.job moved successfully.
C:\WINDOWS\Tasks\At307.job moved successfully.
C:\WINDOWS\Tasks\At308.job moved successfully.
C:\WINDOWS\Tasks\At309.job moved successfully.
C:\WINDOWS\Tasks\At31.job moved successfully.
C:\WINDOWS\Tasks\At310.job moved successfully.
C:\WINDOWS\Tasks\At311.job moved successfully.
C:\WINDOWS\Tasks\At312.job moved successfully.
C:\WINDOWS\Tasks\At32.job moved successfully.
C:\WINDOWS\Tasks\At33.job moved successfully.
C:\WINDOWS\Tasks\At34.job moved successfully.
C:\WINDOWS\Tasks\At35.job moved successfully.
C:\WINDOWS\Tasks\At36.job moved successfully.
C:\WINDOWS\Tasks\At37.job moved successfully.
C:\WINDOWS\Tasks\At38.job moved successfully.
C:\WINDOWS\Tasks\At39.job moved successfully.
C:\WINDOWS\Tasks\At4.job moved successfully.
C:\WINDOWS\Tasks\At40.job moved successfully.
C:\WINDOWS\Tasks\At41.job moved successfully.
C:\WINDOWS\Tasks\At42.job moved successfully.
C:\WINDOWS\Tasks\At43.job moved successfully.
C:\WINDOWS\Tasks\At44.job moved successfully.
C:\WINDOWS\Tasks\At45.job moved successfully.
C:\WINDOWS\Tasks\At46.job moved successfully.
C:\WINDOWS\Tasks\At47.job moved successfully.
C:\WINDOWS\Tasks\At48.job moved successfully.
C:\WINDOWS\Tasks\At49.job moved successfully.
C:\WINDOWS\Tasks\At5.job moved successfully.
C:\WINDOWS\Tasks\At50.job moved successfully.
C:\WINDOWS\Tasks\At51.job moved successfully.
C:\WINDOWS\Tasks\At52.job moved successfully.
C:\WINDOWS\Tasks\At53.job moved successfully.
C:\WINDOWS\Tasks\At54.job moved successfully.
C:\WINDOWS\Tasks\At55.job moved successfully.
C:\WINDOWS\Tasks\At56.job moved successfully.
C:\WINDOWS\Tasks\At57.job moved successfully.
C:\WINDOWS\Tasks\At58.job moved successfully.
C:\WINDOWS\Tasks\At59.job moved successfully.
C:\WINDOWS\Tasks\At6.job moved successfully.
C:\WINDOWS\Tasks\At60.job moved successfully.
C:\WINDOWS\Tasks\At61.job moved successfully.
C:\WINDOWS\Tasks\At62.job moved successfully.
C:\WINDOWS\Tasks\At63.job moved successfully.
C:\WINDOWS\Tasks\At64.job moved successfully.
C:\WINDOWS\Tasks\At65.job moved successfully.
C:\WINDOWS\Tasks\At66.job moved successfully.
C:\WINDOWS\Tasks\At67.job moved successfully.
C:\WINDOWS\Tasks\At68.job moved successfully.
C:\WINDOWS\Tasks\At69.job moved successfully.
C:\WINDOWS\Tasks\At7.job moved successfully.
C:\WINDOWS\Tasks\At70.job moved successfully.
C:\WINDOWS\Tasks\At71.job moved successfully.
C:\WINDOWS\Tasks\At72.job moved successfully.
C:\WINDOWS\Tasks\At73.job moved successfully.
C:\WINDOWS\Tasks\At74.job moved successfully.
C:\WINDOWS\Tasks\At75.job moved successfully.
C:\WINDOWS\Tasks\At76.job moved successfully.
C:\WINDOWS\Tasks\At77.job moved successfully.
C:\WINDOWS\Tasks\At78.job moved successfully.
C:\WINDOWS\Tasks\At79.job moved successfully.
C:\WINDOWS\Tasks\At8.job moved successfully.
C:\WINDOWS\Tasks\At80.job moved successfully.
C:\WINDOWS\Tasks\At81.job moved successfully.
C:\WINDOWS\Tasks\At82.job moved successfully.
C:\WINDOWS\Tasks\At83.job moved successfully.
C:\WINDOWS\Tasks\At84.job moved successfully.
C:\WINDOWS\Tasks\At85.job moved successfully.
C:\WINDOWS\Tasks\At86.job moved successfully.
C:\WINDOWS\Tasks\At87.job moved successfully.
C:\WINDOWS\Tasks\At88.job moved successfully.
C:\WINDOWS\Tasks\At89.job moved successfully.
C:\WINDOWS\Tasks\At9.job moved successfully.
C:\WINDOWS\Tasks\At90.job moved successfully.
C:\WINDOWS\Tasks\At91.job moved successfully.
C:\WINDOWS\Tasks\At92.job moved successfully.
C:\WINDOWS\Tasks\At93.job moved successfully.
C:\WINDOWS\Tasks\At94.job moved successfully.
C:\WINDOWS\Tasks\At95.job moved successfully.
C:\WINDOWS\Tasks\At96.job moved successfully.
C:\WINDOWS\Tasks\At97.job moved successfully.
C:\WINDOWS\Tasks\At98.job moved successfully.
C:\WINDOWS\Tasks\At99.job moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: LocalService
->Temp folder emptied: 115616 bytes
->Temporary Internet Files folder emptied: 5604127 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 9301323 bytes
->Flash cache emptied: 902 bytes
 
User: user
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 42093580 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 40868905 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 546 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2351795 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 163840 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 96,00 mb
 
 
OTM by OldTimer - Version 3.1.11.0 log created on 04262010_144025

Files moved on Reboot...

Registry entries deleted on Reboot...

je me prépare à utiliser Malwarebytes
A plus tard

Voici le rapport de MBAM avant le redémarrage:
http://www.cijoint.fr/cjlink.php?file=cj201004/cijhbFkOo6.txt
et voici celui après le redémarrage :
http://www.cijoint.fr/cjlink.php?file=cj201004/cijFmXbESn.txt
(l'heure de ce dernier est....bizarre!...mais plein de bonnes nouvelles, non?)
Je reviens avec le rapport de ZHP
A plus et encore merci

Bonsoir
Gmer tournait depuis plus de 2 heures quand mon PC s'est relancé .... tout seul comme un grand?
Je relance gmer cette nuit et posterai le résultat demain matin
Encore merci
Cordialement

hello,

il faudrais enlever la mise en vieille du PC pour GMER puisse finir correctement son scan ...

A demain avec le résultat ...

Bonjour
Alors :
- Impossible de finaliser correctement avec GMER; à chaque fois que le scan a été terminé et que j'ai cliqué sur "copy", plus possible d'avoir la main sur quoi que ce soit, voire (dernière tentative il y a 1/2h) écran figé, avertissement win: " pas asses de ressources ", obligé de rebooter; résultat, CHKDSK vérifie les fichiers et index, message du type suppression, puis récupération fichier orphelin resume-dat.old et RESUME~1.OLD $ISO fichier 124602..
arghhhhhh, que ce passe-t-il ????
Au total j'aurai tenté 3 fois le scan avec GMER; les 2 dernières fois (visiblement il est allé jusqu'au bout) impossible de récupérer l'analyse et obligé de rebooter; durée du dernier scan plus de 4h....
Que puis je faire de plus?
Ma config au besoin:
Processeur : Intel Pentium Dual-Core E5200 @ 2500 MHz
Mémoire physique : 2048 Mo (1 x 2048 DDR2-SDRAM )
Chipset : Intel G31/G33/G35
Carte Mère : MICRO-STAR INTERNATIONAL CO.,LTD MS-7528
Système d'Exploitation : Microsoft Windows XP Professionnel 5.01.2600 Service Pack 3

J'attends ton avis, tes conseils...
Encore merci
Cordialement

Re
Merci pour ton aide
Voici le lien pour récupérer le rapport:
http://www.cijoint.fr/cjlink.php?file=cj201004/cijMxMCdlO.txt
Ce qui s'est passé pendant le scan Combofix =
Je me suis bien déconnecté avant de répondre Oui pour lancer le scan
Tout s'est bien déroulé jusqu'à la relance du PC;
au redémarrage, après la 4eme étape (de mémoire) 2 alertes de Avira... (mises en quarantaine), puis bon déroulement (j'espère...) jusqu'à la 50eme étape
Effectivement le bureau avait disparu (mais pas mon fond d'écran), puis après la remise en route par Combofix, tout est bien là avec quand même des petites surprise:
J'ai une nouvelle icône pour IE8 sur mon bureau alors que j'avais déjà cela...??? IE est d'ailleurs non pas mon nav par défaut (j'ai plusieurs navigateurs installés pour tester mes créations de sites) c'est FF qui l'est, or au redémarrage de FF j'avais un avertissement de FF me disant qu'il n'était pas mon nav par défaut...paramètre perdu...???
Autre "nouveauté", Avira ne se lance plus automatiquement et ne s'affiche plus dans ma barre des tâches....????
A te lire
Cordialement

Hé bhéééé....Voici le rapport:
http://www.cijoint.fr/cjlink.php?file=cj201004/cijwDLKFUY.txt

La manip s'est bien passé, MAIS, lors du redémarrage Avira s'est relacé tout seul (logique), je ne sais donc si cela a altéré ou non le résultat; j'étais bien déconnecté sinon.
Pour IE, tu a raison, ComboFix vient de me créer un nouveau raccourci
A te lire

Edit 13h26
Dois je vider a "quarantaine" d'Avira?

Pour le résultat ZHPDiag c'est:
http://www.cijoint.fr/cjlink.php?file=cj201004/cijznPkwRY.txt
Le lien dans la réponse d'Avira:
https://www.avira.com/
Le PC va beaucoup mieux; plus de redirection intempestive (même si j'ai eu une tentative ce matin, mais plus depuis que tu m'a fait faire les dernières manipes. Plus d'ouverture de IE sans que je le lui demande (de toute façon, comme déjà dit, je n'utilise jamais ce navigateur sauf pour tester mes sites en ligne). Plus de ralentissements du PC, plus d'alertes d'Avira (les 2 dernières pendant le scan de ComboFix comme déjà annoncé)....comme ça, je dirais que je dois être pas trop loin de la solution.....grâce, Ô combien, à toi !

Voilà le rapport:
http://www.cijoint.fr/cjlink.php?file=cj201004/cijLdfskxM.txt
ZHPFix ne m'a pas demandé de redémarrer le PC...peut être vaut-il mieux que je le fasse??????
J'attends ton avis, ton analyse

Cdt

Re
Voici déjà le rapport de ZHPFix:
http://www.cijoint.fr/cjlink.php?file=cj201004/cij7bmR960.txt
CCleaner c'est fait je continue
A plus

Bonjour
Désolé j'ai du m'interrompre hier, voici le rapport d'avira
http://www.cijoint.fr/cjlink.php?file=cj201004/cijzHLQdwf.txt
J'attends ton avis
Bonne journée

Bonjour
Voici le rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:08:03, on 28/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7202 bytes

A te lire

Le PC a l'air de bien fonctionner, un peu lent parfois à ouvrir certaines applis mais ça, c'est "normal", je lui demande beaucoup et j'ai peu de RAM que je dois bientôt doubler; la navigation impeccable, seul soucis mais déjà constaté là aussi depuis quelques semaines (mois?): FF se lance très très très lentement (alors que Chrome, Safari, Opera, IE8 et IE7standalone se lancent très bien....)
Voici un dernier rapport de Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:36, on 28/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6652 bytes

Voilà...j'attends ton verdict...

Voici le rapport de ToolsCleaner:
http://www.cijoint.fr/cjlink.php?file=cj201004/cijDlja4B8.txt
Je continue....merci encore et à plus tard
Cordialement

re,


tu supprimeras Combofix qui est sur ton bureau si il est encore présent ainsi :

Clique sur " Démarrer " -> " Executer "( ou combine la touche Windows + R ) -> copie/colle cette ligne :

ComboFix /uninstall

( laisse l'espace entre "Combofix" et "/uninstall" )

-> Valide .

l'outil se relancera et se supprimera de lui-même ....




Dis moi une fois le chek-up terminé ....

Re
Tout est fait, aucune erreur, et le PC tourne comme une horloge; aucune alerte....Magique !
Je ne saurais jamais asses te dire merci pour tout...
Cordialement
P.S: si il y a encore quelque chose à faire je suis à l'écoute

Merci à toi pour tout ça (j'avoue que FF est déjà mon navigateur favori avec Opera)
Encore un très grand merci à toi et à toutes celes et ceux qui, comme toi ici, aident comme vous le faites
Je mets le sujet en "résolu"
Je reste ton débiteur
Tchô