Slt,


Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".


O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [ghjzaq] c:\windows\system32\ghjzaq.exe ghjzaq
O4 - HKLM\..\Run: [Flash Player2] C:\DOCUME~1\sandrine\LOCALS~1\Temp\services.exe
O4 - HKCU\..\Run: [FreeCall] "C:\program files\freecall.com\freecall\freecall.exe" -nosplash -minimized

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

_______________



télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :


C:\DOCUME~1\sandrine\LOCALS~1\Temp\services.exe
c:\windows\system32\ghjzaq.exe


clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

________________________

combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

__________________________
colle un rapport avec antivir que tu as et un nouveau hijackthis et dis tes soucis

a plus
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

Rebonjour
merci infiniment pour votre aide

alors voila 3 rapport de OTMoveIT , parce que j'ai fait en 3 fois, une fois la liste entière quil ne trouvait puis chqua élément séparé


_______________________________
File/Folder C:\DOCUME~1\sandrine\LOCALS~1\Temp\services.exe
c:\windows\system32\ghjzaq.exe not found.

Created on 01/17/2008 13:47:36
_____________________________
File move failed. C:\DOCUME~1\sandrine\LOCALS~1\Temp\services.exe scheduled to be moved on reboot.

Created on 01/17/2008 13:46:32
____________________________
File/Folder c:\windows\system32\ghjzaq.exe not found.

Created on 01/17/2008 13:46:52
____________________________




le rapport de Combo fix


ComboFix 08-01-17.5 - sandrine 2008-01-17 13:52:54.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.572 [GMT 1:00]
Running from: C:\Documents and Settings\sandrine\Bureau\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\sandrine\Bureau\webmediaplayer.lnk
C:\Documents and Settings\sandrine\Menu Démarrer\Programmes\WebMediaPlayer
C:\Documents and Settings\sandrine\Menu Démarrer\Programmes\WebMediaPlayer\Conditions générales.lnk
C:\Documents and Settings\sandrine\Menu Démarrer\Programmes\WebMediaPlayer\Confidentialité.lnk
C:\Documents and Settings\sandrine\Menu Démarrer\Programmes\WebMediaPlayer\WebMediaPlayer.lnk
C:\Documents and Settings\sandrine\Menu Démarrer\Programmes\WebMediaPlayer\Website.lnk
C:\Program Files\webmediaplayer
C:\Program Files\webmediaplayer\Conditions générales.url
C:\Program Files\webmediaplayer\Confidentialité.url
C:\Program Files\webmediaplayer\resources\languages.xml
C:\Program Files\webmediaplayer\resources\webmedias
C:\Program Files\webmediaplayer\skins\classic.skn
C:\Program Files\webmediaplayer\sqlite3.dll
C:\Program Files\webmediaplayer\Website.url
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\_000012_.tmp.dll
C:\WINDOWS\system32\_000013_.tmp.dll
C:\WINDOWS\system32\_000014_.tmp.dll
C:\WINDOWS\system32\drivers\npf.sys
c:\WINDOWS\system32\ghjzaq.dat
C:\WINDOWS\system32\ghjzaq.exe
c:\WINDOWS\system32\ghjzaq_nav.dat
c:\WINDOWS\system32\ghjzaq_navps.dat
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NPF
-------\nm
-------\NPF


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-17 to 2008-01-17 ))))))))))))))))))))))))))))))))))))
.

2008-01-17 13:51 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-17 09:06 . 2008-01-17 09:06 <REP> d-------- C:\Program Files\CCleaner
2008-01-16 13:26 . 2008-01-16 13:26 <REP> d-------- C:\Documents and Settings\sandrine\Application Data\Live-Prod
2008-01-16 13:25 . 2008-01-16 13:25 <REP> d-------- C:\Program Files\LiveKillCleanMessenger
2008-01-16 12:57 . 2008-01-16 12:57 4,427 --a------ C:\Documents and Settings\sandrine\swgwni.exe
2008-01-16 12:57 . 2008-01-16 12:57 4,427 --a------ C:\Documents and Settings\sandrine\cobxfy.exe
2008-01-16 12:46 . 2008-01-16 12:46 <REP> d-------- C:\!KillBox
2008-01-16 12:36 . 2008-01-16 12:37 <REP> d-------- C:\Program Files\Kill Process
2008-01-16 12:30 . 2008-01-16 12:30 317 --a------ C:\Documents and Settings\sandrine\uybutu.exe
2008-01-16 12:30 . 2008-01-16 12:30 317 --a------ C:\Documents and Settings\sandrine\hmapfd.exe
2008-01-16 12:30 . 2008-01-16 12:30 317 --a------ C:\Documents and Settings\sandrine\dbsbrx.exe
2008-01-16 11:07 . 2008-01-16 11:07 317 --a------ C:\Documents and Settings\sandrine\xsykdj.exe
2008-01-16 08:14 . 2008-01-16 08:14 <REP> d-------- C:\Program Files\Avira
2008-01-16 08:14 . 2008-01-16 08:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-16 08:11 . 2008-01-16 08:11 317 --a------ C:\Documents and Settings\sandrine\btaysm.exe
2007-12-22 12:10 . 2007-12-22 12:10 <REP> d-------- C:\ProgramFile
2007-12-22 11:23 . 2007-12-22 11:23 <REP> d-------- C:\Documents and Settings\sandrine\Application Data\Grisoft
2007-12-22 11:23 . 2007-12-22 11:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-22 11:23 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-22 11:17 . 2007-12-22 11:17 <REP> d-------- C:\Program Files\Windows Live
2007-12-22 11:17 . 2007-12-22 11:17 <REP> d--hs---- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-12-22 11:17 . 2007-12-22 11:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-21 15:37 . 2007-12-21 15:37 11,960 ---hs---- C:\AlbumArt_{3FD09D71-C2A6-48B1-8415-646BC2C12573}_Large.jpg
2007-12-21 15:37 . 2007-12-21 15:37 3,042 ---hs---- C:\AlbumArt_{3FD09D71-C2A6-48B1-8415-646BC2C12573}_Small.jpg
2007-12-20 12:19 . 2007-12-20 12:19 6,945 ---hs---- C:\AlbumArt_{511E4309-7EC7-43D9-8B72-A66C251CB128}_Large.jpg
2007-12-20 12:19 . 2007-12-20 12:19 1,979 ---hs---- C:\AlbumArt_{511E4309-7EC7-43D9-8B72-A66C251CB128}_Small.jpg
2007-12-20 12:18 . 2007-12-21 15:37 11,960 ---hs---- C:\Folder.jpg
2007-12-20 12:18 . 2007-12-20 12:18 8,886 ---hs---- C:\AlbumArt_{0880A426-3D0B-47E1-989E-00BB60300F02}_Large.jpg
2007-12-20 12:18 . 2007-12-21 15:37 3,042 ---hs---- C:\AlbumArtSmall.jpg
2007-12-20 12:18 . 2007-12-20 12:18 2,544 ---hs---- C:\AlbumArt_{0880A426-3D0B-47E1-989E-00BB60300F02}_Small.jpg
2007-12-20 12:18 . 2007-12-22 00:38 352 ---hs---- C:\desktop.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-27 23:44 --------- d-----w C:\Program Files\MSECache
2007-11-20 06:44 --------- d-----w C:\Documents and Settings\sandrine\Application Data\OpenOffice.org2
2007-11-20 06:33 --------- d-----w C:\Program Files\OpenOffice.org 2.0
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:36 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:36 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-24 16:58 228,864 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-24 16:58 228,864 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-08-10 09:44 5,832,400 ----a-w C:\Program Files\Firefox Setup 2.0.0.6.exe
2007-04-13 16:07 5,632 --sha-w C:\Program Files\Thumbs.db
2007-04-13 13:17 611,264 ----a-w C:\Program Files\kazaa_setup.exe
2007-04-10 14:28 23,796 ----a-w C:\Program Files\resaca.htm
2007-04-06 12:33 13,446,648 ----a-w C:\Program Files\setupfre.exe
2007-03-22 08:47 21,822,168 ----a-w C:\Program Files\AdbeRdr80_en_US.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 20:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-07 08:19 68856]
"12Voip"="C:\Program Files\12Voip.com\12Voip\12Voip.exe" [ ]
"VoipBuster"="C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 12:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 12:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 12:17 118784]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34 64512]
"LaunchApp"="Alaunch" []
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 14:54 16248320 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 15:02 53248]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07 761946]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 11:15 45056]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50 69632]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 20:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 20:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 20:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00 455168]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-12 16:11 7577600]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-06-12 16:11 86016]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 19:29 352256]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 12:54 3080704]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 22:15 593920]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00 397312]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 00:22 35328]
"!AVG Anti-Spyware"="C:\Documents and Settings\sandrine\Mes documents\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-17 11:13 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 20:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 17:14]
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2006-01-23 12:41]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2006-01-23 12:41]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 20:00]

*Newly Created Service* - INT15.SYS
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-04-06 12:42:04 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe%Scan -RestrictPrivileges -ScanType 1
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 12:00:34
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-17 12:04:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-17 11:04:40
.
2008-01-10 07:24:10 --- E O F ---

_____________________________________________________






et le rapport d'AntiVir



AntiVir PersonalEdition Classic
Report file date: jeudi 17 janvier 2008 12:07

Scanning for 1049634 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: ACER-1F614B65C2

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:30
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:52
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:48
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:22
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:16
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 10:13:26
ANTIVIR2.VDF : 7.0.2.0 948736 Bytes 15/01/2008 10:13:26
ANTIVIR3.VDF : 7.0.2.11 123904 Bytes 17/01/2008 10:13:26
AVEWIN32.DLL : 7.6.0.48 3080704 Bytes 17/01/2008 10:13:26
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:28
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:18
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 17/01/2008 10:13:26
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:08
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:34
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:20
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:44
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:14
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:38
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:22

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: jeudi 17 janvier 2008 12:07

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'soffice.BIN' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'RtkBtMnt.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'LManager.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'ePower_DMC.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'eDSloader.exe' - '1' Module(s) have been scanned
Scan process 'admtray.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'Monitor.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehRecvr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'admServ.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '0' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
57 processes with 57 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '40' files ).


Starting the file scan:

Begin scan in 'C:\' <ACER>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\sandrine\Bureau\naked0453.com
[DETECTION] Is the Trojan horse TR/Agent.dwd.4
[INFO] The file was moved to '47fa39e5.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP76\A0028769.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP77\A0028899.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP92\A0029913.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '47bf3ae2.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP102\A0030689.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '47bf3b22.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP107\A0031216.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP114\A0031628.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP145\A0034453.com
[DETECTION] Is the Trojan horse TR/Agent.dwd.4
[INFO] The file was deleted!
Begin scan in 'D:\' <ACERDATA>


End of the scan: jeudi 17 janvier 2008 12:39
Used time: 31:41 min

The scan has been done completely.

4763 Scanning directories
250468 Files were scanned
8 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
5 files were deleted
0 files were repaired
3 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
250460 Files not concerned
7501 Archives were scanned
2 Warnings
0 Notes


_____________________________________



et enfin le rapport de Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 12:45:42, on 17/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Documents and Settings\sandrine\Mes documents\AVG Anti-Spyware 7.5\guard.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\rundll32.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Winamp\winampa.exe
C:\Documents and Settings\sandrine\Mes documents\AVG Anti-Spyware 7.5\avgas.exe
C:\DOCUME~1\sandrine\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\spider.exe
C:\DOCUME~1\sandrine\LOCALS~1\Temp\Répertoire temporaire 2 pour hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\sandrine\Mes documents\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [12Voip] "C:\Program Files\12Voip.com\12Voip\12Voip.exe" -nosplash -minimized
O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\sandrine\Mes documents\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

Vire ce qui est en quarantaine dans antivir,

_________________

désactive la restauration système pour purger les virus qui seraient dedans

puis redemarre ton ordi

puis réactive là
(dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre)

_________________

recolle un rapport antivir et dis tes soucis

a plus

AntiVir PersonalEdition Classic
Report file date: jeudi 17 janvier 2008 16:05

Scanning for 1049634 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: ACER-1F614B65C2

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:30
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:52
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:48
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:22
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:16
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 10:13:26
ANTIVIR2.VDF : 7.0.2.0 948736 Bytes 15/01/2008 10:13:26
ANTIVIR3.VDF : 7.0.2.11 123904 Bytes 17/01/2008 10:13:26
AVEWIN32.DLL : 7.6.0.48 3080704 Bytes 17/01/2008 10:13:26
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:28
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:18
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 17/01/2008 10:13:26
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:08
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:34
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:20
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:44
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:14
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:38
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:22

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: jeudi 17 janvier 2008 16:05

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'soffice.BIN' - '1' Module(s) have been scanned
Scan process 'SOFFICE.EXE' - '1' Module(s) have been scanned
Scan process 'RtkBtMnt.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'MsnMsgr.Exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehRecvr.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'LManager.exe' - '1' Module(s) have been scanned
Scan process 'admServ.exe' - '1' Module(s) have been scanned
Scan process 'ePower_DMC.exe' - '1' Module(s) have been scanned
Scan process 'GUARD.EXE' - '0' Module(s) have been scanned
Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned
Scan process 'eDSloader.exe' - '1' Module(s) have been scanned
Scan process 'SCHED.EXE' - '1' Module(s) have been scanned
Scan process 'admtray.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'Monitor.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
55 processes with 55 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '40' files ).


Starting the file scan:

Begin scan in 'C:\' <ACER>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <ACERDATA>


End of the scan: jeudi 17 janvier 2008 16:23
Used time: 18:44 min

The scan has been done completely.

4435 Scanning directories
241314 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
241314 Files not concerned
7485 Archives were scanned
2 Warnings
0 Notes



_____________________________________

Je n'ai plus de message d'alerte par antivir; tout semble fonctionner correctement
Je vous remercie encore de m'avoir accordé du temps

Pour verifier une chose:


Télécharge MSNFix de Laurent
http://sosvirus.changelog.fr/MSNFix.zip

Décompresse-le et double clic sur le fichier MSNFix.bat.
- Exécute l'option R.
--Si l'infection est détectée, exécute l'option N
- Sauvegarde ce rapport puis fais un copier/coller de ce rapport sur le forum.

Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement

__________












pour protéger gratos ton ordi

http://www.commentcamarche.net/telecharger/logiciel 4 securite

mettre un antivirus

AVAST en français ou ANTIVIR (en anglais mais très efficace)
http://www.malekal.com/tutorial_antivir.php (merci Malekal)
-------------
des anti-espions :
AD AWARE + SPYBOT +/- si tea timer non active de spybot: WINDOWS DEFENDER ou SPYWARE TERMINATOR

+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

Rq : spybot et ad-aware on sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
--------
un pare feu :
celui de Windows ou mieux KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

http://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
http://manuelsdaide.com/Internet/Jetico/firewall.htm
http://www.open-files.com/forum/index.php?showtopic=29277
http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm

-----------

CCLEANER pour effacer les traces de surf

Voici le rapport


Aucun dossier trouvé




************************ Suppression des fichiers

.. OK ... C:\Documents and Settings\sandrine\??????.exe



************************ Nettoyage du registre



************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\DOCUME~1\sandrine\LOCALS~1\Temp\Img-0013.zip] D239F33526AA8126E795593558A7DFAE
[C:\DOCUME~1\sandrine\LOCALS~1\Temp\Img-009.zip] 53EFCA71AD59DBE97E47C56CDA2AD0D3
[C:\dw.exe] 97D3AB120A7C3CF2649953E851F9B7E6
[C:\dwdebug.exe] E37510C68C12176F861631F2FCEE1C05
[C:\UNINSTAL.EXE] 0E2D565EB85225408F35B9D31D039E5A
[C:\zoo.exe] BAB0954172B2869330882E2BD30751AC
[C:\PROGRA~1\AdbeRdr80_en_US.exe] 0AB5CE309F313ED028824251C798B35C
[C:\dw.exe] 97D3AB120A7C3CF2649953E851F9B7E6
[C:\dwdebug.exe] E37510C68C12176F861631F2FCEE1C05
[C:\UNINSTAL.EXE] 0E2D565EB85225408F35B9D31D039E5A
[C:\zoo.exe] BAB0954172B2869330882E2BD30751AC
[C:\Documents and Settings\sandrine\btaysm.exe] FB2DAE878FFD7A569D23560855DF4316
[C:\Documents and Settings\sandrine\xsykdj.exe] FB2DAE878FFD7A569D23560855DF4316
[C:\Documents and Settings\sandrine\hmapfd.exe] FB2DAE878FFD7A569D23560855DF4316
[C:\Documents and Settings\sandrine\dbsbrx.exe] FB2DAE878FFD7A569D23560855DF4316
[C:\Documents and Settings\sandrine\uybutu.exe] FB2DAE878FFD7A569D23560855DF4316
[C:\Documents and Settings\sandrine\cobxfy.exe] AA5460893B4A288EBA2BCFF2F792FC98
[C:\Documents and Settings\sandrine\swgwni.exe] 188906F8C93388B28CBF1AF51C0D32F4
[C:\PROGRA~1\AdbeRdr80_en_US.exe] 0AB5CE309F313ED028824251C798B35C
[C:\PROGRA~1\setupfre.exe] A91E59F4D30EE9CAC5895429412EE5AA
[C:\dw.exe] 97D3AB120A7C3CF2649953E851F9B7E6
[C:\dwdebug.exe] E37510C68C12176F861631F2FCEE1C05
[C:\UNINSTAL.EXE] 0E2D565EB85225408F35B9D31D039E5A
[C:\zoo.exe] BAB0954172B2869330882E2BD30751AC
[C:\Program Files\AdbeRdr80_en_US.exe] 0AB5CE309F313ED028824251C798B35C
[C:\Program Files\setupfre.exe] A91E59F4D30EE9CAC5895429412EE5AA
[C:\Program Files\kazaa_setup.exe] 980E95DA99859D8BE108D32875EF43CE
[C:\Program Files\Firefox Setup 2.0.0.6.exe] 2628E1F9FA78C57E8F20213EA71BA498

[color=#FF0000][b]==>[/b][/color] SVP merci d'envoyer le fichier [b] C:\DOCUME~1\sandrine\Bureau\Upload_Me.zip [/b] sur http://upload.changelog.fr



Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 17012008_16105803.zip


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

Analyse sur virus total ces fichier et dis moi lesquels sont inféctés: http://www.virustotal.com/fr/

C:\DOCUME~1\sandrine\LOCALS~1\Temp\Img-0013.zip
C:\DOCUME~1\sandrine\LOCALS~1\Temp\Img-009.zip
C:\dw.exe
C:\dwdebug.exe
C:\UNINSTAL.EXE
C:\zoo.exe
C:\Documents and Settings\sandrine\btaysm.exe
C:\Documents and Settings\sandrine\xsykdj.exe
C:\Documents and Settings\sandrine\hmapfd.exe
C:\Documents and Settings\sandrine\dbsbrx.exe
C:\Documents and Settings\sandrine\uybutu.exe
C:\Documents and Settings\sandrine\cobxfy.exe
C:\Documents and Settings\sandrine\swgwni.exe
C:\PROGRA~1\setupfre.exe
C:\Program Files\setupfre.exe
C:\Program Files\kazaa_setup.exe
C:\Program Files\Firefox Setup 2.0.0.6.exe

Bonsoir,
il y a eu des détections sur les 2 derniers fichiers

Alors vire les deux derniers fichier en allant dans poste de travail puis C puis program files

C:\Program Files\kazaa_setup.exe
C:\Program Files\Firefox Setup 2.0.0.6.exe


tu pourra retelecharger kazaa si tu utilise et firefox



apres c'est bon

bonne continuation

Bonsoir je m'excuse de m'introduire dans cette discution mais ça fait quelques jour que je galere avec plusieur post sur plusieur forum.
J'ai le meme souci,avec le meme virus, comme je vois qu'ici ça a l'air d'avoir plutot bien fonctionné, je demande gracieusement votre aide.
mon post: http://www.commentcamarche.net/forum/affich 5010280 virus msn#0

en vous remerciant.

Bonjour,

Il serait préférable que tu fasses ton message personnel, cela rendra les postes plus compréhensibles et la réponse à ton problème sera plus efficace
Procèdes comme ceci :
http://pageperso.aol.fr/balltrap34/demofairesontmessage.htm

A bientôt ''
Le meilleur moyen de faire tourner la tête à une femme, c'est de lui dire qu'elle a un joli profil

--
mouvement de non entraide a suivre très prochainement...

Oui oui