[Résolu] pc infesté de différent trojan ... scan HijackThis

c'est pas un windows légal ça, j'me trompe?
si oui alors mets le a jour SP2+toutes les mises à jour, sur windows update.

juste pour ma culture perso, a quoi tu vois que le windows est cracké?

manque SP2 et ça devrait être IE7
ça peu tout de même être un légal mais le mec il connait pas windows update alors!(mise a jour pas configuré en auto)

d'accord merci...

oui mon frère se sert de son pc qu'un copain lui a filé principalement pour msn et utilise firefox, d'où la non mise à jour de IE

je vais faire les MAJ nécessaire
perso je sais pas si son XP est légal ?!

Ce sujet a été déplacé de la catégorie Hardware vers la catégorie Le monde de Windows par Sylvain37

Bonjour,

Désactive tes protections résidentes (antivirus...) ![/#f]

Télécharge [#ff0000]combofix.exe

(par sUBs) sur ton Bureau.

Double clique combofix.exe.

Tape sur la touche 1 (Yes) pour démarrer le scan.

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

merci Sylvain d'avoir déplacé mon sujet, désolé de pas l'avoir mis au bon endroit

j'ai essayé de faire les maj sur windows update bon apparemment c'est pas possible ...

je vais suivre ta procédure Angeldark et te poste le rapport
merci

voici le rapport

ComboFix 07-12-21.4 - Virginie 2007-12-21 18:41:30.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.61 [GMT 1:00]
Running from: C:\Documents and Settings\Virginie\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\yoan\Application Data\SMANTE~1
C:\Documents and Settings\yoan\Application Data\WinTouch
C:\Documents and Settings\yoan\Application Data\WinTouch\wintouch.cfg
C:\Documents and Settings\yoan\Menu Démarrer\Programmes\Internet Speed Monitor
C:\Documents and Settings\yoan\Menu Démarrer\Programmes\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\yoan\Menu Démarrer\Programmes\Internet Speed Monitor\Uninstall.lnk
C:\Program Files\Temporary
C:\Program Files\WinAble
C:\WINDOWS\b111.exe
C:\WINDOWS\b148.exe
C:\WINDOWS\crosof~1.net
C:\WINDOWS\system32\alog.txt
C:\WINDOWS\system32\explorer.exe
C:\WINDOWS\system32\fnts~1
C:\WINDOWS\system32\fnts~1\F?nts\
C:\WINDOWS\system32\urlmsnlink.dat

.
((((((((((((((((((((((((((((( Fichiers créés 2007-11-21 to 2007-12-21 ))))))))))))))))))))))))))))))))))))
.

2007-12-21 17:06 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2007-12-21 17:06 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-12-21 17:06 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2007-12-21 17:06 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2007-12-21 15:52 . 2007-12-21 15:52 <REP> d-------- C:\VundoFix Backups
2007-12-21 15:42 . 2007-12-21 15:42 <REP> d-------- C:\Program Files\Trend Micro
2007-12-21 15:19 . 2007-12-21 15:35 <REP> d-------- C:\Program Files\Navilog1

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-13 18:14 44,032 ----a-w C:\WINDOWS\system32\ftp.exe
2007-11-13 18:14 17,920 ----a-w C:\WINDOWS\system32\tftp.exe
2007-11-13 18:13 562,836 ----a-w C:\WINDOWS\Dance_dec_jpg.zip
2007-11-12 21:04 44,495 ----a-w C:\3d3t4t8n7l.exe
2007-11-10 07:24 9,808 ----a-w C:\ir-1-1148.exe
2007-11-08 20:48 9,808 ----a-w C:\or-1-1148.exe
2007-11-08 17:25 --------- d-----w C:\Documents and Settings\yoan\Application Data\Grisoft
2007-11-08 10:31 --------- d--h--w C:\Program Files\Fichiers communs\Carlson
2007-11-08 10:26 561,298 ----a-w C:\WINDOWS\Nokia_19_jpg.zip
2007-11-07 18:03 --------- d-----w C:\Program Files\a-squared Free
2007-11-07 16:43 --------- d-----w C:\Documents and Settings\Virginie\Application Data\Grisoft
2007-11-07 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-07 16:39 --------- d-----w C:\Program Files\SpywareBlaster
2007-11-07 12:27 --------- d-----w C:\Documents and Settings\Virginie\Application Data\Lavasoft
2007-11-07 11:23 228 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2007-11-06 12:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-06 10:51 --------- d-----w C:\Program Files\Services en ligne
2007-10-30 18:06 10 ----a-w C:\Program Files\.autoreg
2007-10-05 15:50 561,152 --sh--r C:\WINDOWS\LBTWiz.exe
2007-09-28 18:21 134,656 ----a-w C:\WINDOWS\system32\sfc_os.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3A75439D-E608-4095-BF8B-A65F5FCAB8B9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4A4AD4B-35F8-1D07-DA2A-4FE6718D5E92}]
C:\WINDOWS\System32\pmnl.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 07:14]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CameraFixer"="C:\WINDOWS\CameraFixer.exe" [2005-12-06 12:08]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2005-10-11 12:54]
"vigorojuz"="C:\Program Files\MSN Gaming Zone\vigorojuz77798.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 13:00]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
RtlWake.lnk - C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtlWake.exe [2006-03-25 18:15:52]

R1 fwdrv;Firewall Driver;C:\WINDOWS\System32\drivers\fwdrv.sys [2005-12-15 18:13]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\System32\drivers\khips.sys [2005-12-15 18:01]
R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\System32\DRIVERS\EAPPkt.sys [2002-11-22 18:57]
R3 crtaud;Pilote audio WDM Riptide Conexant;C:\WINDOWS\System32\drivers\crtaud.sys [2001-08-17 20:19]
R3 rpfun;Pilote factice Riptide Conexant;C:\WINDOWS\System32\drivers\rpfun.sys [2001-08-17 20:19]
R3 rthwcls;Bus Riptide Conexant / Téléchargeur de logiciel;C:\WINDOWS\System32\drivers\rthwcls.sys [2001-08-17 20:19]
R3 rtl8180;Belkin 11Mbps Wireless Desktop Network Card Driver;C:\WINDOWS\System32\DRIVERS\Bel6001.sys [2003-07-10 11:06]
S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2002-10-02 08:57]

*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-21 18:49:13
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-21 18:51:53

C'est mieux déjà ?

Télécharge MSNFix.zip ([#ff0000]!aur3n7[/#f]) sur ton Bureau.
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout).

Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat.
- Exécute l'option R.
-- Si l'infection est détectée, presse une touche pour lancer le nettoyage.

[#ff0000]Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations.
Dans ce cas il suffit de redémarrer l'ordinateur manuellement.[/#f]

Poste le rapport situé dans le dossier MSNFix.
Le nom du rapport correspond au moment de sa création : date_heure.log

ok je continue donc
voici le rapport de MSNFix

MSNFix 1.605

C:\Documents and Settings\Virginie\Bureau\MSNFix\MSNFix
Fix exécuté le 21/12/2007 - 19:18:46,77 By Virginie
mode normal
a
************************ Recherche les fichiers présents

... C:\DOCUME~1\ALLUSE~1\MENUDM~1\carlton
... C:\Program Files\Fichiers communs\Carlson\carlton
... C:\PROGRA~1\FICHIE~1\Carlson\carlton
... C:\*-1-1148.exe
... C:\3d3t4t8n7l.exe
... C:\ir-1-1148.exe
... C:\or-1-1148.exe
... C:\WINDOWS\Dance_dec_jpg.zip
... C:\WINDOWS\LBTWiz.exe
... C:\WINDOWS\Nokia_19_jpg.zip
... C:\WINDOWS\Nokia_19_jpg.zip
... C:\WINDOWS\system32\microsoft\backup.ftp
... C:\WINDOWS\system32\microsoft\backup.tftp
... C:\WINDOWS\Dance_dec_jpg.zip
... C:\WINDOWS\Nokia_19_jpg.zip

************************ MSNCHK ***** /!\ beta test /!\

[!] C:\WINDOWS\Nokia_19_jpg.zip is INFECTED


************************ Recherche les dossiers présents

... C:\Program Files\Fichiers communs\Carlson\
... C:\PROGRA~1\FICHIE~1\Carlson\
... C:\WINDOWS\system32\updatelinkmsn\




************************ Suppression des fichiers

.. OK ... C:\DOCUME~1\ALLUSE~1\MENUDM~1\carlton
.. OK ... C:\Program Files\Fichiers communs\Carlson\carlton
.. OK ... C:\PROGRA~1\FICHIE~1\Carlson\carlton
.. OK ... C:\*-1-1148.exe
.. OK ... C:\3d3t4t8n7l.exe
.. OK ... C:\ir-1-1148.exe
.. OK ... C:\or-1-1148.exe
.. OK ... C:\WINDOWS\Dance_dec_jpg.zip
.. OK ... C:\WINDOWS\LBTWiz.exe
.. OK ... C:\WINDOWS\Nokia_19_jpg.zip
.. OK ... C:\WINDOWS\Nokia_19_jpg.zip
.. OK ... C:\WINDOWS\system32\microsoft\backup.ftp
.. OK ... C:\WINDOWS\system32\microsoft\backup.tftp
.. OK ... C:\ir-1-1148.exe
.. OK ... C:\ir-1-1148.exe
.. OK ... C:\or-1-1148.exe
.. OK ... C:\or-1-1148.exe
.. OK ... C:\3d3t4t8n7l.exe
.. OK ... C:\3d3t4t8n7l.exe
.. OK ... C:\3d3t4t8n7l.exe
.. OK ... C:\3d3t4t8n7l.exe
.. OK ... C:\WINDOWS\Dance_dec_jpg.zip
.. OK ... C:\WINDOWS\Nokia_19_jpg.zip


************************ Suppression des dossiers

.. OK ... C:\Program Files\Fichiers communs\Carlson\
.. OK ... C:\PROGRA~1\FICHIE~1\Carlson\
.. OK ... C:\WINDOWS\system32\updatelinkmsn\


************************ Nettoyage du registre



************************ Fichiers suspects

Aucun Fichier trouvé


Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 21122007_19261772.zip


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

Refais un scan Combofix  

voici le nouveau rapport combofix  

ComboFix 07-12-21.4 - Virginie 2007-12-21 20:49:48.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.69 [GMT 1:00]
Running from: C:\Documents and Settings\Virginie\Bureau\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2007-11-21 to 2007-12-21 ))))))))))))))))))))))))))))))))))))
.

2007-12-21 19:15 . 2007-12-21 19:16 <REP> d-------- C:\Program Files\IZArc
2007-12-21 17:06 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2007-12-21 17:06 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-12-21 17:06 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2007-12-21 17:06 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2007-12-21 15:52 . 2007-12-21 15:52 <REP> d-------- C:\VundoFix Backups
2007-12-21 15:42 . 2007-12-21 15:42 <REP> d-------- C:\Program Files\Trend Micro
2007-12-21 15:19 . 2007-12-21 15:35 <REP> d-------- C:\Program Files\Navilog1

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-13 18:14 44,032 ----a-w C:\WINDOWS\system32\ftp.exe
2007-11-08 17:25 --------- d-----w C:\Documents and Settings\yoan\Application Data\Grisoft
2007-11-07 18:03 --------- d-----w C:\Program Files\a-squared Free
2007-11-07 16:43 --------- d-----w C:\Documents and Settings\Virginie\Application Data\Grisoft
2007-11-07 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-07 16:39 --------- d-----w C:\Program Files\SpywareBlaster
2007-11-07 12:27 --------- d-----w C:\Documents and Settings\Virginie\Application Data\Lavasoft
2007-11-07 11:23 228 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2007-11-06 12:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-06 10:51 --------- d-----w C:\Program Files\Services en ligne
2007-10-30 18:06 10 ----a-w C:\Program Files\.autoreg
2007-09-28 18:21 134,656 ----a-w C:\WINDOWS\system32\sfc_os.dll
.

((((((((((((((((((((((((((((( snapshot@2007-12-21_18.50.02,60 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-13 18:14:05 17,920 -c--a-w C:\WINDOWS\system32\dllcache\tftp.exe
+ 2001-08-28 12:00:00 17,920 -c--a-w C:\WINDOWS\system32\dllcache\tftp.exe
+ 2001-08-28 12:00:00 17,920 ----a-w C:\WINDOWS\system32\Microsoft\tftp.exe
- 2007-11-13 18:14:05 17,920 ----a-w C:\WINDOWS\system32\tftp.exe
+ 2001-08-28 12:00:00 17,920 ----a-w C:\WINDOWS\system32\tftp.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3A75439D-E608-4095-BF8B-A65F5FCAB8B9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4A4AD4B-35F8-1D07-DA2A-4FE6718D5E92}]
C:\WINDOWS\System32\pmnl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CameraFixer"="C:\WINDOWS\CameraFixer.exe" [2005-12-06 12:08]
"vigorojuz"="C:\Program Files\MSN Gaming Zone\vigorojuz77798.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 13:00]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
RtlWake.lnk - C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtlWake.exe [2006-03-25 18:15:52]

R1 fwdrv;Firewall Driver;C:\WINDOWS\System32\drivers\fwdrv.sys [2005-12-15 18:13]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\System32\drivers\khips.sys [2005-12-15 18:01]
R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\System32\DRIVERS\EAPPkt.sys [2002-11-22 18:57]
R3 crtaud;Pilote audio WDM Riptide Conexant;C:\WINDOWS\System32\drivers\crtaud.sys [2001-08-17 20:19]
R3 rpfun;Pilote factice Riptide Conexant;C:\WINDOWS\System32\drivers\rpfun.sys [2001-08-17 20:19]
R3 rthwcls;Bus Riptide Conexant / Téléchargeur de logiciel;C:\WINDOWS\System32\drivers\rthwcls.sys [2001-08-17 20:19]
R3 rtl8180;Belkin 11Mbps Wireless Desktop Network Card Driver;C:\WINDOWS\System32\DRIVERS\Bel6001.sys [2003-07-10 11:06]
S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2002-10-02 08:57]

*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-21 20:56:26
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-21 20:59:19
C:\ComboFix2.txt ... 2007-12-21 20:34
C:\ComboFix3.txt ... 2007-12-21 18:51

je précise que sur le pc j'ai installé entre les 2 rapports combofix
le logiciel Izarc qui est un dezippeur

On a bien avancé  

Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir

Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic

bonsoir
désolé pour le retard
voici le rapport de Antivir



AntiVir PersonalEdition Classic
Report file date: samedi 22 décembre 2007 13:29

Scanning for 985636 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (plain) [5.1.2600]
Username: SYSTEM
Computer name: ORDINATEURYOAN

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 12:26:54
ANTIVIR2.VDF : 7.0.1.96 2048 Bytes 14/12/2007 12:26:54
ANTIVIR3.VDF : 7.0.1.140 190976 Bytes 22/12/2007 12:26:54
AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 22/12/2007 12:26:55
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.2 360488 Bytes 22/12/2007 12:26:55
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: samedi 22 décembre 2007 13:29

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
Scan process 'RtlWake.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'CameraFixer.exe' - '1' Module(s) have been scanned
Scan process 'a2service.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
26 processes with 26 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
Master boot sector HD1
[NOTE] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '19' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Virginie\Bureau\ne pas effacer\MSNFix\MSNFix\21122007_19261772.zip
[0] Archive type: ZIP
--> backup/3d3t4t8n7l.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
--> backup/carlton
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
--> backup/Dance_dec_jpg.zip
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.562688
[1] Archive type: ZIP
--> www.Dance_dec_jpg_Msn.com
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.562688
--> backup/ir-1-1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/LBTWiz.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
--> backup/Nokia_19_jpg.zip
[1] Archive type: ZIP
--> www.Nokia_19_jpg-msn.com
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
--> backup/or-1-1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\qoobox\Quarantine\C\WINDOWS\b111.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agent.fjv
[INFO] The file was deleted!
C:\qoobox\Quarantine\C\WINDOWS\system32\explorer.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP216\A0102641.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP216\A0102660.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP216\A0102688.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP216\A0102717.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP216\A0102741.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP216\A0102752.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP216\A0102753.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP216\A0102787.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP216\A0102798.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP216\A0102814.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP216\A0102816.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP216\A0102817.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP216\A0102828.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP216\A0103828.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP216\A0103829.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP216\A0103851.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP216\A0104910.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP216\A0104911.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP216\A0104912.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP216\A0104914.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP216\A0104915.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP216\A0104916.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP216\A0104921.exe
[DETECTION] Is the Trojan horse TR/Dldr.Purity.DZ.3
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP216\A0104963.exe
[DETECTION] Is the Trojan horse TR/Dldr.Trarch.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP216\A0104967.exe
[DETECTION] Contains detection pattern of the dropper DR/Agent.VU
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP216\A0104992.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.csb
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP216\A0105012.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP216\A0105013.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.erf
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP217\A0107029.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP217\A0107030.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP217\A0108036.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP217\A0108037.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP217\A0108052.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP217\A0109071.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP217\A0109083.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP217\A0109085.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP218\A0109121.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.fjv
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP218\A0111171.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP219\A0115196.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP219\A0115197.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.562688
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP222\A0126467.dll
[DETECTION] Is the Trojan horse TR/Spy.Banker.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP222\A0126482.dll
[DETECTION] Is the Trojan horse TR/Spy.Banker.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP223\A0130573.dll
[DETECTION] Is the Trojan horse TR/Spy.Banker.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP226\A0135968.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.erf
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP226\A0135969.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ezc
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP229\A0136024.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP229\A0136057.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP229\A0136058.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP229\A0136059.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was deleted!
C:\System Volume Information\_restore{234A85D5-2A9A-4CB5-AAE4-ED05FE6D197B}\RP229\A0136060.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
[INFO] The file was deleted!
C:\WINDOWS\tsitra1148.exe.tmp
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
Begin scan in 'D:\'
Search path D:\ could not be opened!
Le volume ne contient pas de système de fichiers connu. Vérifiez si tous les pilotes de système
de fichiers nécessaires sont chargés et si le volume n'est pas endommagé.



End of the scan: samedi 22 décembre 2007 20:04
Used time: 6:34:55 min

The scan has been done completely.

1631 Scanning directories
378283 Files were scanned
61 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
54 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
378222 Files not concerned
962 Archives were scanned
2 Warnings
0 Notes

je risque de ne pas pouvoir répondre avant lundi donc ne vous pressez pas pour regarder
en tout cas merci déjà pour tout ce que vous avez fait  

Reposte un rapport Hijackthis.

bonsoir et meilleurs voeux

voici le rapport Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:30:08, on 01/01/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\CameraFixer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtlWake.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Flash Module - {3A75439D-E608-4095-BF8B-A65F5FCAB8B9} - nonmar32.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {B4A4AD4B-35F8-1D07-DA2A-4FE6718D5E92} - C:\WINDOWS\System32\pmnl.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [vigorojuz] C:\Program Files\MSN Gaming Zone\vigorojuz77798.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: RtlWake.lnk = ?
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe

--
End of file - 4416 bytes

Bonne année.

Fix les lignes dans le cadre ci-dessous avec Hijackthis : AIDE EN IMAGES



Supprime :
C:\Program Files\MSN Gaming Zone\vigorojuz77798.exe

c'est fait

Encore des soucis ?

je vais faire des essais, mais ça m'a l'air bon

en tout cas merci beaucoup pour l'aide !

Ok  

Télécharge ToolsCleaner sur ton Bureau.

Clique sur Recherche et laisse le scan se terminer.

Clique sur Suppression pour finaliser.

Clique sur Quitter, pour que le rapport puisse se créer.

Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\)

Désactive puis réactive la restauration du système : Voir aide

Ajoute maintenant [Résolu] au titre. Pour cela :
* Clique, dans ton premier message, sur le bouton "Editer"
* Rajoute la mention [Résolu] au titre
* Clique ensuite sur "Valider votre message"

Lis le dossier dossier sur la prévention et la protection pour ne plus avoir ce genre de problème en cliquant sur l'image ci-dessous :

voici le rapport
-->- Recherche:

C:\Vundofix backups: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: trouvé !
C:\Documents and Settings\Virginie\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\Virginie\Bureau\ne pas effacer\HijackThis.lnk: trouvé !
C:\Documents and Settings\Virginie\Bureau\ne pas effacer\Navilog1.lnk: trouvé !
C:\Documents and Settings\Virginie\Bureau\ne pas effacer\vundoFix.exe: trouvé !
C:\Documents and Settings\Virginie\Bureau\ne pas effacer\HJTInstall.exe: trouvé !
C:\Documents and Settings\Virginie\Bureau\ne pas effacer\MsnFix: trouvé !
C:\Documents and Settings\Virginie\Bureau\ne pas effacer\MSNFix\MsnFix: trouvé !
C:\Documents and Settings\Virginie\Recent\MSNFix.lnk: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\qoobox\Quarantine\C\Combofix: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: supprimé !
C:\Documents and Settings\Virginie\Bureau\ComboFix.exe: supprimé !
C:\Documents and Settings\Virginie\Bureau\ne pas effacer\HijackThis.lnk: supprimé !
C:\Documents and Settings\Virginie\Bureau\ne pas effacer\Navilog1.lnk: supprimé !
C:\Documents and Settings\Virginie\Bureau\ne pas effacer\vundoFix.exe: supprimé !
C:\Documents and Settings\Virginie\Bureau\ne pas effacer\HJTInstall.exe: supprimé !
C:\Documents and Settings\Virginie\Recent\MSNFix.lnk: supprimé !
C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Vundofix backups: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: supprimé !
C:\Documents and Settings\Virginie\Bureau\ne pas effacer\MsnFix: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !


je vais maintenant étudier ton dossier
encore merci !

Bon surf