Forum Clubic

Pc infecté virus aidez moi !

Bonjour,
Depuis quelques temps Antivir me trouve TR/Crypt.XPACK.Gen à chaque analyse.
Je ne peux pas supprimer ce fichier, il revient quelques secondes plus tard.
J’ai remarqué aussi que mon pc rame un peu.
Pouvez m’aider a m’en debarraser ? :frowning:

Peux tu me dire comment on utilise hijacthis ???

Voici le rapport d’antivir et je met celui dhijacthis dans un instant

AntiVir PersonalEdition Classic
Report file date: samedi 22 mars 2008 00:17

Scanning for 1160819 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: C-DOA121FXDBK4U

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 18:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 17:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 20:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 17:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 19:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 16:54:35
ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 21/03/2008 21:41:54
ANTIVIR3.VDF : 7.0.3.63 2048 Bytes 21/03/2008 21:41:54
AVEWIN32.DLL : 7.6.0.75 3334656 Bytes 18/03/2008 21:36:37
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 15:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 12:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 18:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 15/01/2008 22:37:48
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 12:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 17:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 12:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 16:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 17:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 17:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 14:37:21

Configuration settings for the scan:
Jobname…: Complete system scan
Configuration file…: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging…: low
Primary action…: interactive
Secondary action…: ignore
Scan master boot sector…: off
Scan boot sector…: on
Boot sectors…: F:,
Scan memory…: on
Process scan…: on
Scan registry…: on
Search for rootkits…: off
Scan all files…: Intelligent file selection
Scan archives…: on
Recursion depth…: 20
Smart extensions…: on
Macro heuristic…: on
File heuristic…: medium

Start of the scan: samedi 22 mars 2008 00:17

The scan of running processes will be started
Scan process ‘avscan.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘avcenter.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘hpqste08.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘PCLEScheduler.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘hpqtra08.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘dslmon.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘emule.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘usnsvc.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘wuauclt.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘devldr32.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘jucheck.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘wscntfy.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘alg.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘iPodService.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘ADSL Autoconnect.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘DesktopSearchService.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘GoogleToolbarNotifier.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘ctfmon.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘avgnt.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘TaskBarIcon.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘ECB.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘MaBtSh.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘qttask.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘iTunesHelper.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘realsched.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘jusched.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘remoterm.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘hpwuSchd2.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘CnxMon.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘nvsvc32.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘mdm.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘sched.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘explorer.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘avguard.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘spoolsv.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘lsass.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘services.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘winlogon.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘csrss.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘smss.exe’ - ‘1’ Module(s) have been scanned
46 processes with 46 modules were scanned

Start scanning boot sectors:
Boot sector ‘C:’
[NOTE] No virus was found!
Boot sector ‘F:’
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( ‘42’ files ).

Starting the file scan:

Begin scan in ‘C:’
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\CIVAULT\Local Settings\Temporary Internet Files\Content.IE5\I0O68C0X\help[1].exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\System Volume Information_restore{59A4FE12-4C04-4608-8CC3-F7EF8AED0B07}\RP441\A0314116.exe
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information_restore{59A4FE12-4C04-4608-8CC3-F7EF8AED0B07}\RP445\A0319140.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information_restore{59A4FE12-4C04-4608-8CC3-F7EF8AED0B07}\RP445\A0319157.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information_restore{59A4FE12-4C04-4608-8CC3-F7EF8AED0B07}\RP445\A0319159.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\System Volume Information_restore{59A4FE12-4C04-4608-8CC3-F7EF8AED0B07}\RP445\A0319177.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\System Volume Information_restore{59A4FE12-4C04-4608-8CC3-F7EF8AED0B07}\RP445\A0321185.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\System Volume Information_restore{59A4FE12-4C04-4608-8CC3-F7EF8AED0B07}\RP445\A0321187.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\System Volume Information_restore{59A4FE12-4C04-4608-8CC3-F7EF8AED0B07}\RP445\A0322186.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\System Volume Information_restore{59A4FE12-4C04-4608-8CC3-F7EF8AED0B07}\RP445\A0322196.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\System Volume Information_restore{59A4FE12-4C04-4608-8CC3-F7EF8AED0B07}\RP445\A0322197.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to ‘4818251f.qua’!
C:\System Volume Information_restore{59A4FE12-4C04-4608-8CC3-F7EF8AED0B07}\RP445\A0322198.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was moved to ‘48182521.qua’!
C:\WINDOWS\system32\help.exe.tmp
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to ‘48512b4a.qua’!
C:\WINDOWS\system32\drivers\atapi.sys
[WARNING] The file could not be opened!
Begin scan in ‘F:’
F:\h1dwg20.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
F:\n2de.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to ‘48492c7b.qua’!
F:\System Volume Information_restore{C4BC7536-0A51-4E04-9F74-E362497B77A4}\RP63\A0071098.DLL
[DETECTION] Is the Trojan horse TR/Agent.UV.1
[INFO] The file was moved to ‘48154147.qua’!
F:\System Volume Information_restore{C4BC7536-0A51-4E04-9F74-E362497B77A4}\RP65\A0073152.DLL
[DETECTION] Is the Trojan horse TR/Agent.UV.1
[INFO] The file was deleted!
F:\System Volume Information_restore{C4BC7536-0A51-4E04-9F74-E362497B77A4}\RP65\A0073181.DLL
[DETECTION] Is the Trojan horse TR/Agent.UV.1
[INFO] The file was moved to ‘48154257.qua’!
F:\System Volume Information_restore{C4BC7536-0A51-4E04-9F74-E362497B77A4}\RP65\A0073199.DLL
[DETECTION] Is the Trojan horse TR/Agent.UV.1
[INFO] The file was moved to ‘48154259.qua’!

End of the scan: samedi 22 mars 2008 13:54
Used time: 13:37:12 min

The scan has been done completely.

11496 Scanning directories
622431 Files were scanned
19 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
12 files were deleted
0 files were repaired
7 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
622412 Files not concerned
6773 Archives were scanned
3 Warnings
179 Notes

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:55:29, on 22/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Pinnacle\PCTV Stereo\Remote\Remoterm.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Mobile Action\Bluetooth Manager\MaBtSh.exe
C:\Program Files\e-C\LBP\CVD VISA\CB.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\eM\em.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr…
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ECBBrowserHelper Class - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoEC.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand201013011.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM…\Run: [PCTVRemote] C:\Program Files\Pinnacle\PCTV Stereo\Remote\Remoterm.exe
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe”
O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [MaBtSh] C:\Program Files\Mobile Action\Bluetooth Manager\MaBtSh.exe
O4 - HKLM…\Run: [eB-LPV-P1] “C:\Program Files\eCB\LBP\CVD VISA\ECB.exe” /d
O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min
O4 - HKLM…\Run: [Sony Ericsson PC Suite] “C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [MsnMsgr] “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU…\Run: [Copernic Desktop Search 2] “C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe” /tray
O4 - HKCU…\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU…\Run: [eMAutoStart] C:\Program Files\eM\em.exe -AutoStart
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - C:\Program… Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com…
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE…
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - www.wanadoo.fr… (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - messenger.zone.msn.com…
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - s.tf1.fr…
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - messenger.zone.msn.com…
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - messenger.zone.msn.com…
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4E042DE6-8B87-11D3-AE7F-004033D24DBD} (HtmlHelpViewer.CViewerHtml) - lms.mediapluspro.net…
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - messenger.zone.msn.com…
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - messenger.zone.msn.com…
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - messenger.zone.msn.com…
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com…
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - messenger.zone.msn.com…
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - messenger.zone.msn.com…
O17 - HKLM\System\CCS\Services\Tcpip…{7CA69B21-5B89-4C11-876D-45246FA85823}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CS1\Services\Tcpip…{7CA69B21-5B89-4C11-876D-45246FA85823}: NameServer = 80.10.246.130 80.10.246.3
O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


End of file - 12157 bytes


Le voila
Mais comment faire pour désactiver la restauration ?

Voila je l’ai fais apres avoir desactiver je fais koi ?

Le scan antivir est long alors le poste ce ne sera pas pour tout de suite
Je l’ai quand meme mis en route. Des que je l’ai je le poste
Edité le 22/03/2008 à 19:11

Voici le rapport d’antivir. Mais il detecte toujours le virus TR/Crypt.XPACK.Gen , depuis que j’ai fait le truc fix checked sur hijacthis antivir a trouvé moins de virus c’est déja un début !!! :confused:

AntiVir PersonalEdition Classic
Report file date: samedi 22 mars 2008 14:09

Scanning for 1160819 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: C-DOA121FXDBK4U

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 18:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 17:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 20:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 17:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 19:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 16:54:35
ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 21/03/2008 21:41:54
ANTIVIR3.VDF : 7.0.3.63 2048 Bytes 21/03/2008 21:41:54
AVEWIN32.DLL : 7.6.0.75 3334656 Bytes 18/03/2008 21:36:37
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 15:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 12:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 18:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 15/01/2008 22:37:48
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 12:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 17:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 12:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 16:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 17:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 17:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 14:37:21

Configuration settings for the scan:
Jobname…: Complete system scan
Configuration file…: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging…: low
Primary action…: interactive
Secondary action…: ignore
Scan master boot sector…: off
Scan boot sector…: on
Boot sectors…: F:,
Scan memory…: on
Process scan…: on
Scan registry…: on
Search for rootkits…: off
Scan all files…: Intelligent file selection
Scan archives…: on
Recursion depth…: 20
Smart extensions…: on
Macro heuristic…: on
File heuristic…: medium

Start of the scan: samedi 22 mars 2008 14:09

The scan of running processes will be started
Scan process ‘avscan.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘notepad.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘notepad.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘HijackThis.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘avcenter.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘WLLoginProxy.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘iexplore.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘msnmsgr.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘hpqste08.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘PCLEScheduler.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘hpqtra08.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘dslmon.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘emule.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘usnsvc.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘wuauclt.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘devldr32.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘jucheck.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘wscntfy.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘alg.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘iPodService.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘ADSL Autoconnect.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘DesktopSearchService.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘GoogleToolbarNotifier.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘ctfmon.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘avgnt.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘TaskBarIcon.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘ECB.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘MaBtSh.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘qttask.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘iTunesHelper.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘realsched.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘jusched.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘remoterm.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘hpwuSchd2.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘CnxMon.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘nvsvc32.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘mdm.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘sched.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘explorer.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘avguard.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘spoolsv.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘lsass.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘services.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘winlogon.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘csrss.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘smss.exe’ - ‘1’ Module(s) have been scanned
52 processes with 52 modules were scanned

Start scanning boot sectors:
Boot sector ‘C:’
[NOTE] No virus was found!
Boot sector ‘F:’
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( ‘42’ files ).

Starting the file scan:

Begin scan in ‘C:’
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\48492c7b.qua
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\WINDOWS\system32\drivers\atapi.sys
[WARNING] The file could not be opened!
Begin scan in ‘F:’

End of the scan: samedi 22 mars 2008 18:31
Used time: 4:22:07 min

The scan has been done completely.

11136 Scanning directories
617490 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
1 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
617489 Files not concerned
6792 Archives were scanned
3 Warnings
179 Notes

Tu peux me donner le chemin pour aller dans ce dossier ???

Tous ces fichiers temp ne sont pas importants ?
J’ai commencé a les supprimer et il y en a un qui me dit acces refusé c’est normal ?? (Il se trouve dans le dossier C:\Documents and Settings*************\Local Settings\Temp sinon pour les autres je les ai fait). Si il ne se supprime pas je fais quoi ? Sinon pour les autres dossiers j’ai supprimé les dossiers qua et temp sauf pour C:\Documents and Settings*************\Local Settings\Temp

J’ai effacé les fichiers que je pouvais mais je pas réussi a telecharger unlocker le telechargement ne se fais pas quand je clik sur telecharger.

Merci ultrahardcore pour ton aide :super: