Win32:SdBot-4142 [Résolu]

slt,



scan avec vundofix (colle le rapport)

Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.

Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.
_________________

puis :


virtumondebegone (colle le rapport)

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

_________________

combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe


puis recolle un rapport hijakthis

slt,
beaucoups de fichiers suspect qu'il te faut analyser sur virus total,
les fichiers inféctés tu les rajoutent dans la citation de otmovit pour le virer et tu me colle le rapport ainsi qu"un nouveau hiacjkthis et tu me dis tes problemes:

http://www.virustotal.com/fr/



C:\WINDOWS\system32\byxvvtq.dll
C:\WINDOWS\system32\ddcddca.dll
C:\WINDOWS\system32\khffgge.dll
C:\WINDOWS\system32\xxyxuts.dll
C:\WINDOWS\system32\gebyxwu.dll
C:\WINDOWS\system32\cbxxvtt.dll
C:\WINDOWS\system32\iifgeba.dll
C:\WINDOWS\system32\fccdaxx.dll
C:\WINDOWS\system32\jkkhghe.dll
C:\WINDOWS\system32\vtuvwuv.dll
C:\WINDOWS\system32\gebcyyv.dll
C:\WINDOWS\system32\pxafs.dll
C:\WINDOWS\system32\pxcpyi64.exe
C:\WINDOWS\system32\pxinsi64.exe
C:\WINDOWS\system32\dzip32.dll
C:\WINDOWS\system32\RTELM.dll
C:\WINDOWS\system32\xxyxyvw.dll
C:\WINDOWS\system32\pmnnnlk.dll
C:\WINDOWS\system32\byxxvur.dll
C:\WINDOWS\system32\tuvuurq.dll
C:\WINDOWS\system32\caxulyly.ini
C:\WINDOWS\system32\ylyluxac.dll
C:\WINDOWS\system32\lhoryqgg.exe
C:\WINDOWS\system32\ddcdeca.dll
C:\WINDOWS\system32\urqpqqo.dll
C:\WINDOWS\system32\urqrqnn.dll
C:\WINDOWS\system32\qomkljj.dll
C:\WINDOWS\system32\opnmmml.dll
C:\WINDOWS\system32\opnlkkl.dll
C:\WINDOWS\system32\asabkeri.ini
C:\WINDOWS\system32\irekbasa.dll
C:\WINDOWS\system32\fviqhlgu.dll
C:\WINDOWS\system32\opnnmlm.dll
C:\WINDOWS\system32\ljjgdby.dll
C:\WINDOWS\AU_Temp
C:\WINDOWS\system32\awtspol.dll.vir
C:\WINDOWS\system32\jclqwvde.dll
C:\WINDOWS\system32\cmmewkdk.ini
C:\WINDOWS\system32\kdkwemmc.dll
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\vurhctsr.ini
C:\WINDOWS\system32\nnnllkk.dll
C:\WINDOWS\system32\pmnlifg.dll
C:\WINDOWS\system32\gebxyww.dll
C:\WINDOWS\system32\khfdefd.dll
C:\WINDOWS\system32\rqrsrqo.dll
C:\WINDOWS\system32\efcayya.dll
C:\WINDOWS\system32\yayaxur.dll
C:\WINDOWS\system32\gebcbbc.dll
C:\WINDOWS\system32\ddcdaya.dll
C:\WINDOWS\system32\ddcaxuv.dll
C:\WINDOWS\system32\vtutqno.dll
C:\WINDOWS\system32\wvusppp.dll
C:\WINDOWS\system32\rqrolli.dll
C:\WINDOWS\system32\opnmjgd.dll
C:\WINDOWS\system32\yayawvv.dll
C:\WINDOWS\system32\wvuuutr.dll
C:\WINDOWS\system32\nnnkllm.dll
C:\WINDOWS\system32\tuvvvwt.dll
C:\WINDOWS\system32\byxwxwv.dll
C:\WINDOWS\system32\smtsvc.exe



_________________


télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :


C:\WINDOWS\system32\opnlklk.dll.vir
C:\WINDOWS\system32\cbxwvtt.dll.vir
C:\WINDOWS\system32\awtrsqr.dll.vir
C:\WINDOWS\system32\wxsfbxbz.dll.vir

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.


a plus

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:36:20, on 28/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Caere\OMNIPA~1.0\opware32.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\WINDOWS\system32\smtsvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SpamPal\spampal.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\abcde.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [OmniPage] C:\PROGRA~1\Caere\OMNIPA~1.0\opware32.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB002" /M "Stylus D68"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB003" /M "Stylus CX3600"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [System Terminal Storage] smtsvc.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WellPhone DirectSync - ScheduleSync] C:\PROGRA~1\WELLPH~1\SCHEDU~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /M "Stylus D68" /EF "HKCU"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/...
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2mail.com/static/apps/utils/AccountHelper.cab
O16 - DPF: {B0A451A6-A5A6-11D4-A790-0010A4E6086F} (GettyFinder2 Control) - file://D:\activex\GettyFinder2.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C4D88B8E-352B-11D6-BF77-0080C740A177} (Setup Class) - http://europe.samsungportal.com/EP/web/common/cabfiles/ActiveXSetup.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/chuzzle/popcaploader_v6.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

slt hé oui vundo t'avais pas loupé!!!!


vire ce qui est dans moved files en allant dans poste de travail puis C...

C:\_OTMoveIt\MovedFiles

__________________


SPYWAREBLASTER pour immuniser le système contre vundoqu_e tu avais mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

http://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/28872.html


______________

je te conseille de remplacer avast par antivir plus efficace et de me coller un rapport
http://www.malekal.com/tutorial_antivir.php (merci Malekal)


ou sinon colle moi un rapport panda en ligne (desactiver avast le temps du scan)


Panda en ligne :
http://www.pandasoftware.fr/Activescan/Activescan.html


si il y a rien c'est bon pour toi!!!!!











pour protéger gratos ton ordi

http://www.commentcamarche.net/telecharger/logiciel 4 securite

mettre un antivirus

AVAST en français ou ANTIVIR (en anglais mais très efficace)
http://www.malekal.com/tutorial_antivir.php (merci Malekal)
-------------
des anti-espions:

AD AWARE + SPYBOT +/- si tea timer de spybot non activé WINDOWS DEFENDER ou SPYWARE TERMINATOR

+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...


--------
un pare feu :
celui de Windows ou mieux KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

http://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
http://manuelsdaide.com/Internet/Jetico/firewall.htm
http://www.open-files.com/forum/index.php?showtopic=29277
http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm

-----------

CCLEANER pour effacer les traces de surf

merci de ces indications

voici le rapport de Panda:
;***********************************************************************************************************************************************************************************
ANALYSIS: 2007-11-29 20:27:47
PROTECTIONS: 1
MALWARE: 20
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.7.1043 [VPS 071128-0] 4.7.1043 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\system32\Process.exe
00139535 Application/Processor HackTools No 0 No No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP3\A0002041.exe[²ƒÇ]
00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP3\A0002060.exe
00139535 Application/Processor HackTools No 0 No No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP4\A0005258.exe[²ƒÇ]
00139535 Application/Processor HackTools No 0 No No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP11\A0005918.exe[²ƒÇ]
00145775 dialer.ags Dialers No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{018B7EC3-EECA-11D3-8E71-0000E82C6C0D}
00145775 dialer.ags Dialers No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{86EEF11E-FF16-48CE-B1A2-474B663041A9}
00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\Guillaume\Cookies\guillaume@ccbill[1].txt
00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\Anthony\Cookies\anthony@ccbill[2].txt
00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\Nicolas\Cookies\nicolas@ccbill[2].txt
00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\Administrateur\Bureau\anthony\Documents and Settings\Sylvie\Mes documents\Mes documents\Cookies\nicolas@ccbill[2].txt
00162900 Cookie/MediaTickets TrackingCookie No 0 Yes No C:\Documents and Settings\Nicolas\Cookies\nicolas@kinghost[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Anthony_2\Cookies\anthony_2@com[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Anthony_2\Cookies\anthony_2@xiti[1].txt
00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\Documents and Settings\Administrateur\Bureau\anthony\Documents and Settings\Sylvie\Cookies\antony@fe.lea.lycos[1].txt
00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\Documents and Settings\Administrateur\Bureau\anthony\Documents and Settings\Guillaume\Mes documents\Guillaume\Cookies\guillaume@fe.lea.lycos[1].txt
00168108 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\Guillaume\Cookies\guillaume@web.tickle[2].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Guillaume\Cookies\guillaume@target[2].txt
00517584 Application/SuperFast HackTools No 0 Yes No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP3\A0002062.exe
00519333 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP11\A0005918.exe
00519333 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP3\A0002041.exe
00519333 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP4\A0005258.exe
01262593 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP4\A0005257.exe[nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP4\A0005257.exe[nircmd.exe]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP4\A0004254.exe
01262593 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP11\A0005920.exe[nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP11\A0005920.exe[nircmd.exe]
01262593 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP3\A0002045.exe[nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP3\A0002045.exe[nircmd.exe]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP11\A0005861.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\NirCmd.exe
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP3\A0002061.exe
02688344 Spyware/Virtumonde Spyware No 1 Yes No Dossiers locaux\Éléments envoyés\scan\lhoryqgg.exe
02688344 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP13\A0006034.exe
02688344 Spyware/Virtumonde Spyware No 1 Yes No Dossiers locaux\Éléments envoyés\scan-\lhoryqgg.exe
02804185 Bck/IRCbot.BJQ Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP13\A0006047.exe
02808204 Spyware/Vundo Spyware No 0 Yes No Dossiers locaux\Éléments envoyés\scan\nnnkllm.dll
02808204 Spyware/Vundo Spyware No 0 Yes No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP13\A0006045.dll
02808204 Spyware/Vundo Spyware No 0 Yes No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP13\A0006046.dll
02808204 Spyware/Vundo Spyware No 0 Yes No Dossiers locaux\Éléments envoyés\scan\tuvvvwt.dll
02808204 Spyware/Vundo Spyware No 0 Yes No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP13\A0006042.dll
02808204 Spyware/Vundo Spyware No 0 Yes No Dossiers locaux\Éléments envoyés\scan\wvuuutr.dll
02808204 Spyware/Vundo Spyware No 0 Yes No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP13\A0006049.dll
02808204 Spyware/Vundo Spyware No 0 Yes No Dossiers locaux\Éléments envoyés\scan\yayawvv.dll
02808204 Spyware/Vundo Spyware No 0 Yes No Dossiers locaux\Éléments envoyés\scan\byxwxwv.dll
02808204 Spyware/Vundo Spyware No 0 Yes No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP13\A0006052.dll
02808204 Spyware/Vundo Spyware No 0 Yes No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP13\A0006055.dll
02808204 Spyware/Vundo Spyware No 0 Yes No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP13\A0006056.dll
02808204 Spyware/Vundo Spyware No 0 Yes No Dossiers locaux\Éléments envoyés\scan\rqrolli.dll
02808204 Spyware/Vundo Spyware No 0 Yes No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP13\A0006059.dll
02808204 Spyware/Vundo Spyware No 0 Yes No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP13\A0006060.dll
02808204 Spyware/Vundo Spyware No 0 Yes No Dossiers locaux\Éléments envoyés\scan\nnnllkk.dll
02808204 Spyware/Vundo Spyware No 0 Yes No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP13\A0006036.dll
02808204 Spyware/Vundo Spyware No 0 Yes No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP13\A0006039.dll
02808204 Spyware/Vundo Spyware No 0 Yes No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP13\A0006032.dll
02808204 Spyware/Vundo Spyware No 0 Yes No Dossiers locaux\Éléments envoyés\scan\pmnlifg.dll
02808204 Spyware/Vundo Spyware No 0 Yes No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP13\A0006037.dll
02808204 Spyware/Vundo Spyware No 0 Yes No Dossiers locaux\Éléments envoyés\scan\opnmjgd.dll
02808204 Spyware/Vundo Spyware No 0 Yes No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP13\A0006025.dll
02808204 Spyware/Vundo Spyware No 0 Yes No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP13\A0006023.dll
02808204 Spyware/Vundo Spyware No 0 Yes No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP13\A0006020.dll
02808204 Spyware/Vundo Spyware No 0 Yes No Dossiers locaux\Éléments envoyés\scan\wvusppp.dll
02808204 Spyware/Vundo Spyware No 0 Yes No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP13\A0006017.dll
02808204 Spyware/Vundo Spyware No 0 Yes No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP13\A0006016.dll
02808204 Spyware/Vundo Spyware No 0 Yes No Dossiers locaux\Éléments envoyés\scan\vtutqno.dll
02808204 Spyware/Vundo Spyware No 0 Yes No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP13\A0006011.dll
02808204 Spyware/Vundo Spyware No 0 Yes No Dossiers locaux\Éléments envoyés\scan\ddcaxuv.dll
02808204 Spyware/Vundo Spyware No 0 Yes No Dossiers locaux\Éléments envoyés\scan\ddcdaya.dll
02808204 Spyware/Vundo Spyware No 0 Yes No Dossiers locaux\Éléments envoyés\scan\gebcbbc.dll
02808204 Spyware/Vundo Spyware No 0 Yes No Dossiers locaux\Éléments envoyés\scan\yayaxur.dll
02808204 Spyware/Vundo Spyware No 0 Yes No Dossiers locaux\Éléments envoyés\scan\efcayya.dll
02808204 Spyware/Vundo Spyware No 0 Yes No Dossiers locaux\Éléments envoyés\scan\gebxyww.dll
02808204 Spyware/Vundo Spyware No 0 Yes No Dossiers locaux\Éléments envoyés\scan\khfdefd.dll
02808204 Spyware/Vundo Spyware No 0 Yes No Dossiers locaux\Éléments envoyés\scan\rqrsrqo.dll
02812177 Spyware/Virtumonde Spyware No 1 Yes No Dossiers locaux\Éléments envoyés\scan\irekbasa.dll
02812177 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP13\A0006031.dll
02812177 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP13\A0006061.dll
02812177 Spyware/Virtumonde Spyware No 1 Yes No Dossiers locaux\Éléments envoyés\scan\kdkwemmc.dll
02812177 Spyware/Virtumonde Spyware No 1 Yes No Dossiers locaux\Éléments envoyés\scan\irekbasa.dll
02812177 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP13\A0006028.dll
02812177 Spyware/Virtumonde Spyware No 1 Yes No Dossiers locaux\Éléments envoyés\scan-\ylyluxac.dll
02812177 Spyware/Virtumonde Spyware No 1 Yes No Dossiers locaux\Éléments envoyés\scan-\irekbasa.dll
02862027 Trj/Inject.AA Virus/Trojan No 0 Yes No Dossiers locaux\Éléments envoyés\scan\awtspol.dll.vir
02870137 Spyware/Virtumonde Spyware No 1 Yes No Dossiers locaux\Éléments envoyés\scan-\opnmmml.dll
02870137 Spyware/Virtumonde Spyware No 1 Yes No Dossiers locaux\Éléments envoyés\scan-\opnlkkl.dll
02870137 Spyware/Virtumonde Spyware No 1 Yes No Dossiers locaux\Éléments envoyés\scan-\urqpqqo.dll
02870137 Spyware/Virtumonde Spyware No 1 Yes No Dossiers locaux\Éléments envoyés\scan-\qomkljj.dll
02870137 Spyware/Virtumonde Spyware No 1 Yes No Dossiers locaux\Éléments envoyés\scan-\urqrqnn.dll
02870137 Spyware/Virtumonde Spyware No 1 Yes No Dossiers locaux\Éléments envoyés\scan-\ddcdeca.dll
02870137 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP13\A0006038.dll
02870137 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP13\A0006040.dll
02870137 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP13\A0006044.dll
02870137 Spyware/Virtumonde Spyware No 1 Yes No Dossiers locaux\Éléments envoyés\scan-\opnmmml.dll
02870137 Spyware/Virtumonde Spyware No 1 Yes No Dossiers locaux\Éléments envoyés\scan-\qomkljj.dll
02870137 Spyware/Virtumonde Spyware No 1 Yes No Dossiers locaux\Éléments envoyés\scan-\ddcdeca.dll
02870137 Spyware/Virtumonde Spyware No 1 Yes No Dossiers locaux\Éléments envoyés\scan-\urqpqqo.dll
02870137 Spyware/Virtumonde Spyware No 1 Yes No Dossiers locaux\Éléments envoyés\scan-\urqrqnn.dll
02870137 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP13\A0006050.dll
02870137 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP13\A0006051.dll
02870137 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP13\A0006019.dll
02874327 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP13\A0006012.dll
02874327 Spyware/Virtumonde Spyware No 1 Yes No Dossiers locaux\Éléments envoyés\scan-\xxyxyvw.dll
02874327 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP13\A0006058.dll
02874327 Spyware/Virtumonde Spyware No 1 Yes No Dossiers locaux\Éléments envoyés\scan-\pmnnnlk.dll
02874327 Spyware/Virtumonde Spyware No 1 Yes No Dossiers locaux\Éléments envoyés\scan-\byxxvur.dll
02874327 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP13\A0006048.dll
02874327 Spyware/Virtumonde Spyware No 1 Yes No Dossiers locaux\Éléments envoyés\scan-\xxyxyvw.dll
02874327 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP13\A0006043.dll
02874327 Spyware/Virtumonde Spyware No 1 Yes No Dossiers locaux\Éléments envoyés\scan-\pmnnnlk.dll
02874327 Spyware/Virtumonde Spyware No 1 Yes No Dossiers locaux\Éléments envoyés\scan-\tuvuurq.dll
02874327 Spyware/Virtumonde Spyware No 1 Yes No Dossiers locaux\Éléments envoyés\scan-\tuvuurq.dll
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================


c'est pas gagné!! y-a-t-il un espoir?

la semaine derniere et encore il y a 3 jours j'avais passé vundofix, virtumundobegene, combofix.

entretemps aujourd'hui j'avais fait une analyse par Superantispyware...

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/29/2007 at 02:55 PM

Application Version : 3.9.1008

Core Rules Database Version : 3352
Trace Rules Database Version: 1351

Scan type : Complete Scan
Total Scan Time : 05:21:25

Memory items scanned : 472
Memory threats detected : 0
Registry items scanned : 7044
Registry threats detected : 4
File items scanned : 63248
File threats detected : 168

Browser Hijacker.Apropos Media/PeopleOnPage
HKLM\Software\Classes\CLSID\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{7DD95801-9882-11CF-9FA9-00AA006C42C4}\800

Adware.Vundo Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{162C6BC2-E852-4D45-B139-E8A6737F1054}
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\IIFGEBA.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\PMNNNLK.DLL

Adware.Tracking Cookie
C:\Documents and Settings\Anthony_2\Cookies\anthony_2@atdmt[2].txt
C:\Documents and Settings\Anthony_2\Cookies\anthony_2@revsci[2].txt
C:\Documents and Settings\Anthony_2\Cookies\anthony_2@weborama[2].txt
C:\Documents and Settings\Anthony_2\Cookies\anthony_2@cgi-bin[1].txt
C:\Documents and Settings\Anthony_2\Cookies\anthony_2@msnportal.112.2o7[1].txt
C:\Documents and Settings\Anthony_2\Cookies\anthony_2@xiti[1].txt
C:\Documents and Settings\Administrateur\Bureau\anthony\Documents and Settings\Antony\Cookies\antony@ads.wanadooregie[1].txt
C:\Documents and Settings\Administrateur\Bureau\anthony\Documents and Settings\Antony\Cookies\antony@adv.surinter[2].txt
C:\Documents and Settings\Administrateur\Bureau\anthony\Documents and Settings\Antony\Cookies\antony@stats.nordnet[1].txt
C:\Documents and Settings\Administrateur\Bureau\anthony\Documents and Settings\Antony\Cookies\antony@windowsmedia[1].txt
C:\Documents and Settings\Administrateur\Bureau\anthony\Documents and Settings\Antony\Cookies\antony@xiti[1].txt
C:\Documents and Settings\Administrateur\Bureau\anthony\Documents and Settings\Guillaume\Cookies\guillaume@stats.nordnet[2].txt
C:\Documents and Settings\Administrateur\Bureau\anthony\Documents and Settings\Guillaume\Mes documents\Guillaume\Cookies\guillaume@ads.wanadooregie[1].txt
C:\Documents and Settings\Administrateur\Bureau\anthony\Documents and Settings\Guillaume\Mes documents\Guillaume\Cookies\guillaume@sexxx.xxxhard[1].txt
C:\Documents and Settings\Administrateur\Bureau\anthony\Documents and Settings\Guillaume\Mes documents\Guillaume\Cookies\guillaume@sexxx.xxxhotgirl[2].txt
C:\Documents and Settings\Administrateur\Bureau\anthony\Documents and Settings\Guillaume\Mes documents\Guillaume\Cookies\guillaume@web.xxxhotgirl[1].txt
C:\Documents and Settings\Administrateur\Bureau\anthony\Documents and Settings\Guillaume\Mes documents\Guillaume\Cookies\guillaume@www.visiostats[1].txt
C:\Documents and Settings\Administrateur\Bureau\anthony\Documents and Settings\Guillaume\Mes documents\Guillaume\Cookies\guillaume@xiti[1].txt
C:\Documents and Settings\Administrateur\Bureau\anthony\Documents and Settings\Sylvie\Cookies\antony@ads.gorillanation[1].txt
C:\Documents and Settings\Administrateur\Bureau\anthony\Documents and Settings\Sylvie\Cookies\antony@ads.wanadooregie[1].txt
C:\Documents and Settings\Administrateur\Bureau\anthony\Documents and Settings\Sylvie\Cookies\antony@adv.surinter[1].txt
C:\Documents and Settings\Administrateur\Bureau\anthony\Documents and Settings\Sylvie\Cookies\antony@mediamgr.ugo[2].txt
C:\Documents and Settings\Administrateur\Bureau\anthony\Documents and Settings\Sylvie\Cookies\antony@tracker.affistats[1].txt
C:\Documents and Settings\Administrateur\Bureau\anthony\Documents and Settings\Sylvie\Cookies\antony@www.chickentraffic[1].txt
C:\Documents and Settings\Administrateur\Bureau\anthony\Documents and Settings\Sylvie\Cookies\antony@www.cyberosex[1].txt
C:\Documents and Settings\Administrateur\Bureau\anthony\Documents and Settings\Sylvie\Cookies\antony@www.roadsexe[1].txt
C:\Documents and Settings\Administrateur\Bureau\anthony\Documents and Settings\Sylvie\Cookies\antony@www.sexycelebrities[2].txt
C:\Documents and Settings\Administrateur\Bureau\anthony\Documents and Settings\Sylvie\Cookies\antony@xiti[1].txt
C:\Documents and Settings\Administrateur\Bureau\anthony\Documents and Settings\Sylvie\Mes documents\Mes documents\Cookies\nicolas@ad.wedoo[1].txt
C:\Documents and Settings\Administrateur\Bureau\anthony\Documents and Settings\Sylvie\Mes documents\Mes documents\Cookies\nicolas@ads.wanadooregie[1].txt
C:\Documents and Settings\Administrateur\Bureau\anthony\Documents and Settings\Sylvie\Mes documents\Mes documents\Cookies\nicolas@topliste[1].txt
C:\Documents and Settings\Administrateur\Bureau\anthony\Documents and Settings\Sylvie\Mes documents\Mes documents\Cookies\nicolas@windowsmedia[1].txt
C:\Documents and Settings\Administrateur\Bureau\anthony\Documents and Settings\Sylvie\Mes documents\Mes documents\Cookies\nicolas@www.adultes-xl[1].txt
C:\Documents and Settings\Administrateur\Bureau\anthony\Documents and Settings\Sylvie\Mes documents\Mes documents\Cookies\nicolas@www.monstre-de-sexe[1].txt
C:\Documents and Settings\Administrateur\Bureau\anthony\Documents and Settings\Sylvie\Mes documents\Mes documents\Cookies\nicolas@www.plusdesexe[1].txt
C:\Documents and Settings\Administrateur\Bureau\anthony\Documents and Settings\Sylvie\Mes documents\Mes documents\Cookies\nicolas@www.pornogratuit[2].txt
C:\Documents and Settings\Administrateur\Bureau\anthony\Documents and Settings\Sylvie\Mes documents\Mes documents\Cookies\nicolas@www.porntwist[1].txt
C:\Documents and Settings\Administrateur\Bureau\anthony\Documents and Settings\Sylvie\Mes documents\Mes documents\Cookies\nicolas@www.roadsexe[1].txt
C:\Documents and Settings\Administrateur\Bureau\anthony\Documents and Settings\Sylvie\Mes documents\Mes documents\Cookies\nicolas@www.sexerevolution[1].txt
C:\Documents and Settings\Administrateur\Bureau\anthony\Documents and Settings\Sylvie\Mes documents\Mes documents\Cookies\nicolas@www.sexysympa[1].txt
C:\Documents and Settings\Administrateur\Bureau\anthony\Documents and Settings\Sylvie\Mes documents\Mes documents\Cookies\nicolas@www.wanna-sex[1].txt
C:\Documents and Settings\Administrateur\Bureau\anthony\Documents and Settings\Sylvie\Mes documents\Mes documents\Cookies\nicolas@xiti[1].txt
C:\Documents and Settings\Anthony\Cookies\anthony@adultbouncer[1].txt
C:\Documents and Settings\Anthony\Cookies\anthony@adv.surinter[2].txt
C:\Documents and Settings\Anthony\Cookies\anthony@counter.mycomputer[1].txt
C:\Documents and Settings\Anthony\Cookies\anthony@windowsmedia[1].txt
C:\Documents and Settings\Anthony\Cookies\anthony@www.netdebit-counter[1].txt
C:\Documents and Settings\Anthony\Cookies\anthony@www.serial-gamer[1].txt
C:\Documents and Settings\Anthony\Cookies\anthony@xiti[1].txt
C:\Documents and Settings\Anthony_2\Cookies\anthony_2@www.admedia365[2].txt
C:\Documents and Settings\compta\Cookies\compta@xiti[1].txt
C:\Documents and Settings\Guillaume\Cookies\guillaume@ad.abum[1].txt
C:\Documents and Settings\Guillaume\Cookies\guillaume@ad.ifrance[1].txt
C:\Documents and Settings\Guillaume\Cookies\guillaume@ad.zanox[1].txt
C:\Documents and Settings\Guillaume\Cookies\guillaume@ads.wanadooregie[1].txt
C:\Documents and Settings\Guillaume\Cookies\guillaume@adv.surinter[1].txt
C:\Documents and Settings\Guillaume\Cookies\guillaume@advertstream[2].txt
C:\Documents and Settings\Guillaume\Cookies\guillaume@azjmp[2].txt
C:\Documents and Settings\Guillaume\Cookies\guillaume@click.cashengines[2].txt
C:\Documents and Settings\Guillaume\Cookies\guillaume@clickintext[1].txt
C:\Documents and Settings\Guillaume\Cookies\guillaume@clicksor[1].txt
C:\Documents and Settings\Guillaume\Cookies\guillaume@clicktorrent[1].txt
C:\Documents and Settings\Guillaume\Cookies\guillaume@fr.slidein.clickintext[1].txt
C:\Documents and Settings\Guillaume\Cookies\guillaume@imrworldwide[2].txt
C:\Documents and Settings\Guillaume\Cookies\guillaume@largegirlsxxx[1].txt
C:\Documents and Settings\Guillaume\Cookies\guillaume@multimedia.ftpk[1].txt
C:\Documents and Settings\Guillaume\Cookies\guillaume@smileycentral[1].txt
C:\Documents and Settings\Guillaume\Cookies\guillaume@stats.canalblog[2].txt
C:\Documents and Settings\Guillaume\Cookies\guillaume@stats[1].txt
C:\Documents and Settings\Guillaume\Cookies\guillaume@teengirls.w5[1].txt
C:\Documents and Settings\Guillaume\Cookies\guillaume@track.effiliation[1].txt
C:\Documents and Settings\Guillaume\Cookies\guillaume@tracker.roitesting[2].txt
C:\Documents and Settings\Guillaume\Cookies\guillaume@tracking.polenord[2].txt
C:\Documents and Settings\Guillaume\Cookies\guillaume@tracking.veille-referencement[1].txt
C:\Documents and Settings\Guillaume\Cookies\guillaume@usenext[1].txt
C:\Documents and Settings\Guillaume\Cookies\guillaume@vhost.oddcast[2].txt
C:\Documents and Settings\Guillaume\Cookies\guillaume@webstats[1].txt
C:\Documents and Settings\Guillaume\Cookies\guillaume@www.adulteid[2].txt
C:\Documents and Settings\Guillaume\Cookies\guillaume@xiti[1].txt
C:\Documents and Settings\Guillaume\Cookies\guillaume@yourmedia[1].txt
C:\Documents and Settings\Nicolas\Cookies\nicolas@acvsrv.mediaonenetwork[2].txt
C:\Documents and Settings\Nicolas\Cookies\nicolas@adcentriconline[2].txt
C:\Documents and Settings\Nicolas\Cookies\nicolas@adv.surinter[2].txt
C:\Documents and Settings\Nicolas\Cookies\nicolas@chokertraffic[2].txt
C:\Documents and Settings\Nicolas\Cookies\nicolas@counter.mycomputer[2].txt
C:\Documents and Settings\Nicolas\Cookies\nicolas@mediamgr.ugo[2].txt
C:\Documents and Settings\Nicolas\Cookies\nicolas@megateens[1].txt
C:\Documents and Settings\Nicolas\Cookies\nicolas@nettraffic[2].txt
C:\Documents and Settings\Nicolas\Cookies\nicolas@sexwideweb[1].txt
C:\Documents and Settings\Nicolas\Cookies\nicolas@tracker.affistats[1].txt
C:\Documents and Settings\Nicolas\Cookies\nicolas@trafficback[2].txt
C:\Documents and Settings\Nicolas\Cookies\nicolas@ultrafuckers[2].txt
C:\Documents and Settings\Nicolas\Cookies\nicolas@windowsmedia[1].txt
C:\Documents and Settings\Nicolas\Cookies\nicolas@www.chickentraffic[1].txt
C:\Documents and Settings\Nicolas\Cookies\nicolas@www.cutesexybabes[1].txt
C:\Documents and Settings\Nicolas\Cookies\nicolas@www.danceporn[1].txt
C:\Documents and Settings\Nicolas\Cookies\nicolas@www.freesexportal[2].txt
C:\Documents and Settings\Nicolas\Cookies\nicolas@www.keenporn[1].txt
C:\Documents and Settings\Nicolas\Cookies\nicolas@www.pmteens[2].txt
C:\Documents and Settings\Nicolas\Cookies\nicolas@www.porn-reborn[1].txt
C:\Documents and Settings\Nicolas\Cookies\nicolas@www.porninspector[2].txt
C:\Documents and Settings\Nicolas\Cookies\nicolas@www.pretty-teens[2].txt
C:\Documents and Settings\Nicolas\Cookies\nicolas@www.qualityporn[1].txt
C:\Documents and Settings\Nicolas\Cookies\nicolas@www.serial-gamer[2].txt
C:\Documents and Settings\Nicolas\Cookies\nicolas@www.sexydianas[2].txt
C:\Documents and Settings\Nicolas\Cookies\nicolas@www.teenax[1].txt
C:\Documents and Settings\Nicolas\Cookies\nicolas@www.xxxvogue[1].txt
C:\Documents and Settings\Nicolas\Cookies\nicolas@xiti[1].txt
C:\Documents and Settings\Nicolas\Cookies\nicolas@xxxgateway[2].txt

Adware.Vundo-Variant/Small-A
C:\SYSTEM VOLUME INFORMATION\_RESTORE{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP10\A0005475.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP9\A0005439.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\FVIQHLGU.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\IREKBASA.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\JCLQWVDE.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\KDKWEMMC.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\YLYLUXAC.DLL

Adware.Vundo-Variant/Small
C:\SYSTEM VOLUME INFORMATION\_RESTORE{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP11\A0005838.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP2\A0000030.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP3\A0002026.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP4\A0003228.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\BYXVVTQ.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\BYXWXWV.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\BYXXVUR.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\CBXXVTT.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\DDCAXUV.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\DDCDAYA.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\DDCDDCA.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\DDCDECA.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\EFCAYYA.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\FCCDAXX.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\GEBCBBC.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\GEBCYYV.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\GEBXYWW.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\GEBYXWU.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\JKKHGHE.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\KHFDEFD.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\KHFFGGE.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\LJJGDBY.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\NNNKLLM.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\NNNLLKK.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\OPNLKKL.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\OPNMJGD.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\OPNMMML.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\OPNNMLM.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\PMNLIFG.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\QOMKLJJ.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\RQROLLI.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\RQRSRQO.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\TUVUURQ.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\TUVVVWT.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\URQPQQO.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\URQRQNN.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\VTUTQNO.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\VTUVWUV.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\WVUSPPP.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\WVUUUTR.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\XXYXUTS.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\XXYXYVW.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\YAYAWVV.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\YAYAXUR.DLL

Adware.Vundo-Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP2\A0000036.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP3\A0002027.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP4\A0003215.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP4\A0004255.DLL

Trojan.Downloader-Gen/DDC
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\LHORYQGG.EXE

Trojan.Downloader-Gen
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\SMTSVC.EXE


j'ai donc Avast, aVG antispyware, spywareblaster.... Kerio comme pare-feu, Ccleaner, Ad-aware...

est-ce que ce serait bien de passer en firefox?

à ton avis?

à bientôt...

slt, beruacoups sont en securité dans otmovit


vire en allant dans poste de travail ce qui est dans movedfiles

C:\_OTMOVEIT\MOVEDFILES\

_____________

si tout c'est bien passé désactive la restauration système pour purger les virus qui seraient dedans
puis redemarre ton ordi
puis réactive là (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre)

_______________

lance ccleaner et vire les coookies


________________

refais et colle un rapport
avec panda pour voir ce qui reste qu'on suppriem

_________________
et
oui utilise firefox

_________________


a plus

j'ai fait un scan avec Panda, il ne trouve rien , mais je trouve qu'il va bien vite!!!

alors j'ai fait aussi un scan avec antivir:


AntiVir PersonalEdition Classic
Report file date: vendredi 30 novembre 2007 10:02

Scanning for 954643 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: ANTONY-9RYZD84K

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.1.0 1393152 Bytes 23/11/2007 09:01:01
ANTIVIR3.VDF : 7.0.1.26 189440 Bytes 30/11/2007 09:01:01
AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 30/11/2007 09:01:03
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: F:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: vendredi 30 novembre 2007 10:02

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'ashWebSv.exe' - '1' Module(s) have been scanned
Scan process 'ashMaiSv.exe' - '1' Module(s) have been scanned
Scan process 'spampal.exe' - '1' Module(s) have been scanned
Scan process 'SUPERAntiSpyware.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'HOMERunner.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'ashDisp.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'E_FATIAAE.EXE' - '1' Module(s) have been scanned
Scan process 'VM_STI.EXE' - '1' Module(s) have been scanned
Scan process 'OPware32.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'SMax4PNP.exe' - '1' Module(s) have been scanned
Scan process 'Directcd.exe' - '1' Module(s) have been scanned
Scan process 'EM_EXEC.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'SAgent2.exe' - '1' Module(s) have been scanned
Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned
Scan process 'btwdins.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '0' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'ashServ.exe' - '1' Module(s) have been scanned
Scan process 'aswUpdSv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
52 processes with 52 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'F:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '39' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\Panda Security\NanoScan\Engine\psnflg.dll
[DETECTION] Is the Trojan horse TR/Agent.bux.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP1\A0000008.dll
[DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738
[INFO] The file was moved to '47805bb7.qua'!
C:\System Volume Information\_restore{60EC76ED-B9AF-48BB-9BF2-89C051EBE9AE}\RP2\A0000020.dll
[DETECTION] Is the Trojan horse TR/Agent.bux.1
[INFO] The file was moved to '47805bc2.qua'!
Begin scan in 'F:\'
F:\pagefile.sys
[WARNING] The file could not be opened!


End of the scan: vendredi 30 novembre 2007 20:57
Used time: 10:55:08 min

The scan has been done completely.

9341 Scanning directories
314965 Files were scanned
3 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
1 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
314962 Files not concerned
2403 Archives were scanned
2 Warnings
0 Notes

j'ai donc supprimé les fichiers incriminés..

j'espere que ce sera suffisant

à bientôt

désactive la restauration système pour purger les virus qui seraient dedans

puis redemarre ton ordi

puis réactive là (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre)

__________________

recolle un rapport hiajckthis pour verifier


mais ca a l'air bon vu antivir et ton dernier rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:11:07, on 30/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
-C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Caere\OMNIPA~1.0\opware32.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SpamPal\spampal.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\abcde.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [OmniPage] C:\PROGRA~1\Caere\OMNIPA~1.0\opware32.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB002" /M "Stylus D68"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB003" /M "Stylus CX3600"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [System Terminal Storage] smtsvc.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WellPhone DirectSync - ScheduleSync] C:\PROGRA~1\WELLPH~1\SCHEDU~1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /M "Stylus D68" /EF "HKCU"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/...
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2mail.com/static/apps/utils/AccountHelper.cab
O16 - DPF: {B0A451A6-A5A6-11D4-A790-0010A4E6086F} (GettyFinder2 Control) - file://D:\activex\GettyFinder2.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C4D88B8E-352B-11D6-BF77-0080C740A177} (Setup Class) - http://europe.samsungportal.com/EP/web/common/cabfiles/ActiveXSetup.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/chuzzle/popcaploader_v6.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

O4 - HKLM\..\Run: [OmniPage] C:\PROGRA~1\Caere\OMNIPA~1.0\opware32.exe


O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll


O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab



_________________________

antivir est mieux que avast

___________________________

en antiespion mettre SPYBOT + SPYWAREBLASTER et ad aware en complement

(spywareblaster ne fait qu'immuniser et ne fais pas d'analyse a la recherche d'espions
__________________________

c'est bon pour toi!

merci de ton aide

en effet tout a l'air bien maintenant , j'espère ne plus entendre parler de vundo avant longtemps!