Probleme de Virus qui s'affichent tout le temps et de fenetres intempestive

Salut à tous,
Comme vous l'avez vu sur le titre, j'ai un gros probleme.
Mon antivirus affiche sans arret un virus toujours différents l'uns de l'autres.
Ensuite, quand je surfe sur internet, des pages s'ouvrent toutes seules.
Pour contrer cela, j'ai tenté de lancer adaware mais sans succes.
Voila le rapport d'hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 11:05:43, on 06/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
D:\WINDOWS\ALCXMNTR.EXE
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\MessengerPlus! 3\MsgPlus.exe
E:\internet\QuickTime\qttask.exe
D:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\MSI\Common\RaUI.exe
D:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\PROGRA~1\MICROS~2\rapimgr.exe
D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
D:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
E:\internet\BitComet\BitComet.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Messenger\msmsgs.exe
E:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\internet\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] D:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [runner1] D:\WINDOWS\retadpu2000352.exe 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [avp] D:\WINDOWS\TEMP\win10.tmp.exe
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "D:\WINDOWS\system32\pbmyfctl.dll",forkonce
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MSI Wireless Utility.lnk = D:\Program Files\MSI\Common\RaUI.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://E:\internet\Free Download Manager\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://E:\internet\Free Download Manager\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://E:\internet\Free Download Manager\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - D:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.3/g_bin/eng/words_2_0_0_46.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/eng/billard8_2_0_0_28.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/eng/snooker_2_0_0_28.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{01D47FBF-512C-4F85-B53B-4AC3E25F7BC7}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{48A6C257-A8E3-48EC-8BA5-B0C1248D85B6}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{01D47FBF-512C-4F85-B53B-4AC3E25F7BC7}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS2\Services\Tcpip\..\{01D47FBF-512C-4F85-B53B-4AC3E25F7BC7}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS3\Services\Tcpip\..\{01D47FBF-512C-4F85-B53B-4AC3E25F7BC7}: NameServer = 212.27.53.252,212.27.54.252
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: MsgPlusLoader.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe


Si vous pouvez m'aidez, je vous en serai tres reconnaissant.
Merci D'avance

bonjour

on voit en effet des infections

faire d'abord ceci avant d'attaquer le nettoyage
------

Clic-droit sur Hijackthis.exe qui est dans E:\ ==> renommer et écrire : test.exe

refaire un rapport

Logfile of HijackThis v1.99.1
Scan saved at 11:20:12, on 06/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
D:\WINDOWS\ALCXMNTR.EXE
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\MessengerPlus! 3\MsgPlus.exe
E:\internet\QuickTime\qttask.exe
D:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\MSI\Common\RaUI.exe
D:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\PROGRA~1\MICROS~2\rapimgr.exe
D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
D:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
E:\internet\BitComet\BitComet.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\Program Files\Messenger\msmsgs.exe
E:\hijackthis\test.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - D:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\internet\BitComet\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: (no name) - {51E17FF8-C9B5-4970-88AD-B87CD9AFE267} - D:\WINDOWS\system32\vtsqr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\internet\spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - D:\WINDOWS\system32\pegaeohr.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\internet\Free Download Manager\Free Download Manager\iefdmcks.dll
O2 - BHO: (no name) - {E9BD0828-1FD9-410C-A50F-43EBE65D310F} - D:\WINDOWS\system32\ddcabxy.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\internet\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] D:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [runner1] D:\WINDOWS\retadpu2000352.exe 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [avp] D:\WINDOWS\TEMP\win10.tmp.exe
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "D:\WINDOWS\system32\pbmyfctl.dll",forkonce
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MSI Wireless Utility.lnk = D:\Program Files\MSI\Common\RaUI.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://E:\internet\Free Download Manager\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://E:\internet\Free Download Manager\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://E:\internet\Free Download Manager\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - D:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.3/g_bin/eng/words_2_0_0_46.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/eng/billard8_2_0_0_28.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/eng/snooker_2_0_0_28.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{01D47FBF-512C-4F85-B53B-4AC3E25F7BC7}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{48A6C257-A8E3-48EC-8BA5-B0C1248D85B6}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{01D47FBF-512C-4F85-B53B-4AC3E25F7BC7}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS2\Services\Tcpip\..\{01D47FBF-512C-4F85-B53B-4AC3E25F7BC7}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS3\Services\Tcpip\..\{01D47FBF-512C-4F85-B53B-4AC3E25F7BC7}: NameServer = 212.27.53.252,212.27.54.252
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: ddcabxy - D:\WINDOWS\SYSTEM32\ddcabxy.dll
O20 - Winlogon Notify: vtsqr - D:\WINDOWS\system32\vtsqr.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winpsa32 - D:\WINDOWS\SYSTEM32\winpsa32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

Voila qui fait :)

ainsi c'est confirmé = infection Vundo


Télécharger sur le bureau
VirtumondoBegone

=Double clic sur VirtumundoBeGone.exe
=clic Continue ==> clic Start
=clic Oui
=A la fin si Vundo est présent , le PC s’éteint et redémarre

Si Ecran bleu et message : Erreur fatale .. pas de problème

=Poster le rapport VBG.TXT qui est sur le bureau

puis

Télécharger sur le Bureau.
VundoFix

= Double-clic VundoFix.exe.
= Clic OK
=Attendre le redemarrage de Vundofix
=Clic Scan for Vundo
= le scan est assez long (1à2h) , à la fin
=Clic Remove Vundo
= Puis yes
= Le Bureau disparaît un moment lors de la suppression des fichiers.
=Message shutdown
=clic oui
=Redémarrage auto
Note : il peut y avoir plusieurs redémarrages
=copier le rapport qui est dans C:\vundofix.txt


+

nouveau rapport hijack (test.exe)

Voici le rapport VBG.txt qui est apparu sur le bureau:

[08/06/2007, 11:31:21] - VirtumundoBeGone v1.5 ( "D:\Documents and Settings\Umut\Bureau\VirtumundoBeGone.exe" )
[08/06/2007, 11:31:23] - Detected System Information:
[08/06/2007, 11:31:23] - Windows Version: 5.1.2600, Service Pack 2
[08/06/2007, 11:31:23] - Current Username: Umut (Admin)
[08/06/2007, 11:31:23] - Windows is in NORMAL mode.
[08/06/2007, 11:31:23] - Searching for Browser Helper Objects:
[08/06/2007, 11:31:23] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[08/06/2007, 11:31:23] - BHO 2: {243B17DE-77C7-46BF-B94B-0B5F309A0E64} ()
[08/06/2007, 11:31:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/06/2007, 11:31:23] - Checking for HKLM\...\Winlogon\Notify\mnyside
[08/06/2007, 11:31:23] - Key not found: HKLM\...\Winlogon\Notify\mnyside, continuing.
[08/06/2007, 11:31:23] - BHO 3: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[08/06/2007, 11:31:23] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[08/06/2007, 11:31:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/06/2007, 11:31:23] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[08/06/2007, 11:31:23] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[08/06/2007, 11:31:23] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[08/06/2007, 11:31:23] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[08/06/2007, 11:31:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/06/2007, 11:31:23] - No filename found. Continuing.
[08/06/2007, 11:31:23] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[08/06/2007, 11:31:23] - BHO 8: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[08/06/2007, 11:31:23] - BHO 9: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[08/06/2007, 11:31:23] - BHO 10: {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} ()
[08/06/2007, 11:31:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/06/2007, 11:31:23] - Checking for HKLM\...\Winlogon\Notify\pegaeohr
[08/06/2007, 11:31:23] - Key not found: HKLM\...\Winlogon\Notify\pegaeohr, continuing.
[08/06/2007, 11:31:23] - BHO 11: {C7C86961-5BFD-4393-B141-60B59C25C8E1} ()
[08/06/2007, 11:31:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/06/2007, 11:31:23] - Checking for HKLM\...\Winlogon\Notify\vtsqr
[08/06/2007, 11:31:23] - Found: HKLM\...\Winlogon\Notify\vtsqr - This is probably Virtumundo.
[08/06/2007, 11:31:23] - Assigning {C7C86961-5BFD-4393-B141-60B59C25C8E1} MSEvents Object
[08/06/2007, 11:31:23] - BHO list has been changed! Starting over...
[08/06/2007, 11:31:23] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[08/06/2007, 11:31:23] - BHO 2: {243B17DE-77C7-46BF-B94B-0B5F309A0E64} ()
[08/06/2007, 11:31:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/06/2007, 11:31:23] - Checking for HKLM\...\Winlogon\Notify\mnyside
[08/06/2007, 11:31:23] - Key not found: HKLM\...\Winlogon\Notify\mnyside, continuing.
[08/06/2007, 11:31:23] - BHO 3: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[08/06/2007, 11:31:23] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[08/06/2007, 11:31:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/06/2007, 11:31:23] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[08/06/2007, 11:31:23] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[08/06/2007, 11:31:23] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[08/06/2007, 11:31:23] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[08/06/2007, 11:31:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/06/2007, 11:31:23] - No filename found. Continuing.
[08/06/2007, 11:31:23] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[08/06/2007, 11:31:23] - BHO 8: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[08/06/2007, 11:31:23] - BHO 9: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[08/06/2007, 11:31:23] - BHO 10: {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} ()
[08/06/2007, 11:31:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/06/2007, 11:31:23] - Checking for HKLM\...\Winlogon\Notify\pegaeohr
[08/06/2007, 11:31:23] - Key not found: HKLM\...\Winlogon\Notify\pegaeohr, continuing.
[08/06/2007, 11:31:23] - BHO 11: {C7C86961-5BFD-4393-B141-60B59C25C8E1} (MSEvents Object)
[08/06/2007, 11:31:23] - ALERT: Found MSEvents Object!
[08/06/2007, 11:31:23] - BHO 12: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} (FDMIECookiesBHO Class)
[08/06/2007, 11:31:23] - BHO 13: {E9BD0828-1FD9-410C-A50F-43EBE65D310F} (MSEvents Object)
[08/06/2007, 11:31:23] - ALERT: Found MSEvents Object!
[08/06/2007, 11:31:23] - BHO 14: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} ()
[08/06/2007, 11:31:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/06/2007, 11:31:23] - No filename found. Continuing.
[08/06/2007, 11:31:23] - Finished Searching Browser Helper Objects
[08/06/2007, 11:31:23] - *** Detected MSEvents Object
[08/06/2007, 11:31:23] - Trying to remove MSEvents Object...
[08/06/2007, 11:31:25] - Terminating Process: IEXPLORE.EXE
[08/06/2007, 11:31:25] - Terminating Process: RUNDLL32.EXE
[08/06/2007, 11:31:25] - Disabling Automatic Shell Restart
[08/06/2007, 11:31:25] - Terminating Process: EXPLORER.EXE
[08/06/2007, 11:31:26] - Suspending the NT Session Manager System Service
[08/06/2007, 11:31:26] - Terminating Windows NT Logon/Logoff Manager
[08/06/2007, 11:36:54] - Re-enabling Automatic Shell Restart
[08/06/2007, 11:36:54] - File to disable: D:\WINDOWS\system32\vtsqr.dll
[08/06/2007, 11:36:54] - Renaming D:\WINDOWS\system32\vtsqr.dll -> D:\WINDOWS\system32\vtsqr.dll.vir
[08/06/2007, 11:36:54] - File successfully renamed!
[08/06/2007, 11:36:54] - Removing HKLM\...\Browser Helper Objects\{C7C86961-5BFD-4393-B141-60B59C25C8E1}
[08/06/2007, 11:36:54] - Removing HKCR\CLSID\{C7C86961-5BFD-4393-B141-60B59C25C8E1}
[08/06/2007, 11:36:54] - Adding Kill Bit for ActiveX for GUID: {C7C86961-5BFD-4393-B141-60B59C25C8E1}
[08/06/2007, 11:36:54] - Deleting ATLEvents/MSEvents Registry entries
[08/06/2007, 11:36:54] - Removing HKLM\...\Winlogon\Notify\vtsqr
[08/06/2007, 11:36:54] - Searching for Browser Helper Objects:
[08/06/2007, 11:36:54] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[08/06/2007, 11:36:54] - BHO 2: {243B17DE-77C7-46BF-B94B-0B5F309A0E64} ()
[08/06/2007, 11:36:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/06/2007, 11:36:54] - Checking for HKLM\...\Winlogon\Notify\mnyside
[08/06/2007, 11:36:54] - Key not found: HKLM\...\Winlogon\Notify\mnyside, continuing.
[08/06/2007, 11:36:54] - BHO 3: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[08/06/2007, 11:36:54] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[08/06/2007, 11:36:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/06/2007, 11:36:54] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[08/06/2007, 11:36:54] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[08/06/2007, 11:36:54] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[08/06/2007, 11:36:54] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[08/06/2007, 11:36:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/06/2007, 11:36:54] - No filename found. Continuing.
[08/06/2007, 11:36:54] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[08/06/2007, 11:36:54] - BHO 8: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[08/06/2007, 11:36:54] - BHO 9: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[08/06/2007, 11:36:54] - BHO 10: {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} ()
[08/06/2007, 11:36:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/06/2007, 11:36:54] - Checking for HKLM\...\Winlogon\Notify\pegaeohr
[08/06/2007, 11:36:54] - Key not found: HKLM\...\Winlogon\Notify\pegaeohr, continuing.
[08/06/2007, 11:36:54] - BHO 11: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} (FDMIECookiesBHO Class)
[08/06/2007, 11:36:54] - BHO 12: {E9BD0828-1FD9-410C-A50F-43EBE65D310F} (MSEvents Object)
[08/06/2007, 11:36:54] - ALERT: Found MSEvents Object!
[08/06/2007, 11:36:54] - BHO 13: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} ()
[08/06/2007, 11:36:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/06/2007, 11:36:54] - No filename found. Continuing.
[08/06/2007, 11:36:54] - Finished Searching Browser Helper Objects
[08/06/2007, 11:36:54] - *** Detected MSEvents Object
[08/06/2007, 11:36:54] - Trying to remove MSEvents Object...
[08/06/2007, 11:36:55] - Terminating Process: IEXPLORE.EXE
[08/06/2007, 11:36:55] - Terminating Process: RUNDLL32.EXE
[08/06/2007, 11:36:55] - Disabling Automatic Shell Restart
[08/06/2007, 11:36:55] - Terminating Process: EXPLORER.EXE
[08/06/2007, 11:36:55] - Suspending the NT Session Manager System Service
[08/06/2007, 11:36:56] - Terminating Windows NT Logon/Logoff Manager
[08/06/2007, 11:36:56] - Re-enabling Automatic Shell Restart
[08/06/2007, 11:36:56] - File to disable: D:\WINDOWS\system32\ddcabxy.dll
[08/06/2007, 11:36:56] - Renaming D:\WINDOWS\system32\ddcabxy.dll -> D:\WINDOWS\system32\ddcabxy.dll.vir
[08/06/2007, 11:36:56] - File successfully renamed!
[08/06/2007, 11:36:56] - Removing HKLM\...\Browser Helper Objects\{E9BD0828-1FD9-410C-A50F-43EBE65D310F}
[08/06/2007, 11:36:56] - Removing HKCR\CLSID\{E9BD0828-1FD9-410C-A50F-43EBE65D310F}
[08/06/2007, 11:36:56] - Adding Kill Bit for ActiveX for GUID: {E9BD0828-1FD9-410C-A50F-43EBE65D310F}
[08/06/2007, 11:36:56] - Deleting ATLEvents/MSEvents Registry entries
[08/06/2007, 11:36:56] - Removing HKLM\...\Winlogon\Notify\ddcabxy
[08/06/2007, 11:36:56] - Searching for Browser Helper Objects:
[08/06/2007, 11:36:56] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[08/06/2007, 11:36:56] - BHO 2: {243B17DE-77C7-46BF-B94B-0B5F309A0E64} ()
[08/06/2007, 11:36:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/06/2007, 11:36:56] - Checking for HKLM\...\Winlogon\Notify\mnyside
[08/06/2007, 11:36:56] - Key not found: HKLM\...\Winlogon\Notify\mnyside, continuing.
[08/06/2007, 11:36:56] - BHO 3: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[08/06/2007, 11:36:56] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[08/06/2007, 11:36:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/06/2007, 11:36:56] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[08/06/2007, 11:36:56] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[08/06/2007, 11:36:56] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[08/06/2007, 11:36:56] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[08/06/2007, 11:36:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/06/2007, 11:36:56] - No filename found. Continuing.
[08/06/2007, 11:36:56] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[08/06/2007, 11:36:56] - BHO 8: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[08/06/2007, 11:36:56] - BHO 9: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[08/06/2007, 11:36:56] - BHO 10: {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} ()
[08/06/2007, 11:36:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/06/2007, 11:36:56] - Checking for HKLM\...\Winlogon\Notify\pegaeohr
[08/06/2007, 11:36:56] - Key not found: HKLM\...\Winlogon\Notify\pegaeohr, continuing.
[08/06/2007, 11:36:56] - BHO 11: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} (FDMIECookiesBHO Class)
[08/06/2007, 11:36:56] - BHO 12: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} ()
[08/06/2007, 11:36:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/06/2007, 11:36:56] - No filename found. Continuing.
[08/06/2007, 11:36:56] - Finished Searching Browser Helper Objects
[08/06/2007, 11:36:56] - Finishing up...
[08/06/2007, 11:36:56] - A restart is needed.
[08/06/2007, 11:37:25] - Attempting to Restart via STOP error (Blue Screen!)

A mon avis, vu ce qui est écrit a la fin, j'en deduis que je suis réellement atteint par le virus Vundo.
Je vais poursuivre la suite des taches a faire.
ps: si quelqu'un peut me dire quoi faire avec ce fichier VBG.txt ca serait bien :)

bien sur que tu es infecté par Vundo
-------
continu il faudra attendre le nouveau hijack pour finir le nettoyage

Merci land3 pour m'accompagner dans cette opération car je ne saurai quoi faire :)
Là, vundofix a scanner le pc mais il n'a rien trouvé...Ce qui est bizarre c'est que ca n'a pris que quelques minutes....

c'est normal , c'est juste un contrôle au cas où Virtumondobegone aurait raté un processus de Vundo

-----
fait le rapport hijack

Logfile of HijackThis v1.99.1
Scan saved at 11:54:38, on 06/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
D:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
D:\WINDOWS\ALCXMNTR.EXE
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\MessengerPlus! 3\MsgPlus.exe
E:\internet\QuickTime\qttask.exe
D:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\MSI\Common\RaUI.exe
D:\PROGRA~1\MICROS~2\rapimgr.exe
D:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\Umut\Bureau\VundoFix.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Messenger\msmsgs.exe
E:\hijackthis\test.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - D:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\internet\BitComet\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\internet\spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - D:\WINDOWS\system32\pegaeohr.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\internet\Free Download Manager\Free Download Manager\iefdmcks.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\internet\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] D:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [runner1] D:\WINDOWS\retadpu2000352.exe 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [avp] D:\WINDOWS\TEMP\win10.tmp.exe
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "D:\WINDOWS\system32\pbmyfctl.dll",forkonce
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MSI Wireless Utility.lnk = D:\Program Files\MSI\Common\RaUI.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://E:\internet\Free Download Manager\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://E:\internet\Free Download Manager\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://E:\internet\Free Download Manager\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - D:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.3/g_bin/eng/words_2_0_0_46.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/eng/billard8_2_0_0_28.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/eng/snooker_2_0_0_28.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{01D47FBF-512C-4F85-B53B-4AC3E25F7BC7}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{48A6C257-A8E3-48EC-8BA5-B0C1248D85B6}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{01D47FBF-512C-4F85-B53B-4AC3E25F7BC7}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS2\Services\Tcpip\..\{01D47FBF-512C-4F85-B53B-4AC3E25F7BC7}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS3\Services\Tcpip\..\{01D47FBF-512C-4F85-B53B-4AC3E25F7BC7}: NameServer = 212.27.53.252,212.27.54.252
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winpsa32 - D:\WINDOWS\SYSTEM32\winpsa32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

Voilà :)

Télécharger sur le bureau

OTMoveIt.exe

---------------
relancer hijack

cocher ces lignes et clic ensuite sur FIX CHECKED

O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - D:\WINDOWS\system32\pegaeohr.dll
O4 - HKLM\..\Run: [runner1] D:\WINDOWS\retadpu2000352.exe 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [avp] D:\WINDOWS\TEMP\win10.tmp.exe
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "D:\WINDOWS\system32\pbmyfctl.dll",forkonce
O20 - Winlogon Notify: winpsa32 - D:\WINDOWS\SYSTEM32\winpsa32.dll

-------------
= Copier ce texte en gras
D:\WINDOWS\system32\pegaeohr.dll
D:\WINDOWS\retadpu2000352.exe 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
D:\WINDOWS\TEMP\win10.tmp.exe
D:\WINDOWS\system32\pbmyfctl.dll
D:\WINDOWS\SYSTEM32\winpsa32.dll

= Double-clic sur OTMoveIt.exe
= Dans le cadre de Gauche ==> clic-droit ==> coller
= Clic MoveIt!
= si redémarrage demandé==> Clic : YES
= Un rapport dans ==> C:\_OTMoveIt\MovedFiles\date du jour à copier/coller dans la réponse

+

refaire un rapport hijack