Virus Win32

Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".
--------------

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: (no name) - {292508E6-63BC-478C-8703-68013131A496} - C:\WINDOWS\system32\jkhhh.dll (file missing)
O2 - BHO: (no name) - {44E8C7F6-FD25-4EF8-B56D-7AC5C7FADCDC} - C:\WINDOWS\system32\vtuts.dll (file missing)
O2 - BHO: (no name) - {A291297B-CAC0-43DF-8343-98AC471FDBD4} - C:\WINDOWS\system32\awvtr.dll (file missing)
O2 - BHO: (no name) - {a659bcb4-f4fc-4d9d-bca6-7afb8d526b9b} - C:\WINDOWS\system32\iwpeydor.dll (file missing)
O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\Program Files\NavExcel\NavHelper\v2.0.4\NHelper.dll (file missing)
O2 - BHO: (no name) - {D6158E03-E558-4C1F-8A2A-963E8EDFB4B7} - C:\Program Files\ComPlus Applications\nipyvafymC:\WINDOWS\system32\rey2\qopre83122.exe.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BM0f01f557] Rundll32.exe "C:\WINDOWS\system32\bxephbkx.dll",s
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)

_______________________

scan avec vundofix (colle le rapport)

Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.

Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.

______________________

Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
______________________

télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\WINDOWS\system32\bxephbkx.dll

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

_______________________

colle le rapport d'un scan en ligne
avec un des suivants:
(désactiver avast le temps du scan)

bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

Merci , je m'ocupe de sa tout de suite !!

alors voila

pour Combofix je n'ai pas pu le télécharger !!
______________________________________________

Scan OTMoveIt :

File/Folder C:\WINDOWS\system32\bxephbkx.dll not found.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04072008_151508

______________________________________________

et l'analyse de bitdefender en ligne :

C:\Documents and Settings\Administrateur\Mes documents\Azureus Downloads\CoD2SP\CoD2SP_c.exe
Infecté par: Trojan.Dropper.RSM
C:\Documents and Settings\Administrateur\Mes documents\Azureus Downloads\CoD2SP\CoD2SP_c.exe
Echec de la désinfection
C:\Documents and Settings\Administrateur\Mes documents\Azureus Downloads\CoD2SP\CoD2SP_c.exe
C:\Program Files\Alwil Software\Avast4\DATA\moved\dvwdhfcd.dll
Infecté par: Trojan.Vundo.DZK
C:\Program Files\Alwil Software\Avast4\DATA\moved\dvwdhfcd.dll
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000044.dll
Infecté par: Trojan.Vundo.EDA</font></p>
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000044.dll
Supprimé
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000045.dll
Infecté par: Trojan.Vundo.ECQ
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000045.dll
Supprimé
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000046.dll
Infecté par: Trojan.Vundo.EDT
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000047.dll
Infecté par: Trojan.Vundo.EDA
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000047.dll
Supprimé
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000049.dll
Infecté par: Trojan.Vundo.EEJ
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000049.dll
Supprimé
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000050.dll
Infecté par: Trojan.Vundo.EEB
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000050.dll
Supprimé
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000052.
Infecté par: Trojan.Vundo.EEK
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000052.dll>
Supprimé
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000053.dll
Infecté par: Trojan.Vundo.EAI
>C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000053.dll</
Supprimé
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000054.dll
Infecté par: Trojan.Vundo.ECX
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000054.dll
Supprimé
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000055.dll
Infecté par: Trojan.Vundo.ECX
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000055.dll
Supprimé
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000056.dll
Infecté par: Trojan.Vundo.EAO
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000056.dll
Supprimé
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000057.dll
<Infecté par: Trojan.Vundo.EEZ
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000057.dll
Supprimé
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000058.dll
Infecté par: Trojan.Vundo.EDM
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000058.dll
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000059.dll
Infecté par: Trojan.Vundo.EEJ
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000059.dll
Supprimé
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000060.dll
Infecté par: Trojan.Vundo.EDE
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000060.dll
Supprimé
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000061.dll
Infecté par: Trojan.Vundo.DZK
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000061.dll
Supprimé
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000062.dll
Infecté par: Trojan.Vundo.GH
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000062.dll
Supprimé
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000063.exe
Détecté avec: Adware.Purityscan.JA
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP1\A0000063.exe
Supprimé
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP7\A0003060.dll
Infecté par: Trojan.Vundo.EBH
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP7\A0003060.dll
Supprimé
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP7\A0003062.dll
Infecté par: Trojan.Vundo.DZK
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP7\A0003062.dll
Supprimé
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP7\A0003063.dll
Infecté par: Trojan.Vundo.EBU
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP7\A0003063.dll
Supprimé
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP7\A0003064.dllInfecté par: Trojan.Vundo.DZK
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP7\A0003064.dll
Supprimé
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP7\A0003067.dll
Infecté par: Trojan.Vundo.EEH
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP7\A0003067.dll
Supprimé
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP7\A0003084.dll
Infecté par: Trojan.Vundo.EDF
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP7\A0003084.dll
Supprimé
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP7\A0003085.dll
Infecté par: Trojan.Vundo.DZZ
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP7\A0003085.dll>
Supprimé
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP7\A0003087.dll
Infecté par: Trojan.Vundo.EEH
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP7\A0003087.dll
Supprimé
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP7\A0003132.dll
Infecté par: Trojan.Vundo.DZK
C:\System Volume Information\_restore{16E4C619-0CC8-4B0A-8B0E-3F08454ED573}\RP7\A0003132.dll
Supprimé
C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005930.exe
Infecté par: Trojan.Dropper.Vundo.E
C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005930.exe
Désinfecté
C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005931.exe
<Infecté par: Trojan.Dropper.Vundo.E
C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005931.exe
Désinfecté
C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005932.exe
Infecté par: Trojan.Dropper.Vundo.E
C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005932.exe
Désinfecté
C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005933.exe
Infecté par: Trojan.Downloader.Purityscan.EN
C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005933.exe
Supprimé
C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005935.exe>
Infecté par: Trojan.Dropper.Vundo.E>
C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005935.exe
Désinfecté
C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005936.exe
Infecté par: Trojan.Dropper.Vundo.E
C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005936.exe
Désinfecté
C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005937.Exe
Infecté par: Trojan.Dropper.Vundo.E
C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005937.Exe
Désinfecté
C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005938.exe
Détecté avec: Adware.Navexcel.B
C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005938.exe
Supprimé
C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005939.exe
Détecté avec: Application.Navexcel.B
C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005939.exe
Echec de la désinfection
C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005939.exe
Supprimé
C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005940.dll
Détecté avec: Application.Navexcel.A
C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005940.dll
Echec de la désinfection
C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005940.dll
Supprimé
C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005941.exe
Infecté par: Trojan.Dropper.Vundo.E
C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005941.exe
Désinfecté
C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005942.dll
Infecté par: Trojan.Vundo.DTA
C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005942.dll
Supprimé
C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005943.dll
Infecté par: Trojan.Vundo.DYP
C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005943.dll
Supprimé
C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005944.dll
Infecté par: Trojan.Vundo.DYI
C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005944.dll
C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005945.exe
Infecté par: Trojan.Fotomoto.H
C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005945.exe
Supprimé
C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005946.dll
Infecté par: Trojan.Vundo.DTA
C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005946.dll
Supprimé
C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005947.dll
Détecté avec: Adware.Virtumonde.GII
C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005947.dll
Supprimé
C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005948.exe
Infecté par: Trojan.Fotomoto.H

</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005948.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005949.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Vundo.Gen.2</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005949.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005949.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005950.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Downloader.VB.BDA</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005950.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005950.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005951.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Vundo.Gen.2</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005951.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005951.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005952.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Fotomoto.H</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005952.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005953.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Vundo.ECD</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005953.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005954.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Vundo.ZAA</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005954.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005955.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Dropper.Vundo.E</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005955.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005958.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Vundo.DTA</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005958.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005959.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Vundo.DYL</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005959.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005960.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Vundo.Gen.2</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005960.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005960.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005961.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Vundo.DUP</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005961.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005962.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Vundo.ECA</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005962.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005963.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Vundo.DYI</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005963.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005964.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Dropper.Vundo.E</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005964.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005965.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Vundo.DXU</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005965.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005966.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Vundo.Gen.2</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005966.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005966.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005967.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Vundo.DUP</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005967.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005968.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Vundo.Gen.2</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005968.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005968.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005969.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Dropper.Vundo.E</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005969.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Désinfecté</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005970.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Dropper.Vundo.E</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005970.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Désinfecté</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005971.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Dropper.Vundo.E</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005971.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Désinfecté</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005972.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Dropper.Vundo.E</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005972.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Désinfecté</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005973.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Dropper.Vundo.E</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005973.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Désinfecté</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005974.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Dropper.Vundo.E</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005974.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Désinfecté</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005975.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Dropper.Vundo.E</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005975.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Désinfecté</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005976.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Dropper.Vundo.E</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005976.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Désinfecté</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005977.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Dropper.Vundo.E</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005977.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Désinfecté</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005978.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Dropper.Vundo.E</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005978.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Désinfecté</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005979.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Dropper.Vundo.E</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005979.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Désinfecté</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005980.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Dropper.Vundo.E</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005980.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Désinfecté</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005981.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Dropper.Vundo.E</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005981.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Désinfecté</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005982.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Dropper.Vundo.E</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005982.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Désinfecté</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005983.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Dropper.Vundo.E</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005983.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Désinfecté</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005984.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Dropper.Vundo.E</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005984.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Désinfecté</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005985.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Dropper.Vundo.E</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005985.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Désinfecté</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005986.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Dropper.Vundo.E</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005986.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Désinfecté</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005987.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Dropper.Vundo.E</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005987.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Désinfecté</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005988.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Dropper.Vundo.E</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005988.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Désinfecté</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005989.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Dropper.Vundo.E</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005989.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Désinfecté</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005990.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Dropper.Vundo.E</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005990.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Désinfecté</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005991.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Dropper.Vundo.E</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005991.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Désinfecté</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005992.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Dropper.Vundo.E</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005992.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Désinfecté</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005993.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Dropper.Vundo.E</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005993.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Désinfecté</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005994.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Dropper.Vundo.E</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005994.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Désinfecté</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005995.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Dropper.Vundo.E</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005995.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Désinfecté</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005996.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Dropper.Vundo.E</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005996.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Désinfecté</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005997.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Dropper.Vundo.E</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005997.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Désinfecté</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005998.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Dropper.Vundo.E</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005998.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Désinfecté</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005999.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Dropper.Vundo.E</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0005999.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Désinfecté</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0006000.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Dropper.Vundo.E</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0006000.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Désinfecté</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0006001.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Dropper.Vundo.E</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0006001.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Désinfecté</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-85A5-D58EE67CACD9}\RP14\A0006002.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Dropper.Vundo.E</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{6B545D7D-D0D0-42C0-8

vire ce qui est en quarantaine dans avast

___________

essaye de retelecharger combofix, il etait indispo quelques heures

et colle le rapport
____________

Voila le rapport COMBOFIX :

ComboFix 08-04-07.5 - Administrateur 2008-04-07 16:24:49.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.616 [GMT 1:00]
Endroit: C:\Documents and Settings\Administrateur\Bureau\Combo-Fix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrateur\Local Settings\Application Data\adjurpxyg.dat
C:\Documents and Settings\Administrateur\Local Settings\Application Data\adjurpxyg_nav.dat
C:\Documents and Settings\Administrateur\Local Settings\Application Data\adjurpxyg_navps.dat
C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Uninstall.lnk
C:\WINDOWS\Downloaded Program Files\UGA6PV_0001_N122M1202NetInstaller.exe
C:\WINDOWS\system32\opcrfiki.dll
C:\WINDOWS\system32\opwpjfqq.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-07 to 2008-04-07 ))))))))))))))))))))))))))))))))))))
.

2008-04-07 15:17 . 2008-04-07 15:17 <REP> d-------- C:\WINDOWS\LastGood
2008-04-07 15:17 . 2008-04-07 15:35 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-04-07 15:15 . 2008-04-07 15:15 <REP> d-------- C:\_OTMoveIt
2008-04-07 15:02 . 2008-04-07 15:04 <REP> d-------- C:\VundoFix Backups
2008-04-07 14:58 . 2008-04-07 14:58 <REP> d-------- C:\Program Files\Trend Micro
2008-04-03 19:44 . 2008-04-05 22:05 <REP> d-------- C:\Program Files\Tweak-XP
2008-04-03 19:43 . 2008-04-03 19:43 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-03 00:26 . 2008-04-03 00:26 41,296 --a--c--- C:\WINDOWS\system32\xfcodec.dll
2008-04-01 13:42 . 2008-04-01 13:42 <REP> d-------- C:\Program Files\Creative
2008-04-01 13:42 . 2002-06-06 14:38 139,264 --a------ C:\WINDOWS\system32\eax.dll
2008-04-01 13:30 . 2008-04-05 22:05 <REP> d-------- C:\Program Files\Mafia
2008-04-01 13:30 . 2002-08-26 18:54 327,680 -ra------ C:\WINDOWS\system32\MafiaSetup.exe
2008-03-26 23:32 . 2008-03-26 23:32 754 --a------ C:\WINDOWS\WORDPAD.INI
2008-03-26 19:47 . 2008-04-07 13:48 <REP> d-------- C:\Program Files\Xfire
2008-03-26 19:47 . 2008-04-07 00:34 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Xfire
2008-03-25 15:24 . 2008-03-25 15:35 <REP> d-------- C:\ComboFix[1]
2008-03-25 13:44 . 2008-03-25 13:44 <REP> d-------- C:\Program Files\CleanUp!
2008-03-23 16:53 . 2008-03-24 18:30 1,358,737 ---hs---- C:\WINDOWS\system32\lgfdhxyx.ini
2008-03-18 22:52 . 2008-03-18 22:52 <REP> dr-h----- C:\Documents and Settings\Administrateur\Application Data\SecuROM
2008-03-18 22:52 . 2008-03-18 22:52 98,304 --a------ C:\WINDOWS\system32CmdLineExt.dll
2008-03-18 22:09 . 2008-03-18 22:29 632 --a------ C:\WINDOWS\CoDUO.INI
2008-03-18 22:01 . 2008-03-26 19:44 <REP> d-------- C:\Program Files\Call of Duty Game of the Year Edition
2008-03-18 22:00 . 2008-03-19 13:38 766 --a------ C:\WINDOWS\CoD.INI
2008-03-18 21:59 . 2008-03-19 23:19 1,526,212 ---hs---- C:\WINDOWS\system32\flsvwmfy.ini
2008-03-18 21:51 . 2006-09-28 17:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-03-18 21:51 . 2006-09-28 17:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2008-03-18 21:51 . 2006-09-28 17:04 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-03-18 21:51 . 2006-09-28 17:03 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2008-03-18 21:10 . 2008-03-18 21:10 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Leadertech
2008-03-18 18:58 . 2006-11-11 04:43 933,536 -ra------ C:\WINDOWS\system32\drivers\LV302V32.SYS
2008-03-17 21:59 . 2008-03-18 15:38 1,314,535 ---hs---- C:\WINDOWS\system32\ceobvkpm.ini
2008-03-16 21:55 . 2008-03-17 21:56 1,916,988 ---hs---- C:\WINDOWS\system32\mokbinvp.ini
2008-03-15 13:55 . 2008-03-16 21:47 1,332,774 ---hs---- C:\WINDOWS\system32\wwapvkut.ini
2008-03-13 13:48 . 2008-03-14 13:22 1,306,504 ---hs---- C:\WINDOWS\system32\crqnbqix.ini
2008-03-11 23:32 . 2008-03-13 13:47 1,391,392 ---hs---- C:\WINDOWS\system32\qmdifntq.ini
2008-03-09 16:53 . 2008-03-10 19:28 1,315,414 ---hs---- C:\WINDOWS\system32\lumckomw.ini
2008-03-08 14:50 . 2008-03-09 16:48 1,318,463 ---hs---- C:\WINDOWS\system32\eiweygwd.ini
2008-03-07 14:43 . 2008-03-08 14:44 1,307,981 ---hs---- C:\WINDOWS\system32\bqahjhki.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-06 22:53 22,328 -c--a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-06 22:53 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-04-06 20:14 --------- d-----w C:\Program Files\Wanadoo
2008-04-06 18:00 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Azureus
2008-03-26 18:44 --------- d-----w C:\Program Files\VirtualDJ
2008-03-26 18:44 --------- d-----w C:\Program Files\QuickPar
2008-03-26 18:44 --------- d-----w C:\Program Files\PKR
2008-03-26 18:44 --------- d-----w C:\Program Files\FaxTools
2008-03-26 18:44 --------- d-----w C:\Program Files\DivX
2008-03-25 14:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-25 14:04 --------- d-----w C:\Program Files\Postal2STP
2008-03-25 14:04 --------- d-----w C:\Program Files\MSN Messenger
2008-03-25 12:56 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-24 23:05 --------- d-----w C:\Program Files\Arovax AntiSpyware
2008-03-22 15:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-20 20:55 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\teamspeak2
2008-03-09 23:03 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Winamp
2008-03-01 22:52 231,872 ----a-w C:\WINDOWS\EasyGifAnimator_Toolbar_Uninstaller_421.exe
2008-03-01 22:52 --------- d-----w C:\Program Files\Easy Gif Animator Extension
2008-03-01 22:52 --------- d-----w C:\Program Files\Easy GIF Animator
2008-02-23 03:07 --------- d-----w C:\Program Files\KONAMI
2008-02-23 02:30 --------- d-----w C:\Program Files\mp3DirectCut
2008-02-22 16:41 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-02-14 04:48 --------- d-----w C:\Program Files\coolpro2
2008-02-14 04:48 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Syntrillium
2008-02-11 15:16 --------- d-----w C:\Program Files\Dofus
2008-02-10 20:06 --------- d-----w C:\Program Files\Veoh Networks
2008-02-08 18:11 --------- d-----w C:\Program Files\Alwil Software
2008-02-08 10:56 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:56 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:56 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:56 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:56 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:56 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:56 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:56 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:56 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:56 77,824 ----a-w C:\WINDOWS\system32\qttask.exe
2008-02-08 10:55 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:55 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:55 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:55 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:55 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:55 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:55 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:55 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:55 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:55 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:55 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:54 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:54 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:54 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:54 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:54 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:54 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:54 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:54 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:54 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:54 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:53 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:53 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:53 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:53 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:53 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:53 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:53 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:53 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:53 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:53 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:53 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:52 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:52 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:52 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:52 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:52 77,824 ----a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:52 77,824 ----a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:52 77,824 ----a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:52 77,824 ----a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:52 77,824 ----a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:52 77,824 ----a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:52 77,824 ----a-w C:\WINDOWS\system32\qttask .exe
2008-02-08 10:51 77,824 -c--a-w C:\WINDOWS\system32\qttask .exe
2008-02-07 16:09 --------- d-----w C:\Program Files\D-Tools
2008-01-29 20:57 118,784 -c----r C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
2007-11-26 19:07 22,328 -c--a-w C:\Documents and Settings\Administrateur\Application Data\PnkBstrK.sys
2007-09-29 14:05 0 -c--a-w C:\Program Files\installer-12116-845-windows-live-messenger-8-1-0178-french.exe
2007-01-22 13:12 102 -c--a-w C:\Program Files\MIB2ROM.TXT
1998-09-29 12:56 10,000 -c--a-w C:\WINDOWS\inf\unregpn.exe
.
[code]<pre>
-c--a-w 81,920 2008-02-07 16:05:03 C:\Program Files\D-Tools\daemon .exe
-c--a-w 284,184 2008-02-06 12:12:48 C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper .exe
-c--a-w 244,512 2008-02-06 12:12:55 C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX .exe
-c--a-w 132,496 2008-01-06 16:14:50 C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe
-c--a-w 36,864 2008-02-07 16:05:38 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
-c--a-w 746,520 2008-02-06 12:12:51 C:\Program Files\Logitech\QuickCam10\QuickCam10 .exe
-c--a-w 503,808 2008-01-06 16:14:48 C:\Program Files\Mouse Driver\MouseDrv .exe
-c--a-w 5,674,352 2008-02-07 16:05:40 C:\Program Files\MSN Messenger\MsnMsgr .Exe
-c--a-w 57,344 2008-02-07 16:04:55 C:\Program Files\SlySoft\CloneCD\CloneCDTray .exe
-c--a-w 15,360 2008-01-06 16:14:55 C:\WINDOWS\system32\ctfmon .exe
-c--a-w 155,648 2008-01-06 16:14:37 C:\WINDOWS\system32\NeroCheck .exe
-c--a-w 77,824 2008-02-08 10:51:54 C:\WINDOWS\system32\qttask .exe
-c--a-w 77,824 2008-02-08 10:52:00 C:\WINDOWS\system32\qttask .exe
----a-w 77,824 2008-02-08 10:52:06 C:\WINDOWS\system32\qttask .exe
----a-w 77,824 2008-02-08 10:52:11 C:\WINDOWS\system32\qttask .exe
----a-w 77,824 2008-02-08 10:52:17 C:\WINDOWS\system32\qttask .exe
----a-w 77,824 2008-02-08 10:52:23 C:\WINDOWS\system32\qttask .exe
----a-w 77,824 2008-02-08 10:52:28 C:\WINDOWS\system32\qttask .exe
----a-w 77,824 2008-02-08 10:52:34 C:\WINDOWS\system32\qttask .exe
----a-w 77,824 2008-02-08 10:52:40 C:\WINDOWS\system32\qttask .exe
-c--a-w 77,824 2008-02-08 10:52:46 C:\WINDOWS\system32\qttask .exe
-c--a-w 77,824 2008-02-08 10:52:51 C:\WINDOWS\system32\qttask .exe
-c--a-w 77,824 2008-02-08 10:52:57 C:\WINDOWS\system32\qttask .exe
-c--a-w 77,824 2008-02-08 10:53:03 C:\WINDOWS\system32\qttask .exe
-c--a-w 77,824 2008-02-08 10:53:08 C:\WINDOWS\system32\qttask .exe
-c--a-w 77,824 2008-02-08 10:53:14 C:\WINDOWS\system32\qttask .exe
-c--a-w 77,824 2008-02-08 10:53:20 C:\WINDOWS\system32\qttask .exe
-c--a-w 77,824 2008-02-08 10:53:25 C:\WINDOWS\system32\qttask .exe
-c--a-w 77,824 2008-02-08 10:53:31 C:\WINDOWS\system32\qttask .exe
-c--a-w 77,824 2008-02-08 10:53:37 C:\WINDOWS\system32\qttask .exe
-c--a-w 77,824 2008-02-08 10:53:42 C:\WINDOWS\system32\qttask .exe
-c--a-w 77,824 2008-02-08 10:53:48 C:\WINDOWS\system32\qttask .exe
-c--a-w 77,824 2008-02-08 10:53:54 C:\WINDOWS\system32\qttask .exe
-c--a-w 77,824 2008-02-08 10:53:59 C:\WINDOWS\system32\qttask .exe
-c--a-w 77,824 2008-02-08 10:54:05 C:\WINDOWS\system32\qttask .exe
-c--a-w 77,824 2008-02-08 10:54:11 C:\WINDOWS\system32\qttask .exe
-c--a-w 77,824 2008-02-08 10:54:17 C:\WINDOWS\system32\qttask .exe
-c--a-w 77,824 2008-02-08 10:54:23 C:\WINDOWS\system32\qttask .exe
-c--a-w 77,824 2008-02-08 10:54:28 C:\WINDOWS\system32\qttask .exe
-c--a-w 77,824 2008-02-08 10:54:34 C:\WINDOWS\system32\qttask .exe
-c--a-w 77,824 2008-02-08 10:54:40 C:\WINDOWS\system32\qttask .exe
-c--a-w 77,824 2008-02-08 10:54:45 C:\WINDOWS\system32\qttask .exe
-c--a-w 77,824 2008-02-08 10:54:51 C:\WINDOWS\system32\qttask .exe
-c--a-w 77,824 2008-02-08 10:54:57 C:\WINDOWS\system32\qttask .exe
-c--a-w 77,824 2008-02-08 10:55:02 C:\WINDOWS\system32\qttask .exe
-c--a-w 77,824 2008-02-08 10:55:08 C:\WINDOWS\system32\qttask .exe
-c--a-w 77,824 2008-02-08 10:55:14 C:\WINDOWS\system32\qttask .exe
-c--a-w 77,824 2008-02-08 10:55:19 C:\WINDOWS\system32\qttask .exe
-c--a-w 77,824 2008-02-08 10:55:25 C:\WINDOWS\system32\qttask .exe
-c--a-w 77,824 2008-02-08 10:55:31 C:\WINDOWS\system32\qttask .exe
-c--a-w 77,824 2008-02-08 10:55:36 C:\WINDOWS\system32\qttask .exe
-c--a-w 77,824 2008-02-08 10:55:42 C:\WINDOWS\system32\qttask .exe
-c--a-w 77,824 2008-02-08 10:55:48 C:\WINDOWS\system32\qttask .exe
-c--a-w 77,824 2008-02-08 10:55:53 C:\WINDOWS\system32\qttask .exe
-c--a-w 77,824 2008-02-08 10:55:59 C:\WINDOWS\system32\qttask .exe
-c--a-w 77,824 2008-02-08 10:56:05 C:\WINDOWS\system32\qttask .exe
-c--a-w 77,824 2008-02-08 10:56:10 C:\WINDOWS\system32\qttask .exe
-c--a-w 77,824 2008-02-08 10:56:16 C:\WINDOWS\system32\qttask .exe
-c--a-w 77,824 2008-02-08 10:56:22 C:\WINDOWS\system32\qttask .exe
-c--a-w 77,824 2008-02-08 10:56:27 C:\WINDOWS\system32\qttask .exe
-c--a-w 77,824 2008-02-08 10:56:33 C:\WINDOWS\system32\qttask .exe
-c--a-w 77,824 2008-02-08 10:56:39 C:\WINDOWS\system32\qttask .exe
-c--a-w 77,824 2008-02-08 10:56:44 C:\WINDOWS\system32\qttask .exe
-c--a-w 77,824 2008-02-08 10:56:50 C:\WINDOWS\system32\qttask .exe
</pre>[/code]

------- Sigcheck -------

2005-04-16 00:44 578048 c34920eb988ce98910bd6b0417f334eb C:\WINDOWS\system32\user32.dll

2005-03-10 12:48 662016 06ad0b0f43286cd50af283762eb56763 C:\WINDOWS\system32\wininet.dll

2004-08-18 10:08 359040 7b11118b078b88f87183fe69eda43137 C:\WINDOWS\system32\drivers\tcpip.sys

2005-04-16 00:45 2059008 5311776074b6c13f983dc75baeac9c0c C:\WINDOWS\system32\ntkrnlpa.exe

2005-04-16 00:40 2321408 209f3a54eedb976282da5e183c17388d C:\WINDOWS\system32\ntoskrnl.exe

2004-10-14 03:38 1036288 f14e8c29a1045d115e308d30e825a1eb C:\WINDOWS\explorer.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D6158E03-E558-4C1F-8A2A-963E8EDFB4B7}]
C:\Program Files\ComPlus Applications\nipyvafymC:\WINDOWS\system32\rey2\qopre83122.exe.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2008-02-08 11:42 5674352]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-02-08 11:42 36864]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-02-07 13:53 3497984]
"BlockAds"="" []
"Tweak-XP"="" []
"TransparentIcons"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2008-02-08 11:43 57344]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [ ]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2008-02-08 11:34 81920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-04-01 16:16 5562368]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-04-01 17:16 86016]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-01-29 21:57:24 196608]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)
"ClearDocsOnExit"= 64 (0x40)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)
"ClearDocsOnExit"= 64 (0x40)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{ED0ACB58-556F-21DA-DDFE-6D20F3F61111}"= C:\WINDOWS\system32\kb1ss1p.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcdcda]
efcdcda.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifeeby]
iifeeby.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= IR41_32.DLL
"VIDC.VP40"= vp4vfw.dll
"vidc.iv32"= C:\WINDOWS\system32\ir32_32.dll
"vidc.iv31"= C:\WINDOWS\system32\ir32_32.dll
"VIDC.VDOM"= vdowave.drv
"MSACM.NSPAC"= NSPAC32.ACM
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"C:\\Program Files\\NEC\\NEC Mobile Suite\\CommsService.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\pes6.exe"=
"C:\\Program Files\\MSN Messenger\\MsnMsgr .Exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=

R0 aec6280;aec6280;C:\WINDOWS\system32\DRIVERS\aec6280.sys [2005-01-30 16:22]
R0 d344bus;d344bus;C:\WINDOWS\system32\DRIVERS\d344bus.sys [2003-12-27 20:42]
R0 d344prt;d344prt;C:\WINDOWS\system32\Drivers\d344prt.sys [2003-12-27 02:38]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 13:46]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 16:11]
S3 DIGIRPS;Pilote PortServer Digi;C:\WINDOWS\system32\DRIVERS\digirlpt.sys [2001-08-23 16:10]
S3 idrmkl;idrmkl;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\idrmkl.sys []
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys [2005-10-20 14:50]
S3 marlbus;NEC WMC USB_AD1 Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\marlbus.sys [2005-04-29 14:52]
S3 marlmdfl;NEC WMC USB_AD1 Modem Filter;C:\WINDOWS\system32\DRIVERS\marlmdfl.sys [2005-04-29 14:52]
S3 marlmdm;NEC WMC USB_AD1 Port Drivers;C:\WINDOWS\system32\DRIVERS\marlmdm.sys [2005-04-29 14:52]
S3 marlobex;NEC WMC USB_AD1 OBEX Interface Drivers (WDM);C:\WINDOWS\system32\DRIVERS\marlobex.sys [2005-04-29 14:52]
S3 StMp3Rec;Pilote de périphérique de la restauration de lecteur;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2006-07-20 23:15]
S3 USBModem000;LGE Mobile USB Modem TC;C:\WINDOWS\system32\DRIVERS\usbser.sys []

.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-07 16:42:51
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-07 16:43:21
ComboFix-quarantined-files.txt 2008-04-07 15:43:06
ComboFix2.txt 2008-03-25 14:35:19
Pre-Run: 43,683,471,360 octets libres
Post-Run: 43,666,542,592 octets libres

analyse ces fichiers sur virus total et si inféctés tu les mets dans la citation otmovit comme dans mon precedent post:

https://www.virustotal.com/gui/

C:\WINDOWS\system32\lgfdhxyx.ini
C:\WINDOWS\system32\flsvwmfy.ini
C:\WINDOWS\system32\ceobvkpm.ini
C:\WINDOWS\system32\mokbinvp.ini
C:\WINDOWS\system32\wwapvkut.ini
C:\WINDOWS\system32\crqnbqix.ini
2C:\WINDOWS\system32\qmdifntq.ini
C:\WINDOWS\system32\lumckomw.ini
C:\WINDOWS\system32\eiweygwd.ini
C:\WINDOWS\system32\bqahjhki.ini

_______________________

si tout c'est bien passé désactive la restauration système pour purger les virus qui seraient dedans
puis redemarre ton ordi
puis réactive là :

https://www.informatruc.com

_______________________
recolle un nouveau rapport hijackthis et dis tes soucis

Désoler pour la lenteur de la réponse mais j'ai eu des probleme de connextion ::

voila le Hijack pour l'instant je n'ai plus de probléme

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:08:49, on 15/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [0c32c6cb] rundll32.exe "C:\WINDOWS\system32\oidrugxg.dll",b
O4 - HKLM\..\Run: [BM0f01f557] Rundll32.exe "C:\WINDOWS\system32\sqpbfljf.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Startup: Registration Brothers In Arms EiB.LNK = C:\Program Files\Ubisoft\Gearbox Software\BrothersInArmsEiB\Support\Register\RegistrationReminder.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Download all by Rapidown... - C:\Program Files\Rapidown\RapidownGetAll.htm
O8 - Extra context menu item: Download by Rapidown... - C:\Program Files\Rapidown\RapidownGet.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: bw+0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {08DC5ADC-79D3-4F60-89E1-8AB6E5785FA8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)

relance hijackthis , fais do a system scan only, puis selectionne ces lignes puis fais fix cheked:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O4 - HKLM\..\Run: [0c32c6cb] rundll32.exe "C:\WINDOWS\system32\oidrugxg.dll",b
O4 - HKLM\..\Run: [BM0f01f557] Rundll32.exe "C:\WINDOWS\system32\sqpbfljf.dll",s

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

_______

télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :
C:\WINDOWS\system32\oidrugxg.dll
C:\WINDOWS\system32\sqpbfljf.dll

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

___________
vire ce qui est dans moved file en allant dans psote de travail puis c puis otmovit

_____________

mets a jour internet:
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
_______________

installe spywareblaster qui permet d'immuniser le systeme contre vundo que tu avais, il suffit de mettre a jour tous les mois et de faire enable all pour immunbiser tout le systeme

https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/28872.html

si pas de soucis c'est bon