[#ff1c00]
Bonjour,
Je répète donc ce que je disais dans le message de djlol!
J'ai utilisé la manip conseillé avec vundo.exe
mais au redemarrage de mon ordi, il m'a dit qu'un fichier ..exe manquait pour redemarrer vundo!
Sinon je vais coller ci-joint la rapport qu'à fait vundo sur mon PC:

VundoFix V6.3.15

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 10:18:14 09/03/2007

Listing files found while scanning....


VundoFix V6.3.15

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 10:50:23 09/03/2007

Listing files found while scanning....

C:\Documents and settings\Pur Family\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\Pur Family\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Program Files\VSAdd-in\VSAdd-in.dll
C:\WINDOWS\System32\inyfqtmb.dll
C:\WINDOWS\System32\pqqru.bak1
C:\WINDOWS\System32\pqqru.ini
C:\WINDOWS\System32\urqqp.dll

Beginning removal...

Attempting to delete C:\Documents and settings\Pur Family\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\Pur Family\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt Has been deleted!

Attempting to delete C:\Documents and settings\Pur Family\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Documents and settings\Pur Family\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt Has been deleted!

Attempting to delete C:\WINDOWS\System32\pqqru.bak1
C:\WINDOWS\System32\pqqru.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\pqqru.ini
C:\WINDOWS\System32\pqqru.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\urqqp.dll
C:\WINDOWS\System32\urqqp.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Merci de me dire quoi faire apres s'il vous plait
sinon j'entame la suite de la procédure qu'avait donné Anghelp

[#ff0000]
G effectué le scan en mode sans echec de SDfix
voici le rapport:

SDFix: Version 1.70

Run by Pur Family - 09/03/2007 / 15:35:14,58

Microsoft Windows XP [version 5.1.2600]

Running From: C:\Documents and Settings\Pur Family\Bureau\SDFix

Safe Mode:
Checking Services:






Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\system32\TFTP1016 - Deleted
C:\WINDOWS\system32\TFTP1128 - Deleted
C:\WINDOWS\system32\TFTP1140 - Deleted
C:\WINDOWS\system32\TFTP1204 - Deleted
C:\WINDOWS\system32\TFTP1284 - Deleted
C:\WINDOWS\system32\TFTP1316 - Deleted
C:\WINDOWS\system32\TFTP1464 - Deleted
C:\WINDOWS\system32\TFTP1532 - Deleted
C:\WINDOWS\system32\TFTP1628 - Deleted
C:\WINDOWS\system32\TFTP1644 - Deleted
C:\WINDOWS\system32\TFTP1736 - Deleted
C:\WINDOWS\system32\TFTP1780 - Deleted
C:\WINDOWS\system32\TFTP1804 - Deleted
C:\WINDOWS\system32\TFTP1824 - Deleted
C:\WINDOWS\system32\TFTP184 - Deleted
C:\WINDOWS\system32\TFTP1860 - Deleted
C:\WINDOWS\system32\TFTP1900 - Deleted
C:\WINDOWS\system32\TFTP2116 - Deleted
C:\WINDOWS\system32\TFTP2128 - Deleted
C:\WINDOWS\system32\TFTP2176 - Deleted
C:\WINDOWS\system32\TFTP2188 - Deleted
C:\WINDOWS\system32\TFTP2252 - Deleted
C:\WINDOWS\system32\TFTP2284 - Deleted
C:\WINDOWS\system32\TFTP2400 - Deleted
C:\WINDOWS\system32\TFTP2412 - Deleted
C:\WINDOWS\system32\TFTP2456 - Deleted
C:\WINDOWS\system32\TFTP2504 - Deleted
C:\WINDOWS\system32\TFTP2832 - Deleted
C:\WINDOWS\system32\TFTP2836 - Deleted
C:\WINDOWS\system32\TFTP384 - Deleted
C:\WINDOWS\system32\TFTP412 - Deleted
C:\WINDOWS\system32\TFTP512 - Deleted
C:\WINDOWS\system32\TFTP548 - Deleted
C:\WINDOWS\system32\TFTP564 - Deleted
C:\WINDOWS\system32\TFTP568 - Deleted
C:\WINDOWS\system32\TFTP596 - Deleted
C:\WINDOWS\system32\TFTP600 - Deleted
C:\WINDOWS\system32\TFTP648 - Deleted
C:\WINDOWS\system32\TFTP784 - Deleted
C:\WINDOWS\system32\TFTP792 - Deleted
C:\WINDOWS\system32\TFTP832 - Deleted



ADS Check:

C:\WINDOWS\system32
No streams found.


Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\NEC\\NEC Mobile Suite\\CommsService.exe"="C:\\Program Files\\NEC\\NEC Mobile Suite\\CommsService.exe:*:Enabled:Communication service"
@=""


Remaining Files:
---------------

Backups Folder: - C:\DOCUME~1\PURFAM~1\Bureau\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\Documents and Settings\Pur Family\Local Settings\Application Data\Microsoft\Messenger\garmot1@hotmail.com\Sharing Folders\hystero_angel_mechante_fee@hotmail.com\Thumbs.db
C:\Documents and Settings\Pur Family\Local Settings\Application Data\Microsoft\Messenger\garmot1@hotmail.com\Sharing Folders\sebpihen@hotmail.com\Thumbs.db
C:\WINDOWS\system32\urqqp.dll
C:\WINDOWS\system32\vturrqo.dll
C:\Documents and Settings\Pur Family\Bureau\Melo\TEXTES\textes Melo\~WRL0001.tmp
C:\Documents and Settings\Pur Family\Bureau\Melo\TEXTES\TEXTOS\~WRL0193.tmp
C:\Documents and Settings\Pur Family\Bureau\Melo\TEXTES\TEXTOS\~WRL1676.tmp
C:\Documents and Settings\Pur Family\Bureau\Melo\TEXTES\TEXTOS\~WRL2957.tmp
C:\Documents and Settings\Pur Family\Bureau\Melo\TEXTES\TEXTOS\~WRL3182.tmp
C:\WINDOWS\LastGood.Tmp\INF\oem35.inf
C:\WINDOWS\LastGood.Tmp\INF\oem35.PNF

Add/Remove Programs List:

Commande ECHO d‚sactiv‚e.
Adobe Acrobat 5.0
Navigateur Orange
Gestionnaire Internet
Pinnacle Hollywood FX 4.6
HP Imaging Device Functions 5.3
HP Solution Center & Imaging Support Tools 5.3
HP Extended Capabilities 5.3
Canon Utilities RemoteCapture 2.7
Canon Utilities File Viewer Utility 1.3
NEC Mobile Drivers
Canon Internet Library for ZoomBrowser EX
OpenMG Secure Module 4.0.00
Canon RemoteCapture Task for ZoomBrowser EX
Canon Camera Window for ZoomBrowser EX
NEC Mobile Suite
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Java 2 Runtime Environment Standard Edition v1.3.0_02
Correctif Windows XP - KB822603
Microsoft DirectX 9.0b - KB830363
Correctif Windows XP - KB842787
Macromedia Shockwave Player
Mozilla Firefox (2.0.0.2)
NEC WMC USB_AD1 Software
NEC WMC USB_BJ1 Software
NEC WMC USB_BK1 Software
NEC WMC USB_T1 Software
OpenMG Limited Patch 4.0-04-08-02-01
Canon PhotoRecord
Programme de gestion Camera de Logitech©
Adobe Flash Player 9 ActiveX
Skype 3.0
SLD CODEC PACK 1.5.3
VideoLAN VLC media player 0.8.2
Lecteur Windows Mediaÿ10
Archiveur WinRAR
Zero Popup (remove only)
CP_Package_Variety1
Destinations
AiO_Scan
RemoteCapture 2.7.5
HP Software Update
CP_Package_Variety3
Unload
File Viewer Utility 1.3.2
TrayApp
NEC Mobile Drivers
J2SE Runtime Environment 5.0 Update 3
Skype Plugin Manager
iTunes
MD Simple Burner 2.0.04
SAGEM F@st 800-840
Studio Content CD
QuickTime
Studio 8
NewCopy
WebReg
MarketResearch
HP PSC & OfficeJet 5.3.B
1500
eSupportQFolder
HP Photosmart Essential
CIG
DocProc
OpenMG Secure Module 4.0.00
CustomerResearchQFolder
SonicStage
VSAdd-in for Internet Explorer
AiOSoftware
Sentinel System Driver 5.41.0 (32-bit)
ProductContext
1500_Help
RemoteCapture Task
Microsoft Office XP Professional avec FrontPage
Readme
BitDefender Internet Security v10
ScannerCopy
Camera Window
Nero - Burning Rom
Apple Software Update
DeviceManagementQFolder
Adobe Reader 7.0 - Fran‡ais
ArcSoft Camera Suite
Lapin Malin Initiation … l'anglais CP
CP_Package_Variety2
BufferChm
Canon Utilities ZoomBrowser EX
Scan
1500Trb
NEC Mobile Suite
Fax
RAW Image Task
HPProductAssistant
SolutionCenter
Pinnacle Instant DVD Recorder
PhotoStitch
Status
Windows Live Messenger

Finished

Je fais quoi maintenant s'il vous plait?

[#ff0e00]

Voici le rapport de Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 16:09:25, on 09/03/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\upgrepl.exe
C:\Documents and Settings\Pur Family\Bureau\test.exe
c:\program files\fichiers communs\softwin\bitdefender scan server\bdss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://messenger.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {06954F75-FA48-4688-9876-1C0D731AC7E4} - C:\WINDOWS\System32\urqqp.dll
O2 - BHO: (no name) - {1EB27C5E-3DF4-41E2-B51A-D80F812D561D} - C:\WINDOWS\System32\vturrqo.dll
O2 - BHO: Zero Popup - {2EF37A01-884F-11d5-AC99-B112050ECB4F} - C:\PROGRA~1\ZEROPO~1\HTMLEdit.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [Servicio Local] svhost.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\System32\yhtaldra.dll",setvm
O4 - HKLM\..\RunServices: [Servicio Local] svhost.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Servicio Local] svhost.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: updater.lnk = C:\Program Files\Common files\updater\wupdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.f [...] r_cert.cab
O16 - DPF: {2D37B9E8-C14C-482C-B1CF-939C5440E179} (VTToolkit Control) - http://saint-valentin.maville.oran [...] oolkit.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126w.bay126.mail.live.com [...] nPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: vturrqo - C:\WINDOWS\SYSTEM32\vturrqo.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

il te reste encore blacklight, clean, smitfraudfix et navilog
non mais sérieux, tu finiras par télécharger tous les programmes?
ne télécharge jamais un programme spécial sans la demande d'un Helper
Il reste du Vundo et autres

1ère étape:
Télécharge VundoFix.exe ici: (dans le bureau)
http://www.atribune.org/ccount/click.php?id=4

Double-clique sur le fichier: "VundoFix.exe" (sans guiellemets) afin de le lancer
->Clique sur le bouton "Scan for Vundo"
* Lorsque le scan sera complété, clique sur le bouton: "Remove Vundo"
* Clique sur "Yes" lorsque un message s'affiche pour te demander de confirmer la supression des fichiers
* Le Bureau disparaîtra le temps de supprimer les fichiers infectés, ne t'inquiète pas
* Un nouveau message est affiché pour prévenir d'un redémarrage, clique sur Ok
Après redémarrage, Ouvre le fichier suivant: C:\Vundofix.txt
->Copie le contenu de ce rapport et colle-le ici, ainsi qu'un nouveau Hijackthis

Note: Si Vundofix ne peut pas supprimer un fichier infecté, il se lancera au redémarrage, tu auras à refaire les instructions citées.

2ème étape:
Télécharge Clean.zip (de Malekal) ici:
http://www.malekal.com/download/clean.zip
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.