Allez plus loin dans le numérique
54 utilisateurs connectés
Forum de L'Ordinateur Individuel / Sécurité (problèmes et logiciels pour y remédier) / Virus et spywares/ Virus impossible à détruire TR/VUNDO.GEN

Virus impossible à détruire TR/VUNDO.GEN

el_toro le 29 mars 2008 à 01h11
À l'aide !!!

BOnjour, j'ai un virus qui s'étale dans mes dll a une vitesse folle! Antivir détecte le même virus, soit TR/VUNDO.GEN mais impossible de le traiter ou d'effacer les dll manuellement.

J'ai un ami qui m'a refiler vundofix mais cela n'a rien donné. Aucune détection.

S.V.P. si vous savez quoi faire, s.v.p. aidez moi!

P.S. J'utilise windows vista

Merci

EL_Toro
répondre
bibou0007 le 29 mars 2008 à 10h17
Bonjour ;
Télécharge HijackThis v2.0.2
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
Mets-le dans un dossier spécialement créé pour lui, par exemple C:\HijackThis
Fais un clic-droit dessus et choisis "renommer"
Appelles-le scanner.exe
Ferme les programmes inutiles.
Exécute-le et clique sur Do a system scan and save a logfile.
Ne coche rien.
Copie le rapport et colle-le dans un message.

tuto ici

-------
http://bibou0007.com/
-------
Il est plus simple d'infecter votre pc que de le désinfecter,pensez y.Ne pas cliquer ici!
répondre
el_toro le 29 mars 2008 à 14h00
Merci de votre attention!

Voici le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:59:12, on 2008-03-29
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
c:\PROGRA~1\mcafee\msc\mcupdui.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O1 - Hosts: ::1 localhost
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\nnnom.dll,#1
O4 - HKLM\..\Run: [ee9b729f] rundll32.exe "C:\Windows\system32\fnmmmkyg.dll",b
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BMeda84103] Rundll32.exe "C:\Windows\system32\mpwvabkq.dll",s
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\jeux\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/VistaMSNPUpldfr-ca.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11188 bytes
répondre
bibou0007 le 29 mars 2008 à 18h40
desintale mc affee!!
Désactive toute protection résidente ! (Antivirus, antispywares..)
Télécharge ComboFix (créé par sUBs) sur ton Bureau

Démarre en mode sans echec


  • Double clique combofix.exe.
  • Tape sur la touche Y (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse,et nouveau rapport hijackthis

    • NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    tuto ici
    -------
    http://bibou0007.com/
    -------
    Il est plus simple d'infecter votre pc que de le désinfecter,pensez y.Ne pas cliquer ici!
    répondre
    el_toro le 30 mars 2008 à 20h55
    Bonjour,

    Le rapport ne s'est pas affiché, j'ai ouvert le fichier tel qu'indiqué et voici le contenu de combofix.txt

    ComboFix 08-03-30.2 - Lud 2008-03-30 14:36:56.1 - NTFSx86 NETWORK
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1596 [GMT -4:00]
    Endroit: C:\Users\Lud\Desktop\ComboFix.exe
    .
    TimedOut: Windir.dat

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Temporary
    C:\Windows\BMeda84103.xml
    C:\Windows\pskt.ini
    C:\Windows\System32\gihkj.ini
    C:\Windows\System32\gihkj.ini2
    C:\Windows\system32\hgggeed.dll
    C:\Windows\system32\jkhig.dll
    C:\Windows\system32\opoxnfrm.dll
    C:\Windows\system32\vosqftdo.dll

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-02-28 to 2008-03-30 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-29 08:58 . 2008-03-29 08:58 <REP> d-------- C:\Program Files\Trend Micro
    2008-03-29 08:56 . 2008-03-29 08:58 <REP> d-------- C:\HijackThis
    2008-03-28 20:35 . 2008-03-28 20:35 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe
    2008-03-28 20:31 . 2008-03-28 21:16 1,583,809 ---hs---- C:\Windows\System32\gykmmmnf.ini
    2008-03-28 19:41 . 2008-03-28 21:04 <REP> d-------- C:\VundoFix Backups
    2008-03-27 22:18 . 2008-03-27 22:18 <REP> d-------- C:\Users\All Users\Avira
    2008-03-27 22:18 . 2008-03-27 22:18 <REP> d-------- C:\ProgramData\Avira
    2008-03-27 22:18 . 2008-03-27 22:18 <REP> d-------- C:\Program Files\Avira
    2008-03-27 20:44 . 2008-03-27 22:34 1,585,345 ---hs---- C:\Windows\System32\bueyuwta.ini
    2008-03-26 23:29 . 2008-03-26 23:31 <REP> d-------- C:\Program Files\CPV
    2008-03-26 18:36 . 2008-03-26 18:36 37,376 -ra------ C:\Windows\mrofinu1535.exe.tmp
    2008-03-25 22:28 . 2008-03-25 22:28 37,376 --a------ C:\Windows\17PHolmes1535.exe.tmp
    2008-03-25 22:14 . 2008-03-25 22:26 107,832 --a------ C:\Windows\System32\PnkBstrB.exe
    2008-03-25 22:14 . 2008-03-25 22:14 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
    2008-03-25 22:14 . 2008-03-25 22:26 22,328 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
    2008-03-25 22:05 . 2008-03-25 22:05 <REP> d-------- C:\PunkBuster
    2008-03-17 13:39 . 2008-03-17 11:39 66,560 --a------ C:\Windows\b155.exe
    2008-02-22 18:42 . 2008-02-22 18:42 193,540,079 --a------ C:\Windows\MEMORY.DMP
    2008-02-16 15:09 . 2008-02-16 15:09 194,560 --a------ C:\Windows\System32\WebClnt.dll
    2008-02-16 15:09 . 2008-02-16 15:09 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
    2008-02-16 15:04 . 2008-02-16 15:04 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
    2008-02-16 15:04 . 2008-02-16 15:04 216,632 --a------ C:\Windows\System32\drivers\netio.sys
    2008-02-16 15:04 . 2008-02-16 15:04 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
    2008-02-16 15:04 . 2008-02-16 15:04 24,064 --a------ C:\Windows\System32\netcfg.exe
    2008-02-16 15:04 . 2008-02-16 15:04 22,016 --a------ C:\Windows\System32\netiougc.exe
    2008-02-13 01:02 . 2008-02-13 01:03 <REP> d-------- C:\Program Files\Common Files\Adobe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-30 18:32 --------- d-----w C:\ProgramData\McAfee
    2008-03-30 18:32 --------- d-----w C:\Program Files\McAfee
    2008-03-30 18:32 --------- d-----w C:\Program Files\Common Files\McAfee
    2008-03-29 16:06 27,145 ----a-w C:\Users\Lud\AppData\Roaming\nvModes.dat
    2008-03-19 01:47 --------- d-----w C:\ProgramData\Microsoft Help
    2008-02-25 03:48 --------- d-----w C:\Program Files\Google
    2008-02-16 19:02 824,832 ----a-w C:\Windows\System32\wininet.dll
    2008-02-16 19:02 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-02-16 19:02 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-02-16 19:02 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2008-01-11 06:03 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
    2008-01-09 19:26 11,776 ----a-w C:\Windows\System32\sbunattend.exe
    2007-12-13 02:33 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
    2007-12-13 02:33 223,232 ----a-w C:\Windows\System32\WMASF.DLL
    2007-12-13 02:33 1,327,104 ----a-w C:\Windows\System32\quartz.dll
    2007-12-13 02:29 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
    2007-12-13 02:29 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
    2007-12-04 01:33 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
    2007-12-04 01:33 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
    2007-12-04 01:33 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
    2007-12-04 01:33 682,496 ----a-w C:\Windows\System32\DivX.dll
    2007-10-17 03:24 96,928 ----a-w C:\Users\Lud\AppData\Roaming\GDIPFONTCACHEV1.DAT
    2007-10-16 14:47 174 --sha-w C:\Program Files\desktop.ini
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}]
    2008-03-26 23:31 51200 --a------ C:\Program Files\CPV\CPV7.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
    2007-10-04 16:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
    2007-12-10 14:46 1510424 --a------ C:\Program Files\free-downloads.net\tbfree.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-10-04 16:06 1135968]
    "{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2007-12-10 14:46 1510424]

    [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

    [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 16:06 1135968]
    "{ECDEE021-0D17-467F-A1FF-C7A115230949}"= C:\Program Files\free-downloads.net\tbfree.dll [2007-12-10 14:46 1510424]

    [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

    [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 08:34 2159104 C:\Windows\System32\oobefldr.dll]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 15:26 1232896]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 08:35 125440]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-16 20:34 171448]
    "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 03:20 222080]
    "Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2007-10-07 20:18 360448]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 08:36 201728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-08 03:55 1006264]
    "ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-25 02:03 17920]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 20:35 857648]
    "SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-06-25 01:17 405504]
    "SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-10-07 20:16 77824]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37 81920]
    "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 12:22 221184]
    "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-04-16 17:10 184320]
    "dscactivate"="c:\dell\dsca.exe" [2007-07-30 15:40 16384]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-07 20:33 1862144]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\Windows\KHALMNPR.Exe]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 12:35 221184]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-04 22:24 86016]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-04 22:24 8497696]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-04 22:24 81920]
    "NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-10-04 22:24 86016]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 11:56 286720]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "MSServer"="C:\Windows\system32\nnnom.dll" [ ]
    "ee9b729f"="C:\Windows\system32\fnmmmkyg.dll" [ ]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-27 22:22 249896]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-10-07 20:17:19 50688]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-10-17 09:24:39 692224]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
    QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2007-07-20 19:13:26 1180952]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-95980764-519246134-305103023-1000]
    "EnableNotificationsRef"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{47E25511-E70D-4596-9444-E30D2F6FAC06}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
    "{60328F5D-F8F3-4BB6-B8C4-20298E74ADE3}"= C:\Program Files\Dell\MediaDirect\PowerCinema.exe:CyberLink PowerCinema
    "{5424D3F9-4CD4-46B5-8CDC-EB6E94940AD2}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
    "{98188379-DC3C-4A07-988D-9B7B96EBB486}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
    "{05365BE8-FE61-45C3-8FED-D93AD6DC6135}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
    "{3205791D-ADDF-4119-AF30-26A3D67A65E3}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
    "{9D7EE4D9-9830-4005-895D-416A02D89136}"= UDP:19125:BitComet 19125 TCP
    "{8BA5C262-7EC9-4D62-B9F8-626EBE5B1070}"= TCP:19125:BitComet 19125 UDP
    "TCP Query User{34DE63D5-D759-4E8D-9B05-9B13FC1375E1}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
    "UDP Query User{293E44B9-997E-4B85-B854-B4E072EDB856}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
    "{89EADDE1-26C5-491C-9C0B-C82C00F08F27}"= UDP:19125:BitComet 19125 TCP
    "{D609C10B-4CEA-4BF7-A5BB-F389D51E0670}"= TCP:19125:BitComet 19125 UDP
    "{86D249C9-E0EE-4117-A269-FB7F19E401EB}"= UDP:C:\Jeux\moha\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne
    "{8F2FC13E-4FB3-4394-8787-4948E41EE0D2}"= TCP:C:\Jeux\moha\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne
    "{46BBFBB3-8E09-453D-A356-78DE50651B11}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
    "{29FB7086-4FB2-4598-BA4D-13904E02FA2D}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
    "{E713835D-AE1D-4CE4-B572-E93AB2897B56}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
    "{D329BBE5-1061-4AB0-862D-5E9E51D25B7F}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
    "{103F7E8F-0E9C-47F5-AFE3-E71D22527441}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
    "{544778AE-AC6A-47DF-AB6F-3E8B95278C5C}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
    "{740ACAE3-EE26-411B-A2DD-1FFA1D1E303B}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
    "{549C8827-A5CC-4A24-9D3C-2D1052F0FEBA}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
    "TCP Query User{D8ED8CBE-94A6-40F1-98C2-E49BE1B0D334}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
    "UDP Query User{7FE15DA3-445F-4081-83C9-625FDFA87050}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
    "TCP Query User{BC975215-95DA-4C07-A19C-9546574BFEDE}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
    "UDP Query User{899CE28F-A41F-4D29-8929-3BDF7F56791C}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
    "{EE0112FE-54E7-4285-AC83-82B015D81321}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{5E1D4D87-57EE-4F69-8255-ACA604D1DBF6}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{BB850787-9DE1-40E9-A3C5-8C76F2E3703F}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{33CA94DF-56FE-42EA-B48E-470B0AEAE267}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
    "{DD571EEC-3720-47D9-990C-152E423893A4}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 20:39]
    S2 0294811206901790mcinstcleanup;McAfee Application Installer Cleanup (0294811206901790);C:\Users\Lud\AppData\Local\Temp\029481~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini []
    S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 03:36]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6188700f-bf22-11dc-a3c0-001c239529ba}]
    \shell\AutoRun\command - F:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95329a9d-7dab-11dc-9da1-001c239529ba}]
    \shell\AutoRun\command - F:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e33e2bb9-aac7-11dc-8487-001c239529ba}]
    \shell\AutoRun\command - F:\setupSNK.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-03-30 18:12:00 C:\Windows\Tasks\User_Feed_Synchronization-{B922D1F8-B31B-44DA-A7D5-2AE6E2FEB3ED}.job"
    - C:\Windows\system32\msfeedssync.exe
    "2008-03-30 18:12:28 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    répondre
    bibou0007 le 30 mars 2008 à 21h10
    bibou0007 a écrit :

    Copie/colle ce rapport dans ta prochaine réponse,et nouveau rapport hijackthis
    NOTE : Le rapport se trouve également ici : C:\Combofix.txt


    ensuite
    met moi aussi un scan complet de antivir en mode sans echec

    -->Message édité par bibou0007 le 30/03/2008 21:13:16<--
    -------
    http://bibou0007.com/
    -------
    Il est plus simple d'infecter votre pc que de le désinfecter,pensez y.Ne pas cliquer ici!
    répondre
    el_toro le 30 mars 2008 à 23h54
    Oups, J'ai lu trop vite. voici les 3 rapports dans l'ordre : ComboFix Hijackthis et Antivir.

    J'ai fait 2 scan, le premier en mode normal et le 2e en mode sans échec. J'ai pu effacer 7 fichiers lors du premier.

    ComboFix 08-03-30.2 - Lud 2008-03-30 14:36:56.1 - NTFSx86 NETWORK
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1596 [GMT -4:00]
    Endroit: C:\Users\Lud\Desktop\ComboFix.exe
    .
    TimedOut: Windir.dat

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Temporary
    C:\Windows\BMeda84103.xml
    C:\Windows\pskt.ini
    C:\Windows\System32\gihkj.ini
    C:\Windows\System32\gihkj.ini2
    C:\Windows\system32\hgggeed.dll
    C:\Windows\system32\jkhig.dll
    C:\Windows\system32\opoxnfrm.dll
    C:\Windows\system32\vosqftdo.dll

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-02-28 to 2008-03-30 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-29 08:58 . 2008-03-29 08:58 <REP> d-------- C:\Program Files\Trend Micro
    2008-03-29 08:56 . 2008-03-29 08:58 <REP> d-------- C:\HijackThis
    2008-03-28 20:35 . 2008-03-28 20:35 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe
    2008-03-28 20:31 . 2008-03-28 21:16 1,583,809 ---hs---- C:\Windows\System32\gykmmmnf.ini
    2008-03-28 19:41 . 2008-03-28 21:04 <REP> d-------- C:\VundoFix Backups
    2008-03-27 22:18 . 2008-03-27 22:18 <REP> d-------- C:\Users\All Users\Avira
    2008-03-27 22:18 . 2008-03-27 22:18 <REP> d-------- C:\ProgramData\Avira
    2008-03-27 22:18 . 2008-03-27 22:18 <REP> d-------- C:\Program Files\Avira
    2008-03-27 20:44 . 2008-03-27 22:34 1,585,345 ---hs---- C:\Windows\System32\bueyuwta.ini
    2008-03-26 23:29 . 2008-03-26 23:31 <REP> d-------- C:\Program Files\CPV
    2008-03-26 18:36 . 2008-03-26 18:36 37,376 -ra------ C:\Windows\mrofinu1535.exe.tmp
    2008-03-25 22:28 . 2008-03-25 22:28 37,376 --a------ C:\Windows\17PHolmes1535.exe.tmp
    2008-03-25 22:14 . 2008-03-25 22:26 107,832 --a------ C:\Windows\System32\PnkBstrB.exe
    2008-03-25 22:14 . 2008-03-25 22:14 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
    2008-03-25 22:14 . 2008-03-25 22:26 22,328 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
    2008-03-25 22:05 . 2008-03-25 22:05 <REP> d-------- C:\PunkBuster
    2008-03-17 13:39 . 2008-03-17 11:39 66,560 --a------ C:\Windows\b155.exe
    2008-02-22 18:42 . 2008-02-22 18:42 193,540,079 --a------ C:\Windows\MEMORY.DMP
    2008-02-16 15:09 . 2008-02-16 15:09 194,560 --a------ C:\Windows\System32\WebClnt.dll
    2008-02-16 15:09 . 2008-02-16 15:09 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
    2008-02-16 15:04 . 2008-02-16 15:04 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
    2008-02-16 15:04 . 2008-02-16 15:04 216,632 --a------ C:\Windows\System32\drivers\netio.sys
    2008-02-16 15:04 . 2008-02-16 15:04 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
    2008-02-16 15:04 . 2008-02-16 15:04 24,064 --a------ C:\Windows\System32\netcfg.exe
    2008-02-16 15:04 . 2008-02-16 15:04 22,016 --a------ C:\Windows\System32\netiougc.exe
    2008-02-13 01:02 . 2008-02-13 01:03 <REP> d-------- C:\Program Files\Common Files\Adobe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-30 18:32 --------- d-----w C:\ProgramData\McAfee
    2008-03-30 18:32 --------- d-----w C:\Program Files\McAfee
    2008-03-30 18:32 --------- d-----w C:\Program Files\Common Files\McAfee
    2008-03-29 16:06 27,145 ----a-w C:\Users\Lud\AppData\Roaming\nvModes.dat
    2008-03-19 01:47 --------- d-----w C:\ProgramData\Microsoft Help
    2008-02-25 03:48 --------- d-----w C:\Program Files\Google
    2008-02-16 19:02 824,832 ----a-w C:\Windows\System32\wininet.dll
    2008-02-16 19:02 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-02-16 19:02 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-02-16 19:02 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2008-01-11 06:03 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
    2008-01-09 19:26 11,776 ----a-w C:\Windows\System32\sbunattend.exe
    2007-12-13 02:33 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
    2007-12-13 02:33 223,232 ----a-w C:\Windows\System32\WMASF.DLL
    2007-12-13 02:33 1,327,104 ----a-w C:\Windows\System32\quartz.dll
    2007-12-13 02:29 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
    2007-12-13 02:29 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
    2007-12-04 01:33 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
    2007-12-04 01:33 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
    2007-12-04 01:33 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
    2007-12-04 01:33 682,496 ----a-w C:\Windows\System32\DivX.dll
    2007-10-17 03:24 96,928 ----a-w C:\Users\Lud\AppData\Roaming\GDIPFONTCACHEV1.DAT
    2007-10-16 14:47 174 --sha-w C:\Program Files\desktop.ini
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}]
    2008-03-26 23:31 51200 --a------ C:\Program Files\CPV\CPV7.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
    2007-10-04 16:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
    2007-12-10 14:46 1510424 --a------ C:\Program Files\free-downloads.net\tbfree.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-10-04 16:06 1135968]
    "{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2007-12-10 14:46 1510424]

    [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

    [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 16:06 1135968]
    "{ECDEE021-0D17-467F-A1FF-C7A115230949}"= C:\Program Files\free-downloads.net\tbfree.dll [2007-12-10 14:46 1510424]

    [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

    [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 08:34 2159104 C:\Windows\System32\oobefldr.dll]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 15:26 1232896]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 08:35 125440]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-16 20:34 171448]
    "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 03:20 222080]
    "Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2007-10-07 20:18 360448]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 08:36 201728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-08 03:55 1006264]
    "ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-25 02:03 17920]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 20:35 857648]
    "SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-06-25 01:17 405504]
    "SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-10-07 20:16 77824]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37 81920]
    "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 12:22 221184]
    "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-04-16 17:10 184320]
    "dscactivate"="c:\dell\dsca.exe" [2007-07-30 15:40 16384]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-07 20:33 1862144]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\Windows\KHALMNPR.Exe]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 12:35 221184]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-04 22:24 86016]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-04 22:24 8497696]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-04 22:24 81920]
    "NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-10-04 22:24 86016]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 11:56 286720]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "MSServer"="C:\Windows\system32\nnnom.dll" [ ]
    "ee9b729f"="C:\Windows\system32\fnmmmkyg.dll" [ ]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-27 22:22 249896]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-10-07 20:17:19 50688]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-10-17 09:24:39 692224]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
    QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2007-07-20 19:13:26 1180952]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-95980764-519246134-305103023-1000]
    "EnableNotificationsRef"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{47E25511-E70D-4596-9444-E30D2F6FAC06}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
    "{60328F5D-F8F3-4BB6-B8C4-20298E74ADE3}"= C:\Program Files\Dell\MediaDirect\PowerCinema.exe:CyberLink PowerCinema
    "{5424D3F9-4CD4-46B5-8CDC-EB6E94940AD2}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
    "{98188379-DC3C-4A07-988D-9B7B96EBB486}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
    "{05365BE8-FE61-45C3-8FED-D93AD6DC6135}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
    "{3205791D-ADDF-4119-AF30-26A3D67A65E3}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
    "{9D7EE4D9-9830-4005-895D-416A02D89136}"= UDP:19125:BitComet 19125 TCP
    "{8BA5C262-7EC9-4D62-B9F8-626EBE5B1070}"= TCP:19125:BitComet 19125 UDP
    "TCP Query User{34DE63D5-D759-4E8D-9B05-9B13FC1375E1}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
    "UDP Query User{293E44B9-997E-4B85-B854-B4E072EDB856}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
    "{89EADDE1-26C5-491C-9C0B-C82C00F08F27}"= UDP:19125:BitComet 19125 TCP
    "{D609C10B-4CEA-4BF7-A5BB-F389D51E0670}"= TCP:19125:BitComet 19125 UDP
    "{86D249C9-E0EE-4117-A269-FB7F19E401EB}"= UDP:C:\Jeux\moha\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne
    "{8F2FC13E-4FB3-4394-8787-4948E41EE0D2}"= TCP:C:\Jeux\moha\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne
    "{46BBFBB3-8E09-453D-A356-78DE50651B11}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
    "{29FB7086-4FB2-4598-BA4D-13904E02FA2D}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
    "{E713835D-AE1D-4CE4-B572-E93AB2897B56}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
    "{D329BBE5-1061-4AB0-862D-5E9E51D25B7F}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
    "{103F7E8F-0E9C-47F5-AFE3-E71D22527441}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
    "{544778AE-AC6A-47DF-AB6F-3E8B95278C5C}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
    "{740ACAE3-EE26-411B-A2DD-1FFA1D1E303B}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
    "{549C8827-A5CC-4A24-9D3C-2D1052F0FEBA}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
    "TCP Query User{D8ED8CBE-94A6-40F1-98C2-E49BE1B0D334}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
    "UDP Query User{7FE15DA3-445F-4081-83C9-625FDFA87050}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
    "TCP Query User{BC975215-95DA-4C07-A19C-9546574BFEDE}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
    "UDP Query User{899CE28F-A41F-4D29-8929-3BDF7F56791C}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
    "{EE0112FE-54E7-4285-AC83-82B015D81321}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{5E1D4D87-57EE-4F69-8255-ACA604D1DBF6}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{BB850787-9DE1-40E9-A3C5-8C76F2E3703F}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{33CA94DF-56FE-42EA-B48E-470B0AEAE267}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
    "{DD571EEC-3720-47D9-990C-152E423893A4}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 20:39]
    S2 0294811206901790mcinstcleanup;McAfee Application Installer Cleanup (0294811206901790);C:\Users\Lud\AppData\Local\Temp\029481~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini []
    S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 03:36]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6188700f-bf22-11dc-a3c0-001c239529ba}]
    \shell\AutoRun\command - F:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95329a9d-7dab-11dc-9da1-001c239529ba}]
    \shell\AutoRun\command - F:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e33e2bb9-aac7-11dc-8487-001c239529ba}]
    \shell\AutoRun\command - F:\setupSNK.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-03-30 18:12:00 C:\Windows\Tasks\User_Feed_Synchronization-{B922D1F8-B31B-44DA-A7D5-2AE6E2FEB3ED}.job"
    - C:\Windows\system32\msfeedssync.exe
    "2008-03-30 18:12:28 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"


    ----------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:14, on 2008-03-30
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Windows\Explorer.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\CPV\CPV7.dll
    O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\nnnom.dll,#1
    O4 - HKLM\..\Run: [ee9b729f] rundll32.exe "C:\Windows\system32\fnmmmkyg.dll",b
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
    O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\jeux\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/VistaMSNPUpldfr-ca.cab
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    O23 - Service: McAfee Application Installer Cleanup (0294811206901790) (0294811206901790mcinstcleanup) - Unknown owner - C:\Users\Lud\AppData\Local\Temp\029481~1.EXE (file missing)
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
    O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 11256 bytes




    ----------------------------------------------------------------------------





    AntiVir PersonalEdition Classic
    Report file date: 2008-03-30 16:19

    Scanning for 1169688 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows Vista
    Windows version: (plain) [6.0.6000]
    Username: Lud
    Computer name: PORTABLE

    Version information:
    BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 18:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 17:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 20:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 17:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 19:27:15
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 02:22:09
    ANTIVIR2.VDF : 7.0.3.85 434176 Bytes 2008-03-27 02:22:09
    ANTIVIR3.VDF : 7.0.3.92 20480 Bytes 2008-03-28 17:52:56
    AVEWIN32.DLL : 7.6.0.78 3408384 Bytes 2008-03-30 17:52:56
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 15:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 12:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 18:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-03-28 02:22:10
    AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 12:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 17:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 12:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 16:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 17:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 17:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 14:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: 2008-03-30 16:19

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
    Scan process 'HelpPane.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'lsm.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'wininit.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    23 processes with 23 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [NOTE] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '32' files ).


    Starting the file scan:

    Begin scan in 'C:\' <OS>
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Windows\System32\drivers\sptd.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\' <RECOVERY>


    End of the scan: 2008-03-30 17:22
    Used time: 1:03:14 min

    The scan has been done completely.

    23715 Scanning directories
    509854 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    509854 Files not concerned
    2127 Archives were scanned
    2 Warnings
    0 Notes

    répondre
    bibou0007 le 31 mars 2008 à 01h16
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    ca me parait pas trop mal
    as tu encore des soucis?
    -------
    http://bibou0007.com/
    -------
    Il est plus simple d'infecter votre pc que de le désinfecter,pensez y.Ne pas cliquer ici!
    répondre
    el_toro le 31 mars 2008 à 03h05
    Wow c'est même mieux qu'avant!
    Je soupçonne McAfee...

    Merci sincèrement pour ton attention,

    el_toro
    répondre
    bibou0007 le 31 mars 2008 à 12h39

    merci de prendre le temps de faire au moins la première étape (mettre résolu)et la dernière étape ( malware complaints) stp

  • Désinstalle et supprime la totalité des programmes que je t'ai fais installé (sauf certains si tu souhaite les garder pour les utiliser régulièrement comme AVG AS, CCleaner...).
  • Supprime tous les rapports qui sont apparus lors des divers scans
  • Edite ton premier post avec < inclued picture > et mets [resolu] devant le titre de ton sujet.

  • Voici quelques liens pour des conseils en sécurité :
  • Mon forum http://bibou0007.com tous nouveau!!!!!! A visiter

    • Le site Web d un ami sur la sécurité informatique ! (naheulbeuk)

    Comment protéger son PC pour éviter d'être infecté ?

    < inclued picture >

    Prends le temps de les lire car elles sont très enréchissantes.

  • Rapporte ton infection pour faire condamner les auteurs sur Malware-Complaints. Pour faire entendre notre voix, nous devons être le plus nombreux possibles, alors rapport ton infection :
    • - Voir les règles de Malware-Complaints
    - Enregistre sur le forum à partir du bouton register en haut :
    Si tu as plus de 13 ans, choisir : I Agree to these terms and am over or exactly 13 years of age
    Si tu as moins, clic sur : I Agree to these terms and am under 13 years of age

    Après t'être enregistré, tu as sous forme de liste les types d'infection (Look2Me, Smitfraud, SpywareQuake etc..) : http://www.malwarecomplaints.info/viewforum.php?f=10&sid=0ea0981a2025873f(...)

    Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas quelle infection tu as eu, créé un message dans le sujet "Autres infections" conforme au règle du forum (age, ville, département etc..) : http://www.malwarecomplaints.info/viewforum.php?f=10

    a+ et bon surf [:1chris70:1]
    -------
    http://bibou0007.com/
    -------
    Il est plus simple d'infecter votre pc que de le désinfecter,pensez y.Ne pas cliquer ici!
    répondre


    AIDE DU FORUM

    FORUMS THÉMATIQUES

    FORUMS GÉNÉRAUX

    Forum de L'Ordinateur Individuel / Sécurité (problèmes et logiciels pour y remédier) / Virus et spywares/ Virus impossible à détruire TR/VUNDO.GEN
    publicité
    > NOUVEAU: Norton Antivirus 2010
    Essayez l'antivirus le plus léger du marché.

    Service 01net
    Newsletters 01net
    abonnez vous gratuitement !
    Actus
    Voir le dernier numéro
    Entreprise
    Voir le dernier numéro
      
    01Informatique
    01 INFORMATIQUE
    L'hebdo de référence des décideurs informatiques.
    Micro Hebdo
    MICRO HEBDO
    L'hebdo qui vous simplifie la micro
    et Internet.
    L'Ordinateur Individuel
    L'ORDINATEUR INDIVIDUEL
    Le mensuel informatique qui vous informe et vous conseille.
    Nous contacter  |  Charte de confiance  |  Voir notice légale

    01net.  -  01men  -  RMC  -  BFM Radio  -  BFM TV  -  TousLesPodcasts  -  01informatique.fr  -  Association RMC-BFM
    Tous droits réservés © 1999 - 2009 Internext - 01net.