Trojan Vundo.h [Résolu]

Bonjour,

Télécharge et installe HijackThis .
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

Choisir « Download Hijackthis Installer ».
Double-clique sdessus pour l'installer.

Vas dans le répertoire d'installation d'Hijackthis.

C:\Program Files\Trend Micro\HijackThis\

Renomme Hijackthis.exe en monHJK.exe ( click droit --> renommer )
Double clique après sur cet executable et choisis l'option Do a system scan and save a logfile.
Tu postes alors le rapport Hijackthis.

A+

télechargez ici http://www.clubic.com/lancer-le-telechargement-51452-0-hijackthis.html


Lancez HijackThis en double cliquant sur son icône puis cliquez sur le bouton do a system scan and save a logfile

Le rapport est retranscrit aussitôt apres le scan dans une fenêtre de type Bloc-notes
il vous suffit de realiser un copier/coller et de le poster dans le forum

puis Télécharge combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
clique combofix.exe.
touche 1 (Yes) pour démarrer le scan.
une fois fini un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
Le rapport se trouve également ici : C:\Combofix.txt



Déconnecte toi d'internet ferme les fenêtres de tous les programmes en cours.et provisoirement
arrete les anti virus et autres protection pendand l'analyse
Pendant la durée de l'analyse ne te sert pas de ton pc


une fois l'analyse terminé ,remet toute tes protections antivirus et antispywares

ok, merci,
je l'installe et je te poste le rapport dès que possible

Je vois que deux logiciels de désinfection sont présents sur ton PC., MalwareBytes et SDFix.

Les as-tu passé dernièrement , en autre malwareBytes ?

A+

Malwerbytes, dès que je fais une analyse, au bout de 1 min ca bloque completement l'ordinateur, et sdfix ne trouve rien

OK tu peu me donner le 2eme rapport que je t'ai demander "combofix"



------------bonjour verni29 ------- pour MBAM on l'utilisera aprés "avec une mise a jour" je prefaire utilisé des outils plus spécifique avant, que MBAM n'efface certaine trace

combofix me dit qu'il y a une erreur et qu'il faut que je reboot mon pc. Je le reboot et je reviens juste après !

a + verni29

nodapio je reviens dans 40 mn

si tu a un probleme avec combo

Télécharge Vundofix.exe (par Atribune) sur ton Bureau.
http://vundofix.atribune.org/
* Double-clique sur VundoFix.exe afin de le lancer.
* Clique sur le bouton Scan for Vundo.
* Lorsque le scan est complété, clique sur le bouton fix Vundo.
* Une invite de commande demandera si tu souhaites supprimer les fichiers, cliquer sur YES
* Après avoir cliqué "YES", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Une nouvelle invite de commande annoncera que le PC devrai s'éteindre ("shutdown"). Clique sur OK , puis laisse le redémarrer.
* Le contenu du rapport est situé dans C:\vundofix.txt,
Poste le rapport

voici mon rapport ComboFix:

ComboFix 08-11-19.08 - Lilian 2008-11-20 11:56:02.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1477 [GMT 1:00]
Lancé depuis: c:\documents and settings\Lilian\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\eoke.exe
c:\windows\system32\bhmpwity.ini
c:\windows\system32\bjwblroc.dll
c:\windows\system32\dbiwbs.dll
c:\windows\system32\drivers\fad.sys
c:\windows\system32\dygieyhb.dll
c:\windows\system32\efcYQJdD.dll
c:\windows\system32\gnmvkfyt.dll
c:\windows\system32\khfEXQhe.dll
c:\windows\system32\khfFVnnM.dll
c:\windows\system32\kynuubdr.dll
c:\windows\system32\lynsfg.dll
c:\windows\system32\mmqrfnvh.ini
c:\windows\SYSTEM32\mpYFNqss.ini
c:\windows\SYSTEM32\mpYFNqss.ini2
c:\windows\system32\nappxdmd.ini
c:\windows\system32\rqRJabCR.dll
c:\windows\system32\stcoevli.ini
c:\windows\system32\yayvVLBu.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASC3550P


((((((((((((((((((((((((((((( Fichiers créés du 2008-10-20 au 2008-11-20 ))))))))))))))))))))))))))))))))))))
.

2008-11-20 11:30 . 2008-11-20 11:30 <REP> d-------- c:\program files\Trend Micro
2008-11-20 11:08 . 2008-11-20 11:08 <REP> d-------- c:\documents and settings\Lilian\Application Data\SUPERAntiSpyware.com
2008-11-20 11:08 . 2008-11-20 11:08 <REP> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-20 10:27 . 2008-11-20 10:27 <REP> d-------- c:\windows\ERUNT
2008-11-19 17:18 . 2008-11-19 17:18 <REP> d-------- c:\documents and settings\Administrateur\Application Data\CA
2008-11-19 17:06 . 2008-11-19 17:06 <REP> d-------- C:\VundoFix Backups
2008-11-19 16:55 . 2008-10-22 16:10 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-11-19 16:55 . 2008-10-22 16:10 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2008-11-18 16:59 . 2008-11-20 11:10 <REP> d-------- c:\windows\SYSTEM32\CatRoot2
2008-11-18 16:42 . 2008-11-18 16:42 <REP> d-------- c:\windows\SYSTEM32\CatRoot_bak
2008-11-17 17:37 . 2008-11-20 11:57 103,936 --a------ c:\windows\SYSTEM32\yopkcqcb.dll
2008-11-16 17:15 . 2008-11-16 17:15 <REP> d-------- c:\documents and settings\Lilian\Application Data\Canneverbe_Limited
2008-11-16 12:22 . 2008-11-16 12:22 552 --a------ c:\windows\SYSTEM32\d3d8caps.dat
2008-11-15 17:31 . 2008-11-15 17:31 95 --a------ c:\windows\wininit.ini
2008-11-15 16:50 . 2008-11-19 17:58 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-14 16:56 . 2008-11-14 16:56 <REP> d-------- c:\documents and settings\Administrateur\Application Data\vlc
2008-11-14 16:56 . 2008-11-14 16:56 <REP> d-------- c:\documents and settings\Administrateur\Application Data\dvdcss
2008-11-14 16:41 . 2008-11-14 16:41 1,544,786 ---hs---- c:\windows\SYSTEM32\kwwgxuxb.tmp
2008-11-11 16:12 . 2008-11-11 16:12 <REP> d-------- c:\documents and settings\All Users\Application Data\Trymedia
2008-11-11 16:10 . 2008-11-11 16:11 <REP> d-------- C:\Downloads
2008-11-11 15:01 . 2008-11-11 15:01 <REP> d-------- c:\documents and settings\Lilian\Application Data\Kaspersky_Key_Finder_(KKF
2008-11-11 13:59 . 2008-11-11 14:56 <REP> d-------- c:\documents and settings\Lilian\Application Data\vlc
2008-11-11 10:00 . 2008-11-19 17:41 762 --a------ c:\windows\SYSTEM32\%LocalXml%
2008-11-10 18:00 . 2008-11-20 12:05 <REP> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-10 18:00 . 2008-11-20 12:03 4,451,360 --ahs---- c:\windows\SYSTEM32\DRIVERS\fidbox.dat
2008-11-10 18:00 . 2008-11-20 12:03 827,424 --ahs---- c:\windows\SYSTEM32\DRIVERS\fidbox2.dat
2008-11-10 18:00 . 2008-11-10 18:08 96,976 --a------ c:\windows\SYSTEM32\DRIVERS\klin.dat
2008-11-10 18:00 . 2008-11-10 18:00 87,855 --a------ c:\windows\SYSTEM32\DRIVERS\klick.dat
2008-11-10 18:00 . 2008-11-20 12:03 36,904 --ahs---- c:\windows\SYSTEM32\DRIVERS\fidbox.idx
2008-11-10 18:00 . 2008-11-20 12:03 4,956 --ahs---- c:\windows\SYSTEM32\DRIVERS\fidbox2.idx
2008-11-10 17:50 . 2008-11-10 17:50 <REP> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-11-09 19:18 . 2008-11-11 15:30 <REP> d-------- c:\program files\Kaspersky Lab
2008-11-09 16:09 . 2008-11-09 16:09 <REP> d-------- c:\documents and settings\All Users\Application Data\SRS Labs
2008-11-09 16:09 . 2007-07-26 09:25 47,360 -ra------ c:\windows\SYSTEM32\DRIVERS\Surroundhp_kern_i386.sys
2008-11-09 16:09 . 2007-07-26 09:25 47,104 -ra------ c:\windows\SYSTEM32\DRIVERS\tshd4_kern_i386.sys
2008-11-09 16:09 . 2007-07-26 09:25 42,112 -ra------ c:\windows\SYSTEM32\DRIVERS\csiidecoder_kern_i386.sys
2008-11-09 16:09 . 2007-07-26 09:25 39,808 -ra------ c:\windows\SYSTEM32\DRIVERS\SRS_SSCFilter_i386.sys
2008-11-09 16:09 . 2007-07-26 09:25 32,000 -ra------ c:\windows\SYSTEM32\DRIVERS\wowhd_kern_i386.sys
2008-11-09 14:03 . 2008-11-09 14:03 870 --a------ c:\windows\Sandboxie.tmp-7372046
2008-11-08 16:52 . 2008-11-08 16:52 <REP> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2008-11-08 14:47 . 2008-11-08 14:46 410,976 --a------ c:\windows\SYSTEM32\deploytk.dll
2008-11-08 09:37 . 2008-11-08 15:58 <REP> d-------- c:\documents and settings\Lilian\Application Data\F-Secure
2008-11-08 09:33 . 2008-11-09 18:03 <REP> d-------- c:\documents and settings\All Users\Application Data\F-Secure
2008-11-08 09:32 . 2008-11-08 09:32 <REP> d-------- c:\program files\Orange
2008-11-08 09:32 . 2008-11-08 17:10 <REP> d-------- c:\documents and settings\All Users\Application Data\fssg
2008-11-07 17:25 . 2008-11-07 17:25 <REP> d-------- c:\windows\BDOSCAN8
2008-11-05 14:59 . 2008-11-07 17:34 <REP> d-------- c:\program files\Windows Live Safety Center
2008-11-04 14:08 . 2008-11-04 14:08 <REP> d-------- c:\program files\CCleaner
2008-10-28 11:15 . 2004-05-25 17:06 417,792 --a------ c:\windows\SYSTEM32\ac3filter.ax
2008-10-28 11:15 . 2005-02-27 21:48 356,352 --a------ c:\windows\SYSTEM32\RealMediaSplitter.ax
2008-10-28 11:15 . 2004-01-10 17:02 258,048 --a------ c:\windows\SYSTEM32\GplMpgDec.ax
2008-10-28 10:38 . 2008-10-28 10:38 <REP> d-------- c:\documents and settings\Lilian\Application Data\NCH Software
2008-10-28 10:38 . 2008-10-28 10:38 <REP> d-------- c:\documents and settings\All Users\Application Data\NCH Software
2008-10-24 15:00 . 2008-10-25 08:26 <REP> d-------- c:\program files\Conduit
2008-10-24 06:30 . 2008-10-15 17:35 337,408 --------- c:\windows\SYSTEM32\DLLCACHE\netapi32.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-20 10:18 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-11-15 09:18 --------- d-----w c:\documents and settings\Lilian\Application Data\dvdcss
2008-11-12 16:18 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-11 12:56 --------- d-----w c:\program files\VideoLAN
2008-11-09 19:52 --------- d-----w c:\program files\Photodex Presenter
2008-11-08 13:49 --------- d-----w c:\program files\Java
2008-11-05 13:26 --------- d-----w c:\documents and settings\Administrateur\Application Data\Apple Computer
2008-11-04 17:12 82,720 ----a-w c:\documents and settings\Lilian\Application Data\GDIPFONTCACHEV1.DAT
2008-10-28 14:10 --------- d-----w c:\program files\NCH Software
2008-10-22 08:32 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-18 16:09 --------- d-----w c:\documents and settings\Administrateur\Application Data\DivX
2008-10-18 15:33 --------- d-----w c:\documents and settings\Administrateur\Application Data\Malwarebytes
2008-10-18 15:16 --------- d-----w c:\documents and settings\Lilian\Application Data\Malwarebytes
2008-10-18 15:15 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-18 14:31 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-18 08:07 --------- d-----w c:\documents and settings\Administrateur\Application Data\TuneUp Software
2008-10-18 08:05 --------- d-----w c:\documents and settings\Administrateur\Application Data\Windows Search
2008-10-18 08:05 --------- d-----w c:\documents and settings\Administrateur\Application Data\Windows Desktop Search
2008-10-01 15:14 --------- d-----w c:\program files\Sun
2008-09-30 17:12 --------- d-----w c:\program files\Apple Software Update
2008-09-30 17:10 --------- d-----w c:\program files\iTunes
2008-09-30 17:10 --------- d-----w c:\program files\iPod
2008-09-30 17:10 --------- d-----w c:\program files\Bonjour
2008-09-30 17:10 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-30 17:08 --------- d-----w c:\program files\QuickTime
2008-09-30 17:08 --------- d-----w c:\program files\Fichiers communs\Apple
2008-09-28 16:49 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2008-09-28 14:51 --------- d-----w c:\documents and settings\Lilian\Application Data\TuneUp Software
2008-09-26 17:26 71,561 ----a-w c:\windows\unins000.exe
2008-09-21 16:43 --------- d-----w c:\program files\DivX
2008-05-29 12:56 88 --sh--r c:\documents and settings\All Users\Application Data\C89924A2D8.sys
2008-05-29 12:56 2,516 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2008-01-14 16:52 4 --sh--r c:\documents and settings\All Users\Application Data\sysqcl1129139270.dat
2007-04-02 14:48 1,818,274 ----a-w c:\windows\INF\SET7DB.tmp
1997-06-23 03:00 123,664 --sha-w c:\windows\SYSTEM32\Msjint35.dll
1997-06-23 12:06 24,848 --sha-w c:\windows\SYSTEM32\Msjter35.dll
1997-06-23 12:06 252,176 --sha-w c:\windows\SYSTEM32\Msrd2x35.dll
1997-06-23 12:06 287,504 --sha-w c:\windows\SYSTEM32\Msxbse35.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248]
"Malwarebytes' Anti-Malware"="e:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2008-10-22 399504]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 206088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\\WINDOWS\\system32\\logonui.exe"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Accélérateur de démarrage AutoCAD.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Accélérateur de démarrage AutoCAD.lnk
backup=c:\windows\pss\Accélérateur de démarrage AutoCAD.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Contrôleur de calendrier Ulead.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Contrôleur de calendrier Ulead.lnk
backup=c:\windows\pss\Contrôleur de calendrier Ulead.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Event Reminder.lnk]
backup=c:\windows\pss\Event Reminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 01:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 14:07 1289000 c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-10 16:40 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Outlook]
-ra------ 2001-03-07 17:15 46496 c:\progra~1\MICROS~2\Office10\OUTLOOK.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-11-08 14:47 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"e:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Steam\\steamapps\\angeos\\condition zero\\hl.exe"=
"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"e:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5000:TCP"= 5000:TCP:AresChatServer

R0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [2004-05-07 251194]
R0 AFAmgt;AFAmgt;c:\windows\system32\drivers\AFAmgt.sys [2004-04-21 92411]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R2 MBAMService;MBAMService;"e:\program files\Malwarebytes' Anti-Malware\mbamservice.exe" [2008-11-19 170640]
R2 UxTuneUp;TuneUp Extension de thème;c:\windows\System32\svchost.exe -k netsvcs [2004-03-20 14336]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys [2008-11-19 15504]
S2 RAIDStorAgent;Agent RAID Storage Manager;c:\program files\Dell\RAID Storage Manager\StorServ.exe [2004-06-16 49152]
S3 Camdrv30;Philips ToUcam XS;c:\windows\system32\Drivers\camdrv30.sys [2006-12-31 171264]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-09-10 33752]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-03-02 13352]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-09-28 355584]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d6cbd00-7e0f-11db-a4b5-0011115a60f2}]
\Shell\AutoRun\command - CDCheck.exe
.
Contenu du dossier 'Tâches planifiées'

2008-11-07 c:\windows\Tasks\1-Click Maintenance.job
- e:\program files\TuneUp Utilities 2008\OneClick.exe [2008-06-20 08:23]

2008-11-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-20 c:\windows\Tasks\Maintenance en 1 clic.job
- e:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:23]

2008-11-19 c:\windows\Tasks\Malwarebytes' Scheduled Update for Lilian.job
- e:\program files\Malwarebytes' Anti-Malware\mbam.exe [2008-10-22 16:10]

2008-11-20 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{31e03870-78f4-4f12-bf79-f0b2a6f0e972} - (no file)
BHO-{7ddad1bf-444c-4791-b818-2daff6ab136e} - (no file)
BHO-{A851061E-516D-4D7E-A4F7-38BB9074C36E} - (no file)
BHO-{F83BDD45-8A03-4DB3-BA13-DA58078A9FD2} - (no file)
WebBrowser-{196C3A46-4758-433D-A600-802C804AF39C} - (no file)
HKLM-Run-b057b1f9 - c:\windows\system32\hvnfrqmm.dll
HKLM-Run-SDFix - e:\progra~1\SDFix\RunThis.bat


.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\Lilian\Application Data\Mozilla\Firefox\Profiles\zb5ceydi.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF -: plugin - c:\documents and settings\Lilian\Application Data\Mozilla\Firefox\Profiles\zb5ceydi.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\np_gp.dll
FF -: plugin - c:\documents and settings\Lilian\Application Data\Mozilla\plugins\npPxPlay.dll
FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\mozilla firefox\plugins\np_gp.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\np_gp.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - e:\program files\DivX\DivX Player\npDivxPlayerPlugin.dll
FF -: plugin - e:\program files\DivX\DivX Web Player\npdivx32.dll
.
.
------- Associations de fichier -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-20 12:05:49
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\SYSTEM32\ati2evxx.exe
c:\windows\SYSTEM32\LEXBCES.EXE
c:\windows\SYSTEM32\LEXPPS.EXE
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\SYSTEM32\BAsfIpM.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\SYSTEM32\DRIVERS\CDANTSRV.EXE
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\[u]0/u\FTRTSVC.exe
c:\program files\Intel\Intel Application Accelerator\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SYSTEM32\HPZipm12.exe
c:\windows\SYSTEM32\searchindexer.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\OrangeHSS\Launcher\Launcher.exe
c:\windows\SYSTEM32\verclsid.exe
.
**************************************************************************
.
Heure de fin: 2008-11-20 12:08:25 - La machine a redémarré [Lilian]
ComboFix-quarantined-files.txt 2008-11-20 11:08:19

Avant-CF: 17,469,919,232 octets libres
Après-CF: 17,397,440,512 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn /TUTag=E6C7PO /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel (TuneUp Backup)" /fastdetect /NoExecute=OptIn /TUTag=E6C7PO-BAK

307 --- E O F --- 2008-11-10 15:28:39

Je vais manger, je reviens dans un peu près une heure !

les suppressions bien correspondent a vundo tel que "yayvVLBu"
utilise Vundofix.exe tel que expliqué dans mon message 10

et essaye MBAM
si il ne fonctionne pas desinstalle le
et retelecharge http://www.clubic.com/...
important >>>>>>>Fait les mises à jour
puis en mode sans échec (f8 au demarrage)
Lance le ,en examen complet ,sur tous tes disques durs
Une fois le scan terminé, cliquez sur supprimer
poste les resultats

les suppressions bien correspondent a vundo tel que "yayvVLBu"
utilise Vundofix.exe tel que expliqué dans mon message 10

et essaye MBAM
si il ne fonctionne pas desinstalle le
et retelecharge http://www.clubic.com/...
important >>>>>>>Fait les mises à jour
puis en mode sans échec (f8 au demarrage)
Lance le ,en examen complet ,sur tous tes disques durs
Une fois le scan terminé, cliquez sur supprimer
poste les resultats

ok, pour le moment, je ne peut pas tout de suite mais je le ferai dans l'après midi.
Dès que possible je te poste les résultats.

Voici le rapport de Malwerbytes en sans échec:

Malwarebytes' Anti-Malware 1.30
Database version: 1414
Windows 5.1.2600 Service Pack 3

20/11/2008 16:53:46
mbam-log-2008-11-20 (16-53-46).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 146419
Time elapsed: 18 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 22

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\eoke.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\dbiwbs.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\dygieyhb.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\efcYQJdD.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\gnmvkfyt.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\khfEXQhe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\khfFVnnM.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\rqRJabCR.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\yayvVLBu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP1\A0001234.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP1\A0003236.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP1\A0003341.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP1\A0003347.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP5\A0004575.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP5\A0004597.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP5\A0004598.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP5\A0004599.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP5\A0004600.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP5\A0004601.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP5\A0004602.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP5\A0004608.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP5\A0004610.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

Excusez moi, je post sur ccm avec 2 pseudos et j'ai oublié d'en changer, maxlouis45 c'est moi !

J'avais utilisé Vundofix mais il n'avait rien trouvé.
Sinon, je n'est plus de pub !
Voici ci dessous le rapport Hijackthis mais, pour mon problème de windows update, cela ne s'est pas résolu....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:16:29, on 20/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\vsnpstd3.exe
E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Trend Micro\HijackThis\monHJK.exe.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.ca/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mappy.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://louison-dumont.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - E:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Agent RAID Storage Manager (RAIDStorAgent) - Dell - C:\Program Files\Dell\RAID Storage Manager\StorServ.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

Voici le rapport Toolbar S&D:


-----------\\ ToolBar S&D 1.2.5 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A02
USER : Lilian ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Internet Security 8.0.0.454 (Activated)
Firewall : Kaspersky Internet Security 8.0.0.454 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:33 Go (Free:15 Go)
D:\ (CD or DVD)
E:\ (Local Disk) - NTFS - Total:232 Go (Free:212 Go)

"C:\ToolBar SD" ( MAJ : 20-11-2008|20:25 )
Option : [1] ( 20/11/2008|20:52 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\Multi_Media_France
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\---Yahoo.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\01net.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\1px_dark.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\1px_green.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\1px_white.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\a.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\amazon.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\an.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\arrowB.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\arrowT.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\arrow_down.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\arrow_red.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\arrow_red2.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\arrow_up.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\autofill.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\avstate.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\b.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\background2.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\bgmeteo_results.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\bg_pub.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\bg_ttl.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\bn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\bottom.png
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\bottom_left.png
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\bottom_right.png
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\btn_close.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\btn_minus.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\btn_moreforecast.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\c.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\canalblog.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\cn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\COMBOSEARCH.acs
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\d.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\dictionary2.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\dn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\DownloadCOM.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\dropdown.css
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\ErrorPageTemplate.css
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\f.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_argentine.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_australia.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_brazil.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_canada.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_china.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_france.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_germany.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_greece.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_hongkong.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_india.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_indonesia.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_italy.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_japan.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_korea.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_mexico.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_netherlands.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_spain.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_sweeden.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_taiwan.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_uk.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_usa.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\fn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\g.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\gaming.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\gn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\gograph.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\graphred0.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\graphred0_5.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\graphred1.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\graphred1_5.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\graphred2.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\graphred2_5.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\graphred3.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\graphred3_5.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\graphred4.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\graphred4_5.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\graphred5.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\h.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\help.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\hideremove.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\highlight.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\hn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\h_aquarius.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\h_aries.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\h_cancer.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\h_capricorn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\h_gemini.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\h_leo.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\h_libra.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\h_pisces.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\h_sagittarius.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\h_scorpio.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\h_taurus.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\h_virgo.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\i.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\icotemp_placeholder.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\IEtab1_7d.zip
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\IEtab1_7d.zip19810953
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\in.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\ipsearch.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\j.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\jn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\k.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\kn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\l.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\left.png
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\ln.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\loading.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\login.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\logo.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\n.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\New York_NY_weather.txt
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\new02.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\NewCfg
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\news.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\news.html
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\nn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\o.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\on.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\p.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\pestscanimg.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\pixsy.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\pn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\popup_off.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\popup_on.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\popup_ona.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\p_yahoo.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\p_yahoo_fr.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\q.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\qn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\r.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\relatedlinks.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\report.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\right.png
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\rn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\rss.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\rss.xsl
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\rss1.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\rsslib.js
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\rssmenu1_7a.zip
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\s.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\search.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\search_fr.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\security.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\sinfo.txt
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\siteinfo.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\slider.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\sn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\spacer.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\stars-red1.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\stars-red2.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\stars-red3.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\stars-red4.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\stars-red5.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\storage.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\t.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\tablib.js
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\tabwelcome_en.html
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\tabwelcome_fr.html
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\tab_icon.png
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\technorati.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\thes_search.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\tn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\tools.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\top.png
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\top_left.png
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\top_right.png
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\translate.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\u.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\un.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\utf8.js
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\v.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\vmlib.js
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\vmntoolbartb1501.cfg
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\vn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\w.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\web.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\web_fr.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\wikipedia.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\wn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\x.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\xp_close_small.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\yahoo.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\yahoo_search.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\YouTube.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\z.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\zn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\zoom.bmp
C:\WINDOWS\iun6002.exe

-----------\\ Extensions

(Lilian) - {15756614-ffb8-498b-b961-bce537ea94fe} => locallink
(Lilian) - {36C13C8F-54F1-412e-8177-2E411719162D} => chrome
(Lilian) - {73a6fe31-595d-460b-a920-fcc0f8843232} => noscript
(Lilian) - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} => adblockplus


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://google.fr/"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.dell.ca/index.htm"


--------------------\\ Recherche d'autres infections

C:\WINDOWS\system32\mpYFNqss.ini
C:\WINDOWS\system32\mpYFNqss.ini2
[b]==> VUNDO <==/b

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Lilian\Application Data\Microsoft\Office\Fichiers récents\crack kaspersky internet security 2006 v 6 0 keygen(2).lnk
C:\DOCUME~1\Lilian\Application Data\Microsoft\Office\Fichiers récents\crack kaspersky internet security 2006 v 6 0 keygen.lnk



1 - "C:\ToolBar SD\TB_1.txt" - 20/11/2008|20:53 - Option : [1]

-----------\\ Fin du rapport a 20:53:47.09

pour les cracks détecté, j'ai acheté mon pc d'ocasion et je n'est pas pensé à le formater alors les cracks et keygen sont restés

ok, je le fais.

C'est bon, j'ai tout supprimer avec l'option 2!
Au fait, c"est génial, à mon avis c'était Vundo qui bloquait windows update car maintenant, les mises a jour remarche, je n'est plus de pub !