Trojan Vundo.h
Résolu
nodapio
-
nodapio -
nodapio -
Bonjour,
Depuis une semaine, j'ai un problème avec un certain adware "vundo.h ou virtumonde"
De plus, j'ai l'impresssion que depuis que j'ai ce virus, windows update ne fonctionne plus.
J'ai beau supprimer les fichiers infectés, il revient toujours.
Que faire ?
SVP aidez moi !!!?
nodapio
Depuis une semaine, j'ai un problème avec un certain adware "vundo.h ou virtumonde"
De plus, j'ai l'impresssion que depuis que j'ai ce virus, windows update ne fonctionne plus.
J'ai beau supprimer les fichiers infectés, il revient toujours.
Que faire ?
SVP aidez moi !!!?
nodapio
A voir également:
- Trojan Vundo.h
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Anti trojan - Télécharger - Antivirus & Antimalwares
- Csrss.exe trojan fr ✓ - Forum Virus
- Trojan b901 system32 win config 34 ✓ - Forum Virus
- Virus trojan al11 ✓ - Forum Virus
22 réponses
Bonjour,
Télécharge et installe HijackThis .
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
Choisir « Download Hijackthis Installer ».
Double-clique sdessus pour l'installer.
Vas dans le répertoire d'installation d'Hijackthis.
C:\Program Files\Trend Micro\HijackThis\
Renomme Hijackthis.exe en monHJK.exe ( click droit --> renommer )
Double clique après sur cet executable et choisis l'option Do a system scan and save a logfile.
Tu postes alors le rapport Hijackthis.
A+
Télécharge et installe HijackThis .
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
Choisir « Download Hijackthis Installer ».
Double-clique sdessus pour l'installer.
Vas dans le répertoire d'installation d'Hijackthis.
C:\Program Files\Trend Micro\HijackThis\
Renomme Hijackthis.exe en monHJK.exe ( click droit --> renommer )
Double clique après sur cet executable et choisis l'option Do a system scan and save a logfile.
Tu postes alors le rapport Hijackthis.
A+
télechargez ici https://www.clubic.com/telecharger-fiche17891-hijackthis.html
Lancez HijackThis en double cliquant sur son icône puis cliquez sur le bouton do a system scan and save a logfile
Le rapport est retranscrit aussitôt apres le scan dans une fenêtre de type Bloc-notes
il vous suffit de realiser un copier/coller et de le poster dans le forum
puis Télécharge combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
clique combofix.exe.
touche 1 (Yes) pour démarrer le scan.
une fois fini un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
Le rapport se trouve également ici : C:\Combofix.txt
Déconnecte toi d'internet ferme les fenêtres de tous les programmes en cours.et provisoirement
arrete les anti virus et autres protection pendand l'analyse
Pendant la durée de l'analyse ne te sert pas de ton pc
une fois l'analyse terminé ,remet toute tes protections antivirus et antispywares
Lancez HijackThis en double cliquant sur son icône puis cliquez sur le bouton do a system scan and save a logfile
Le rapport est retranscrit aussitôt apres le scan dans une fenêtre de type Bloc-notes
il vous suffit de realiser un copier/coller et de le poster dans le forum
puis Télécharge combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
clique combofix.exe.
touche 1 (Yes) pour démarrer le scan.
une fois fini un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
Le rapport se trouve également ici : C:\Combofix.txt
Déconnecte toi d'internet ferme les fenêtres de tous les programmes en cours.et provisoirement
arrete les anti virus et autres protection pendand l'analyse
Pendant la durée de l'analyse ne te sert pas de ton pc
une fois l'analyse terminé ,remet toute tes protections antivirus et antispywares
Je vois que deux logiciels de désinfection sont présents sur ton PC., MalwareBytes et SDFix.
Les as-tu passé dernièrement , en autre malwareBytes ?
A+
Les as-tu passé dernièrement , en autre malwareBytes ?
A+
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Malwerbytes, dès que je fais une analyse, au bout de 1 min ca bloque completement l'ordinateur, et sdfix ne trouve rien
OK tu peu me donner le 2eme rapport que je t'ai demander "combofix"
------------bonjour verni29 ------- pour MBAM on l'utilisera aprés "avec une mise a jour" je prefaire utilisé des outils plus spécifique avant, que MBAM n'efface certaine trace
------------bonjour verni29 ------- pour MBAM on l'utilisera aprés "avec une mise a jour" je prefaire utilisé des outils plus spécifique avant, que MBAM n'efface certaine trace
combofix me dit qu'il y a une erreur et qu'il faut que je reboot mon pc. Je le reboot et je reviens juste après !
a + verni29
nodapio je reviens dans 40 mn
si tu a un probleme avec combo
Télécharge Vundofix.exe (par Atribune) sur ton Bureau.
http://vundofix.atribune.org/
* Double-clique sur VundoFix.exe afin de le lancer.
* Clique sur le bouton Scan for Vundo.
* Lorsque le scan est complété, clique sur le bouton fix Vundo.
* Une invite de commande demandera si tu souhaites supprimer les fichiers, cliquer sur YES
* Après avoir cliqué "YES", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Une nouvelle invite de commande annoncera que le PC devrai s'éteindre ("shutdown"). Clique sur OK , puis laisse le redémarrer.
* Le contenu du rapport est situé dans C:\vundofix.txt,
Poste le rapport
nodapio je reviens dans 40 mn
si tu a un probleme avec combo
Télécharge Vundofix.exe (par Atribune) sur ton Bureau.
http://vundofix.atribune.org/
* Double-clique sur VundoFix.exe afin de le lancer.
* Clique sur le bouton Scan for Vundo.
* Lorsque le scan est complété, clique sur le bouton fix Vundo.
* Une invite de commande demandera si tu souhaites supprimer les fichiers, cliquer sur YES
* Après avoir cliqué "YES", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Une nouvelle invite de commande annoncera que le PC devrai s'éteindre ("shutdown"). Clique sur OK , puis laisse le redémarrer.
* Le contenu du rapport est situé dans C:\vundofix.txt,
Poste le rapport
voici mon rapport ComboFix:
ComboFix 08-11-19.08 - Lilian 2008-11-20 11:56:02.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1477 [GMT 1:00]
Lancé depuis: c:\documents and settings\Lilian\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\eoke.exe
c:\windows\system32\bhmpwity.ini
c:\windows\system32\bjwblroc.dll
c:\windows\system32\dbiwbs.dll
c:\windows\system32\drivers\fad.sys
c:\windows\system32\dygieyhb.dll
c:\windows\system32\efcYQJdD.dll
c:\windows\system32\gnmvkfyt.dll
c:\windows\system32\khfEXQhe.dll
c:\windows\system32\khfFVnnM.dll
c:\windows\system32\kynuubdr.dll
c:\windows\system32\lynsfg.dll
c:\windows\system32\mmqrfnvh.ini
c:\windows\SYSTEM32\mpYFNqss.ini
c:\windows\SYSTEM32\mpYFNqss.ini2
c:\windows\system32\nappxdmd.ini
c:\windows\system32\rqRJabCR.dll
c:\windows\system32\stcoevli.ini
c:\windows\system32\yayvVLBu.dll
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASC3550P
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-20 au 2008-11-20 ))))))))))))))))))))))))))))))))))))
.
2008-11-20 11:30 . 2008-11-20 11:30 <REP> d-------- c:\program files\Trend Micro
2008-11-20 11:08 . 2008-11-20 11:08 <REP> d-------- c:\documents and settings\Lilian\Application Data\SUPERAntiSpyware.com
2008-11-20 11:08 . 2008-11-20 11:08 <REP> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-20 10:27 . 2008-11-20 10:27 <REP> d-------- c:\windows\ERUNT
2008-11-19 17:18 . 2008-11-19 17:18 <REP> d-------- c:\documents and settings\Administrateur\Application Data\CA
2008-11-19 17:06 . 2008-11-19 17:06 <REP> d-------- C:\VundoFix Backups
2008-11-19 16:55 . 2008-10-22 16:10 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-11-19 16:55 . 2008-10-22 16:10 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2008-11-18 16:59 . 2008-11-20 11:10 <REP> d-------- c:\windows\SYSTEM32\CatRoot2
2008-11-18 16:42 . 2008-11-18 16:42 <REP> d-------- c:\windows\SYSTEM32\CatRoot_bak
2008-11-17 17:37 . 2008-11-20 11:57 103,936 --a------ c:\windows\SYSTEM32\yopkcqcb.dll
2008-11-16 17:15 . 2008-11-16 17:15 <REP> d-------- c:\documents and settings\Lilian\Application Data\Canneverbe_Limited
2008-11-16 12:22 . 2008-11-16 12:22 552 --a------ c:\windows\SYSTEM32\d3d8caps.dat
2008-11-15 17:31 . 2008-11-15 17:31 95 --a------ c:\windows\wininit.ini
2008-11-15 16:50 . 2008-11-19 17:58 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-14 16:56 . 2008-11-14 16:56 <REP> d-------- c:\documents and settings\Administrateur\Application Data\vlc
2008-11-14 16:56 . 2008-11-14 16:56 <REP> d-------- c:\documents and settings\Administrateur\Application Data\dvdcss
2008-11-14 16:41 . 2008-11-14 16:41 1,544,786 ---hs---- c:\windows\SYSTEM32\kwwgxuxb.tmp
2008-11-11 16:12 . 2008-11-11 16:12 <REP> d-------- c:\documents and settings\All Users\Application Data\Trymedia
2008-11-11 16:10 . 2008-11-11 16:11 <REP> d-------- C:\Downloads
2008-11-11 15:01 . 2008-11-11 15:01 <REP> d-------- c:\documents and settings\Lilian\Application Data\Kaspersky_Key_Finder_(KKF
2008-11-11 13:59 . 2008-11-11 14:56 <REP> d-------- c:\documents and settings\Lilian\Application Data\vlc
2008-11-11 10:00 . 2008-11-19 17:41 762 --a------ c:\windows\SYSTEM32\%LocalXml%
2008-11-10 18:00 . 2008-11-20 12:05 <REP> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-10 18:00 . 2008-11-20 12:03 4,451,360 --ahs---- c:\windows\SYSTEM32\DRIVERS\fidbox.dat
2008-11-10 18:00 . 2008-11-20 12:03 827,424 --ahs---- c:\windows\SYSTEM32\DRIVERS\fidbox2.dat
2008-11-10 18:00 . 2008-11-10 18:08 96,976 --a------ c:\windows\SYSTEM32\DRIVERS\klin.dat
2008-11-10 18:00 . 2008-11-10 18:00 87,855 --a------ c:\windows\SYSTEM32\DRIVERS\klick.dat
2008-11-10 18:00 . 2008-11-20 12:03 36,904 --ahs---- c:\windows\SYSTEM32\DRIVERS\fidbox.idx
2008-11-10 18:00 . 2008-11-20 12:03 4,956 --ahs---- c:\windows\SYSTEM32\DRIVERS\fidbox2.idx
2008-11-10 17:50 . 2008-11-10 17:50 <REP> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-11-09 19:18 . 2008-11-11 15:30 <REP> d-------- c:\program files\Kaspersky Lab
2008-11-09 16:09 . 2008-11-09 16:09 <REP> d-------- c:\documents and settings\All Users\Application Data\SRS Labs
2008-11-09 16:09 . 2007-07-26 09:25 47,360 -ra------ c:\windows\SYSTEM32\DRIVERS\Surroundhp_kern_i386.sys
2008-11-09 16:09 . 2007-07-26 09:25 47,104 -ra------ c:\windows\SYSTEM32\DRIVERS\tshd4_kern_i386.sys
2008-11-09 16:09 . 2007-07-26 09:25 42,112 -ra------ c:\windows\SYSTEM32\DRIVERS\csiidecoder_kern_i386.sys
2008-11-09 16:09 . 2007-07-26 09:25 39,808 -ra------ c:\windows\SYSTEM32\DRIVERS\SRS_SSCFilter_i386.sys
2008-11-09 16:09 . 2007-07-26 09:25 32,000 -ra------ c:\windows\SYSTEM32\DRIVERS\wowhd_kern_i386.sys
2008-11-09 14:03 . 2008-11-09 14:03 870 --a------ c:\windows\Sandboxie.tmp-7372046
2008-11-08 16:52 . 2008-11-08 16:52 <REP> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2008-11-08 14:47 . 2008-11-08 14:46 410,976 --a------ c:\windows\SYSTEM32\deploytk.dll
2008-11-08 09:37 . 2008-11-08 15:58 <REP> d-------- c:\documents and settings\Lilian\Application Data\F-Secure
2008-11-08 09:33 . 2008-11-09 18:03 <REP> d-------- c:\documents and settings\All Users\Application Data\F-Secure
2008-11-08 09:32 . 2008-11-08 09:32 <REP> d-------- c:\program files\Orange
2008-11-08 09:32 . 2008-11-08 17:10 <REP> d-------- c:\documents and settings\All Users\Application Data\fssg
2008-11-07 17:25 . 2008-11-07 17:25 <REP> d-------- c:\windows\BDOSCAN8
2008-11-05 14:59 . 2008-11-07 17:34 <REP> d-------- c:\program files\Windows Live Safety Center
2008-11-04 14:08 . 2008-11-04 14:08 <REP> d-------- c:\program files\CCleaner
2008-10-28 11:15 . 2004-05-25 17:06 417,792 --a------ c:\windows\SYSTEM32\ac3filter.ax
2008-10-28 11:15 . 2005-02-27 21:48 356,352 --a------ c:\windows\SYSTEM32\RealMediaSplitter.ax
2008-10-28 11:15 . 2004-01-10 17:02 258,048 --a------ c:\windows\SYSTEM32\GplMpgDec.ax
2008-10-28 10:38 . 2008-10-28 10:38 <REP> d-------- c:\documents and settings\Lilian\Application Data\NCH Software
2008-10-28 10:38 . 2008-10-28 10:38 <REP> d-------- c:\documents and settings\All Users\Application Data\NCH Software
2008-10-24 15:00 . 2008-10-25 08:26 <REP> d-------- c:\program files\Conduit
2008-10-24 06:30 . 2008-10-15 17:35 337,408 --------- c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-20 10:18 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-11-15 09:18 --------- d-----w c:\documents and settings\Lilian\Application Data\dvdcss
2008-11-12 16:18 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-11 12:56 --------- d-----w c:\program files\VideoLAN
2008-11-09 19:52 --------- d-----w c:\program files\Photodex Presenter
2008-11-08 13:49 --------- d-----w c:\program files\Java
2008-11-05 13:26 --------- d-----w c:\documents and settings\Administrateur\Application Data\Apple Computer
2008-11-04 17:12 82,720 ----a-w c:\documents and settings\Lilian\Application Data\GDIPFONTCACHEV1.DAT
2008-10-28 14:10 --------- d-----w c:\program files\NCH Software
2008-10-22 08:32 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-18 16:09 --------- d-----w c:\documents and settings\Administrateur\Application Data\DivX
2008-10-18 15:33 --------- d-----w c:\documents and settings\Administrateur\Application Data\Malwarebytes
2008-10-18 15:16 --------- d-----w c:\documents and settings\Lilian\Application Data\Malwarebytes
2008-10-18 15:15 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-18 14:31 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-18 08:07 --------- d-----w c:\documents and settings\Administrateur\Application Data\TuneUp Software
2008-10-18 08:05 --------- d-----w c:\documents and settings\Administrateur\Application Data\Windows Search
2008-10-18 08:05 --------- d-----w c:\documents and settings\Administrateur\Application Data\Windows Desktop Search
2008-10-01 15:14 --------- d-----w c:\program files\Sun
2008-09-30 17:12 --------- d-----w c:\program files\Apple Software Update
2008-09-30 17:10 --------- d-----w c:\program files\iTunes
2008-09-30 17:10 --------- d-----w c:\program files\iPod
2008-09-30 17:10 --------- d-----w c:\program files\Bonjour
2008-09-30 17:10 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-30 17:08 --------- d-----w c:\program files\QuickTime
2008-09-30 17:08 --------- d-----w c:\program files\Fichiers communs\Apple
2008-09-28 16:49 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2008-09-28 14:51 --------- d-----w c:\documents and settings\Lilian\Application Data\TuneUp Software
2008-09-26 17:26 71,561 ----a-w c:\windows\unins000.exe
2008-09-21 16:43 --------- d-----w c:\program files\DivX
2008-05-29 12:56 88 --sh--r c:\documents and settings\All Users\Application Data\C89924A2D8.sys
2008-05-29 12:56 2,516 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2008-01-14 16:52 4 --sh--r c:\documents and settings\All Users\Application Data\sysqcl1129139270.dat
2007-04-02 14:48 1,818,274 ----a-w c:\windows\INF\SET7DB.tmp
1997-06-23 03:00 123,664 --sha-w c:\windows\SYSTEM32\Msjint35.dll
1997-06-23 12:06 24,848 --sha-w c:\windows\SYSTEM32\Msjter35.dll
1997-06-23 12:06 252,176 --sha-w c:\windows\SYSTEM32\Msrd2x35.dll
1997-06-23 12:06 287,504 --sha-w c:\windows\SYSTEM32\Msxbse35.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248]
"Malwarebytes' Anti-Malware"="e:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2008-10-22 399504]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 206088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\\WINDOWS\\system32\\logonui.exe"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Accélérateur de démarrage AutoCAD.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Accélérateur de démarrage AutoCAD.lnk
backup=c:\windows\pss\Accélérateur de démarrage AutoCAD.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Contrôleur de calendrier Ulead.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Contrôleur de calendrier Ulead.lnk
backup=c:\windows\pss\Contrôleur de calendrier Ulead.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Event Reminder.lnk]
backup=c:\windows\pss\Event Reminder.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 01:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 14:07 1289000 c:\program files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-10 16:40 289576 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Outlook]
-ra------ 2001-03-07 17:15 46496 c:\progra~1\MICROS~2\Office10\OUTLOOK.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-11-08 14:47 136600 c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"e:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Steam\\steamapps\\angeos\\condition zero\\hl.exe"=
"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"e:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5000:TCP"= 5000:TCP:AresChatServer
R0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [2004-05-07 251194]
R0 AFAmgt;AFAmgt;c:\windows\system32\drivers\AFAmgt.sys [2004-04-21 92411]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R2 MBAMService;MBAMService;"e:\program files\Malwarebytes' Anti-Malware\mbamservice.exe" [2008-11-19 170640]
R2 UxTuneUp;TuneUp Extension de thème;c:\windows\System32\svchost.exe -k netsvcs [2004-03-20 14336]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys [2008-11-19 15504]
S2 RAIDStorAgent;Agent RAID Storage Manager;c:\program files\Dell\RAID Storage Manager\StorServ.exe [2004-06-16 49152]
S3 Camdrv30;Philips ToUcam XS;c:\windows\system32\Drivers\camdrv30.sys [2006-12-31 171264]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-09-10 33752]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-03-02 13352]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-09-28 355584]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d6cbd00-7e0f-11db-a4b5-0011115a60f2}]
\Shell\AutoRun\command - CDCheck.exe
.
Contenu du dossier 'Tâches planifiées'
2008-11-07 c:\windows\Tasks\1-Click Maintenance.job
- e:\program files\TuneUp Utilities 2008\OneClick.exe [2008-06-20 08:23]
2008-11-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-11-20 c:\windows\Tasks\Maintenance en 1 clic.job
- e:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:23]
2008-11-19 c:\windows\Tasks\Malwarebytes' Scheduled Update for Lilian.job
- e:\program files\Malwarebytes' Anti-Malware\mbam.exe [2008-10-22 16:10]
2008-11-20 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{31e03870-78f4-4f12-bf79-f0b2a6f0e972} - (no file)
BHO-{7ddad1bf-444c-4791-b818-2daff6ab136e} - (no file)
BHO-{A851061E-516D-4D7E-A4F7-38BB9074C36E} - (no file)
BHO-{F83BDD45-8A03-4DB3-BA13-DA58078A9FD2} - (no file)
WebBrowser-{196C3A46-4758-433D-A600-802C804AF39C} - (no file)
HKLM-Run-b057b1f9 - c:\windows\system32\hvnfrqmm.dll
HKLM-Run-SDFix - e:\progra~1\SDFix\RunThis.bat
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\Lilian\Application Data\Mozilla\Firefox\Profiles\zb5ceydi.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF -: plugin - c:\documents and settings\Lilian\Application Data\Mozilla\Firefox\Profiles\zb5ceydi.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\np_gp.dll
FF -: plugin - c:\documents and settings\Lilian\Application Data\Mozilla\plugins\npPxPlay.dll
FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\mozilla firefox\plugins\np_gp.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\np_gp.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - e:\program files\DivX\DivX Player\npDivxPlayerPlugin.dll
FF -: plugin - e:\program files\DivX\DivX Web Player\npdivx32.dll
.
.
------- Associations de fichier -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-20 12:05:49
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\SYSTEM32\ati2evxx.exe
c:\windows\SYSTEM32\LEXBCES.EXE
c:\windows\SYSTEM32\LEXPPS.EXE
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\SYSTEM32\BAsfIpM.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\SYSTEM32\DRIVERS\CDANTSRV.EXE
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\[u]0/u\FTRTSVC.exe
c:\program files\Intel\Intel Application Accelerator\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SYSTEM32\HPZipm12.exe
c:\windows\SYSTEM32\searchindexer.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\OrangeHSS\Launcher\Launcher.exe
c:\windows\SYSTEM32\verclsid.exe
.
**************************************************************************
.
Heure de fin: 2008-11-20 12:08:25 - La machine a redémarré [Lilian]
ComboFix-quarantined-files.txt 2008-11-20 11:08:19
Avant-CF: 17,469,919,232 octets libres
Après-CF: 17,397,440,512 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn /TUTag=E6C7PO /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel (TuneUp Backup)" /fastdetect /NoExecute=OptIn /TUTag=E6C7PO-BAK
307 --- E O F --- 2008-11-10 15:28:39
ComboFix 08-11-19.08 - Lilian 2008-11-20 11:56:02.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1477 [GMT 1:00]
Lancé depuis: c:\documents and settings\Lilian\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\eoke.exe
c:\windows\system32\bhmpwity.ini
c:\windows\system32\bjwblroc.dll
c:\windows\system32\dbiwbs.dll
c:\windows\system32\drivers\fad.sys
c:\windows\system32\dygieyhb.dll
c:\windows\system32\efcYQJdD.dll
c:\windows\system32\gnmvkfyt.dll
c:\windows\system32\khfEXQhe.dll
c:\windows\system32\khfFVnnM.dll
c:\windows\system32\kynuubdr.dll
c:\windows\system32\lynsfg.dll
c:\windows\system32\mmqrfnvh.ini
c:\windows\SYSTEM32\mpYFNqss.ini
c:\windows\SYSTEM32\mpYFNqss.ini2
c:\windows\system32\nappxdmd.ini
c:\windows\system32\rqRJabCR.dll
c:\windows\system32\stcoevli.ini
c:\windows\system32\yayvVLBu.dll
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASC3550P
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-20 au 2008-11-20 ))))))))))))))))))))))))))))))))))))
.
2008-11-20 11:30 . 2008-11-20 11:30 <REP> d-------- c:\program files\Trend Micro
2008-11-20 11:08 . 2008-11-20 11:08 <REP> d-------- c:\documents and settings\Lilian\Application Data\SUPERAntiSpyware.com
2008-11-20 11:08 . 2008-11-20 11:08 <REP> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-20 10:27 . 2008-11-20 10:27 <REP> d-------- c:\windows\ERUNT
2008-11-19 17:18 . 2008-11-19 17:18 <REP> d-------- c:\documents and settings\Administrateur\Application Data\CA
2008-11-19 17:06 . 2008-11-19 17:06 <REP> d-------- C:\VundoFix Backups
2008-11-19 16:55 . 2008-10-22 16:10 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-11-19 16:55 . 2008-10-22 16:10 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2008-11-18 16:59 . 2008-11-20 11:10 <REP> d-------- c:\windows\SYSTEM32\CatRoot2
2008-11-18 16:42 . 2008-11-18 16:42 <REP> d-------- c:\windows\SYSTEM32\CatRoot_bak
2008-11-17 17:37 . 2008-11-20 11:57 103,936 --a------ c:\windows\SYSTEM32\yopkcqcb.dll
2008-11-16 17:15 . 2008-11-16 17:15 <REP> d-------- c:\documents and settings\Lilian\Application Data\Canneverbe_Limited
2008-11-16 12:22 . 2008-11-16 12:22 552 --a------ c:\windows\SYSTEM32\d3d8caps.dat
2008-11-15 17:31 . 2008-11-15 17:31 95 --a------ c:\windows\wininit.ini
2008-11-15 16:50 . 2008-11-19 17:58 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-14 16:56 . 2008-11-14 16:56 <REP> d-------- c:\documents and settings\Administrateur\Application Data\vlc
2008-11-14 16:56 . 2008-11-14 16:56 <REP> d-------- c:\documents and settings\Administrateur\Application Data\dvdcss
2008-11-14 16:41 . 2008-11-14 16:41 1,544,786 ---hs---- c:\windows\SYSTEM32\kwwgxuxb.tmp
2008-11-11 16:12 . 2008-11-11 16:12 <REP> d-------- c:\documents and settings\All Users\Application Data\Trymedia
2008-11-11 16:10 . 2008-11-11 16:11 <REP> d-------- C:\Downloads
2008-11-11 15:01 . 2008-11-11 15:01 <REP> d-------- c:\documents and settings\Lilian\Application Data\Kaspersky_Key_Finder_(KKF
2008-11-11 13:59 . 2008-11-11 14:56 <REP> d-------- c:\documents and settings\Lilian\Application Data\vlc
2008-11-11 10:00 . 2008-11-19 17:41 762 --a------ c:\windows\SYSTEM32\%LocalXml%
2008-11-10 18:00 . 2008-11-20 12:05 <REP> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-10 18:00 . 2008-11-20 12:03 4,451,360 --ahs---- c:\windows\SYSTEM32\DRIVERS\fidbox.dat
2008-11-10 18:00 . 2008-11-20 12:03 827,424 --ahs---- c:\windows\SYSTEM32\DRIVERS\fidbox2.dat
2008-11-10 18:00 . 2008-11-10 18:08 96,976 --a------ c:\windows\SYSTEM32\DRIVERS\klin.dat
2008-11-10 18:00 . 2008-11-10 18:00 87,855 --a------ c:\windows\SYSTEM32\DRIVERS\klick.dat
2008-11-10 18:00 . 2008-11-20 12:03 36,904 --ahs---- c:\windows\SYSTEM32\DRIVERS\fidbox.idx
2008-11-10 18:00 . 2008-11-20 12:03 4,956 --ahs---- c:\windows\SYSTEM32\DRIVERS\fidbox2.idx
2008-11-10 17:50 . 2008-11-10 17:50 <REP> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-11-09 19:18 . 2008-11-11 15:30 <REP> d-------- c:\program files\Kaspersky Lab
2008-11-09 16:09 . 2008-11-09 16:09 <REP> d-------- c:\documents and settings\All Users\Application Data\SRS Labs
2008-11-09 16:09 . 2007-07-26 09:25 47,360 -ra------ c:\windows\SYSTEM32\DRIVERS\Surroundhp_kern_i386.sys
2008-11-09 16:09 . 2007-07-26 09:25 47,104 -ra------ c:\windows\SYSTEM32\DRIVERS\tshd4_kern_i386.sys
2008-11-09 16:09 . 2007-07-26 09:25 42,112 -ra------ c:\windows\SYSTEM32\DRIVERS\csiidecoder_kern_i386.sys
2008-11-09 16:09 . 2007-07-26 09:25 39,808 -ra------ c:\windows\SYSTEM32\DRIVERS\SRS_SSCFilter_i386.sys
2008-11-09 16:09 . 2007-07-26 09:25 32,000 -ra------ c:\windows\SYSTEM32\DRIVERS\wowhd_kern_i386.sys
2008-11-09 14:03 . 2008-11-09 14:03 870 --a------ c:\windows\Sandboxie.tmp-7372046
2008-11-08 16:52 . 2008-11-08 16:52 <REP> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2008-11-08 14:47 . 2008-11-08 14:46 410,976 --a------ c:\windows\SYSTEM32\deploytk.dll
2008-11-08 09:37 . 2008-11-08 15:58 <REP> d-------- c:\documents and settings\Lilian\Application Data\F-Secure
2008-11-08 09:33 . 2008-11-09 18:03 <REP> d-------- c:\documents and settings\All Users\Application Data\F-Secure
2008-11-08 09:32 . 2008-11-08 09:32 <REP> d-------- c:\program files\Orange
2008-11-08 09:32 . 2008-11-08 17:10 <REP> d-------- c:\documents and settings\All Users\Application Data\fssg
2008-11-07 17:25 . 2008-11-07 17:25 <REP> d-------- c:\windows\BDOSCAN8
2008-11-05 14:59 . 2008-11-07 17:34 <REP> d-------- c:\program files\Windows Live Safety Center
2008-11-04 14:08 . 2008-11-04 14:08 <REP> d-------- c:\program files\CCleaner
2008-10-28 11:15 . 2004-05-25 17:06 417,792 --a------ c:\windows\SYSTEM32\ac3filter.ax
2008-10-28 11:15 . 2005-02-27 21:48 356,352 --a------ c:\windows\SYSTEM32\RealMediaSplitter.ax
2008-10-28 11:15 . 2004-01-10 17:02 258,048 --a------ c:\windows\SYSTEM32\GplMpgDec.ax
2008-10-28 10:38 . 2008-10-28 10:38 <REP> d-------- c:\documents and settings\Lilian\Application Data\NCH Software
2008-10-28 10:38 . 2008-10-28 10:38 <REP> d-------- c:\documents and settings\All Users\Application Data\NCH Software
2008-10-24 15:00 . 2008-10-25 08:26 <REP> d-------- c:\program files\Conduit
2008-10-24 06:30 . 2008-10-15 17:35 337,408 --------- c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-20 10:18 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-11-15 09:18 --------- d-----w c:\documents and settings\Lilian\Application Data\dvdcss
2008-11-12 16:18 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-11 12:56 --------- d-----w c:\program files\VideoLAN
2008-11-09 19:52 --------- d-----w c:\program files\Photodex Presenter
2008-11-08 13:49 --------- d-----w c:\program files\Java
2008-11-05 13:26 --------- d-----w c:\documents and settings\Administrateur\Application Data\Apple Computer
2008-11-04 17:12 82,720 ----a-w c:\documents and settings\Lilian\Application Data\GDIPFONTCACHEV1.DAT
2008-10-28 14:10 --------- d-----w c:\program files\NCH Software
2008-10-22 08:32 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-18 16:09 --------- d-----w c:\documents and settings\Administrateur\Application Data\DivX
2008-10-18 15:33 --------- d-----w c:\documents and settings\Administrateur\Application Data\Malwarebytes
2008-10-18 15:16 --------- d-----w c:\documents and settings\Lilian\Application Data\Malwarebytes
2008-10-18 15:15 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-18 14:31 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-18 08:07 --------- d-----w c:\documents and settings\Administrateur\Application Data\TuneUp Software
2008-10-18 08:05 --------- d-----w c:\documents and settings\Administrateur\Application Data\Windows Search
2008-10-18 08:05 --------- d-----w c:\documents and settings\Administrateur\Application Data\Windows Desktop Search
2008-10-01 15:14 --------- d-----w c:\program files\Sun
2008-09-30 17:12 --------- d-----w c:\program files\Apple Software Update
2008-09-30 17:10 --------- d-----w c:\program files\iTunes
2008-09-30 17:10 --------- d-----w c:\program files\iPod
2008-09-30 17:10 --------- d-----w c:\program files\Bonjour
2008-09-30 17:10 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-30 17:08 --------- d-----w c:\program files\QuickTime
2008-09-30 17:08 --------- d-----w c:\program files\Fichiers communs\Apple
2008-09-28 16:49 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2008-09-28 14:51 --------- d-----w c:\documents and settings\Lilian\Application Data\TuneUp Software
2008-09-26 17:26 71,561 ----a-w c:\windows\unins000.exe
2008-09-21 16:43 --------- d-----w c:\program files\DivX
2008-05-29 12:56 88 --sh--r c:\documents and settings\All Users\Application Data\C89924A2D8.sys
2008-05-29 12:56 2,516 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2008-01-14 16:52 4 --sh--r c:\documents and settings\All Users\Application Data\sysqcl1129139270.dat
2007-04-02 14:48 1,818,274 ----a-w c:\windows\INF\SET7DB.tmp
1997-06-23 03:00 123,664 --sha-w c:\windows\SYSTEM32\Msjint35.dll
1997-06-23 12:06 24,848 --sha-w c:\windows\SYSTEM32\Msjter35.dll
1997-06-23 12:06 252,176 --sha-w c:\windows\SYSTEM32\Msrd2x35.dll
1997-06-23 12:06 287,504 --sha-w c:\windows\SYSTEM32\Msxbse35.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248]
"Malwarebytes' Anti-Malware"="e:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2008-10-22 399504]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 206088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\\WINDOWS\\system32\\logonui.exe"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Accélérateur de démarrage AutoCAD.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Accélérateur de démarrage AutoCAD.lnk
backup=c:\windows\pss\Accélérateur de démarrage AutoCAD.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Contrôleur de calendrier Ulead.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Contrôleur de calendrier Ulead.lnk
backup=c:\windows\pss\Contrôleur de calendrier Ulead.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Event Reminder.lnk]
backup=c:\windows\pss\Event Reminder.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 01:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 14:07 1289000 c:\program files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-10 16:40 289576 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Outlook]
-ra------ 2001-03-07 17:15 46496 c:\progra~1\MICROS~2\Office10\OUTLOOK.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-11-08 14:47 136600 c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"e:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Steam\\steamapps\\angeos\\condition zero\\hl.exe"=
"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"e:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5000:TCP"= 5000:TCP:AresChatServer
R0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [2004-05-07 251194]
R0 AFAmgt;AFAmgt;c:\windows\system32\drivers\AFAmgt.sys [2004-04-21 92411]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R2 MBAMService;MBAMService;"e:\program files\Malwarebytes' Anti-Malware\mbamservice.exe" [2008-11-19 170640]
R2 UxTuneUp;TuneUp Extension de thème;c:\windows\System32\svchost.exe -k netsvcs [2004-03-20 14336]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys [2008-11-19 15504]
S2 RAIDStorAgent;Agent RAID Storage Manager;c:\program files\Dell\RAID Storage Manager\StorServ.exe [2004-06-16 49152]
S3 Camdrv30;Philips ToUcam XS;c:\windows\system32\Drivers\camdrv30.sys [2006-12-31 171264]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-09-10 33752]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-03-02 13352]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-09-28 355584]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d6cbd00-7e0f-11db-a4b5-0011115a60f2}]
\Shell\AutoRun\command - CDCheck.exe
.
Contenu du dossier 'Tâches planifiées'
2008-11-07 c:\windows\Tasks\1-Click Maintenance.job
- e:\program files\TuneUp Utilities 2008\OneClick.exe [2008-06-20 08:23]
2008-11-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-11-20 c:\windows\Tasks\Maintenance en 1 clic.job
- e:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:23]
2008-11-19 c:\windows\Tasks\Malwarebytes' Scheduled Update for Lilian.job
- e:\program files\Malwarebytes' Anti-Malware\mbam.exe [2008-10-22 16:10]
2008-11-20 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{31e03870-78f4-4f12-bf79-f0b2a6f0e972} - (no file)
BHO-{7ddad1bf-444c-4791-b818-2daff6ab136e} - (no file)
BHO-{A851061E-516D-4D7E-A4F7-38BB9074C36E} - (no file)
BHO-{F83BDD45-8A03-4DB3-BA13-DA58078A9FD2} - (no file)
WebBrowser-{196C3A46-4758-433D-A600-802C804AF39C} - (no file)
HKLM-Run-b057b1f9 - c:\windows\system32\hvnfrqmm.dll
HKLM-Run-SDFix - e:\progra~1\SDFix\RunThis.bat
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\Lilian\Application Data\Mozilla\Firefox\Profiles\zb5ceydi.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF -: plugin - c:\documents and settings\Lilian\Application Data\Mozilla\Firefox\Profiles\zb5ceydi.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\np_gp.dll
FF -: plugin - c:\documents and settings\Lilian\Application Data\Mozilla\plugins\npPxPlay.dll
FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\mozilla firefox\plugins\np_gp.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\np_gp.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - e:\program files\DivX\DivX Player\npDivxPlayerPlugin.dll
FF -: plugin - e:\program files\DivX\DivX Web Player\npdivx32.dll
.
.
------- Associations de fichier -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-20 12:05:49
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\SYSTEM32\ati2evxx.exe
c:\windows\SYSTEM32\LEXBCES.EXE
c:\windows\SYSTEM32\LEXPPS.EXE
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\SYSTEM32\BAsfIpM.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\SYSTEM32\DRIVERS\CDANTSRV.EXE
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\[u]0/u\FTRTSVC.exe
c:\program files\Intel\Intel Application Accelerator\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SYSTEM32\HPZipm12.exe
c:\windows\SYSTEM32\searchindexer.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\OrangeHSS\Launcher\Launcher.exe
c:\windows\SYSTEM32\verclsid.exe
.
**************************************************************************
.
Heure de fin: 2008-11-20 12:08:25 - La machine a redémarré [Lilian]
ComboFix-quarantined-files.txt 2008-11-20 11:08:19
Avant-CF: 17,469,919,232 octets libres
Après-CF: 17,397,440,512 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn /TUTag=E6C7PO /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel (TuneUp Backup)" /fastdetect /NoExecute=OptIn /TUTag=E6C7PO-BAK
307 --- E O F --- 2008-11-10 15:28:39
les suppressions bien correspondent a vundo tel que "yayvVLBu"
utilise Vundofix.exe tel que expliqué dans mon message 10
et essaye MBAM
si il ne fonctionne pas desinstalle le
et retelecharge https://www.clubic.com/telecharger-fiche215092-malwarebytes-anti-malware.html
important >>>>>>>Fait les mises à jour
puis en mode sans échec (f8 au demarrage)
Lance le ,en examen complet ,sur tous tes disques durs
Une fois le scan terminé, cliquez sur supprimer
poste les resultats
utilise Vundofix.exe tel que expliqué dans mon message 10
et essaye MBAM
si il ne fonctionne pas desinstalle le
et retelecharge https://www.clubic.com/telecharger-fiche215092-malwarebytes-anti-malware.html
important >>>>>>>Fait les mises à jour
puis en mode sans échec (f8 au demarrage)
Lance le ,en examen complet ,sur tous tes disques durs
Une fois le scan terminé, cliquez sur supprimer
poste les resultats
les suppressions bien correspondent a vundo tel que "yayvVLBu"
utilise Vundofix.exe tel que expliqué dans mon message 10
et essaye MBAM
si il ne fonctionne pas desinstalle le
et retelecharge https://www.clubic.com/telecharger-fiche215092-malwarebytes-anti-malware.html
important >>>>>>>Fait les mises à jour
puis en mode sans échec (f8 au demarrage)
Lance le ,en examen complet ,sur tous tes disques durs
Une fois le scan terminé, cliquez sur supprimer
poste les resultats
utilise Vundofix.exe tel que expliqué dans mon message 10
et essaye MBAM
si il ne fonctionne pas desinstalle le
et retelecharge https://www.clubic.com/telecharger-fiche215092-malwarebytes-anti-malware.html
important >>>>>>>Fait les mises à jour
puis en mode sans échec (f8 au demarrage)
Lance le ,en examen complet ,sur tous tes disques durs
Une fois le scan terminé, cliquez sur supprimer
poste les resultats
ok, pour le moment, je ne peut pas tout de suite mais je le ferai dans l'après midi.
Dès que possible je te poste les résultats.
Dès que possible je te poste les résultats.
Voici le rapport de Malwerbytes en sans échec:
Malwarebytes' Anti-Malware 1.30
Database version: 1414
Windows 5.1.2600 Service Pack 3
20/11/2008 16:53:46
mbam-log-2008-11-20 (16-53-46).txt
Scan type: Full Scan (C:\|E:\|)
Objects scanned: 146419
Time elapsed: 18 minute(s), 35 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 22
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\eoke.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\dbiwbs.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\dygieyhb.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\efcYQJdD.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\gnmvkfyt.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\khfEXQhe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\khfFVnnM.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\rqRJabCR.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\yayvVLBu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP1\A0001234.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP1\A0003236.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP1\A0003341.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP1\A0003347.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP5\A0004575.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP5\A0004597.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP5\A0004598.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP5\A0004599.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP5\A0004600.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP5\A0004601.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP5\A0004602.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP5\A0004608.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP5\A0004610.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.30
Database version: 1414
Windows 5.1.2600 Service Pack 3
20/11/2008 16:53:46
mbam-log-2008-11-20 (16-53-46).txt
Scan type: Full Scan (C:\|E:\|)
Objects scanned: 146419
Time elapsed: 18 minute(s), 35 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 22
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\eoke.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\dbiwbs.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\dygieyhb.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\efcYQJdD.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\gnmvkfyt.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\khfEXQhe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\khfFVnnM.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\rqRJabCR.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\yayvVLBu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP1\A0001234.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP1\A0003236.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP1\A0003341.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP1\A0003347.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP5\A0004575.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP5\A0004597.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP5\A0004598.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP5\A0004599.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP5\A0004600.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP5\A0004601.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP5\A0004602.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP5\A0004608.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP5\A0004610.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
J'avais utilisé Vundofix mais il n'avait rien trouvé.
Sinon, je n'est plus de pub !
Voici ci dessous le rapport Hijackthis mais, pour mon problème de windows update, cela ne s'est pas résolu....
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:16:29, on 20/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\vsnpstd3.exe
E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Trend Micro\HijackThis\monHJK.exe.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.dell.com/en-ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mappy.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://louison-dumont.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - E:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Agent RAID Storage Manager (RAIDStorAgent) - Dell - C:\Program Files\Dell\RAID Storage Manager\StorServ.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O24 - Desktop Component 0: Privacy Protection - (no file)
Sinon, je n'est plus de pub !
Voici ci dessous le rapport Hijackthis mais, pour mon problème de windows update, cela ne s'est pas résolu....
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:16:29, on 20/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\vsnpstd3.exe
E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Trend Micro\HijackThis\monHJK.exe.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.dell.com/en-ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mappy.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://louison-dumont.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - E:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Agent RAID Storage Manager (RAIDStorAgent) - Dell - C:\Program Files\Dell\RAID Storage Manager\StorServ.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O24 - Desktop Component 0: Privacy Protection - (no file)
pour update je sais pas
mais tu peu aller la http://www.microsoft.com/fr-fr/download/default.aspx
tu aura tes mises a jour
mais tu peu aller la http://www.microsoft.com/fr-fr/download/default.aspx
tu aura tes mises a jour
par contre je voudrais verifier autre chose
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
Voici le rapport Toolbar S&D:
-----------\\ ToolBar S&D 1.2.5 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A02
USER : Lilian ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Internet Security 8.0.0.454 (Activated)
Firewall : Kaspersky Internet Security 8.0.0.454 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:33 Go (Free:15 Go)
D:\ (CD or DVD)
E:\ (Local Disk) - NTFS - Total:232 Go (Free:212 Go)
"C:\ToolBar SD" ( MAJ : 20-11-2008|20:25 )
Option : [1] ( 20/11/2008|20:52 )
-----------\\ Recherche de Fichiers / Dossiers ...
C:\Program Files\Multi_Media_France
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\---Yahoo.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\01net.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\1px_dark.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\1px_green.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\1px_white.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\a.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\amazon.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\an.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\arrowB.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\arrowT.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\arrow_down.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\arrow_red.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\arrow_red2.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\arrow_up.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\autofill.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\avstate.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\b.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\background2.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\bgmeteo_results.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\bg_pub.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\bg_ttl.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\bn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\bottom.png
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\bottom_left.png
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\bottom_right.png
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\btn_close.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\btn_minus.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\btn_moreforecast.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\c.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\canalblog.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\cn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\COMBOSEARCH.acs
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\d.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\dictionary2.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\dn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\DownloadCOM.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\dropdown.css
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\ErrorPageTemplate.css
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\f.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_argentine.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_australia.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_brazil.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_canada.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_china.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_france.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_germany.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_greece.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_hongkong.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_india.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_indonesia.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_italy.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_japan.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_korea.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_mexico.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_netherlands.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_spain.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_sweeden.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_taiwan.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_uk.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_usa.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\fn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\g.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\gaming.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\gn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\gograph.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\graphred0.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\graphred0_5.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\graphred1.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\graphred1_5.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\graphred2.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\graphred2_5.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\graphred3.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\graphred3_5.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\graphred4.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\graphred4_5.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\graphred5.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\h.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\help.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\hideremove.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\highlight.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\hn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\h_aquarius.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\h_aries.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\h_cancer.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\h_capricorn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\h_gemini.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\h_leo.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\h_libra.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\h_pisces.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\h_sagittarius.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\h_scorpio.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\h_taurus.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\h_virgo.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\i.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\icotemp_placeholder.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\IEtab1_7d.zip
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\IEtab1_7d.zip19810953
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\in.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\ipsearch.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\j.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\jn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\k.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\kn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\l.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\left.png
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\ln.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\loading.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\login.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\logo.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\n.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\New York_NY_weather.txt
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\new02.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\NewCfg
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\news.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\news.html
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\nn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\o.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\on.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\p.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\pestscanimg.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\pixsy.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\pn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\popup_off.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\popup_on.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\popup_ona.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\p_yahoo.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\p_yahoo_fr.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\q.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\qn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\r.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\relatedlinks.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\report.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\right.png
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\rn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\rss.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\rss.xsl
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\rss1.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\rsslib.js
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\rssmenu1_7a.zip
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\s.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\search.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\search_fr.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\security.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\sinfo.txt
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\siteinfo.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\slider.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\sn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\spacer.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\stars-red1.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\stars-red2.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\stars-red3.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\stars-red4.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\stars-red5.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\storage.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\t.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\tablib.js
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\tabwelcome_en.html
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\tabwelcome_fr.html
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\tab_icon.png
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\technorati.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\thes_search.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\tn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\tools.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\top.png
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\top_left.png
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\top_right.png
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\translate.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\u.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\un.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\utf8.js
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\v.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\vmlib.js
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\vmntoolbartb1501.cfg
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\vn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\w.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\web.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\web_fr.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\wikipedia.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\wn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\x.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\xp_close_small.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\yahoo.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\yahoo_search.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\YouTube.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\z.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\zn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\zoom.bmp
C:\WINDOWS\iun6002.exe
-----------\\ Extensions
(Lilian) - {15756614-ffb8-498b-b961-bce537ea94fe} => locallink
(Lilian) - {36C13C8F-54F1-412e-8177-2E411719162D} => chrome
(Lilian) - {73a6fe31-595d-460b-a920-fcc0f8843232} => noscript
(Lilian) - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} => adblockplus
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.dell.com/en-ca"
--------------------\\ Recherche d'autres infections
C:\WINDOWS\system32\mpYFNqss.ini
C:\WINDOWS\system32\mpYFNqss.ini2
[b]==> VUNDO <==/b
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\Lilian\Application Data\Microsoft\Office\Fichiers récents\crack kaspersky internet security 2006 v 6 0 keygen(2).lnk
C:\DOCUME~1\Lilian\Application Data\Microsoft\Office\Fichiers récents\crack kaspersky internet security 2006 v 6 0 keygen.lnk
1 - "C:\ToolBar SD\TB_1.txt" - 20/11/2008|20:53 - Option : [1]
-----------\\ Fin du rapport a 20:53:47.09
-----------\\ ToolBar S&D 1.2.5 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A02
USER : Lilian ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Internet Security 8.0.0.454 (Activated)
Firewall : Kaspersky Internet Security 8.0.0.454 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:33 Go (Free:15 Go)
D:\ (CD or DVD)
E:\ (Local Disk) - NTFS - Total:232 Go (Free:212 Go)
"C:\ToolBar SD" ( MAJ : 20-11-2008|20:25 )
Option : [1] ( 20/11/2008|20:52 )
-----------\\ Recherche de Fichiers / Dossiers ...
C:\Program Files\Multi_Media_France
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\---Yahoo.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\01net.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\1px_dark.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\1px_green.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\1px_white.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\a.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\amazon.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\an.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\arrowB.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\arrowT.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\arrow_down.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\arrow_red.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\arrow_red2.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\arrow_up.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\autofill.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\avstate.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\b.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\background2.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\bgmeteo_results.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\bg_pub.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\bg_ttl.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\bn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\bottom.png
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\bottom_left.png
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\bottom_right.png
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\btn_close.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\btn_minus.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\btn_moreforecast.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\c.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\canalblog.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\cn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\COMBOSEARCH.acs
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\d.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\dictionary2.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\dn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\DownloadCOM.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\dropdown.css
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\ErrorPageTemplate.css
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\f.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_argentine.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_australia.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_brazil.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_canada.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_china.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_france.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_germany.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_greece.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_hongkong.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_india.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_indonesia.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_italy.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_japan.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_korea.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_mexico.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_netherlands.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_spain.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_sweeden.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_taiwan.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_uk.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\flag_usa.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\fn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\g.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\gaming.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\gn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\gograph.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\graphred0.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\graphred0_5.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\graphred1.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\graphred1_5.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\graphred2.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\graphred2_5.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\graphred3.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\graphred3_5.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\graphred4.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\graphred4_5.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\graphred5.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\h.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\help.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\hideremove.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\highlight.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\hn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\h_aquarius.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\h_aries.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\h_cancer.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\h_capricorn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\h_gemini.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\h_leo.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\h_libra.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\h_pisces.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\h_sagittarius.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\h_scorpio.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\h_taurus.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\h_virgo.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\i.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\icotemp_placeholder.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\IEtab1_7d.zip
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\IEtab1_7d.zip19810953
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\in.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\ipsearch.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\j.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\jn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\k.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\kn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\l.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\left.png
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\ln.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\loading.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\login.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\logo.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\n.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\New York_NY_weather.txt
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\new02.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\NewCfg
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\news.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\news.html
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\nn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\o.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\on.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\p.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\pestscanimg.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\pixsy.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\pn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\popup_off.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\popup_on.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\popup_ona.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\p_yahoo.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\p_yahoo_fr.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\q.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\qn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\r.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\relatedlinks.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\report.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\right.png
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\rn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\rss.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\rss.xsl
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\rss1.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\rsslib.js
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\rssmenu1_7a.zip
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\s.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\search.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\search_fr.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\security.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\sinfo.txt
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\siteinfo.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\slider.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\sn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\spacer.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\stars-red1.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\stars-red2.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\stars-red3.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\stars-red4.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\stars-red5.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\storage.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\t.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\tablib.js
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\tabwelcome_en.html
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\tabwelcome_fr.html
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\tab_icon.png
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\technorati.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\thes_search.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\tn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\tools.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\top.png
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\top_left.png
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\top_right.png
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\translate.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\u.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\un.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\utf8.js
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\v.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\vmlib.js
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\vmntoolbartb1501.cfg
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\vn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\w.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\web.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\web_fr.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\wikipedia.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\wn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\x.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\xp_close_small.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\yahoo.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\yahoo_search.gif
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\YouTube.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\z.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\zn.bmp
C:\DOCUME~1\Lilian\APPLIC~1\VMNToolbar\zoom.bmp
C:\WINDOWS\iun6002.exe
-----------\\ Extensions
(Lilian) - {15756614-ffb8-498b-b961-bce537ea94fe} => locallink
(Lilian) - {36C13C8F-54F1-412e-8177-2E411719162D} => chrome
(Lilian) - {73a6fe31-595d-460b-a920-fcc0f8843232} => noscript
(Lilian) - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} => adblockplus
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.dell.com/en-ca"
--------------------\\ Recherche d'autres infections
C:\WINDOWS\system32\mpYFNqss.ini
C:\WINDOWS\system32\mpYFNqss.ini2
[b]==> VUNDO <==/b
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\Lilian\Application Data\Microsoft\Office\Fichiers récents\crack kaspersky internet security 2006 v 6 0 keygen(2).lnk
C:\DOCUME~1\Lilian\Application Data\Microsoft\Office\Fichiers récents\crack kaspersky internet security 2006 v 6 0 keygen.lnk
1 - "C:\ToolBar SD\TB_1.txt" - 20/11/2008|20:53 - Option : [1]
-----------\\ Fin du rapport a 20:53:47.09
