URGENT * Problemes de virus

wafaa25 -  
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   -
Bonjour,

J'ai fait plusieurs analises avec differents antivirus et antispyware mais le problemes persistes :

Le Bureau disparait sauf le fond d'ecran je ne peux plus utilerz mon ordinateur.
Ma connexion disparait. J'avais des spy tels : PchealthFraud et smitfraud ainsi ke virtumone
je crois les avoir enleves mais je n'en suis pas sure.

Svp Aidez Moi !
Merci D'avance.
Configuration: Windows Vista
Internet Explorer 7.0

26 réponses

  • 1
  • 2
  1. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    ---> Désactive l'UAC le temps de la désinfection :
    http://www.commentcamarche.net/faq/sujet 8343 vista desactiver l uac

    ---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    /!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

    ---> Double-clique sur Combofix.exe
    Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
    Accepte en cliquant sur "Oui"

    ---> Mets-le en langue française F
    Tape sur la touche 1 (Yes) pour démarrer le scan.

    /!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

    En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

    Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

    /!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

    Note : Le rapport se trouve également là : C:\ComboFix\Combofix.txt
    1
  2. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Ce n'est pas grave, le scan s'est bien déroulé.

    Tu ne dois avoir qu'un seul antivirus.
    1
  3. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    ---> Relance MBAM, va dans Quarantaine et supprime tout.

    ---> Télécharge CCleaner (N'installe pas la Yahoo Toolbar) :
    https://www.ccleaner.com/ccleaner/download

    ---> Lance-le. Va dans "Options" puis "Avancé", tu décoches la case "Effacer uniquement les fichiers etc...". Tu vas dans "Nettoyeur", tu fais "Analyse". Une fois terminé, tu lances le nettoyage. Puis tu vas dans "Registre", tu fais "Chercher des erreurs". Une fois terminé, tu répares toutes les erreurs sans sauvegarder la base de registre.
    1
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. wafaa25
     
    Ok Merci, Je vous poste le rapport dès que possible.
    0
  6. wafaa25
     
    Voila le rapport:

    Malwarebytes' Anti-Malware 1.28
    Version de la base de données: 1262
    Windows 6.0.6001 Service Pack 1

    2008-10-13 00:38:27
    mbam-log-2008-10-13 (00-38-27).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 121769
    Temps écoulé: 14 minute(s), 0 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 1
    Valeur(s) du Registre infectée(s): 51
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 10

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\CLSID\{903c377b-e501-4a35-a6b2-1e3994711ea1} (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{903c377b-e501-4a35-a6b2-1e3994711ea1} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur908b.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur9175.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur950e.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur9655.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yura64e.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yura728.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yuraad0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurac95.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3b1f.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3bf9.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3f92.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur4185.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur50b2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur520a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur55d1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur589e.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurd80a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur908b.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur9175.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur950e.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur9655.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yura64e.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yura728.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yuraad0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurac95.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3b1f.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3bf9.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3f92.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur4185.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur50b2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur520a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur55d1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur589e.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurd80a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur54a4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur537c.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur5b68.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur88ce.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur12b5.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur119c.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur11ac.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3ec4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yure925.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yure81c.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yure80d.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yureb76.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur6cd5.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Users\Ahmed\AppData\Local\Temp\nnnkLefd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Ahmed\AppData\Local\Temp\wvUMGWqq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Windows\System32\byXRlJdc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Ahmed\AppData\Local\Temp\fccyvTMC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Ahmed\AppData\Local\Temp\tmp0000f0f2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Ahmed\AppData\Local\Temp\tmp000164ab (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Ahmed\AppData\Local\Temp\vtUlIbxV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Ahmed\AppData\Local\Temp\wvUkIXpM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Ahmed\AppData\Local\Temp\yayxussQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Windows\System32\khfGvssQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    0
  7. wafaa25
     
    Voila le rapport:

    Malwarebytes' Anti-Malware 1.28
    Version de la base de données: 1262
    Windows 6.0.6001 Service Pack 1

    2008-10-13 00:38:27
    mbam-log-2008-10-13 (00-38-27).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 121769
    Temps écoulé: 14 minute(s), 0 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 1
    Valeur(s) du Registre infectée(s): 51
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 10

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\CLSID\{903c377b-e501-4a35-a6b2-1e3994711ea1} (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{903c377b-e501-4a35-a6b2-1e3994711ea1} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur908b.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur9175.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur950e.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur9655.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yura64e.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yura728.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yuraad0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurac95.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3b1f.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3bf9.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3f92.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur4185.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur50b2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur520a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur55d1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur589e.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurd80a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur908b.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur9175.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur950e.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur9655.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yura64e.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yura728.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yuraad0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurac95.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3b1f.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3bf9.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3f92.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur4185.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur50b2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur520a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur55d1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur589e.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurd80a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur54a4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur537c.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur5b68.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur88ce.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur12b5.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur119c.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur11ac.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3ec4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yure925.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yure81c.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yure80d.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yureb76.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur6cd5.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Users\Ahmed\AppData\Local\Temp\nnnkLefd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Ahmed\AppData\Local\Temp\wvUMGWqq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Windows\System32\byXRlJdc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Ahmed\AppData\Local\Temp\fccyvTMC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Ahmed\AppData\Local\Temp\tmp0000f0f2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Ahmed\AppData\Local\Temp\tmp000164ab (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Ahmed\AppData\Local\Temp\vtUlIbxV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Ahmed\AppData\Local\Temp\wvUkIXpM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Ahmed\AppData\Local\Temp\yayxussQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Windows\System32\khfGvssQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    0
  8. wafaa25
     
    ComboFix 08-10-11.04 - Ahmed 2008-10-13 1:39:34.1 - NTFSx86 NETWORK
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2631 [GMT -4:00]
    Lancé depuis: E:\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\PROGRA~2\Microsoft\Network\Downloader\qmgr0.dat
    C:\PROGRA~2\Microsoft\Network\Downloader\qmgr1.dat

    ----- BITS: Il y a peut-être des sites infectés -----

    hxxp://78.157.143.163
    hxxp://78.157.143.198
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-13 au 2008-10-13 ))))))))))))))))))))))))))))))))))))
    .

    Pas de nouveau fichier créé dans ce laps de temps

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-14 01:19 429,615,523 ----a-w C:\Windows\DUMP361c.tmp
    2008-10-13 23:41 --------- d-----w C:\Program Files\Panda Security
    2008-10-13 23:00 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy
    2008-10-13 05:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-10-13 05:20 --------- d-----w C:\PROGRA~2\Symantec
    2008-10-13 05:18 53,192 ----a-w C:\Windows\system32\drivers\rp_skt32.sys
    2008-10-13 05:18 --------- d-----w C:\Program Files\Raxco
    2008-10-13 05:18 --------- d-----w C:\PROGRA~2\Raxco
    2008-10-13 05:16 --------- d-----w C:\Users\Ahmed\AppData\Roaming\Bell
    2008-10-13 05:10 --------- d-----w C:\Program Files\Common Files\Scanner
    2008-10-13 05:08 --------- d-----w C:\Program Files\Symantec
    2008-10-13 04:18 --------- d-----w C:\Users\Ahmed\AppData\Roaming\Malwarebytes
    2008-10-13 04:18 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-13 04:17 --------- d-----w C:\PROGRA~2\Malwarebytes
    2008-10-13 04:15 --------- d-----w C:\Program Files\Personal Vault
    2008-10-13 04:12 --------- d-----w C:\Program Files\Common Files\Authentium
    2008-10-13 04:12 --------- d-----w C:\Program Files\CA
    2008-10-13 04:11 --------- d-----w C:\Program Files\Bell
    2008-10-13 04:11 --------- d-----w C:\PROGRA~2\Bell
    2008-10-13 04:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-10-08 00:40 --------- d-----w C:\PROGRA~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-09-27 12:37 --------- d-----w C:\PROGRA~2\Microsoft Help
    2008-09-25 01:07 --------- d-----w C:\Program Files\MSBuild
    2008-09-25 01:01 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
    2008-09-18 01:27 --------- d-----w C:\PROGRA~2\Messenger Plus!
    2008-09-17 21:35 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-09-17 01:25 --------- d-----w C:\PROGRA~2\WEBREG
    2008-09-17 01:23 --------- d-----w C:\PROGRA~2\HP
    2008-09-17 01:22 --------- d-----w C:\PROGRA~2\Hewlett-Packard
    2008-09-16 16:01 --------- d-----w C:\Program Files\7-Zip
    2008-09-15 21:07 --------- d-----w C:\Users\Ahmed\AppData\Roaming\PeerNetworking
    2008-09-15 18:39 --------- d-----w C:\Users\Ahmed\AppData\Roaming\Ulead Systems
    2008-09-15 18:32 --------- d-----w C:\PROGRA~2\HPSSUPPLY
    2008-09-15 18:03 --------- d-----w C:\Users\Ahmed\AppData\Roaming\Symantec
    2008-09-13 21:12 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
    2008-09-13 21:12 --------- d-----w C:\Program Files\Windows Live
    2008-09-13 21:00 --------- d-----w C:\PROGRA~2\WLInstaller
    2008-09-13 20:18 --------- d-----w C:\Program Files\HP
    2008-09-10 04:04 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
    2008-09-10 04:03 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys
    2008-09-03 01:20 --------- d-----w C:\Users\Ahmed\AppData\Roaming\HP
    2008-08-31 19:56 --------- d-----w C:\Program Files\Common Files\HP
    2008-08-31 19:54 --------- d-----w C:\PROGRA~2\HP Product Assistant
    2008-08-31 19:34 --------- d-----w C:\Program Files\Windows Mail
    2008-08-31 18:51 --------- d-----w C:\Program Files\TOSHIBA
    2008-08-31 18:49 --------- d-----w C:\Program Files\InterVideo
    2008-08-31 18:49 --------- d-----w C:\Program Files\Common Files\InstallShield
    2008-08-31 18:49 --------- d-----w C:\Program Files\Camera Assistant Software for Toshiba
    2008-08-31 18:48 --------- d-----w C:\Program Files\Windows Media Components
    2008-08-31 18:48 --------- d-----w C:\Program Files\Common Files\Ulead Systems
    2008-08-31 18:48 --------- d-----w C:\PROGRA~2\Ulead Systems
    2008-08-31 18:45 --------- d-----w C:\Program Files\Ulead Systems
    2008-08-31 18:45 --------- d-----w C:\Program Files\Common Files\Toshiba Shared
    2008-08-31 18:44 --------- d-----w C:\Users\Ahmed\AppData\Roaming\InstallShield
    2008-08-31 18:44 --------- d-----w C:\PROGRA~2\Toshiba
    2008-08-31 18:43 --------- d-----w C:\Users\Ahmed\AppData\Roaming\toshiba
    2008-08-31 18:26 --------- d-----w C:\Program Files\ltmoh
    2008-08-31 18:25 319,456 ----a-w C:\Windows\DIFxAPI.dll
    2008-08-31 18:25 315,392 ----a-w C:\Windows\HideWin.exe
    2008-08-31 18:25 --------- d-----w C:\Program Files\Realtek
    2008-08-31 18:23 --------- d-----w C:\Program Files\MSXML 4.0
    2008-08-31 18:19 --------- d-sh--w C:\Program Files\Fichiers communs
    2008-08-31 18:19 --------- d-sh--w C:\PROGRA~2\Modèles
    2008-08-31 18:19 --------- d-sh--w C:\PROGRA~2\Menu Démarrer
    2008-08-31 18:19 --------- d-sh--w C:\PROGRA~2\Favoris
    2008-08-31 18:19 --------- d-sh--w C:\PROGRA~2\Bureau
    2008-08-31 07:17 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
    2008-08-31 07:16 0 --sha-r C:\Windows\system32\drivers\1179_TOSHIBA_Satellite L300_S3A6550D003FR_PSLB0C-07P08C.MRK
    2008-08-31 07:16 --------- d-----w C:\Program Files\Synaptics
    2008-08-31 07:12 --------- d-----w C:\Program Files\Toshiba Registration
    2008-08-31 07:12 --------- d-----w C:\Program Files\OnlinePlay
    2008-08-31 07:10 --------- d-----w C:\Program Files\Intel
    2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
    2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
    2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
    2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
    2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
    2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
    2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
    2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
    2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
    2008-07-19 02:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
    2008-07-19 00:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
    2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
    2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-20 1233920]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-20 125952]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-20 202240]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "IndexCleaner"="C:\Program Files\Bell\Gestionnaire de securite\IdxClnR.exe" [2008-03-10 61168]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-17 1295656]
    "LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
    "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-04 141848]
    "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-04 154136]
    "Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-04 129560]
    "TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
    "SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
    "00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
    "Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-25 413696]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
    "hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 81920]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
    "SSA.exe"="C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" [2007-03-27 2061816]
    "Gestionnaire de sécurité Sympatico"="C:\Program Files\Bell\Gestionnaire de securite\Rps.exe" [2008-03-10 311024]
    "-FreedomNeedsReboot"="C:\Program Files\Bell\Gestionnaire de securite\ZkRunOnceR.exe" [2008-03-10 13552]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 C:\Windows\RtHDVCpl.exe]
    "Skytel"="Skytel.exe" [2007-11-20 C:\Windows\SkyTel.exe]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "GrpConv"="grpconv -o" [X]

    C:\Users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

    C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2008-03-25 214360]

    C:\Users\Ahmed\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDesktopCleanupWizard"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{C9A7BE34-11F9-4911-B653-BE5BFA01D672}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{6BF90F67-69DC-4865-A521-E46928F765DC}"= C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
    "{861743D1-C586-45E7-952C-D3570710F739}"= C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
    "{BB92CF70-8B27-4E74-8CA2-F3206AEDD0B4}"= C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
    "{88CE4D42-987A-47C9-A8FA-E97B89906FE3}"= C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe
    "{FDCB335F-04A1-48E7-9BC4-41272899F22C}"= C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe
    "{4751C0F8-BF2B-4CD6-AB2E-A9D1B7EFBECA}"= C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe
    "{1BF9C2DB-ED3A-4703-B24F-600724FC21F5}"= C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:hpqpse.exe
    "{05B5AC32-2594-4417-8413-5C3B9ED013E4}"= C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:hpqgplgtupl.exe
    "{7468CD7C-55ED-4462-B30E-A37FA0FF07C6}"= C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:hpqgpc01.exe
    "{193DCE5F-CB03-4284-A0AB-E132F6EFDE3E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{A81A0C77-B630-46B8-A7E7-69DDA5E6A3C6}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
    "{BB5616DB-BF3E-4549-818D-93C36C044B2B}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
    "{A46F74A5-47C1-46A1-9B74-0A963F81CE38}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{A53DF8D2-F916-48E1-96AC-6C498DF3B56F}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{869D67BA-8608-4C02-BE01-A455F20C01BF}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{953BCFBE-3F96-40E8-818A-49FADE9B0CDC}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "DoNotAllowExceptions"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

    R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
    R3 RTSTOR;Realtek USB 2.0 Card Reader;C:\Windows\system32\drivers\RTSTOR.SYS [2008-06-23 62464]
    S0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 28544]
    S2 ConfigFree Service;ConfigFree Service;C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
    S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
    S2 VaultClientUpgrade;Personal Vault Upgrade Service;C:\Program Files\Personal Vault\VaultClientUpgrade.exe [2008-03-07 53248]
    S3 Radialpoint Security Services;Gestionnaire de sécurité Sympatico;C:\Program Files\Bell\Gestionnaire de securite\RpsSecurityAware.exe [2008-03-10 67824]
    S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
    S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    *Newly Created Service* - CATCHME
    *Newly Created Service* - ECACHE
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
    HKLM-RunOnce-<NO NAME> - (no file)

    .
    ------- Examen supplémentaire -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://www.google.ca/
    O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-13 01:42:17
    Windows 6.0.6001 Service Pack 1 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    Heure de fin: 2008-10-13 1:43:28
    ComboFix-quarantined-files.txt 2008-10-13 05:43:26

    Avant-CF: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
    Après-CF: 185,813,164,032 octets libres

    222 --- E O F --- 2008-10-12 17:50:23
    0
  9. wafaa25
     
    Oups j'ai oublier de desactiver L'uac de vista :s....
    0
  10. wafaa25
     
    Norton 360 mais je l'ai desactiver pour mettre le gestionnaire de securite de sympatico
    0
  11. wafaa25
     
    mais comme je disais je n'ai pas enlevé l'UAC. C'est p-e à cause de ca que ca a pas marcher.Pcq pendant ca me disais que j'était l'administrateur
    0
  12. wafaa25
     
    jE L'AI REFAIT AU CAS VOILA
    ComboFix 08-10-11.04 - Ahmed 2008-10-13 2:11:04.1 - NTFSx86 NETWORK
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2630 [GMT -4:00]
    Lancé depuis: C:\Users\Ahmed\ComboFix.exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-13 au 2008-10-13 ))))))))))))))))))))))))))))))))))))
    .

    Pas de nouveau fichier créé dans ce laps de temps

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-14 01:19 429,615,523 ----a-w C:\Windows\DUMP361c.tmp
    2008-10-13 23:41 --------- d-----w C:\Program Files\Panda Security
    2008-10-13 23:00 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy
    2008-10-13 06:02 2,939,265 ----a-r C:\Users\Ahmed\ComboFix.exe
    2008-10-13 05:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-10-13 05:20 --------- d-----w C:\PROGRA~2\Symantec
    2008-10-13 05:18 53,192 ----a-w C:\Windows\system32\drivers\rp_skt32.sys
    2008-10-13 05:18 --------- d-----w C:\Program Files\Raxco
    2008-10-13 05:18 --------- d-----w C:\PROGRA~2\Raxco
    2008-10-13 05:16 --------- d-----w C:\Users\Ahmed\AppData\Roaming\Bell
    2008-10-13 05:10 --------- d-----w C:\Program Files\Common Files\Scanner
    2008-10-13 05:08 --------- d-----w C:\Program Files\Symantec
    2008-10-13 04:18 --------- d-----w C:\Users\Ahmed\AppData\Roaming\Malwarebytes
    2008-10-13 04:18 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-13 04:17 --------- d-----w C:\PROGRA~2\Malwarebytes
    2008-10-13 04:15 --------- d-----w C:\Program Files\Personal Vault
    2008-10-13 04:12 --------- d-----w C:\Program Files\Common Files\Authentium
    2008-10-13 04:12 --------- d-----w C:\Program Files\CA
    2008-10-13 04:11 --------- d-----w C:\Program Files\Bell
    2008-10-13 04:11 --------- d-----w C:\PROGRA~2\Bell
    2008-10-13 04:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-10-08 00:40 --------- d-----w C:\PROGRA~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-09-27 12:37 --------- d-----w C:\PROGRA~2\Microsoft Help
    2008-09-25 01:07 --------- d-----w C:\Program Files\MSBuild
    2008-09-25 01:01 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
    2008-09-18 01:27 --------- d-----w C:\PROGRA~2\Messenger Plus!
    2008-09-17 21:35 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-09-17 01:25 --------- d-----w C:\PROGRA~2\WEBREG
    2008-09-17 01:23 --------- d-----w C:\PROGRA~2\HP
    2008-09-17 01:22 --------- d-----w C:\PROGRA~2\Hewlett-Packard
    2008-09-16 16:01 --------- d-----w C:\Program Files\7-Zip
    2008-09-15 21:07 --------- d-----w C:\Users\Ahmed\AppData\Roaming\PeerNetworking
    2008-09-15 18:39 --------- d-----w C:\Users\Ahmed\AppData\Roaming\Ulead Systems
    2008-09-15 18:32 --------- d-----w C:\PROGRA~2\HPSSUPPLY
    2008-09-15 18:03 --------- d-----w C:\Users\Ahmed\AppData\Roaming\Symantec
    2008-09-13 21:12 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
    2008-09-13 21:12 --------- d-----w C:\Program Files\Windows Live
    2008-09-13 21:00 --------- d-----w C:\PROGRA~2\WLInstaller
    2008-09-13 20:18 --------- d-----w C:\Program Files\HP
    2008-09-10 04:04 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
    2008-09-10 04:03 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys
    2008-09-03 01:20 --------- d-----w C:\Users\Ahmed\AppData\Roaming\HP
    2008-08-31 19:56 --------- d-----w C:\Program Files\Common Files\HP
    2008-08-31 19:54 --------- d-----w C:\PROGRA~2\HP Product Assistant
    2008-08-31 19:34 --------- d-----w C:\Program Files\Windows Mail
    2008-08-31 18:51 --------- d-----w C:\Program Files\TOSHIBA
    2008-08-31 18:49 --------- d-----w C:\Program Files\InterVideo
    2008-08-31 18:49 --------- d-----w C:\Program Files\Common Files\InstallShield
    2008-08-31 18:49 --------- d-----w C:\Program Files\Camera Assistant Software for Toshiba
    2008-08-31 18:48 --------- d-----w C:\Program Files\Windows Media Components
    2008-08-31 18:48 --------- d-----w C:\Program Files\Common Files\Ulead Systems
    2008-08-31 18:48 --------- d-----w C:\PROGRA~2\Ulead Systems
    2008-08-31 18:45 --------- d-----w C:\Program Files\Ulead Systems
    2008-08-31 18:45 --------- d-----w C:\Program Files\Common Files\Toshiba Shared
    2008-08-31 18:44 --------- d-----w C:\Users\Ahmed\AppData\Roaming\InstallShield
    2008-08-31 18:44 --------- d-----w C:\PROGRA~2\Toshiba
    2008-08-31 18:43 --------- d-----w C:\Users\Ahmed\AppData\Roaming\toshiba
    2008-08-31 18:26 --------- d-----w C:\Program Files\ltmoh
    2008-08-31 18:25 319,456 ----a-w C:\Windows\DIFxAPI.dll
    2008-08-31 18:25 315,392 ----a-w C:\Windows\HideWin.exe
    2008-08-31 18:25 --------- d-----w C:\Program Files\Realtek
    2008-08-31 18:23 --------- d-----w C:\Program Files\MSXML 4.0
    2008-08-31 18:19 --------- d-sh--w C:\Program Files\Fichiers communs
    2008-08-31 18:19 --------- d-sh--w C:\PROGRA~2\Modèles
    2008-08-31 18:19 --------- d-sh--w C:\PROGRA~2\Menu Démarrer
    2008-08-31 18:19 --------- d-sh--w C:\PROGRA~2\Favoris
    2008-08-31 18:19 --------- d-sh--w C:\PROGRA~2\Bureau
    2008-08-31 07:17 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
    2008-08-31 07:16 0 --sha-r C:\Windows\system32\drivers\1179_TOSHIBA_Satellite L300_S3A6550D003FR_PSLB0C-07P08C.MRK
    2008-08-31 07:16 --------- d-----w C:\Program Files\Synaptics
    2008-08-31 07:12 --------- d-----w C:\Program Files\Toshiba Registration
    2008-08-31 07:12 --------- d-----w C:\Program Files\OnlinePlay
    2008-08-31 07:10 --------- d-----w C:\Program Files\Intel
    2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
    2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
    2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
    2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
    2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
    2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
    2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
    2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
    2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
    2008-07-19 02:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
    2008-07-19 00:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
    2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
    2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-20 1233920]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-20 125952]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-20 202240]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "IndexCleaner"="C:\Program Files\Bell\Gestionnaire de securite\IdxClnR.exe" [2008-03-10 61168]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-17 1295656]
    "LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
    "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-04 141848]
    "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-04 154136]
    "Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-04 129560]
    "TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
    "SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
    "00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
    "Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-25 413696]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
    "hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 81920]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
    "SSA.exe"="C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" [2007-03-27 2061816]
    "Gestionnaire de sécurité Sympatico"="C:\Program Files\Bell\Gestionnaire de securite\Rps.exe" [2008-03-10 311024]
    "-FreedomNeedsReboot"="C:\Program Files\Bell\Gestionnaire de securite\ZkRunOnceR.exe" [2008-03-10 13552]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 C:\Windows\RtHDVCpl.exe]
    "Skytel"="Skytel.exe" [2007-11-20 C:\Windows\SkyTel.exe]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "GrpConv"="grpconv -o" [X]

    C:\Users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

    C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2008-03-25 214360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDesktopCleanupWizard"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{C9A7BE34-11F9-4911-B653-BE5BFA01D672}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{6BF90F67-69DC-4865-A521-E46928F765DC}"= C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
    "{861743D1-C586-45E7-952C-D3570710F739}"= C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
    "{BB92CF70-8B27-4E74-8CA2-F3206AEDD0B4}"= C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
    "{88CE4D42-987A-47C9-A8FA-E97B89906FE3}"= C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe
    "{FDCB335F-04A1-48E7-9BC4-41272899F22C}"= C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe
    "{4751C0F8-BF2B-4CD6-AB2E-A9D1B7EFBECA}"= C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe
    "{1BF9C2DB-ED3A-4703-B24F-600724FC21F5}"= C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:hpqpse.exe
    "{05B5AC32-2594-4417-8413-5C3B9ED013E4}"= C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:hpqgplgtupl.exe
    "{7468CD7C-55ED-4462-B30E-A37FA0FF07C6}"= C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:hpqgpc01.exe
    "{193DCE5F-CB03-4284-A0AB-E132F6EFDE3E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{A81A0C77-B630-46B8-A7E7-69DDA5E6A3C6}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
    "{BB5616DB-BF3E-4549-818D-93C36C044B2B}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
    "{A46F74A5-47C1-46A1-9B74-0A963F81CE38}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{A53DF8D2-F916-48E1-96AC-6C498DF3B56F}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{869D67BA-8608-4C02-BE01-A455F20C01BF}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{953BCFBE-3F96-40E8-818A-49FADE9B0CDC}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "DoNotAllowExceptions"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

    R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
    R3 RTSTOR;Realtek USB 2.0 Card Reader;C:\Windows\system32\drivers\RTSTOR.SYS [2008-06-23 62464]
    S0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 28544]
    S2 ConfigFree Service;ConfigFree Service;C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
    S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
    S2 VaultClientUpgrade;Personal Vault Upgrade Service;C:\Program Files\Personal Vault\VaultClientUpgrade.exe [2008-03-07 53248]
    S3 Radialpoint Security Services;Gestionnaire de sécurité Sympatico;C:\Program Files\Bell\Gestionnaire de securite\RpsSecurityAware.exe [2008-03-10 67824]
    S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
    S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKLM-RunOnce-<NO NAME> - (no file)

    .
    ------- Examen supplémentaire -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://www.google.ca/
    O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-13 02:13:08
    Windows 6.0.6001 Service Pack 1 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    DIT MOI EST-CE QUE C'EST REPARÉ MAINTENANT

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    Heure de fin: 2008-10-13 2:13:53
    ComboFix-quarantined-files.txt 2008-10-13 06:13:41
    ComboFix2.txt 2008-10-13 05:43:29

    Avant-CF: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
    Après-CF: 185,678,798,848 octets libres

    212 --- E O F --- 2008-10-12 17:50:23
    0
  13. wafaa25
     
    C'est fait, Est-ce que tout les virus ont été supprimé.
    0
  14. wafaa25
     
    ben je n'arrive pas a scanner avec panda, ca me dit erreur de telechargement. De toute façon je l'ai deja essayer hier pi faut dire qu'il a pas trouver grand chose et pourtant malwarebyte a trouver 62 trojan
    0
  15. wafaa25
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:56:56, on 2008-10-13
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\ltmoh\ltmoh.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
    C:\Program Files\Bell\Gestionnaire de securite\RPS.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
    C:\Program Files\Bell\Sympatico Security Advisor\SSAComHandler.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Users\Ahmed\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MUTQCFOM\HiJackThis[1].exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Gestionnaire de securite\pkR.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
    O4 - HKLM\..\Run: [Gestionnaire de sécurité Sympatico] "C:\Program Files\Bell\Gestionnaire de securite\Rps.exe"
    O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Gestionnaire de securite\ZkRunOnceR.exe"
    O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Gestionnaire de securite\IdxClnR.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Gestionnaire de securite\IdxClnR.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O13 - Gopher Prefix:
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe
    O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: Gestionnaire de sécurité Sympatico (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Bell\Gestionnaire de securite\RpsSecurityAware.exe
    O23 - Service: Service de mise-à-jour pour le Gestionnaire de sécurité Sympatico (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Bell\Gestionnaire de securite\rpsupdaterR.exe
    O23 - Service: Gestionnaire de sécurité Sympatico Coupe-feu (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Gestionnaire de securite\Fws.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: Personal Vault Upgrade Service (VaultClientUpgrade) - BELL - C:\Program Files\Personal Vault\VaultClientUpgrade.exe
    0
  16. wafaa25
     
    apres avoir fait ca ca devrait tu etre correct?
    0
  17. wafaa25
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:28:36, on 2008-10-13
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\ltmoh\ltmoh.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
    C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
    C:\Program Files\Bell\Gestionnaire de securite\RPS.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\Internet Explorer\IEUser.exe
    C:\Program Files\Bell\Sympatico Security Advisor\SSAComHandler.exe
    C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
    C:\Users\Ahmed\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CX5L05JD\HiJackThis[1].exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Gestionnaire de securite\pkR.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
    O4 - HKLM\..\Run: [Gestionnaire de sécurité Sympatico] "C:\Program Files\Bell\Gestionnaire de securite\Rps.exe"
    O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Gestionnaire de securite\ZkRunOnceR.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Gestionnaire de securite\IdxClnR.exe"
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O13 - Gopher Prefix:
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe
    O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: Gestionnaire de sécurité Sympatico (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Bell\Gestionnaire de securite\RpsSecurityAware.exe
    O23 - Service: Service de mise-à-jour pour le Gestionnaire de sécurité Sympatico (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Bell\Gestionnaire de securite\rpsupdaterR.exe
    O23 - Service: Gestionnaire de sécurité Sympatico Coupe-feu (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Gestionnaire de securite\Fws.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: Personal Vault Upgrade Service (VaultClientUpgrade) - BELL - C:\Program Files\Personal Vault\VaultClientUpgrade.exe
    0
  18. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Salut,

    - Télécharge et installe MalwareByte's Anti-Malware :
    http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm

    - Mets-le à jour

    - Redémarre en mode sans échec (Recommandé) :
    https://blog.sosordi.net/

    - Choisis ta session habituelle

    - Fais un scan complet avec MalwareByte's Anti-Malware

    - Supprime tout ce que le logiciel trouve, enregistre le rapport

    - Redémarre en mode normal et poste le rapport ici

    Tutorial :
    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
    -1
  19. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Tu as quel antivirus actuellement ?
    -1
  • 1
  • 2