URGENT * Problemes de virus

Question

Bonjour,


J'ai fait plusieurs analises avec differents antivirus et antispyware mais le problemes persistes :

Le Bureau disparait sauf le fond d'ecran je ne peux plus utilerz mon ordinateur.
Ma connexion disparait. J'avais des spy tels : PchealthFraud et smitfraud ainsi ke virtumone 
je crois les avoir enleves mais je n'en suis pas sure.

 Svp Aidez Moi !
          Merci D'avance.

Destrio5 · Answer

Salut,

- Télécharge et installe MalwareByte's Anti-Malware :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm

- Mets-le à jour

- Redémarre en mode sans échec (Recommandé) :
https://blog.sosordi.net/

- Choisis ta session habituelle

- Fais un scan complet avec MalwareByte's Anti-Malware

- Supprime tout ce que le logiciel trouve, enregistre le rapport

- Redémarre en mode normal et poste le rapport ici

Tutorial :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

wafaa25 · Answer

Ok Merci, Je vous poste le rapport dès que possible.

wafaa25 · Answer

Voila le rapport:


Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1262
Windows 6.0.6001 Service Pack 1

2008-10-13 00:38:27
mbam-log-2008-10-13 (00-38-27).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 121769
Temps écoulé: 14 minute(s), 0 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 51
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 10

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{903c377b-e501-4a35-a6b2-1e3994711ea1} (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{903c377b-e501-4a35-a6b2-1e3994711ea1} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur908b.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur9175.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur950e.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur9655.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yura64e.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yura728.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yuraad0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yurac95.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur3b1f.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur3bf9.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur3f92.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur4185.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur50b2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur520a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur55d1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur589e.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yurd80a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur908b.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur9175.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur950e.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur9655.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yura64e.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yura728.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yuraad0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yurac95.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur3b1f.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur3bf9.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur3f92.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur4185.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur50b2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur520a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur55d1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur589e.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yurd80a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur54a4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur537c.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur5b68.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur88ce.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur12b5.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur119c.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur11ac.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur3ec4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yure925.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yure81c.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yure80d.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yureb76.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur6cd5.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Users\Ahmed\AppData\Local\Temp
nnkLefd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Ahmed\AppData\Local\Temp\wvUMGWqq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\byXRlJdc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Ahmed\AppData\Local\Temp\fccyvTMC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Ahmed\AppData\Local\Temp	mp0000f0f2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Ahmed\AppData\Local\Temp	mp000164ab (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Ahmed\AppData\Local\Temp\vtUlIbxV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Ahmed\AppData\Local\Temp\wvUkIXpM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Ahmed\AppData\Local\Temp\yayxussQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\khfGvssQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

wafaa25 · Answer

Voila le rapport:


Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1262
Windows 6.0.6001 Service Pack 1

2008-10-13 00:38:27
mbam-log-2008-10-13 (00-38-27).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 121769
Temps écoulé: 14 minute(s), 0 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 51
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 10

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{903c377b-e501-4a35-a6b2-1e3994711ea1} (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{903c377b-e501-4a35-a6b2-1e3994711ea1} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur908b.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur9175.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur950e.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur9655.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yura64e.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yura728.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yuraad0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yurac95.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur3b1f.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur3bf9.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur3f92.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur4185.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur50b2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur520a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur55d1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur589e.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yurd80a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur908b.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur9175.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur950e.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur9655.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yura64e.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yura728.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yuraad0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yurac95.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur3b1f.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur3bf9.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur3f92.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur4185.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur50b2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur520a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur55d1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur589e.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yurd80a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur54a4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur537c.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur5b68.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur88ce.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur12b5.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur119c.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur11ac.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur3ec4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yure925.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yure81c.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yure80d.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yureb76.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yur6cd5.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Users\Ahmed\AppData\Local\Temp
nnkLefd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Ahmed\AppData\Local\Temp\wvUMGWqq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\byXRlJdc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Ahmed\AppData\Local\Temp\fccyvTMC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Ahmed\AppData\Local\Temp	mp0000f0f2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Ahmed\AppData\Local\Temp	mp000164ab (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Ahmed\AppData\Local\Temp\vtUlIbxV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Ahmed\AppData\Local\Temp\wvUkIXpM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Ahmed\AppData\Local\Temp\yayxussQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\khfGvssQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

Destrio5 · Answer

---> Désactive l'UAC le temps de la désinfection :
http://www.commentcamarche.net/faq/sujet 8343 vista desactiver l uac

---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix\Combofix.txt

wafaa25 · Answer

ComboFix 08-10-11.04 - Ahmed 2008-10-13  1:39:34.1 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6001.1.1252.1.1036.18.2631 [GMT -4:00]
Lancé depuis: E:\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\PROGRA~2\Microsoft\Network\Downloader\qmgr0.dat
C:\PROGRA~2\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Il y a peut-être des sites infectés -----

hxxp://78.157.143.163
hxxp://78.157.143.198
.
(((((((((((((((((((((((((((((   Fichiers créés du 2008-09-13 au 2008-10-13  ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans ce laps de temps

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-14 01:19	429,615,523	----a-w	C:\Windows\DUMP361c.tmp
2008-10-13 23:41	---------	d-----w	C:\Program Files\Panda Security
2008-10-13 23:00	---------	d-----w	C:\PROGRA~2\Spybot - Search & Destroy
2008-10-13 05:20	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2008-10-13 05:20	---------	d-----w	C:\PROGRA~2\Symantec
2008-10-13 05:18	53,192	----a-w	C:\Windows\system32\driversp_skt32.sys
2008-10-13 05:18	---------	d-----w	C:\Program Files\Raxco
2008-10-13 05:18	---------	d-----w	C:\PROGRA~2\Raxco
2008-10-13 05:16	---------	d-----w	C:\Users\Ahmed\AppData\Roaming\Bell
2008-10-13 05:10	---------	d-----w	C:\Program Files\Common Files\Scanner
2008-10-13 05:08	---------	d-----w	C:\Program Files\Symantec
2008-10-13 04:18	---------	d-----w	C:\Users\Ahmed\AppData\Roaming\Malwarebytes
2008-10-13 04:18	---------	d-----w	C:\Program Files\Malwarebytes' Anti-Malware
2008-10-13 04:17	---------	d-----w	C:\PROGRA~2\Malwarebytes
2008-10-13 04:15	---------	d-----w	C:\Program Files\Personal Vault
2008-10-13 04:12	---------	d-----w	C:\Program Files\Common Files\Authentium
2008-10-13 04:12	---------	d-----w	C:\Program Files\CA
2008-10-13 04:11	---------	d-----w	C:\Program Files\Bell
2008-10-13 04:11	---------	d-----w	C:\PROGRA~2\Bell
2008-10-13 04:09	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-10-08 00:40	---------	d-----w	C:\PROGRA~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-27 12:37	---------	d-----w	C:\PROGRA~2\Microsoft Help
2008-09-25 01:07	---------	d-----w	C:\Program Files\MSBuild
2008-09-25 01:01	---------	d-----w	C:\Program Files\Microsoft Visual Studio 8
2008-09-18 01:27	---------	d-----w	C:\PROGRA~2\Messenger Plus!
2008-09-17 21:35	---------	d-----w	C:\Program Files\Messenger Plus! Live
2008-09-17 01:25	---------	d-----w	C:\PROGRA~2\WEBREG
2008-09-17 01:23	---------	d-----w	C:\PROGRA~2\HP
2008-09-17 01:22	---------	d-----w	C:\PROGRA~2\Hewlett-Packard
2008-09-16 16:01	---------	d-----w	C:\Program Files\7-Zip
2008-09-15 21:07	---------	d-----w	C:\Users\Ahmed\AppData\Roaming\PeerNetworking
2008-09-15 18:39	---------	d-----w	C:\Users\Ahmed\AppData\Roaming\Ulead Systems
2008-09-15 18:32	---------	d-----w	C:\PROGRA~2\HPSSUPPLY
2008-09-15 18:03	---------	d-----w	C:\Users\Ahmed\AppData\Roaming\Symantec
2008-09-13 21:12	---------	dcsh--w	C:\Program Files\Common Files\WindowsLiveInstaller
2008-09-13 21:12	---------	d-----w	C:\Program Files\Windows Live
2008-09-13 21:00	---------	d-----w	C:\PROGRA~2\WLInstaller
2008-09-13 20:18	---------	d-----w	C:\Program Files\HP
2008-09-10 04:04	38,528	----a-w	C:\Windows\system32\drivers\mbamswissarmy.sys
2008-09-10 04:03	17,200	----a-w	C:\Windows\system32\drivers\mbam.sys
2008-09-03 01:20	---------	d-----w	C:\Users\Ahmed\AppData\Roaming\HP
2008-08-31 19:56	---------	d-----w	C:\Program Files\Common Files\HP
2008-08-31 19:54	---------	d-----w	C:\PROGRA~2\HP Product Assistant
2008-08-31 19:34	---------	d-----w	C:\Program Files\Windows Mail
2008-08-31 18:51	---------	d-----w	C:\Program Files\TOSHIBA
2008-08-31 18:49	---------	d-----w	C:\Program Files\InterVideo
2008-08-31 18:49	---------	d-----w	C:\Program Files\Common Files\InstallShield
2008-08-31 18:49	---------	d-----w	C:\Program Files\Camera Assistant Software for Toshiba
2008-08-31 18:48	---------	d-----w	C:\Program Files\Windows Media Components
2008-08-31 18:48	---------	d-----w	C:\Program Files\Common Files\Ulead Systems
2008-08-31 18:48	---------	d-----w	C:\PROGRA~2\Ulead Systems
2008-08-31 18:45	---------	d-----w	C:\Program Files\Ulead Systems
2008-08-31 18:45	---------	d-----w	C:\Program Files\Common Files\Toshiba Shared
2008-08-31 18:44	---------	d-----w	C:\Users\Ahmed\AppData\Roaming\InstallShield
2008-08-31 18:44	---------	d-----w	C:\PROGRA~2\Toshiba
2008-08-31 18:43	---------	d-----w	C:\Users\Ahmed\AppData\Roaming	oshiba
2008-08-31 18:26	---------	d-----w	C:\Program Files\ltmoh
2008-08-31 18:25	319,456	----a-w	C:\Windows\DIFxAPI.dll
2008-08-31 18:25	315,392	----a-w	C:\Windows\HideWin.exe
2008-08-31 18:25	---------	d-----w	C:\Program Files\Realtek
2008-08-31 18:23	---------	d-----w	C:\Program Files\MSXML 4.0
2008-08-31 18:19	---------	d-sh--w	C:\Program Files\Fichiers communs
2008-08-31 18:19	---------	d-sh--w	C:\PROGRA~2\Modèles
2008-08-31 18:19	---------	d-sh--w	C:\PROGRA~2\Menu Démarrer
2008-08-31 18:19	---------	d-sh--w	C:\PROGRA~2\Favoris
2008-08-31 18:19	---------	d-sh--w	C:\PROGRA~2\Bureau
2008-08-31 07:17	0	---ha-w	C:\Windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2008-08-31 07:16	0	--sha-r	C:\Windows\system32\drivers\1179_TOSHIBA_Satellite L300_S3A6550D003FR_PSLB0C-07P08C.MRK
2008-08-31 07:16	---------	d-----w	C:\Program Files\Synaptics
2008-08-31 07:12	---------	d-----w	C:\Program Files\Toshiba Registration
2008-08-31 07:12	---------	d-----w	C:\Program Files\OnlinePlay
2008-08-31 07:10	---------	d-----w	C:\Program Files\Intel
2008-08-02 03:26	36,864	----a-w	C:\Windows\System32\cdd.dll
2008-07-31 03:32	460,288	----a-w	C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32	28,160	----a-w	C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:32	2,154,496	----a-w	C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32	173,056	----a-w	C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 01:13	4,240,384	----a-w	C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-19 05:10	53,448	----a-w	C:\Windows\System32\wuauclt.exe
2008-07-19 05:10	45,768	----a-w	C:\Windows\System32\wups2.dll
2008-07-19 05:10	36,552	----a-w	C:\Windows\System32\wups.dll
2008-07-19 05:09	563,912	----a-w	C:\Windows\System32\wuapi.dll
2008-07-19 05:09	1,811,656	----a-w	C:\Windows\System32\wuaueng.dll
2008-07-19 03:44	83,456	----a-w	C:\Windows\System32\wudriver.dll
2008-07-19 03:44	1,524,736	----a-w	C:\Windows\System32\wucltux.dll
2008-07-19 02:08	163,904	----a-w	C:\Windows\System32\wuwebv.dll
2008-07-19 00:44	31,232	----a-w	C:\Windows\System32\wuapp.exe
2008-07-16 01:32	2,048	----a-w	C:\Windows\System32	zres.dll
2008-01-21 02:43	174	--sha-w	C:\Program Files\desktop.ini
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-20 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-20 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-20 202240]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Bell\Gestionnaire de securite\IdxClnR.exe" [2008-03-10 61168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-17 1295656]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-04 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-04 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-04 129560]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba	raybar.exe" [2007-10-25 413696]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 81920]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SSA.exe"="C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" [2007-03-27 2061816]
"Gestionnaire de sécurité Sympatico"="C:\Program Files\Bell\Gestionnaire de securite\Rps.exe" [2008-03-10 311024]
"-FreedomNeedsReboot"="C:\Program Files\Bell\Gestionnaire de securite\ZkRunOnceR.exe" [2008-03-10 13552]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-11-20 C:\Windows\SkyTel.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

C:\Users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2008-03-25 214360]

C:\Users\Ahmed\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C9A7BE34-11F9-4911-B653-BE5BFA01D672}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{6BF90F67-69DC-4865-A521-E46928F765DC}"= C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{861743D1-C586-45E7-952C-D3570710F739}"= C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{BB92CF70-8B27-4E74-8CA2-F3206AEDD0B4}"= C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{88CE4D42-987A-47C9-A8FA-E97B89906FE3}"= C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe
"{FDCB335F-04A1-48E7-9BC4-41272899F22C}"= C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe
"{4751C0F8-BF2B-4CD6-AB2E-A9D1B7EFBECA}"= C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe
"{1BF9C2DB-ED3A-4703-B24F-600724FC21F5}"= C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:hpqpse.exe
"{05B5AC32-2594-4417-8413-5C3B9ED013E4}"= C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:hpqgplgtupl.exe
"{7468CD7C-55ED-4462-B30E-A37FA0FF07C6}"= C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:hpqgpc01.exe
"{193DCE5F-CB03-4284-A0AB-E132F6EFDE3E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A81A0C77-B630-46B8-A7E7-69DDA5E6A3C6}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{BB5616DB-BF3E-4549-818D-93C36C044B2B}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{A46F74A5-47C1-46A1-9B74-0A963F81CE38}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{A53DF8D2-F916-48E1-96AC-6C498DF3B56F}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{869D67BA-8608-4C02-BE01-A455F20C01BF}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{953BCFBE-3F96-40E8-818A-49FADE9B0CDC}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
R3 RTSTOR;Realtek USB 2.0 Card Reader;C:\Windows\system32\drivers\RTSTOR.SYS [2008-06-23 62464]
S0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 28544]
S2 ConfigFree Service;ConfigFree Service;C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
S2 VaultClientUpgrade;Personal Vault Upgrade Service;C:\Program Files\Personal Vault\VaultClientUpgrade.exe [2008-03-07 53248]
S3 Radialpoint Security Services;Gestionnaire de sécurité Sympatico;C:\Program Files\Bell\Gestionnaire de securite\RpsSecurityAware.exe [2008-03-10 67824]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc

*Newly Created Service* - CATCHME
*Newly Created Service* - ECACHE
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKLM-RunOnce-<NO NAME> - (no file)


.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.ca/
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-13 01:42:17
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-10-13  1:43:28
ComboFix-quarantined-files.txt  2008-10-13 05:43:26

Avant-CF: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Après-CF: 185,813,164,032 octets libres

222	--- E O F ---	2008-10-12 17:50:23

wafaa25 · Answer

Oups j'ai oublier de desactiver L'uac de vista :s....

Destrio5 · Answer

Tu as quel antivirus actuellement ?

wafaa25 · Answer

Norton 360 mais je l'ai desactiver pour mettre le gestionnaire de securite de sympatico

Destrio5 · Answer

Je ne connais pas le pack sécurité de Securitoo mais tu dois retirer un antivirus.

wafaa25 · Answer

mais comme je disais je n'ai pas enlevé l'UAC. C'est p-e à cause de ca que ca a pas marcher.Pcq pendant ca me disais que j'était l'administrateur

Destrio5 · Answer

Ce n'est pas grave, le scan s'est bien déroulé.

Tu ne dois avoir qu'un seul antivirus.

wafaa25 · Answer

jE L'AI REFAIT AU CAS VOILA
ComboFix 08-10-11.04 - Ahmed 2008-10-13  2:11:04.1 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6001.1.1252.1.1036.18.2630 [GMT -4:00]
Lancé depuis: C:\Users\Ahmed\ComboFix.exe
.

(((((((((((((((((((((((((((((   Fichiers créés du 2008-09-13 au 2008-10-13  ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans ce laps de temps

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-14 01:19	429,615,523	----a-w	C:\Windows\DUMP361c.tmp
2008-10-13 23:41	---------	d-----w	C:\Program Files\Panda Security
2008-10-13 23:00	---------	d-----w	C:\PROGRA~2\Spybot - Search & Destroy
2008-10-13 06:02	2,939,265	----a-r	C:\Users\Ahmed\ComboFix.exe
2008-10-13 05:20	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2008-10-13 05:20	---------	d-----w	C:\PROGRA~2\Symantec
2008-10-13 05:18	53,192	----a-w	C:\Windows\system32\driversp_skt32.sys
2008-10-13 05:18	---------	d-----w	C:\Program Files\Raxco
2008-10-13 05:18	---------	d-----w	C:\PROGRA~2\Raxco
2008-10-13 05:16	---------	d-----w	C:\Users\Ahmed\AppData\Roaming\Bell
2008-10-13 05:10	---------	d-----w	C:\Program Files\Common Files\Scanner
2008-10-13 05:08	---------	d-----w	C:\Program Files\Symantec
2008-10-13 04:18	---------	d-----w	C:\Users\Ahmed\AppData\Roaming\Malwarebytes
2008-10-13 04:18	---------	d-----w	C:\Program Files\Malwarebytes' Anti-Malware
2008-10-13 04:17	---------	d-----w	C:\PROGRA~2\Malwarebytes
2008-10-13 04:15	---------	d-----w	C:\Program Files\Personal Vault
2008-10-13 04:12	---------	d-----w	C:\Program Files\Common Files\Authentium
2008-10-13 04:12	---------	d-----w	C:\Program Files\CA
2008-10-13 04:11	---------	d-----w	C:\Program Files\Bell
2008-10-13 04:11	---------	d-----w	C:\PROGRA~2\Bell
2008-10-13 04:09	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-10-08 00:40	---------	d-----w	C:\PROGRA~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-27 12:37	---------	d-----w	C:\PROGRA~2\Microsoft Help
2008-09-25 01:07	---------	d-----w	C:\Program Files\MSBuild
2008-09-25 01:01	---------	d-----w	C:\Program Files\Microsoft Visual Studio 8
2008-09-18 01:27	---------	d-----w	C:\PROGRA~2\Messenger Plus!
2008-09-17 21:35	---------	d-----w	C:\Program Files\Messenger Plus! Live
2008-09-17 01:25	---------	d-----w	C:\PROGRA~2\WEBREG
2008-09-17 01:23	---------	d-----w	C:\PROGRA~2\HP
2008-09-17 01:22	---------	d-----w	C:\PROGRA~2\Hewlett-Packard
2008-09-16 16:01	---------	d-----w	C:\Program Files\7-Zip
2008-09-15 21:07	---------	d-----w	C:\Users\Ahmed\AppData\Roaming\PeerNetworking
2008-09-15 18:39	---------	d-----w	C:\Users\Ahmed\AppData\Roaming\Ulead Systems
2008-09-15 18:32	---------	d-----w	C:\PROGRA~2\HPSSUPPLY
2008-09-15 18:03	---------	d-----w	C:\Users\Ahmed\AppData\Roaming\Symantec
2008-09-13 21:12	---------	dcsh--w	C:\Program Files\Common Files\WindowsLiveInstaller
2008-09-13 21:12	---------	d-----w	C:\Program Files\Windows Live
2008-09-13 21:00	---------	d-----w	C:\PROGRA~2\WLInstaller
2008-09-13 20:18	---------	d-----w	C:\Program Files\HP
2008-09-10 04:04	38,528	----a-w	C:\Windows\system32\drivers\mbamswissarmy.sys
2008-09-10 04:03	17,200	----a-w	C:\Windows\system32\drivers\mbam.sys
2008-09-03 01:20	---------	d-----w	C:\Users\Ahmed\AppData\Roaming\HP
2008-08-31 19:56	---------	d-----w	C:\Program Files\Common Files\HP
2008-08-31 19:54	---------	d-----w	C:\PROGRA~2\HP Product Assistant
2008-08-31 19:34	---------	d-----w	C:\Program Files\Windows Mail
2008-08-31 18:51	---------	d-----w	C:\Program Files\TOSHIBA
2008-08-31 18:49	---------	d-----w	C:\Program Files\InterVideo
2008-08-31 18:49	---------	d-----w	C:\Program Files\Common Files\InstallShield
2008-08-31 18:49	---------	d-----w	C:\Program Files\Camera Assistant Software for Toshiba
2008-08-31 18:48	---------	d-----w	C:\Program Files\Windows Media Components
2008-08-31 18:48	---------	d-----w	C:\Program Files\Common Files\Ulead Systems
2008-08-31 18:48	---------	d-----w	C:\PROGRA~2\Ulead Systems
2008-08-31 18:45	---------	d-----w	C:\Program Files\Ulead Systems
2008-08-31 18:45	---------	d-----w	C:\Program Files\Common Files\Toshiba Shared
2008-08-31 18:44	---------	d-----w	C:\Users\Ahmed\AppData\Roaming\InstallShield
2008-08-31 18:44	---------	d-----w	C:\PROGRA~2\Toshiba
2008-08-31 18:43	---------	d-----w	C:\Users\Ahmed\AppData\Roaming	oshiba
2008-08-31 18:26	---------	d-----w	C:\Program Files\ltmoh
2008-08-31 18:25	319,456	----a-w	C:\Windows\DIFxAPI.dll
2008-08-31 18:25	315,392	----a-w	C:\Windows\HideWin.exe
2008-08-31 18:25	---------	d-----w	C:\Program Files\Realtek
2008-08-31 18:23	---------	d-----w	C:\Program Files\MSXML 4.0
2008-08-31 18:19	---------	d-sh--w	C:\Program Files\Fichiers communs
2008-08-31 18:19	---------	d-sh--w	C:\PROGRA~2\Modèles
2008-08-31 18:19	---------	d-sh--w	C:\PROGRA~2\Menu Démarrer
2008-08-31 18:19	---------	d-sh--w	C:\PROGRA~2\Favoris
2008-08-31 18:19	---------	d-sh--w	C:\PROGRA~2\Bureau
2008-08-31 07:17	0	---ha-w	C:\Windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2008-08-31 07:16	0	--sha-r	C:\Windows\system32\drivers\1179_TOSHIBA_Satellite L300_S3A6550D003FR_PSLB0C-07P08C.MRK
2008-08-31 07:16	---------	d-----w	C:\Program Files\Synaptics
2008-08-31 07:12	---------	d-----w	C:\Program Files\Toshiba Registration
2008-08-31 07:12	---------	d-----w	C:\Program Files\OnlinePlay
2008-08-31 07:10	---------	d-----w	C:\Program Files\Intel
2008-08-02 03:26	36,864	----a-w	C:\Windows\System32\cdd.dll
2008-07-31 03:32	460,288	----a-w	C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32	28,160	----a-w	C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:32	2,154,496	----a-w	C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32	173,056	----a-w	C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 01:13	4,240,384	----a-w	C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-19 05:10	53,448	----a-w	C:\Windows\System32\wuauclt.exe
2008-07-19 05:10	45,768	----a-w	C:\Windows\System32\wups2.dll
2008-07-19 05:10	36,552	----a-w	C:\Windows\System32\wups.dll
2008-07-19 05:09	563,912	----a-w	C:\Windows\System32\wuapi.dll
2008-07-19 05:09	1,811,656	----a-w	C:\Windows\System32\wuaueng.dll
2008-07-19 03:44	83,456	----a-w	C:\Windows\System32\wudriver.dll
2008-07-19 03:44	1,524,736	----a-w	C:\Windows\System32\wucltux.dll
2008-07-19 02:08	163,904	----a-w	C:\Windows\System32\wuwebv.dll
2008-07-19 00:44	31,232	----a-w	C:\Windows\System32\wuapp.exe
2008-07-16 01:32	2,048	----a-w	C:\Windows\System32	zres.dll
2008-01-21 02:43	174	--sha-w	C:\Program Files\desktop.ini
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-20 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-20 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-20 202240]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Bell\Gestionnaire de securite\IdxClnR.exe" [2008-03-10 61168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-17 1295656]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-04 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-04 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-04 129560]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba	raybar.exe" [2007-10-25 413696]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 81920]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SSA.exe"="C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" [2007-03-27 2061816]
"Gestionnaire de sécurité Sympatico"="C:\Program Files\Bell\Gestionnaire de securite\Rps.exe" [2008-03-10 311024]
"-FreedomNeedsReboot"="C:\Program Files\Bell\Gestionnaire de securite\ZkRunOnceR.exe" [2008-03-10 13552]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-11-20 C:\Windows\SkyTel.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

C:\Users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2008-03-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C9A7BE34-11F9-4911-B653-BE5BFA01D672}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{6BF90F67-69DC-4865-A521-E46928F765DC}"= C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{861743D1-C586-45E7-952C-D3570710F739}"= C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{BB92CF70-8B27-4E74-8CA2-F3206AEDD0B4}"= C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{88CE4D42-987A-47C9-A8FA-E97B89906FE3}"= C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe
"{FDCB335F-04A1-48E7-9BC4-41272899F22C}"= C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe
"{4751C0F8-BF2B-4CD6-AB2E-A9D1B7EFBECA}"= C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe
"{1BF9C2DB-ED3A-4703-B24F-600724FC21F5}"= C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:hpqpse.exe
"{05B5AC32-2594-4417-8413-5C3B9ED013E4}"= C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:hpqgplgtupl.exe
"{7468CD7C-55ED-4462-B30E-A37FA0FF07C6}"= C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:hpqgpc01.exe
"{193DCE5F-CB03-4284-A0AB-E132F6EFDE3E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A81A0C77-B630-46B8-A7E7-69DDA5E6A3C6}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{BB5616DB-BF3E-4549-818D-93C36C044B2B}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{A46F74A5-47C1-46A1-9B74-0A963F81CE38}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{A53DF8D2-F916-48E1-96AC-6C498DF3B56F}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{869D67BA-8608-4C02-BE01-A455F20C01BF}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{953BCFBE-3F96-40E8-818A-49FADE9B0CDC}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
R3 RTSTOR;Realtek USB 2.0 Card Reader;C:\Windows\system32\drivers\RTSTOR.SYS [2008-06-23 62464]
S0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 28544]
S2 ConfigFree Service;ConfigFree Service;C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
S2 VaultClientUpgrade;Personal Vault Upgrade Service;C:\Program Files\Personal Vault\VaultClientUpgrade.exe [2008-03-07 53248]
S3 Radialpoint Security Services;Gestionnaire de sécurité Sympatico;C:\Program Files\Bell\Gestionnaire de securite\RpsSecurityAware.exe [2008-03-10 67824]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-RunOnce-<NO NAME> - (no file)


.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.ca/
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-13 02:13:08
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

DIT MOI EST-CE  QUE C'EST REPARÉ MAINTENANT





Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-10-13  2:13:53
ComboFix-quarantined-files.txt  2008-10-13 06:13:41
ComboFix2.txt  2008-10-13 05:43:29

Avant-CF: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Après-CF: 185,678,798,848 octets libres

212	--- E O F ---	2008-10-12 17:50:23

Destrio5 · Answer

---> Relance MBAM, va dans Quarantaine et supprime tout.

---> Télécharge CCleaner (N'installe pas la Yahoo Toolbar) :
https://www.ccleaner.com/ccleaner/download

---> Lance-le. Va dans "Options" puis "Avancé", tu décoches la case "Effacer uniquement les fichiers etc...". Tu vas dans "Nettoyeur", tu fais "Analyse". Une fois terminé, tu lances le nettoyage. Puis tu vas dans "Registre", tu fais "Chercher des erreurs". Une fois terminé, tu répares toutes les erreurs sans sauvegarder la base de registre.

wafaa25 · Answer

C'est fait, Est-ce que tout les virus ont été supprimé.

Destrio5 · Answer

Pour vérifier :
https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan

wafaa25 · Answer

Panda security ne veux pas marcher.

Destrio5 · Answer

Mais encore ?

wafaa25 · Answer

ben je n'arrive pas a scanner avec panda, ca me dit erreur de telechargement. De toute façon je l'ai deja essayer hier pi faut dire qu'il a pas trouver grand chose et pourtant malwarebyte a trouver 62 trojan

Destrio5 · Answer

- Télécharge HijackThis v2.0.2 (HijackThis Installer) :
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

- Fais un double-clic sur HJTInstall.exe afin de lancer l'installation.

- Clique sur Install ensuite sur I Accept.

- Clique sur Do a system scan and save a logfile.

- Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ton prochain message.

wafaa25 · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:56:56, on 2008-10-13
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Camera Assistant Software for Toshiba	raybar.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\Program Files\Bell\Gestionnaire de securite\RPS.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSAComHandler.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\Ahmed\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MUTQCFOM\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Gestionnaire de securite\pkR.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba	raybar.exe" /start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [Gestionnaire de sécurité Sympatico] "C:\Program Files\Bell\Gestionnaire de securite\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Gestionnaire de securite\ZkRunOnceR.exe"
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Gestionnaire de securite\IdxClnR.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Gestionnaire de securite\IdxClnR.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix: 
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Gestionnaire de sécurité Sympatico (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Bell\Gestionnaire de securite\RpsSecurityAware.exe
O23 - Service: Service de mise-à-jour pour le Gestionnaire de sécurité Sympatico (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Bell\Gestionnaire de securitepsupdaterR.exe
O23 - Service: Gestionnaire de sécurité Sympatico Coupe-feu (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Gestionnaire de securite\Fws.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Personal Vault Upgrade Service (VaultClientUpgrade) - BELL - C:\Program Files\Personal Vault\VaultClientUpgrade.exe

Destrio5 · Answer

---> Mets à jour Java :
https://www.java.com/fr/download/manual.jsp

---> Pour supprimer correctement Norton, utilise ceci :
ftp://ftp.symantec.com/public/francais/removal_tools/Norton_Removal_Tool.exe

wafaa25 · Answer

apres avoir fait ca ca devrait tu etre correct?

Destrio5 · Answer

Normalement oui mais poste un nouveau rapport HijackThis.

wafaa25 · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:28:36, on 2008-10-13
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Camera Assistant Software for Toshiba	raybar.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\Program Files\Bell\Gestionnaire de securite\RPS.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSAComHandler.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Users\Ahmed\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CX5L05JD\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Gestionnaire de securite\pkR.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba	raybar.exe" /start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [Gestionnaire de sécurité Sympatico] "C:\Program Files\Bell\Gestionnaire de securite\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Gestionnaire de securite\ZkRunOnceR.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Gestionnaire de securite\IdxClnR.exe"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix: 
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Gestionnaire de sécurité Sympatico (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Bell\Gestionnaire de securite\RpsSecurityAware.exe
O23 - Service: Service de mise-à-jour pour le Gestionnaire de sécurité Sympatico (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Bell\Gestionnaire de securitepsupdaterR.exe
O23 - Service: Gestionnaire de sécurité Sympatico Coupe-feu (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Gestionnaire de securite\Fws.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Personal Vault Upgrade Service (VaultClientUpgrade) - BELL - C:\Program Files\Personal Vault\VaultClientUpgrade.exe

Destrio5 · Answer

Pour finir :

---> N'oublie pas de mettre à jour Java.

---> Désinstalle HijackThis.

---> Supprime ComboFix ainsi que les dossiers ComboFix et Qoobox situés dans C:\

---> Réactive l'UAC.

---> Il est nécessaire de désactiver puis réactiver la restauration système pour la purger :
http://www.commentcamarche.net/faq/sujet 13214 desactiver reactiver la restauration systeme de vista

---> Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème :
https://forums.cnetfrance.fr

URGENT * Problemes de virus

26 réponses

Votre réponse

Discussions similaires

Newsletters