Sujet Précédent Sujet Suivant

Besoin d,aide pour antivirus XP 2008

Fermé
DanouFX Messages postés 56 Date d'inscription lundi 14 juillet 2008 Statut Membre Dernière intervention 11 décembre 2011 - 14 juil. 2008 à 23:08
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 - 14 août 2008 à 09:00
Bonjour, J'ai antivirus xp 2008 pouvez vous m'aider svp
A voir également:

43 réponses

Précédent
Réponse 21 / 43
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
23 juil. 2008 à 23:32
Salut,
laisse tomber ce-ci pour l'instant ...

Vu que cela fais un momment que tu n'as pas poster, refais un scan hijackthis et envoyes ici le nouveau rapport obtenu pour voir où nous en sommes stp ....
0
DanouFX Messages postés 56 Date d'inscription lundi 14 juillet 2008 Statut Membre Dernière intervention 11 décembre 2011
24 juil. 2008 à 05:18
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:17:44, on 2008-07-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\FXDD - MetaTrader 4\terminal.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {33331111-1111-1111-1111-611111193429} -
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
O16 - DPF: {33331111-1131-1111-1111-611111193428} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://interactivebrokers.webex.com/client/T26L/nbr/ieatgpc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: euwHQGobObso - {2B1B1303-81B1-B9A9-911D-9E765F238C53} - C:\WINDOWS\system32\pfigv.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
0
Réponse 22 / 43
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
24 juil. 2008 à 09:39
Salut,

1-! Fermes toutes tes applications et déconnectes toi !

Relances Hijackthis mais click sur " Do a scan only "
Tu vois donc apparaitre le résultat du scan : une multitudes de lignes ,chacunes précédées d'un carré vide .
Tu vas cliquer sur les carrés des lignes suivantes :

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O16 - DPF: {33331111-1111-1111-1111-611111193429} -
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
O16 - DPF: {33331111-1131-1111-1111-611111193428} -
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab


Tu cliques en bas sur le bouton FIX CHECKED et valides .

2- refais uncoup de CCleaner ( registre compris ) .

-> postes moi un nouvel hijackthis pour contrôle et attends la suite ....
0
Réponse 23 / 43
DanouFX Messages postés 56 Date d'inscription lundi 14 juillet 2008 Statut Membre Dernière intervention 11 décembre 2011
8 août 2008 à 19:50
Désolé pour le délai. Mon fournisseur internet a débranché ma connection puisqu'il ont recu des plaintes comme quoi des courriels sont envoyez a partir de mon ordinateur et ce sont des courriel pour faire de l'hameconnage... il m'ont dit que j'ai un virus ou un cheval de troie. Enfin je n'y connait rien donc j'ai plus que jamais besoin de votre aide . Alors voici un hijack this récent.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:47:06, on 2008-08-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm025YYCA
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/ZwinkyInitialSetup1.0.1.0.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://interactivebrokers.webex.com/client/T26L/nbr/ieatgpc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: euwHQGobObso - {2B1B1303-81B1-B9A9-911D-9E765F238C53} - C:\WINDOWS\system32\pfigv.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
0
Réponse 24 / 43
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
8 août 2008 à 20:02
Salut,

Tu t'es de nouveau réinfecter avec de nouvelle bestiole ... :-/

Fais ce-ci :

Télécharges ToolBar S&D ( de Eric_71 ) :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

( Tuto : https://sites.google.com/site/toolbarsd/aideenimages )

!! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !!

* double-cliques sur l'.exe pour lancer l'installe et laisses toi guider ...
* Une fois fait, cliques sur le raccourci créé sur ton bureau pour lancer l'outil .
* Choisis l'option 1 ( "recherche") et tapes "entrée" .
* Une fois le scan finit , un rapport va apparaître, copie/colles l'intégralité
de son contenu dans ta prochaine réponse ...
( le rapport est en outre sauvegardé ici -> C:\TB.txt )
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 43
DanouFX Messages postés 56 Date d'inscription lundi 14 juillet 2008 Statut Membre Dernière intervention 11 décembre 2011
8 août 2008 à 22:39
voila est ce que j'ai un virus... il me casse les couilles
-----------\\ ToolBar S&D 1.0.8 XP/Vista

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Dadou ] [ "C:\Toolbar SD" ] [ Selection : 1 ]
[ 2008-08-08 | 16:37:35,18 ] [ PC : MOI-MEME ]
[ MAJ : 04-08-2008 | 23:15 ]

-----------\\ Recherche de Fichiers / Dossiers ...

[Service] MyWebSearchService
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar
C:\Program Files\MyWebSearch\SrchAstt
C:\DOCUME~1\Dadou\Cookies\dadou@mywebsearch[2].txt
C:\Program Files\PlayMP3z
C:\Program Files\PlayMP3z\PlayMP3.exe
C:\Program Files\PlayMP3z\uninstall.exe
C:\DOCUME~1\Dadou\MENUDÉ~1\PROGRA~1\PlayMP3z
C:\WINDOWS\System32\f3PSSavr.scr
C:\Program Files\Internet Explorer\msimg32.dll
C:\Program Files\MSN Messenger\msimg32.dll

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/?gws_rd=ssl"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"


-----------\\ Fin du rapport a 16:38:05,96
0
Réponse 26 / 43
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
8 août 2008 à 23:07
voila est ce que j'ai un virus... il me casse les couilles
---> la derniere fois qu'on c'est quitté, on avait pas finis ... et là, tu viens d'en rajouter , donc ...^^
Restes zen ... et cette fois on va jusqu'au bout ...

La suite :

Nettoyage avec ToolBar S&D :

!! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !!

Relances Toolbar-S&D en double-cliquant sur le raccourci.
-->Tapes sur l'option 2 ( "nettoyage" ) puis tapes sur "Entrée".
Note : ne touches à rien lors de la suppression !
Un rapport sera généré à la fin du processus : postes son contenu dans ta prochaine réponse
accompagné d'un nouveau rapport hijackthis pour analyse ...

( PS : Si ton Bureau ne réapparait pas, appuies simultanément sur "Ctrl+Alt+Supp"r pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tapes explorer puis valides ... )
0
Réponse 27 / 43
DanouFX Messages postés 56 Date d'inscription lundi 14 juillet 2008 Statut Membre Dernière intervention 11 décembre 2011
8 août 2008 à 23:27
J'ai un nouveau virus...saleté de bestiole mes nouveaux amis vont te saigner a mort!!!! Ou puije voir cette bestiole dans quel rapport tu le vois j'aimerais bien voir de quoi ca l'air un virus? voile le rapport


-----------\\ ToolBar S&D 1.0.8 XP/Vista

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Dadou ] [ "C:\Toolbar SD" ] [ Selection : 2 ]
[ 2008-08-08 | 17:22:54,45 ] [ PC : MOI-MEME ]
[ MAJ : 04-08-2008 | 23:15 ]

-----------\\ SUPPRESSION

Supprime! - [Service] MyWebSearchService
Echec ! - C:\Program Files\MyWebSearch\bar
Supprime! - C:\Program Files\MyWebSearch\SrchAstt
Supprime! - C:\Program Files\PlayMP3z\PlayMP3.exe
Supprime! - C:\Program Files\PlayMP3z\uninstall.exe
Supprime! - C:\DOCUME~1\Dadou\MENUDÉ~1\PROGRA~1\PlayMP3z
Supprime! - C:\WINDOWS\System32\f3PSSavr.scr
Supprime! - C:\Program Files\Internet Explorer\msimg32.dll
Supprime! - C:\Program Files\MSN Messenger\msimg32.dll
Echec ! - C:\Program Files\MyWebSearch
Supprime! - C:\Program Files\PlayMP3z

-----------\\ DEUXIEME PASSAGE

Echec ! - C:\Program Files\MyWebSearch\bar
Echec ! - C:\Program Files\MyWebSearch

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar
C:\DOCUME~1\Dadou\Cookies\dadou@mywebsearch[1].txt

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/?gws_rd=ssl"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"


-----------\\ Fin du rapport a 17:24:04,71
0
Réponse 28 / 43
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
9 août 2008 à 00:14
Bon ... 2 échecs dans la suppression des " bestioles " ...

On va essayer autrement ...

Impératif : Redémarrer l'ordinateur en mode sans échec .
Comment aller en Mode sans échec
1) Redémarre ton ordi
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisis la première option : Sans Échec, et valide avec "Entrée"
5) Choisis ton compte habituel, et non Administrateur (si besoin ... )
( ps : n'oublies pas , en mode sans échec , pas de connexion ! Donc copies ou imprimes bien les info ci-dessous ...)

Relances Toolbar-S&D en double-cliquant sur le raccourci.
-->Tapes sur l'option 2 ( "nettoyage" ) puis tapes sur "Entrée".
Note : ne touches à rien lors de la suppression !
Un rapport sera généré à la fin du processus : sauvegardes le de façon à le retrouver ...

-->redémarres ton PC ( retour mode normal )

postes le rapport sauvegardé dans ta prochaine réponse
accompagné d'un nouveau rapport hijackthis pour analyse ...
0
DanouFX Messages postés 56 Date d'inscription lundi 14 juillet 2008 Statut Membre Dernière intervention 11 décembre 2011
11 août 2008 à 22:43
J'ai sanvegarder le rapport de toolbas SD sur le bureau mais je ne le trouve pas?
0
Réponse 29 / 43
DanouFX Messages postés 56 Date d'inscription lundi 14 juillet 2008 Statut Membre Dernière intervention 11 décembre 2011
9 août 2008 à 03:12
oui oui jme rapelle de cette bestiole infernale ``mywebsearch```jl'eux ai rien fait moi fou le camp sale bestiole... d'accord je fais le nettoyage requis et je vous reviens tout de suite! et merci!!!!
0
Réponse 30 / 43
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
11 août 2008 à 23:34
Salut,

pas grave .. pour vérifier si cela à marcher , fais ce-ci ( on repasse l'option 1 ) :

!! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !!

* double-cliques sur l'.exe pour lancer l'installe et laisses toi guider ...
* Une fois fait, cliques sur le raccourci créé sur ton bureau pour lancer l'outil .
* Choisis l'option 1 ( "recherche") et tapes "entrée" .
* Une fois le scan finit , un rapport va apparaître, copie/colles l'intégralité
de son contenu dans ta prochaine réponse ...
( le rapport est en outre sauvegardé ici -> C:\TB.txt )
0
DanouFX Messages postés 56 Date d'inscription lundi 14 juillet 2008 Statut Membre Dernière intervention 11 décembre 2011
11 août 2008 à 23:51
-----------\\ ToolBar S&D 1.0.8 XP/Vista

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Dadou ] [ "C:\Toolbar SD" ] [ Selection : 1 ]
[ 2008-08-11 | 17:49:02,12 ] [ PC : MOI-MEME ]
[ MAJ : 04-08-2008 | 23:15 ]

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/?gws_rd=ssl"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"


-----------\\ Fin du rapport a 17:49:32,10


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:50:53, on 2008-08-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://interactivebrokers.webex.com/client/T26L/nbr/ieatgpc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: euwHQGobObso - {2B1B1303-81B1-B9A9-911D-9E765F238C53} - C:\WINDOWS\system32\pfigv.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
0
DanouFX Messages postés 56 Date d'inscription lundi 14 juillet 2008 Statut Membre Dernière intervention 11 décembre 2011
11 août 2008 à 23:52
J'ai hate de passer a la prochaine étape
0
Réponse 31 / 43
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
12 août 2008 à 00:04
la voilà :

fais exactement ce qui suit :

Télécharges SmitfraudFix (de S!Ri, balltrap34 et moe31 ) :
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

!! Déconnectes toi, fermes toute tes applications et désactives tes défenses ( anti-virus ,anti-spyware,...) le temps de la manipe !!

Installes le soft à la racine de C\ ( et pas ailleurs! --->"C\:SmitfraudFix.exe" ) .

Tuto ( aide ) : http://siri.urz.free.fr/Fix/SmitfraudFix.php

Utilisation ---> option 1 / Recherche :
Double clique sur l'icône "Smitfraudfix.exe" et sélectionnes 1 (et pas sur autre chose sans notre accord !) pour créer un rapport des fichiers responsables de l'infection.

Postes le rapport ( "rapport.txt" qui se trouve sous C\: ) et attends la suite .

(Attention : process.exe est détecté par certains antivirus comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité.)
0
DanouFX Messages postés 56 Date d'inscription lundi 14 juillet 2008 Statut Membre Dernière intervention 11 décembre 2011
12 août 2008 à 00:14
SmitFraudFix v2.329

Rapport fait à 18:11:55,20, 2008-08-11
Executé à partir de C:\Documents and Settings\Dadou\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est FAT32
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Dadou\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Dadou


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Dadou\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\DADOU\FAVORIS


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"system"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CS2\Services\Tcpip\..\{EFF6BD32-8806-4C59-BE1B-90396D48B918}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 32 / 43
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
12 août 2008 à 00:48
bien ,
Suite de la manipe ( nettoyage ), fais exactement ce qui suit :

* Impératif : Redémarrer l'ordinateur en mode sans échec .
Comment aller en Mode sans échec
1) Redémarre ton ordi
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisis la première option : Sans Échec, et valide avec "Entrée"
5) Choisis ton compte habituel, et non Administrateur (si besoin ... )
( ps : n'oublies pas , en mode sans échec , pas de connexion ! Donc copies ou imprimes bien les info ci-dessous ...)

*Double click sur SmitfraudFix.exe

* Sélectionnes 2 et presses "Entrée" dans le menu pour supprimer les fichiers responsables de l'infection.

* A la question: Voulez-vous nettoyer le registre ? répondre O (oui) et presser Entrée afin de débloquer le fond d'écran et supprimer les clés de registre de l'infection.

( Le correctif déterminera si le fichier wininet.dll est infecté.)

* A la question: "Corriger le fichier infecté ?" répondre O (oui) et presser Entrée
pour remplacer le fichier corrompu.

* Un redémarrage sera peut être nécessaire pour terminer la procédure de nettoyage ( sinon fais le manuellement )

Le rapport se trouve à la racine de C\:
(dans le fichier "rapport.txt")

Postes moi ce dernier rapport accompagné, dans la même réponse, d'un nouveau rapport
hijackthis ( fais en mode normal ) et attends les instructions ...
0
DanouFX Messages postés 56 Date d'inscription lundi 14 juillet 2008 Statut Membre Dernière intervention 11 décembre 2011
12 août 2008 à 01:01
SmitFraudFix v2.329

Rapport fait à 18:54:36,95, 2008-08-11
Executé à partir de C:\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est FAT32
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{EFF6BD32-8806-4C59-BE1B-90396D48B918}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS1\Services\Tcpip\..\{EFF6BD32-8806-4C59-BE1B-90396D48B918}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS2\Services\Tcpip\..\{EFF6BD32-8806-4C59-BE1B-90396D48B918}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:00:49, on 2008-08-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://interactivebrokers.webex.com/client/T26L/nbr/ieatgpc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: euwHQGobObso - {2B1B1303-81B1-B9A9-911D-9E765F238C53} - C:\WINDOWS\system32\pfigv.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
0
Réponse 33 / 43
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
12 août 2008 à 01:21
Continues avec ce-ci :

Télécharges SDFix sur ton bureau :
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe.

--->Double-cliques sur SDFix.exe et choisis "Install" .

( tuto ici : https://www.malekal.com/slenfbot-still-an-other-irc-bot/ )

Puis une fois l'installe faite ,redémarres en mode sans échec .
Comment aller en Mode sans échec :
1) Redémarres ton ordi
2) Tapotes la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisis la première option : Sans Échec, et valide avec "Entrée"
5) Choisis ton compte habituel, et non Administrateur (si besoin ... )
( ps : n'oublies pas , en mode sans échec , pas de connexion ! Donc copies ou imprimes bien les info ci-dessous ...)

Ouvres le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double cliques sur RunThis.bat pour lancer le script.
--->Tapes Y pour lancer le script ...
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire , donc :
presses une touche pour redémarrer quand il te le sera demandé .

Le PC va mettre du temps avant de démarrer ( c'est normale ), après le chargement du Bureau presses une touche lorsque "Finished" s'affiche .

Le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier C:\SDFix sous le nom "Report.txt".
Postes ce dernier dans ta prochaine réponse accompagné d'un nouveau rapport Hijakcthis pour analyse ...
0
DanouFX Messages postés 56 Date d'inscription lundi 14 juillet 2008 Statut Membre Dernière intervention 11 décembre 2011
12 août 2008 à 02:04
[b]SDFix: Version 1.205 [/b]
Run by Administrateur on 2008-08-11 at 19:41

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-11 19:50:20
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Morpheus\\Morpheus.exe"="C:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:M5Shell"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HelpCtr.exe"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HelpCtr.exe:*:Enabled:Assistance … distance - Windows Messenger et voix"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Conference\\Conference.dll"="C:\\Program Files\\Conference\\Conference.dll:*:Enabled:Audio/Video Conference"
"C:\\Documents and Settings\\Dadou\\Local Settings\\Temp\\.tt10.tmp"="C:\\Documents and Settings\\Dadou\\Local Settings\\Temp\\.tt10.tmp:*:Enabled:enable"
"C:\\WINDOWS\\system32\\sysrest32.exe"="C:\\WINDOWS\\system32\\sysrest32.exe:*:Enabled:enable"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:

Mon 11 May 1998 93,880 ..SH. --- "C:\COMMAND.COM"
Sat 7 Oct 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 27 Feb 2004 233,472 A..H. --- "C:\Program Files\Image-Line\FL Studio 7\REX Shared Library.dll"
Mon 14 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT1F.tmp"
Mon 14 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bc066f3f60df1b38218903dd0d40ce98\BIT20.tmp"
Wed 16 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\405ae8e48aa46e265982686e1678047b\BIT2.tmp"
Sat 3 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 12 Nov 2004 37,376 ...H. --- "C:\Program Files\Fichiers communs\Adobe\ESD\DLMCleanup.exe"

[b]Finished![/b]




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:03:58, on 2008-08-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://interactivebrokers.webex.com/client/T26L/nbr/ieatgpc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: euwHQGobObso - {2B1B1303-81B1-B9A9-911D-9E765F238C53} - C:\WINDOWS\system32\pfigv.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
0
Réponse 34 / 43
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
12 août 2008 à 02:12
bien rien de ce côté la ... :-/

Tant pis ... changeons de tactique ...

Pour demain

Tu dois toujours avoir Malwaresbytes .

--> mets le bien à jours ( ouvres le et vas dans l'onglet " mise à jour " et lances la ... )

le tuto : https://forum.pcastuces.com/sujet.asp?f=31&s=3

Impératif : redémarres en mode sans échec :
Comment aller en Mode sans échec
1) Redémarres ton ordi
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisis la première option : Sans Échec, et valide avec "Entrée"
5) Choisis ton compte habituel, et non Administrateur (si besoin ... )
(attention : pas de connexion possible en mode sans échec , donc copies ou imprimes bien la manipe pour éviter les erreurs ...)

Lances Malwarebyte's .

Fais un scan dit "complet" ( sélectionnes bien tout tes disks avant le scan ) et supprimes tout ce qu'il peut trouver, c.a.d :
--->une fois le scan terminé , click sur "résultat" : puis vérifies que tous les objets infectés soient validés, puis click sur " suppression " .

Redémarres ton PC ( mode normal ).

Postes le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le drenier en date) accompagné d'un nouvel hijackthis ( fait en mode normal ) ...

Fais tout cela pour demain donc ...

bonne nuit ... =)
0
DanouFX Messages postés 56 Date d'inscription lundi 14 juillet 2008 Statut Membre Dernière intervention 11 décembre 2011
12 août 2008 à 21:59
oups j'ai fait la supression dans le compte administrateur et je ne trouve pas le rapport
0
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463 > DanouFX Messages postés 56 Date d'inscription lundi 14 juillet 2008 Statut Membre Dernière intervention 11 décembre 2011
12 août 2008 à 22:14
Ici :

dans l'onglet "rapport/log"de Malwarebytes, le dernier en date ...
0
DanouFX Messages postés 56 Date d'inscription lundi 14 juillet 2008 Statut Membre Dernière intervention 11 décembre 2011 > sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012
12 août 2008 à 22:19
peute etre je devrait me connecter avec le compte administrateur car il y était dans logs. Mais mon compte habituel il n'y est pas il n'y a rien dans administrateur malware est en anglais et dans mon compte habituer il est en francais... je ne sais pas comment me connecter avec le compte administreateur
0
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463 > DanouFX Messages postés 56 Date d'inscription lundi 14 juillet 2008 Statut Membre Dernière intervention 11 décembre 2011
12 août 2008 à 22:26
refais la manipe , mais dans ton compte à toi Stp ...

Postes moi les rapports demandés ...
0
DanouFX Messages postés 56 Date d'inscription lundi 14 juillet 2008 Statut Membre Dernière intervention 11 décembre 2011 > sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012
12 août 2008 à 23:21
Malwarebytes' Anti-Malware 1.24
Database version: 1043
Windows 5.1.2600 Service Pack 2

07:38:37 2008-08-12
mbam-log-8-12-2008 (07-33-19).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|G:\|H:\|)
Objects scanned: 173041
Time elapsed: 3 hour(s), 15 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 19
Files Infected: 17617

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{85e06077-c824-43d0-a8dc-5efb17bc348a} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{5937cd7f-1c0b-41e1-9075-60ebdf3c7d34} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\PopSwatr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\PopSwatr\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\rhc3g0j0enhm (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Application Data\rhc3g0j0enhm (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Application Data\rhc3g0j0enhm\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Application Data\rhc3g0j0enhm\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Application Data\rhc3g0j0enhm\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Application Data\rhc3g0j0enhm\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Application Data\rhc3g0j0enhm\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Application Data\rhc3g0j0enhm\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Application Data\rhc3g0j0enhm\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Application Data\rhc3g0j0enhm\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Application Data\rhc3g0j0enhm\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Application Data\rhc3g0j0enhm\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Ma musique\music\Apple Logic Express 7.2 + Serial.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\xzxzxzxzxzxz.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Microsoft Windows Vista Final 2006.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Microsoft Office 2006 Enterprise Final.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Need For Speed Carbon ISO.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Gangs of New York DVDRip.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Read It And Weep DVDRip.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Batman Begins DVDRip.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\CoffeeCup Flash Photo Gallery v.5.6.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\DeskShare Digital Media Converter v.2.75.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\GrandBackup Ultimate v.1.1.0.413.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\ExifPro v.1.0.0 Build 188.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Zoom Player v.5.00 Pro.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\123 Flash Menu v.2.6.0.1210.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\PCB Wizard 3.5 Pro.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Internet Cyclone v.1.92.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\MagicISO Maker v.5.3.229.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Surething CD DVD Labeler Deluxe v.5.0.557.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Perfume The Story Of A Murderer DVDRip.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Dead Man Walking DVDRip.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\The Girl Next Door DVDRip.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\10 Items Or Less DVDRip.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Lets Go To Prison.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\United 93.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Poseidon 2006.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Harry Potter and the Goblet of Fire.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Harry Potter and the Chamber of Secrets.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Corel iGrafx 2006 v.11.2.3.672.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Genie Soft Backup Manager Pro v.7.0.204.374 Vista.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\PowerArchiver 2007 v.10.00.36.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\HDD Regenerator v.1.51.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Sygate Personal Firewall Pro v.5.6.2808.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\live messenger vista.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\McAfee Internet Security Suite 7.0.205.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Nature Illusion Studio v1.80.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\RoboTask v.2.5.0.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Novosoft Handy Password v.4.02.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\DVDFab Platinum v.3.0.8.6 Final.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\DesktopX v.3.1.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\RPG Maker XP v.1.02a.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\KoolMoves 5.7.5.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\CoffeeCup Flash Firestarter 7.0.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Trillian Messenger Pro v.3.1.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\CyberLink Power2Go Deluxe v.5.50.2614.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\GameGain v.2.2.26.2007a.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\MicroAngelo Toolset v6.10.4.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\InterVideo WinDVD Platinum v.8.0.6.104 R2.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Winrar Crystal 2007.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Portable Norton Systemworks 2007.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\WinTools.net Professional 8.2.1.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\AnyDVD HD v.6.1.2.5.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Password Manager XP v.2.2.373.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\iView MediaPro v.3.1.3.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\KC Softwares PhotoToFilm v.2.7.0.66 Multilingual.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\CoffeeCup Firestarter v.7.0.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Adobe RoboHelp v6.0.99.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Native Instruments Massive v1.1.1.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Xandros Desktop v4.1 Home Premium 3CD.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Corel Snapfire Plus v1.20.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Virtual CD v8.0.2 Retail.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Desktop Layout Keeper 1.9.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Shit Talker 1.2.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\RegVac Registry Cleaner 4.02.31.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\DVD2one 2.1.2.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Tribal Trouble v1.0.7209.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Aurora Media Workshop 3.3.29.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\OEM BIOS Emulation Toolkit For Windows Vista x86 v1.0.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Qimage Studio Edition v2007.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\KoolMoves v5.7.5 Retail.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Genie Backup Manager Professional v7.0.211.381.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Quicken WillMaker Plus 2007 Retail.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Xilisoft Video Converter 3.1.23.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\How to Make an AiO.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Rapid-Pi 1.53.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Help and Manual 4.3 Build.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\3GP Movie Studio 1.0.1 build.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\CDMenuPro v5.40.00 Business Edition Bilingual.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Acronis Disk Director Suite v10.0.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Jackass Two Unrated.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Hide Files Folders +serial.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\J.River Media Center 12.0.185 Final Cracked.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\My Secret Folder 4.30 XP.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Prince Of Persia The Sands Of Time.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Vbulletin 3.6.4 Nulled WST.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\The Astronaut Farmer 2007.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Native Instruments Traktor DJ Studio v3.2.1.030 MAC OSX.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Over The Hedge DvdRip.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Powerful Cookies v3.2.7.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Fresh UI v7.78.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\MemOptimizer v3.02.70.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Naevius 3GP Converter v1.0.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\LostPassword Passware Kit v8.0.2514 Enterprise.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Boy Eats Girl 2005 DvdRip.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Speed 1994.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\United 93 DvdRip Xvid-DiAMOND.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Enemy at the Gates 2001 DVDRip.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\OO DiskRecovery Tech Edition v4.1.1334.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\MahJong Suite 2007 v4.0.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Nikon Capture NX v1.1.0.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Pimex 1.16.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Picture Window Pro v4.0.1.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Notes on a Scandal Dvdscr crikeym8.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Tenacious D - The Pick Of Destiny 2006 DvdRip -aXXo.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Wild Hogs CAM XviD-CAMERA-BaczeK.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Dreamgirls 2006 DVDSCR.XviD-iMBT.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Striking Range 2006.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\WinHex v13.8 SR4.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\TurboFTP v5.30.572.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\1 Privacy Eraser v2.0.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Spy Emergency 2006 3.0.315.0.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\HDClonePro v3.2.5.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\AllSync v2.7.46 Business Edition.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\ProxyCommander 1.x.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\MetaProducts LightPad v4.5.150.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\NeoBook Pro 5.5.3b.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Acronis Disk Director Suite v10.0.2160.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Bluetooth PC Dialer 2.0.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Webroot Spy Sweeper v5.3.1.2344 Vista Ready.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\lectora publisher enterprise 2007.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Cakewalk Guitar Tracks Pro v3.0.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Adobe Photoshop CS3 Beta.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Black Snake Moan CAM XviD-CAMERA.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Wild Hogs CAM VCD-PreVail.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Fresh Download.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Album Creator PRO v3.5.573.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\RealPlayer for Windows ver. 10.5 (6.0.12.1698).exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\SpySweeper v5.0.7.1608(Full).exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Sony Vegas 7.0b Build 151.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Hide And Protect Any Drives.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Proxy Finder Enterprise v1.90.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\VSO PhotoDvd.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Sony DVD Architect.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\PrintStudio Pro.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Mem Optimizer.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Wivisoft 3GP Video Converter.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Witcobber Super Video Converter.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\FullShot Enterprise.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\FTPRush 1.0.0588 ANSI.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Feed Mix RSS Editor 4.62.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\FTP Commander Pro.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Folder Lock 4.25.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Plato Video To iPod PSP 3GP 3.31.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Trojan Remover 6.5.3.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\TurboFTP v5.00 build 540.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Alive Desktop 1.0.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Image Assistant 3.0.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Alt WAV to MP3 Converter 2.3.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Alt OGG to MP3 converter 2.3.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Alt MP3 to WMA Converter 2.2.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Alt WMA to MP3 Converter 2.3.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Alt MP3 Bitrate Converter 2.3.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Plato DVD Copy 4.56.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Plato DVD iPod Ripper 4.49.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Plato DVD Creator 3.44.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Plato DVD to iPod Converter 5.49.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Plato Video To iPod Converter 3.36.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Alarm Master 4.15.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Picture Resize Genius 2.5.1.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Camel Disc Catalog 1.0 build 778.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Okoker ISO Maker v1.6.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\AoA DVD COPY v2.7.9.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Plato DVD to MP3 Ripper 4.50.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Plato DVD to DivX XviD Ripper 4.50.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Plato DVD Ripper 4.51.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Plato Video Converter 5.28.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Plato Video Joiner 4.26.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Audio Grail (K-MP3) 6.6.8.126.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Plato Media to iPod MP3 3.18.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Video Enhancer 1.3.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\TransMac 7.5.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Rainbow Six Vegas ISO.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Need For Speed Carbon CE.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\SoftPerfect Network Protocol Analyzer 2.4.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Genie Backup Manager Professional 7.0.211.381.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Acronis Drive Cleanser 6.0.676.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Acronis Disk Director Suite 10.0.2160.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\SlySoft AnyDVD HD 6.1.2.9 Beta.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Game Maker 7.0.5.0.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Access Diver 4.301.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Microsoft Office 2007 Enterprise.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Dreamgirls 2006 dvdscr.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Into The Blue DvDRip.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Children of Men.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Flushed Away 2006 Dvdrip Screencaps.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Alpha Dog 2007 DVDRip XviD - aXXo.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\The Messengers 2007 CAM.XviD-CAMERA.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\One Perfect Day 2004 DVDRip XviD.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\See No Evil DVDRip.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Sophisticated Rename v3.03.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\AbhorDJ v1.61.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\AnyDVD v6.1.2.8.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Drive Discovery v2.34.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\MonitorIT v8.0.18.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Second Copy 7.0.0.170.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\RegCure 1.1.0.17.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\BR Software PixFiler v5.0.9.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Office Live Communications Server 2003.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Diskeeper Professional Premier Edition v11.0.686.0 Li.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\CuteFTP Pro v.8.0.4 Build 01.15.2007.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Raxco PerfectDisk v8.0.54 Professional.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Arial CD Ripper v 1.9.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Raxco PerfectDisk v8.0.54 Professional Edition.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\G-Zapper Professional v1.51.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Room Arranger v4.67.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Max Payne 2.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Fifa 2007.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Leisure Suit Larry 7 Love For Sail.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Playboy The Mansion.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\World series of poker Tournament of Champions 2007.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Deadly Dozen.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\GTA San Andreas.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Jennifer Lopez - Lets Get Loud 2001 DVDRip.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\treet Hacker ISO Update Patches.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Guilty Gear XX Reloaded iSO.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Dynasty Warriors 4 Hyper.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Nancy Drew Ghost Dogs Of Moon Lake ISO.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Tasty Planet.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Kawasaki Snow Mobiles.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Kasparov Chessmate.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\3D Live Pool.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\ExifPro v1.0.0 Build 188.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\CoffeeCup Firestarter v7.0 Retail.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Lock Folder XP v3.6.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Ghost Rider.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\The Number 23.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Cinderella III A Twist in Time.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Running Scared.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\A History of Violence.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Saw II.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\The Polar Express.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\The Sentinel.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Smokin Aces.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Sony Sound Forge 8.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Symantec pcAnywhere v12.0.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Real Player 10.6 Premium.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Error Repair Pro 3.2.5.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\System Cleaner 5.53.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Registry Mechanic v6.0.0.780.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Alive MP4 Converter 2.0.2.8.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Norton PartitionMagic 8.05.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Battlefield 2.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\MotoGP 3 Ultimate Racing Technology.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Cabelas Big Game Hunter 2007.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Star Wars Empire at War.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Call Of Juarez.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Ghost Recon Advanced Warfighter.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Close Combat First to Fight.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Alien Shooter Vengeance.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Test Drive Unlimited.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\WinTools.NET Professional v8.2.1.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Dameware NT Utilities v6.0.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Photocopier Pro v3.07.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\KoolMoves v5.7.5.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\CoffeeCup Flash Photo Gallery v5.6.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\CoffeeCup Flash Firestarter v7.0.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Ashampoo Music Studio v3.21.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Easy DVD Creator v1.2.3.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\EximiousSoft GIF Creator v3.60.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\FaxAmatic v9.98.25.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\FaxMail Network for Windows v9.98.25.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\First Alert Service Monitor v9.98.25.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Irfan View v3.99.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\IView MediaPro v3.1.3.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Notes On A Scandal CAM XviD-ReCode.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\The Queen DVDRip.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\The Darkroom 2006 DVDRip.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Half Nelson 2006 DVDRip.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\The Chumscrubber DVDRip.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\MP3 To Ringtone Gold v.5.03 Full.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Google Earth Pro v.4.0.2737.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Plato DVD Ripper v.5.51.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Uninstall Manager v.4.30.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\ParetoLogic Anti-Spyware 5.0.226.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\SUPERFileRecover v3.1.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\AIMP PRO v5.27.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Registry Rescue 2.8.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Disneys Cinderellas Dollshouse.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Raxco PerfectDisk 8.0 Build 58.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Picture Window Pro v4.0.1.8.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Spyware Nuker XT v4.8.81.1815.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Novosoft Office Backup v3.1.0.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\FontDoctor v2.5.0.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Photo DVD Creator 4.13.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Fortune Magazine March 5 2007.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\The Economist March 3 2007.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\SkinStudio Professional 5.0.0 Build 111.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\PC-CLEANER - Registry Cleaner v1.0.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\MP3 To Ringtone Gold 5.03.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\DVDneXtCOPY V2.3.5.1.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\US News World Report March 12 2007.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\MusicPhrase XL 3.0.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\FaxMail Network n9.95.01.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\HealthFile Plus 4.4.7.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\PowerCmd 1.1.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\XnView 1.90.1.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Secret Messenger 2.1.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Sybase PowerBuilder v10.0 Entrprise.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Portable Google Earth v4.0.2737.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\NICI Picture Downloader v2.01.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\ShareAlarmPro v1.7.9.0.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\BPM Studio Professional 4.9.1.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Autodesk Land Desktop 2007.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Selteco Photo Lab v2.3.0.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Spector Pro v6.0.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Internet Business Promoter 9.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\My Secret Folder 4.3.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Discreet Plasma v1.0.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Swift Elite v3.0.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Right At Your Door.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Satans Little Helper.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\The Thing Below.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\UKM Ultimate Killing Machine.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\The Badge.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Decoys The Second Seduction.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\The Lakehouse.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\The Evil Dead.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\3D Ultra NASCAR Pinball.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Moorhuhn Schatzjager 2 XXL.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Rogue Trooper.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Sims 2 Season.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\The Mark.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\The Lord of the Rings The Battle for Middle-Earth II Th.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Hitman Contracts.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Harry Potter The Sorcercers Stone.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Hitman Blood Money.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Kawasaki Jet Ski.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Kawasaki Quad Bikes.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\DVDFab Platinum v3.0.86.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Microsoft Visual Studio 2005 Professio.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Sony Sound Forge 8.0a.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Mem Optimizer v3.02.70.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Your Uninstaller Pro 2006 5.0.0.335.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Scannet Professional v3.9.0.10.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Adobe Photoshop Lightroom v1.0 AIO.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\The Prestige DVDRip.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Night at the Museum DVDRip.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\The Dukes of Hazzard The Beginning DV.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Days of Glory DVDSCR.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Aeon Flux DVDRip.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Wild Hogs CAM.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\The Pursuit of Happyness DVDRip.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Pans Labyrinth DVDRip.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\.45 DVDSCR.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Flight of Fury DVDRip.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Land Of The Dead DvdRip MU.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Venus 2007 ReRiped DvdScr XviD.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Wild Hogs Cam XviD.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Black Snake Moan Cam XviD.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Machine 2007 DvdRip XviD.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Swordfish DvdRip.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Angel Eyes DvdRip.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Behind Enemy Lines 2 Axis Of Evil DvdRip.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Material Girls 2006 DvdRip.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\1 Anonymous Proxy List Verifier v1.1.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Portable Tuneup Utilities 2007 Final.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\IntelliAdmin 2.7.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Portable Ontrack EasyRecovery Professional 6.10.07.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Norman Malware Cleaner 2007.02.26.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Jackass Number Two Unrated Edition.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Training Day.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Over The Hedge.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Saw III.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\The Prestige.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Rocky Balboa.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\The Godfather.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\VideoGet 11012 Incl Crck.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\CyberLink Power2Go Deluxe v5.50.2614.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheus Shared\_\Ashampoo Magical Defrag v2.08.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dadou\Mes documents\Morpheu
0
Réponse 35 / 43
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
12 août 2008 à 23:54
re ...

Files Infected: 17617 --> on a décroché le ponpon là !!! X ))))

Bon le rapport complet on vas laisser tomber ...

voilà ce que tu vas faire :

1- Supprime TOUT ce que malwarebytes peut avoir dans sa quarantaine ( via celle-ci bien sûr )

2- refais un bon coup de CCleaner ( registre compris ) .

3- Eteinds et redémarre ton PC ...

4- Lances un scan " rapide " avec Malwarebytes ( en mode normal ) . Supprimes tout ce qu'il peut encore trouver .
Postes moi le nouveau rapport obtenu stp avec un nouvel hijackthis aussi et attends la suite ...
0
DanouFX Messages postés 56 Date d'inscription lundi 14 juillet 2008 Statut Membre Dernière intervention 11 décembre 2011
13 août 2008 à 00:36
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1043
Windows 5.1.2600 Service Pack 2

18:35:05 2008-08-12
mbam-log-8-12-2008 (18-35-05).txt

Type de recherche: Examen rapide
Eléments examinés: 42147
Temps écoulé: 7 minute(s), 12 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:36:30, on 2008-08-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\FXDD - MetaTrader 4\terminal.exe
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://interactivebrokers.webex.com/client/T26L/nbr/ieatgpc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: euwHQGobObso - {2B1B1303-81B1-B9A9-911D-9E765F238C53} - C:\WINDOWS\system32\pfigv.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
0
Réponse 36 / 43
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
13 août 2008 à 00:50
bien ...

1- Mets à jours ce qui suit, c'est important ( des version pas à jours = failles de sécurité ) :
* pour la console Java :
aller sur : Démarrer > Panneau de configuration > Icône Java > onglet Mise à jour > "Mettre à jour maintenant" > cocher la case "Automatiser la détection des mises à jour".
( puis désinstalles les versions antérieurs via "paneau de configuration" et "ajout/suppression de prg" ...)


2- Rends toi sur ce site :

https://www.virustotal.com/gui/

Copies ce qui suit et colles le dans l'espace pour la recherche :
C:\WINDOWS\system32\pfigv.dll

Cliques sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends bien la fin ... Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note ( surtout le début avec le listing des AV ).

Copies le dans ta prochaine réponse ...

( Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant )


une fois ce rapport poster , enchaine avec ce-ci :

3- Télécharges Lop S&D :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

Double clik sur sur l'.exe que tu viens de télécharger pour lancer l'installe .

Une fois l'installation faite, click sur le raccourci pour lancer le prg .

Là, laisses toi guider :
--->choisis l'option 1 (recherche) et valides.

(Tu ne fais pas l'option de nettoyage ( 2 ou 3) sans notre accord ! ).

Une fois le scan terminer ,le Bloc-Notes contenant le rapport va s'ouvrir.
Postes ce rapport dans ta prochaine réponse pour analyse .

Tuto : https://sites.google.com/site/eric71mespages/lop.sd.exe
0
Réponse 37 / 43
jorginho67 Messages postés 14716 Date d'inscription mardi 11 septembre 2007 Statut Contributeur sécurité Dernière intervention 11 février 2011 1 169
13 août 2008 à 00:56
Salut vous deux

Pour suivre

( Obligé de poster un message pour pouvoir lire les posts ( ça beuggue encore ) )
0
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
13 août 2008 à 00:57
gnarf gnarf .... ;p
0
DanouFX Messages postés 56 Date d'inscription lundi 14 juillet 2008 Statut Membre Dernière intervention 11 décembre 2011 > sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012
13 août 2008 à 01:13
Copies ce qui suit et colles le dans l'espace pour la recherche :
C:\WINDOWS\system32\pfigv.dll

Cliques sur Send File.


Internet explorer ne peut afficher la page???
0
Réponse 38 / 43
DanouFX Messages postés 56 Date d'inscription lundi 14 juillet 2008 Statut Membre Dernière intervention 11 décembre 2011
13 août 2008 à 01:18
--------------------\\ Lop S&D 4.2.2-7 XP / Vista

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Dadou ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ 2008-08-12 | 19:15:40 ] [ PC : MOI-MEME (Proc:x86)]
[ MAJ : 12-08-2008 | 17:58 ]

--------------------\\ Listing des dossiers dans APPLIC~1







--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[2008-08-05 10:04][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008-08-12 19:14][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[2008-08-08 20:34][--a------] C:\WINDOWS\tasks\Norton AntiVirus - Analyse systŠme complŠte - Dadou.job
[2008-08-12 18:20][--ah-----] C:\WINDOWS\tasks\SA.DAT
[2001-08-28 20:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[2006-10-08|09:37] C:\Program Files\ABBYY FineReader 5.0 Sprint
[2006-10-12|22:45] C:\Program Files\ADJECT
[2006-09-01|21:27] C:\Program Files\Adobe
[2008-02-09|09:05] C:\Program Files\Apple Software Update
[2007-03-18|13:47] C:\Program Files\ASIO4ALL v2
[2006-09-05|14:32] C:\Program Files\AvRack
[2008-07-15|17:27] C:\Program Files\CCleaner
[2006-08-23|13:23] C:\Program Files\ComPlus Applications
[2008-02-20|19:57] C:\Program Files\Conference
[1993-11-08|12:59] C:\Program Files\CSDIALOG.VBX
[2007-03-07|21:56] C:\Program Files\CWAF
[2006-09-05|15:32] C:\Program Files\CyberLink
[2008-04-02|16:20] C:\Program Files\Disney Interactive
[2006-08-23|13:18] C:\Program Files\Fichiers communs
[2008-03-03|12:07] C:\Program Files\FXDD - MetaTrader 4
[2008-03-03|11:49] C:\Program Files\FXDD - MetaTrader MultiTerminal
[2006-11-18|20:14] C:\Program Files\Google
[2007-10-14|20:07] C:\Program Files\HP DeskJet 710C Series
[2007-03-08|18:04] C:\Program Files\Image-Line
[1996-10-31|12:36] C:\Program Files\INSTALL.TXT
[2006-09-05|14:32] C:\Program Files\InstallShield Installation Information
[2007-11-17|16:46] C:\Program Files\Interbank FX Trader 4
[2006-08-23|13:23] C:\Program Files\Internet Explorer
[2007-09-15|11:02] C:\Program Files\Java
[2006-09-11|12:36] C:\Program Files\Kodak
[1996-11-28|23:35] C:\Program Files\LATIN.EXE
[1996-11-28|23:02] C:\Program Files\LATIN.INI
[2007-01-12|20:07] C:\Program Files\Lavasoft(2)
[2006-10-08|09:34] C:\Program Files\Lexmark 2200 Series
[2006-10-08|09:38] C:\Program Files\Lexmark Fax Solutions
[2007-09-15|10:58] C:\Program Files\LimeWire
[2008-07-15|17:35] C:\Program Files\Malwarebytes' Anti-Malware
[2008-01-31|22:50] C:\Program Files\MBTrading
[2006-08-23|13:22] C:\Program Files\Messenger
[2007-02-05|16:36] C:\Program Files\Messenger Plus! Live
[2007-05-08|03:02] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2006-08-23|13:25] C:\Program Files\microsoft frontpage
[2007-02-09|08:32] C:\Program Files\Microsoft Office
[2008-05-03|16:56] C:\Program Files\MIG Trading Station
[2008-02-02|11:25] C:\Program Files\Mindscape
[2006-09-14|02:09] C:\Program Files\Morpheus
[2007-01-21|10:08] C:\Program Files\MorpheusBar
[2006-08-23|13:24] C:\Program Files\Movie Maker
[2007-10-24|21:13] C:\Program Files\MSBuild
[2006-08-23|13:22] C:\Program Files\MSN
[2006-08-23|13:22] C:\Program Files\MSN Gaming Zone
[2006-09-29|22:26] C:\Program Files\MSN Messenger
[2007-01-21|17:39] C:\Program Files\MSXML 4.0
[2007-10-26|03:03] C:\Program Files\MSXML 6.0
[2006-08-23|13:24] C:\Program Files\NetMeeting
[2007-01-21|17:52] C:\Program Files\Norton AntiVirus
[2006-10-12|22:45] C:\Program Files\NOUNS
[2006-08-23|13:24] C:\Program Files\Outlook Express
[2008-07-24|13:29] C:\Program Files\PartyGaming
[1994-02-23|10:58] C:\Program Files\QPRO200.DLL
[2008-02-09|09:05] C:\Program Files\QuickTime
[1996-10-31|12:39] C:\Program Files\README.TXT
[2006-08-23|13:56] C:\Program Files\Real
[2006-09-05|14:32] C:\Program Files\Realtek Sound Manager
[2007-10-24|21:08] C:\Program Files\Reference Assemblies
[2006-08-23|13:22] C:\Program Files\Services en ligne
[2007-12-16|20:20] C:\Program Files\Skype
[2007-10-24|20:40] C:\Program Files\Sony Setup
[2007-01-13|18:35] C:\Program Files\Spybot - Search & Destroy
[2008-08-12|19:07] C:\Program Files\Sun
[2007-01-21|17:52] C:\Program Files\Symantec
[2008-06-10|16:37] C:\Program Files\TMNT
[2008-07-02|16:51] C:\Program Files\Trading Rooms Technologies, Inc
[2006-10-12|23:05] C:\Program Files\TRANSLAT.ION
[2008-07-14|17:57] C:\Program Files\Trend Micro
[2006-08-23|13:28] C:\Program Files\Uninstall Information
[2006-10-12|22:45] C:\Program Files\VERBS
[2007-04-03|10:19] C:\Program Files\VideoLAN
[2006-08-23|13:57] C:\Program Files\Viewpoint
[2008-03-16|00:45] C:\Program Files\VirtualDJ
[2007-03-08|18:07] C:\Program Files\VstPlugins
[2008-02-19|17:34] C:\Program Files\WebEx
[2008-03-27|09:17] C:\Program Files\Windows Live
[2007-11-28|22:16] C:\Program Files\Windows Live Favorites
[2007-02-08|07:54] C:\Program Files\Windows Live Toolbar
[2007-02-03|00:44] C:\Program Files\Windows Media Connect 2
[2006-08-23|13:22] C:\Program Files\Windows Media Player
[2006-08-23|13:22] C:\Program Files\Windows NT
[2006-08-23|13:22] C:\Program Files\WindowsUpdate
[2007-01-29|16:47] C:\Program Files\WinZip
[2006-08-23|13:25] C:\Program Files\xerox
[2007-10-21|15:45] C:\Program Files\Xilisoft

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[2006-09-15|01:15] C:\Program Files\Fichiers communs\Adobe
[2006-09-05|14:32] C:\Program Files\Fichiers communs\InstallShield
[2007-09-15|10:58] C:\Program Files\Fichiers communs\Java
[2007-04-09|16:45] C:\Program Files\Fichiers communs\Kodak
[2006-08-23|13:18] C:\Program Files\Fichiers communs\Microsoft Shared
[2006-08-23|13:24] C:\Program Files\Fichiers communs\MSSoap
[2006-08-23|13:18] C:\Program Files\Fichiers communs\ODBC
[2006-08-23|13:56] C:\Program Files\Fichiers communs\Real
[2006-08-23|13:24] C:\Program Files\Fichiers communs\Services
[2007-12-16|20:20] C:\Program Files\Fichiers communs\Skype
[2006-10-23|17:26] C:\Program Files\Fichiers communs\snpp106
[2006-08-23|13:18] C:\Program Files\Fichiers communs\SpeechEngines
[2008-06-10|16:37] C:\Program Files\Fichiers communs\SWF Studio
[2007-01-21|17:51] C:\Program Files\Fichiers communs\Symantec Shared
[2006-08-23|13:23] C:\Program Files\Fichiers communs\System
[2008-03-27|09:17] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[2006-11-20|22:48] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 42 Processus )

IEXPLORE.EXE ~ [PID:4088] ~ [Threads:22]

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-12 19:16:54
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\DADOU\Mes documents\Mes fichiers re‡us\Sony Soundforge 7.0 + Keygen + Patch Fr + Plugins.rar


[F:333][D:11]-> C:\DOCUME~1\Dadou\LOCALS~1\Temp
[F:17][D:0]-> C:\DOCUME~1\Dadou\Cookies
[F:289][D:6]-> C:\DOCUME~1\Dadou\LOCALS~1\TEMPOR~1\content.IE5
[F:2][D:0]-> C:\Recycled

--------------------\\ Fin du rapport a 19:17:24,35
0
Réponse 39 / 43
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
13 août 2008 à 01:32
bon ...

1- supprimes ce crack , il est infecté :
--> Mes documents\Mes fichiers reçus\Sony Soundforge 7.0 + Keygen + Patch Fr + Plugins.rar

2 - fais exactement ce qui suit :

Télécharges ComboFix (par sUBs) sur ton Bureau (et pas ailleur !):
http://download.bleepingcomputer.com/sUBs/ComboFix.exe <--- clik droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix et valide .

--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
!! déconnectes toi,fermes tes applications en cours et DESACTIVES TOUTES TES DEFENSES (anti-virus, guardes anti spy-ware, pare-feu) le temps de la manipe :
en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !!
--->Important : si tu rencontres des difficultés à ce niveau là, fais m'en part avant de poursuivre ...
Tuto ( aide ) ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
---------------------------------------------------------------------------------------------------------------------------------

Ensuite :
double-cliques C-Fix.exe ( = combofix.exe ) .

Appuyes sur la touche Y (Yes) pour démarrer le scan .

Attention :
--> n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi .
--> Il se peut que le PC redémarre de lui même ( pour finaliser le nettoyage ) , laisses le faire .
--> si un message d'erreur windows apparait à un momment : clik sur la croix rouge en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! sinon pas de rapport ... )

Le rapport sera crée dans: C:\Combofix.txt

Postes le rapport Combofix accompagné d'un nouveau rapport hijackthis pour analyse ...
0
DanouFX Messages postés 56 Date d'inscription lundi 14 juillet 2008 Statut Membre Dernière intervention 11 décembre 2011
13 août 2008 à 02:08
ComboFix 08-08-12.01 - Dadou 2008-08-12 19:57:58.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.253 [GMT -4:00]
Endroit: C:\DOCUME~1\DADOU\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\ALLUSE~1\Menu Démarrer\Programmes\Antivirus XP 2008
C:\DOCUME~1\ALLUSE~1\Menu Démarrer\Programmes\Antivirus XP 2008\Antivirus XP 2008.lnk
C:\DOCUME~1\ALLUSE~1\Menu Démarrer\Programmes\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\DOCUME~1\ALLUSE~1\Menu Démarrer\Programmes\Antivirus XP 2008\License Agreement.lnk
C:\DOCUME~1\ALLUSE~1\Menu Démarrer\Programmes\Antivirus XP 2008\Register Antivirus XP 2008.lnk
C:\DOCUME~1\ALLUSE~1\Menu Démarrer\Programmes\Antivirus XP 2008\Uninstall.lnk
C:\DOCUME~1\DADOU\Application Data\FunWebProducts
C:\DOCUME~1\DADOU\Application Data\FunWebProducts\Data\Dadou\avatar.dat
C:\DOCUME~1\DADOU\Application Data\FunWebProducts\Data\Dadou\outfit.dat
C:\DOCUME~1\DADOU\Application Data\FunWebProducts\Data\Dadou\zbucks.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-13 to 2008-08-13 ))))))))))))))))))))))))))))))))))))
.

2008-08-12 19:15 . 2008-08-12 19:15 <REP> d-------- C:\Lop SD
2008-08-12 19:07 . 2008-08-12 19:07 <REP> d-------- C:\Program Files\Sun
2008-08-11 20:24 . 2008-08-11 20:24 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-08-11 20:18 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-11 16:29 . 2006-08-23 13:18 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-08-11 16:29 . 2006-08-23 13:18 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-08-11 16:29 . 2006-08-23 13:18 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-08-11 16:29 . 2006-08-23 13:29 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-08-11 16:29 . 2006-08-23 13:18 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-08-11 16:29 . 2006-08-23 13:29 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-08-11 16:29 . 2006-08-23 13:18 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-08-11 16:29 . 2008-08-11 16:29 <REP> d-------- C:\Documents and Settings\Administrateur
2008-07-24 13:29 . 2008-07-24 13:29 <REP> d-------- C:\Program Files\PartyGaming
2008-07-24 13:28 . 2008-07-24 13:28 <REP> d-------- C:\Documents and Settings\Dadou\PARTYPokerDir
2008-07-23 15:31 . 2008-07-23 15:31 <REP> d--hs---- C:\FOUND.010
2008-07-15 17:35 . 2008-07-15 17:35 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-15 17:35 . 2008-07-15 17:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-15 17:35 . 2008-07-15 17:35 <REP> d-------- C:\DOCUME~1\Dadou\Application Data\Malwarebytes
2008-07-15 17:35 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-15 17:26 . 2008-07-15 17:27 <REP> d-------- C:\Program Files\CCleaner
2008-07-15 16:55 . 2008-07-15 16:55 <REP> d-------- C:\WINDOWS\ERUNT
2008-07-15 16:51 . 2008-07-14 23:44 <REP> d-------- C:\SDFix
2008-07-14 19:10 . 2008-06-15 15:25 <REP> d-------- C:\SmitfraudFix
2008-07-14 19:10 . 2008-08-11 18:54 1,802 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-14 19:08 . 2008-07-14 19:08 1,478,367 --a------ C:\SmitfraudFix.exe
2008-07-14 18:45 . 2008-06-14 13:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-14 18:31 . 2008-07-14 18:31 <REP> d-------- C:\Toolbar SD
2008-07-14 18:15 . 2008-07-14 18:15 <REP> d-------- C:\fixwareout
2008-07-14 17:57 . 2008-07-14 17:57 <REP> d-------- C:\Program Files\Trend Micro

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-02 20:51 --------- d-----w C:\Program Files\Trading Rooms Technologies, Inc
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2007-12-17 00:22 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2006-10-13 03:05 10,196 ----a-w C:\Program Files\TRANSLAT.ION
1996-11-29 03:35 185,643 ----a-w C:\Program Files\LATIN.EXE
1996-11-29 03:02 162 ----a-w C:\Program Files\LATIN.INI
1996-10-31 16:39 5,076 ----a-w C:\Program Files\README.TXT
1996-10-31 16:36 821 ----a-w C:\Program Files\INSTALL.TXT
1994-02-23 14:58 55,264 ----a-w C:\Program Files\QPRO200.DLL
1993-11-08 16:59 33,744 ----a-w C:\Program Files\CSDIALOG.VBX
.

------- Sigcheck -------

md5deep: C:\WINDOWS\system32\svchost.exe: error at offset 0: Permission denied
2001-08-28 20:00 12800 333a4db8410d8e24db06d6aebecdc7c2 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2004-08-19 18:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\ServicePackFiles\i386\svchost.exe

md5deep: C:\WINDOWS\system32\winlogon.exe: error at offset 0: Permission denied
2002-08-29 11:45 520704 71820bc9ee6653c8748922459dfc384d C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2004-08-19 18:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

md5deep: C:\WINDOWS\explorer.exe: error at offset 0: Permission denied
2002-08-29 11:45 1008128 82fe0d400cb1ac937234467b927b867a C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-19 18:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2007-06-13 09:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-19 18:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

md5deep: C:\WINDOWS\system32\services.exe: error at offset 0: Permission denied
2001-08-28 20:00 101888 fc0691097471ee374907e1024edcbd43 C:\WINDOWS\$NtServicePackUninstall$\services.exe
2004-08-19 18:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\ServicePackFiles\i386\services.exe

md5deep: C:\WINDOWS\system32\lsass.exe: error at offset 0: Permission denied
2002-08-29 11:45 11776 b7b1c150aff59455db4df082815f88f5 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2004-08-19 18:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\ServicePackFiles\i386\lsass.exe

md5deep: C:\WINDOWS\system32\spoolsv.exe: error at offset 0: Permission denied
2005-06-10 18:55 53248 6b4bf97957a0b8795811975d4bf1acfe C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
2004-08-19 18:10 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2004-08-19 18:10 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2005-06-10 18:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\$hf_mig$\KB896423\SP2GDR\spoolsv.exe
2005-06-10 19:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2001-08-28 20:00 51200 b1ce5287f096895d9be26eb86f4d5faf C:\WINDOWS\$NtUninstallKB896423_0$\spoolsv.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 18:09 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-02 00:13 68856]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark 2200 Series"="C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe" [2004-02-13 14:13 57344]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2004-02-04 15:33 294912]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-11-20 22:48 180269]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2006-11-28 20:51 107112]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 12:22 26248]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-08-27 18:32 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-08-27 18:19 118784]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"SoundMan"="SOUNDMAN.EXE" [2003-11-13 18:23 62464 C:\WINDOWS\soundman.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"euwHQGobObso"= {2B1B1303-81B1-B9A9-911D-9E765F238C53} - C:\WINDOWS\system32\pfigv.dll [2007-04-16 11:53 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HelpCtr.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Conference\\Conference.dll"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 HPFECP13;HPFECP13;C:\WINDOWS\system32\drivers\HPFECP13.SYS [1998-07-31 01:40]
R3 C4C_BSC2;C4C_BSC2;C:\WINDOWS\system32\DRIVERS\C4C_BSC2.sys [2002-07-08 07:32]
R3 msloop;Pilote de carte de bouclage Microsoft;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 21:53]
S3 SNPP106;PC Camera (6029 CIF);C:\WINDOWS\system32\DRIVERS\snpp106.sys [2003-04-09 11:44]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-08-05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 15:42]
.
- - - - ORPHANS REMOVED - - - -

Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 -: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-12 20:01:59
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCSVCHST.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\APPCORE\APPSVC32.EXE
C:\WINDOWS\SYSTEM32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\LEXPPS.EXE
C:\PROGRAM FILES\GOOGLE\COMMON\GOOGLE UPDATER\GOOGLEUPDATERSERVICE.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\PROGRAM FILES\LEXMARK 2200 SERIES\LXBVBMON.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\PROGRAM FILES\GOOGLE\GOOGLE UPDATER\GOOGLEUPDATER.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-12 20:05:08 - machine was rebooted [Dadou]
ComboFix-quarantined-files.txt 2008-08-13 00:05:02

Pre-Run: 80,308,502,528 octets libres
Post-Run: 80,276,979,712 octets libres

194 --- E O F --- 2008-07-21 07:00:39



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:07:26, on 2008-08-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://interactivebrokers.webex.com/client/T26L/nbr/ieatgpc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: euwHQGobObso - {2B1B1303-81B1-B9A9-911D-9E765F238C53} - C:\WINDOWS\system32\pfigv.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
0
Réponse 40 / 43
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
13 août 2008 à 02:14
ok ...

1- Avoir accès aux fichiers cachés :

Vas dans Menu Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage
* "Afficher les fichiers et dossiers cachés" ---> coché
* "Masquer les extensions des fichiers dont le type est connu" ---> décoché
* "masquer les fichiers du système" ---> décoché
( tu remetteras les paramètres de départ une fois la désinfection terminée , pas avant ... )


2- re-tentes VirusTotal comme indiqué ici:
http://www.commentcamarche.net/forum/affich 7409070 besoin d aide pour antivirus xp 2008?page=2#66

Dis moi et postes le rapport si cela a marché ...
0
DanouFX Messages postés 56 Date d'inscription lundi 14 juillet 2008 Statut Membre Dernière intervention 11 décembre 2011
13 août 2008 à 02:24
non internet explorer ne peut afficher la page
0