comment supprimer virus virtumonde
Dernière réponse : dans Sécurité
bonjour
mon antivirus nod 32 m'affiche en permanence le message suivant:
menace: win32/adware.virtumonde application
rapport hijack this :
Logfile of HijackThis v1.99.1
Scan saved at 10:05:42, on 18/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
H:\logiciel\spyware doctor\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
H:\fichier compresser\changeur fond d'ecran\Data\CFE TrayIcon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\visionneuse\Avant Browser\avant.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
H:\logiciel\hijack this\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - H:\logiciel\SPYWAR~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - blank (file missing)
O2 - BHO: (no name) - {6902F36D-E8DE-4F58-9A64-5B68B888130D} - C:\DOCUME~1\teber\LOCALS~1\Temp\~DP13.dll (file missing)
O2 - BHO: (no name) - {73676454-A932-7669-B377-AC3A0147A262} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {14960b05-3c6f-d0ea-0654-5407ae4c99e8} - {8e99c4ea-7045-4560-ae0d-f6c350b06941} - C:\WINDOWS\system32\ycbnunlp.dll
O2 - BHO: (no name) - {92AC9FF9-D2D5-4B32-B182-DA2F1FAEA35F} - C:\WINDOWS\system32\pmnlk.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - H:\logiciel\SPYWAR~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {DE48606D-0903-200A-B678-4BD04AA89B8F} - blank (file missing)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BM47072347] Rundll32.exe "C:\WINDOWS\system32\myeoselo.dll",s
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MSN\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Vidalia] "H:\logiciel\T O R\Vidalia\vidalia.exe"
O4 - Startup: CFE TrayIcon.lnk = H:\fichier compresser\changeur fond d'ecran\Data\CFE TrayIcon.exe
O4 - Startup: CFE.lnk = H:\fichier compresser\changeur fond d'ecran\Data\CFE.exe
O4 - Startup: HDDlife.lnk = H:\logiciel\hddlife\HDDlifePro.exe
O4 - Global Startup: Privoxy.lnk = H:\logiciel\T O R\Privoxy\privoxy.exe
O8 - Extra context menu item: Bloquer ce serveur... - C:\visionneuse\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Bloquer cette publicité... - C:\visionneuse\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir tous les liens de la page... - C:\visionneuse\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Personnaliser - c:\reverso\promtie4\options.htm
O8 - Extra context menu item: Rechercher sur Internet - c:\reverso\promtie4\search.htm
O8 - Extra context menu item: Rechercher sur le Web... - C:\visionneuse\Avant Browser\Search.htm
O8 - Extra context menu item: Surligner - C:\visionneuse\Avant Browser\Highlight.htm
O8 - Extra context menu item: Traduire - c:\reverso\promtie4\translat.htm
O8 - Extra context menu item: Traduire dans WebView - c:\reverso\promtie4\webview.htm
O8 - Extra context menu item: Traduire la page - c:\reverso\promtie4\page.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - H:\logiciel\SPYWAR~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - H:\logiciel\titan poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - H:\logiciel\titan poker\Titan Poker\casino.exe
O9 - Extra button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe
O9 - Extra 'Tools' menuitem: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe
O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - c:\reverso\promtie4\promtie5.htm
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - c:\reverso\promtie4\promtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - c:\reverso\promtie4\options.htm
O9 - Extra 'Tools' menuitem: Personnalisez traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - c:\reverso\promtie4\options.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/2575a1141fef8049c006/netzip/RdxIE6...
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall....
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-fe252e6120df2123.spaces.live.com/PhotoUpload...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - Unknown owner - C:\Program Files\F-Secure Internet Security\fswsclds.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NTLOAD - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe (file missing)
O23 - Service: NTSVCMGR - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe (file missing)
O23 - Service: Norman Virus Control on-access component (nvcoas) - Unknown owner - (no file)
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - H:\logiciel\spyware doctor\Spyware Doctor\sdhelp.exe
si quelqun a une solution
merci
mon antivirus nod 32 m'affiche en permanence le message suivant:
menace: win32/adware.virtumonde application
rapport hijack this :
Logfile of HijackThis v1.99.1
Scan saved at 10:05:42, on 18/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
H:\logiciel\spyware doctor\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
H:\fichier compresser\changeur fond d'ecran\Data\CFE TrayIcon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\visionneuse\Avant Browser\avant.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
H:\logiciel\hijack this\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - H:\logiciel\SPYWAR~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - blank (file missing)
O2 - BHO: (no name) - {6902F36D-E8DE-4F58-9A64-5B68B888130D} - C:\DOCUME~1\teber\LOCALS~1\Temp\~DP13.dll (file missing)
O2 - BHO: (no name) - {73676454-A932-7669-B377-AC3A0147A262} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {14960b05-3c6f-d0ea-0654-5407ae4c99e8} - {8e99c4ea-7045-4560-ae0d-f6c350b06941} - C:\WINDOWS\system32\ycbnunlp.dll
O2 - BHO: (no name) - {92AC9FF9-D2D5-4B32-B182-DA2F1FAEA35F} - C:\WINDOWS\system32\pmnlk.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - H:\logiciel\SPYWAR~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {DE48606D-0903-200A-B678-4BD04AA89B8F} - blank (file missing)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BM47072347] Rundll32.exe "C:\WINDOWS\system32\myeoselo.dll",s
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MSN\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Vidalia] "H:\logiciel\T O R\Vidalia\vidalia.exe"
O4 - Startup: CFE TrayIcon.lnk = H:\fichier compresser\changeur fond d'ecran\Data\CFE TrayIcon.exe
O4 - Startup: CFE.lnk = H:\fichier compresser\changeur fond d'ecran\Data\CFE.exe
O4 - Startup: HDDlife.lnk = H:\logiciel\hddlife\HDDlifePro.exe
O4 - Global Startup: Privoxy.lnk = H:\logiciel\T O R\Privoxy\privoxy.exe
O8 - Extra context menu item: Bloquer ce serveur... - C:\visionneuse\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Bloquer cette publicité... - C:\visionneuse\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir tous les liens de la page... - C:\visionneuse\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Personnaliser - c:\reverso\promtie4\options.htm
O8 - Extra context menu item: Rechercher sur Internet - c:\reverso\promtie4\search.htm
O8 - Extra context menu item: Rechercher sur le Web... - C:\visionneuse\Avant Browser\Search.htm
O8 - Extra context menu item: Surligner - C:\visionneuse\Avant Browser\Highlight.htm
O8 - Extra context menu item: Traduire - c:\reverso\promtie4\translat.htm
O8 - Extra context menu item: Traduire dans WebView - c:\reverso\promtie4\webview.htm
O8 - Extra context menu item: Traduire la page - c:\reverso\promtie4\page.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - H:\logiciel\SPYWAR~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - H:\logiciel\titan poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - H:\logiciel\titan poker\Titan Poker\casino.exe
O9 - Extra button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe
O9 - Extra 'Tools' menuitem: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe
O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - c:\reverso\promtie4\promtie5.htm
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - c:\reverso\promtie4\promtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - c:\reverso\promtie4\options.htm
O9 - Extra 'Tools' menuitem: Personnalisez traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - c:\reverso\promtie4\options.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/2575a1141fef8049c006/netzip/RdxIE6...
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall....
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-fe252e6120df2123.spaces.live.com/PhotoUpload...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - Unknown owner - C:\Program Files\F-Secure Internet Security\fswsclds.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NTLOAD - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe (file missing)
O23 - Service: NTSVCMGR - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe (file missing)
O23 - Service: Norman Virus Control on-access component (nvcoas) - Unknown owner - (no file)
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - H:\logiciel\spyware doctor\Spyware Doctor\sdhelp.exe
si quelqun a une solution
merci
Autres pages sur : supprimer virus virtumonde
Lassé par la pub ? Créez un compte
Bonjour,
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]
Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
Double clique sur combofix.exe afin de le lancer.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]
ComboFix 08-03-17.1 - teber 2008-03-18 21:19:11.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.415 [GMT 1:00]
Endroit: C:\Documents and Settings\teber\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Documents\_desktop.ini
C:\Documents and Settings\All Users\Documents\Ma musique\_desktop.ini
C:\Documents and Settings\All Users\Documents\Ma musique\Desktop_.ini
C:\Documents and Settings\All Users\Documents\Ma musique\chantillons de musique\_desktop.ini
C:\Documents and Settings\All Users\Documents\Ma musique\chantillons de musique\Desktop_.ini
C:\Documents and Settings\All Users\Documents\Ma musique\My Playlists\_desktop.ini
C:\Documents and Settings\All Users\Documents\Ma musique\My Playlists\Desktop_.ini
C:\Documents and Settings\All Users\Documents\Ma musique\Sample Playlists\_desktop.ini
C:\Documents and Settings\All Users\Documents\Ma musique\Sample Playlists\02A591E2\_desktop.ini
C:\Documents and Settings\All Users\Documents\Ma musique\Sample Playlists\02A591E2\Desktop_.ini
C:\Documents and Settings\All Users\Documents\Ma musique\Sample Playlists\Desktop_.ini
C:\Documents and Settings\All Users\Documents\Ma musique\Sync Playlists\_desktop.ini
C:\Documents and Settings\All Users\Documents\Ma musique\Sync Playlists\03D753FE\_desktop.ini
C:\Documents and Settings\All Users\Documents\Ma musique\Sync Playlists\03D753FE\Desktop_.ini
C:\Documents and Settings\All Users\Documents\Ma musique\Sync Playlists\Desktop_.ini
C:\Documents and Settings\All Users\Documents\Mes images\_desktop.ini
C:\Documents and Settings\All Users\Documents\Mes images\Desktop_.ini
C:\Documents and Settings\All Users\Documents\Mes images\chantillons d'images\_desktop.ini
C:\Documents and Settings\All Users\Documents\Mes images\chantillons d'images\Desktop_.ini
C:\Documents and Settings\All Users\Documents\Mes images\logiciel aida32\_desktop.ini
C:\Documents and Settings\All Users\Documents\Mes images\logiciel aida32\AIDA32 - Enterprise System Information\_desktop.ini
C:\Documents and Settings\All Users\Documents\Mes images\logiciel aida32\AIDA32 - Enterprise System Information\Desktop_.ini
C:\Documents and Settings\All Users\Documents\Mes images\logiciel aida32\Desktop_.ini
C:\Documents and Settings\All Users\Documents\Mes vid‚os\_desktop.ini
C:\Documents and Settings\All Users\Documents\Mes vid‚os\Desktop_.ini
C:\WINDOWS\BM47072347.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\rave
C:\WINDOWS\Downloaded Program Files\rave\avirexe.vdm
C:\WINDOWS\Downloaded Program Files\rave\avirscr.vdm
C:\WINDOWS\Downloaded Program Files\rave\base.vdm
C:\WINDOWS\Downloaded Program Files\rave\daily.vdm
C:\WINDOWS\Downloaded Program Files\rave\daily.vdt
C:\WINDOWS\Downloaded Program Files\rave\filters.vdm
C:\WINDOWS\Downloaded Program Files\rave\kernel.vdk
C:\WINDOWS\Downloaded Program Files\rave\keyring.vdk
C:\WINDOWS\Downloaded Program Files\rave\mapi_vdm.vdm
C:\WINDOWS\Downloaded Program Files\rave\modules.vdk
C:\WINDOWS\Downloaded Program Files\rave\rav8def.vdm
C:\WINDOWS\Downloaded Program Files\rave\rufs.vdm
C:\WINDOWS\Downloaded Program Files\rave\rufsplg.vdm
C:\WINDOWS\Downloaded Program Files\rave\unarch.vdm
C:\WINDOWS\Downloaded Program Files\rave\unmail.vdm
C:\WINDOWS\Downloaded Program Files\rave\unpack.vdm
C:\WINDOWS\msnp.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bqvkvasv.dll
C:\WINDOWS\system32\klnmp.ini
C:\WINDOWS\system32\klnmp.ini2
C:\WINDOWS\system32\laachfau.dll
C:\WINDOWS\system32\myeoselo.dll
C:\WINDOWS\system32\twwwpuie.dll
C:\WINDOWS\system32\uafhcaal.ini
C:\WINDOWS\system32\ycbnunlp.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NTLOAD
-------\Service_NTLOAD
((((((((((((((((((((((((((((( Fichiers créés 2008-02-18 to 2008-03-18 ))))))))))))))))))))))))))))))))))))
.
2008-03-18 21:29 . 2008-03-18 21:30 370 --ahs---- C:\WINDOWS\system32\klnmp.ini
2008-03-18 09:31 . 2008-03-18 09:31 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-03-18 08:30 . 2008-03-18 09:31 <REP> d-------- C:\VundoFix Backups
2008-03-16 23:17 . 2008-03-16 23:17 290,816 --------- C:\WINDOWS\system32\pmnlk.dll
2008-03-16 23:17 . 2008-03-16 23:17 63 --a------ C:\WINDOWS\system32\44340255
2008-03-16 23:12 . 2007-02-09 18:34 420,816 --a------ C:\Documents and Settings\teber\Application Data\wunauclt.exe
2008-03-16 23:12 . 2008-03-15 16:57 199,445 --a------ C:\Documents and Settings\teber\Application Data\toolbar.dll
2008-03-16 23:12 . 2008-03-15 14:24 82,937 --a------ C:\Documents and Settings\teber\Application Data\space1.exe
2008-03-16 23:12 . 2008-03-12 20:25 57,344 --------- C:\Documents and Settings\teber\Application Data\dr.exe
2008-03-16 23:12 . 2008-03-16 23:12 36,864 --a------ C:\WINDOWS\system32\khfccbx.dll.vir
2008-03-16 22:50 . 2008-03-16 22:50 <REP> d--hs---- C:\WINDOWS\ftpcache
2008-03-11 09:21 . 2008-03-11 09:21 234 --a------ C:\WINDOWS\PrnHlpLogConfig.ini
2008-03-05 08:58 . 2008-03-05 08:58 <REP> d-------- C:\WINDOWS\system32\AGEIA
2008-03-05 08:58 . 2008-03-05 08:59 <REP> d-------- C:\Program Files\AGEIA Technologies
2008-03-05 08:57 . 2008-03-05 08:57 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-03-05 08:55 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-18 19:51 --------- d-----w C:\Documents and Settings\teber\Application Data\Vidalia
2008-03-18 09:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-18 06:00 --------- d-----w C:\Program Files\ESET
2008-03-16 09:06 --------- d-----w C:\Program Files\Everest Poker
2008-03-16 08:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-13 19:28 --------- d-----w C:\Program Files\MSN Messenger
2008-03-10 19:45 --------- d-----w C:\Documents and Settings\teber\Application Data\Tor
2008-02-07 17:56 --------- d-----w C:\Program Files\CODECS
2008-01-28 18:02 1,409 ----a-w C:\WINDOWS\Fonts\sncf09.fot
2007-09-24 09:16 284,672 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2007-03-18 18:21 87,608 ----a-w C:\Documents and Settings\teber\Application Data\ezpinst.exe
2007-03-18 18:21 47,360 ----a-w C:\Documents and Settings\teber\Application Data\pcouffin.sys
2006-09-26 20:10 124,664 ----a-w C:\Documents and Settings\teber\Application Data\GDIPFONTCACHEV1.DAT
2005-05-11 22:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2004-08-11 18:49 192,512 ----a-w C:\WINDOWS\inf\unregmp2(2).exe
2004-08-19 23:09 65,024 --sha-w C:\WINDOWS\system32\asycfilt.dll
2006-08-25 15:51 617,472 --sha-w C:\WINDOWS\system32\comctl32.dll
2004-08-19 23:09 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll
2001-08-28 12:00 57,344 --sha-w C:\WINDOWS\system32\mfc42loc.dll
2004-08-19 23:09 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll
2004-08-19 23:09 343,040 --sha-w C:\WINDOWS\system32\msvcrt.dll
2001-08-28 12:00 253,952 --sha-w C:\WINDOWS\system32\msvcrt20.dll
2007-12-04 18:41 550,912 --sha-w C:\WINDOWS\system32\oleaut32.dll
2004-08-19 23:09 83,456 --sha-w C:\WINDOWS\system32\olepro32.dll
2004-08-19 23:09 30,749 --sha-w C:\WINDOWS\system32\vbajet32.dll
1999-01-28 10:40 368,912 --sha-w C:\WINDOWS\system32\Vbar332.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6902F36D-E8DE-4F58-9A64-5B68B888130D}]
C:\DOCUME~1\teber\LOCALS~1\Temp\~DP13.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8e99c4ea-7045-4560-ae0d-f6c350b06941}]
C:\WINDOWS\system32\ycbnunlp.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DE48606D-0903-200A-B678-4BD04AA89B8F}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F49B5525-4B28-4740-B360-C44745F4E4B2}]
2008-03-16 23:17 290816 --------- C:\WINDOWS\system32\pmnlk.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="C:\Program Files\MSN\MsgPlus.exe" [2006-04-16 20:42 190024]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"Vidalia"="H:\logiciel\T O R\Vidalia\vidalia.exe" [2006-07-07 20:58 8915456]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 14:43 7630848]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2001-10-05 15:51 28738]
"EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-01 08:50 28672]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-06-11 18:31 180269]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"nwiz"="nwiz.exe" [2006-08-11 14:43 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 14:43 86016]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-02-09 14:01 77824]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-10-26 09:10 949376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
"Spyware Doctor"="" []
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\pmnlk.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk
backup=C:\WINDOWS\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Hulk Maximyzer.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Hulk Maximyzer.lnk
backup=C:\WINDOWS\pss\Hulk Maximyzer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^teber^Menu Démarrer^Programmes^Démarrage^HDDlife.lnk]
path=C:\Documents and Settings\teber\Menu Démarrer\Programmes\Démarrage\HDDlife.lnk
backup=C:\WINDOWS\pss\HDDlife.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^teber^Menu Démarrer^Programmes^Démarrage^Intégrateur PROjectMT 98.lnk]
path=C:\Documents and Settings\teber\Menu Démarrer\Programmes\Démarrage\Intégrateur PROjectMT 98.lnk
backup=C:\WINDOWS\pss\Intégrateur PROjectMT 98.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^teber^Menu Démarrer^Programmes^Démarrage^Programme Garnier Nutritionist.lnk]
path=C:\Documents and Settings\teber\Menu Démarrer\Programmes\Démarrage\Programme Garnier Nutritionist.lnk
backup=C:\WINDOWS\pss\Programme Garnier Nutritionist.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2005-09-03 14:18 94208 C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
--a------ 2001-11-15 11:08 1216512 C:\WINDOWS\mixer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 11:48 157592 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2004-02-09 14:01 77824 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-01-30 11:30 19486248 H:\logiciel\skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-11-09 15:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
-ra------ 2006-06-06 09:07 40960 C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2005-11-15 20:31 33792 C:\Program Files\Winamp\winampa.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\soulseek\\slsk.exe"=
"C:\\KAZAA\\Kazaa Lite K++\\KazaaLite.kpp"=
"C:\\AIM\\aim.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"H:\\Freeplayer\\vlc\\vlc.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"H:\\logiciel\\vlc freebox tv\\VLC\\vlc.exe"=
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"C:\\visionneuse\\Avant Browser\\avant.exe"=
"H:\\logiciel\\emule 0.47c xtreme 5.4\\emule.exe"=
"H:\\logiciel\\emule 0.47c beba v1.2\\emule.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"H:\\logiciel\\skype\\Phone\\Skype.exe"=
"H:\\logiciel\\emule 0.48a\\eMule.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"4669:TCP"= 4669:TCP:emule tcp
"5555:UDP"= 5555:UDP:emule udp
"6346:TCP"= 6346:TCP:shareaza
R3 ham50;V9X HAM 1394V;C:\WINDOWS\system32\DRIVERS\CTXH51.sys [2001-08-04 16:50]
S2 Fswsclds;F-Secure Windows Security Center Legacy Detection Service;C:\Program Files\F-Secure Internet Security\fswsclds.exe []
S2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2002-01-29 23:42]
S2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2002-01-29 23:42]
S3 adiusbae;USB ADSL LAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbae.sys []
S3 CH341SER;CH341SER;C:\WINDOWS\system32\Drivers\CH341SER.SYS [2006-06-05 00:00]
S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 11:35]
S3 ids0004C;ids0004C;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0004C.sys []
S3 ids0005c;ids0005c;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0005c.sys []
S3 musbehco;musbehco;C:\DOCUME~1\teber\LOCALS~1\Temp\musbehco.sys []
S3 nvcfsr;nvcfsr;C:\NORMAN VIRUS CONTROL\nvc\BIN\nvcfsr.sys []
S3 nvcoafl51;nvcoafl51;C:\NORMAN VIRUS CONTROL\nvc\BIN\nvcoafl51.sys []
S3 USBModem000;LGE Mobile USB Modem TC;C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-04 07:08]
S3 V0090VID;Creative WebCam Vista Plus;C:\WINDOWS\system32\DRIVERS\V0090Vid.sys [2004-09-06 02:00]
S3 viafilter;VIA USB Filter;C:\WINDOWS\system32\Drivers\viausb.sys [2001-08-21 05:11]
S3 Wdm1;USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc.sys [2001-12-13 14:35]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d116a174-8775-11db-9aae-0010dc21fba9}]
\Shell\AutoRun\command - I:\autorun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{32D08D3D-0C7E-2D2B-6A6E-85C8A618B1A7}]
C:\WINDOWS\System32\Dractx.exe 2
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-16 22:12:21 C:\WINDOWS\Tasks\At1.job"
- C:\Documents
"2008-03-16 22:12:23 C:\WINDOWS\Tasks\At2.job"
- C:\Documents
"2008-03-16 22:12:27 C:\WINDOWS\Tasks\At3.job"
- C:\Documents
"2008-03-14 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- H:\fichier compresser\SystemOptimizer.exe
"2008-03-18 18:18:40 C:\WINDOWS\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_BERTRAND_teber.job"
- C:\WINDOWS\system32\mobsync.exeC /Schedule=
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-18 21:29:44
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\pmnlk.dll
-> C:\Program Files\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
H:\logiciel\spyware doctor\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\wscntfy.exe
H:\fichier compresser\changeur fond d'ecran\Data\CFE TrayIcon.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-18 21:37:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-18 20:36:58
.
2008-03-12 20:11:30 --- E O F ---
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.415 [GMT 1:00]
Endroit: C:\Documents and Settings\teber\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Documents\_desktop.ini
C:\Documents and Settings\All Users\Documents\Ma musique\_desktop.ini
C:\Documents and Settings\All Users\Documents\Ma musique\Desktop_.ini
C:\Documents and Settings\All Users\Documents\Ma musique\chantillons de musique\_desktop.ini
C:\Documents and Settings\All Users\Documents\Ma musique\chantillons de musique\Desktop_.ini
C:\Documents and Settings\All Users\Documents\Ma musique\My Playlists\_desktop.ini
C:\Documents and Settings\All Users\Documents\Ma musique\My Playlists\Desktop_.ini
C:\Documents and Settings\All Users\Documents\Ma musique\Sample Playlists\_desktop.ini
C:\Documents and Settings\All Users\Documents\Ma musique\Sample Playlists\02A591E2\_desktop.ini
C:\Documents and Settings\All Users\Documents\Ma musique\Sample Playlists\02A591E2\Desktop_.ini
C:\Documents and Settings\All Users\Documents\Ma musique\Sample Playlists\Desktop_.ini
C:\Documents and Settings\All Users\Documents\Ma musique\Sync Playlists\_desktop.ini
C:\Documents and Settings\All Users\Documents\Ma musique\Sync Playlists\03D753FE\_desktop.ini
C:\Documents and Settings\All Users\Documents\Ma musique\Sync Playlists\03D753FE\Desktop_.ini
C:\Documents and Settings\All Users\Documents\Ma musique\Sync Playlists\Desktop_.ini
C:\Documents and Settings\All Users\Documents\Mes images\_desktop.ini
C:\Documents and Settings\All Users\Documents\Mes images\Desktop_.ini
C:\Documents and Settings\All Users\Documents\Mes images\chantillons d'images\_desktop.ini
C:\Documents and Settings\All Users\Documents\Mes images\chantillons d'images\Desktop_.ini
C:\Documents and Settings\All Users\Documents\Mes images\logiciel aida32\_desktop.ini
C:\Documents and Settings\All Users\Documents\Mes images\logiciel aida32\AIDA32 - Enterprise System Information\_desktop.ini
C:\Documents and Settings\All Users\Documents\Mes images\logiciel aida32\AIDA32 - Enterprise System Information\Desktop_.ini
C:\Documents and Settings\All Users\Documents\Mes images\logiciel aida32\Desktop_.ini
C:\Documents and Settings\All Users\Documents\Mes vid‚os\_desktop.ini
C:\Documents and Settings\All Users\Documents\Mes vid‚os\Desktop_.ini
C:\WINDOWS\BM47072347.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\rave
C:\WINDOWS\Downloaded Program Files\rave\avirexe.vdm
C:\WINDOWS\Downloaded Program Files\rave\avirscr.vdm
C:\WINDOWS\Downloaded Program Files\rave\base.vdm
C:\WINDOWS\Downloaded Program Files\rave\daily.vdm
C:\WINDOWS\Downloaded Program Files\rave\daily.vdt
C:\WINDOWS\Downloaded Program Files\rave\filters.vdm
C:\WINDOWS\Downloaded Program Files\rave\kernel.vdk
C:\WINDOWS\Downloaded Program Files\rave\keyring.vdk
C:\WINDOWS\Downloaded Program Files\rave\mapi_vdm.vdm
C:\WINDOWS\Downloaded Program Files\rave\modules.vdk
C:\WINDOWS\Downloaded Program Files\rave\rav8def.vdm
C:\WINDOWS\Downloaded Program Files\rave\rufs.vdm
C:\WINDOWS\Downloaded Program Files\rave\rufsplg.vdm
C:\WINDOWS\Downloaded Program Files\rave\unarch.vdm
C:\WINDOWS\Downloaded Program Files\rave\unmail.vdm
C:\WINDOWS\Downloaded Program Files\rave\unpack.vdm
C:\WINDOWS\msnp.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bqvkvasv.dll
C:\WINDOWS\system32\klnmp.ini
C:\WINDOWS\system32\klnmp.ini2
C:\WINDOWS\system32\laachfau.dll
C:\WINDOWS\system32\myeoselo.dll
C:\WINDOWS\system32\twwwpuie.dll
C:\WINDOWS\system32\uafhcaal.ini
C:\WINDOWS\system32\ycbnunlp.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NTLOAD
-------\Service_NTLOAD
((((((((((((((((((((((((((((( Fichiers créés 2008-02-18 to 2008-03-18 ))))))))))))))))))))))))))))))))))))
.
2008-03-18 21:29 . 2008-03-18 21:30 370 --ahs---- C:\WINDOWS\system32\klnmp.ini
2008-03-18 09:31 . 2008-03-18 09:31 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-03-18 08:30 . 2008-03-18 09:31 <REP> d-------- C:\VundoFix Backups
2008-03-16 23:17 . 2008-03-16 23:17 290,816 --------- C:\WINDOWS\system32\pmnlk.dll
2008-03-16 23:17 . 2008-03-16 23:17 63 --a------ C:\WINDOWS\system32\44340255
2008-03-16 23:12 . 2007-02-09 18:34 420,816 --a------ C:\Documents and Settings\teber\Application Data\wunauclt.exe
2008-03-16 23:12 . 2008-03-15 16:57 199,445 --a------ C:\Documents and Settings\teber\Application Data\toolbar.dll
2008-03-16 23:12 . 2008-03-15 14:24 82,937 --a------ C:\Documents and Settings\teber\Application Data\space1.exe
2008-03-16 23:12 . 2008-03-12 20:25 57,344 --------- C:\Documents and Settings\teber\Application Data\dr.exe
2008-03-16 23:12 . 2008-03-16 23:12 36,864 --a------ C:\WINDOWS\system32\khfccbx.dll.vir
2008-03-16 22:50 . 2008-03-16 22:50 <REP> d--hs---- C:\WINDOWS\ftpcache
2008-03-11 09:21 . 2008-03-11 09:21 234 --a------ C:\WINDOWS\PrnHlpLogConfig.ini
2008-03-05 08:58 . 2008-03-05 08:58 <REP> d-------- C:\WINDOWS\system32\AGEIA
2008-03-05 08:58 . 2008-03-05 08:59 <REP> d-------- C:\Program Files\AGEIA Technologies
2008-03-05 08:57 . 2008-03-05 08:57 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-03-05 08:55 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-18 19:51 --------- d-----w C:\Documents and Settings\teber\Application Data\Vidalia
2008-03-18 09:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-18 06:00 --------- d-----w C:\Program Files\ESET
2008-03-16 09:06 --------- d-----w C:\Program Files\Everest Poker
2008-03-16 08:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-13 19:28 --------- d-----w C:\Program Files\MSN Messenger
2008-03-10 19:45 --------- d-----w C:\Documents and Settings\teber\Application Data\Tor
2008-02-07 17:56 --------- d-----w C:\Program Files\CODECS
2008-01-28 18:02 1,409 ----a-w C:\WINDOWS\Fonts\sncf09.fot
2007-09-24 09:16 284,672 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2007-03-18 18:21 87,608 ----a-w C:\Documents and Settings\teber\Application Data\ezpinst.exe
2007-03-18 18:21 47,360 ----a-w C:\Documents and Settings\teber\Application Data\pcouffin.sys
2006-09-26 20:10 124,664 ----a-w C:\Documents and Settings\teber\Application Data\GDIPFONTCACHEV1.DAT
2005-05-11 22:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2004-08-11 18:49 192,512 ----a-w C:\WINDOWS\inf\unregmp2(2).exe
2004-08-19 23:09 65,024 --sha-w C:\WINDOWS\system32\asycfilt.dll
2006-08-25 15:51 617,472 --sha-w C:\WINDOWS\system32\comctl32.dll
2004-08-19 23:09 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll
2001-08-28 12:00 57,344 --sha-w C:\WINDOWS\system32\mfc42loc.dll
2004-08-19 23:09 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll
2004-08-19 23:09 343,040 --sha-w C:\WINDOWS\system32\msvcrt.dll
2001-08-28 12:00 253,952 --sha-w C:\WINDOWS\system32\msvcrt20.dll
2007-12-04 18:41 550,912 --sha-w C:\WINDOWS\system32\oleaut32.dll
2004-08-19 23:09 83,456 --sha-w C:\WINDOWS\system32\olepro32.dll
2004-08-19 23:09 30,749 --sha-w C:\WINDOWS\system32\vbajet32.dll
1999-01-28 10:40 368,912 --sha-w C:\WINDOWS\system32\Vbar332.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6902F36D-E8DE-4F58-9A64-5B68B888130D}]
C:\DOCUME~1\teber\LOCALS~1\Temp\~DP13.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8e99c4ea-7045-4560-ae0d-f6c350b06941}]
C:\WINDOWS\system32\ycbnunlp.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DE48606D-0903-200A-B678-4BD04AA89B8F}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F49B5525-4B28-4740-B360-C44745F4E4B2}]
2008-03-16 23:17 290816 --------- C:\WINDOWS\system32\pmnlk.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="C:\Program Files\MSN\MsgPlus.exe" [2006-04-16 20:42 190024]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"Vidalia"="H:\logiciel\T O R\Vidalia\vidalia.exe" [2006-07-07 20:58 8915456]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 14:43 7630848]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2001-10-05 15:51 28738]
"EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-01 08:50 28672]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-06-11 18:31 180269]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"nwiz"="nwiz.exe" [2006-08-11 14:43 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 14:43 86016]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-02-09 14:01 77824]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-10-26 09:10 949376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
"Spyware Doctor"="" []
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\pmnlk.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk
backup=C:\WINDOWS\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Hulk Maximyzer.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Hulk Maximyzer.lnk
backup=C:\WINDOWS\pss\Hulk Maximyzer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^teber^Menu Démarrer^Programmes^Démarrage^HDDlife.lnk]
path=C:\Documents and Settings\teber\Menu Démarrer\Programmes\Démarrage\HDDlife.lnk
backup=C:\WINDOWS\pss\HDDlife.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^teber^Menu Démarrer^Programmes^Démarrage^Intégrateur PROjectMT 98.lnk]
path=C:\Documents and Settings\teber\Menu Démarrer\Programmes\Démarrage\Intégrateur PROjectMT 98.lnk
backup=C:\WINDOWS\pss\Intégrateur PROjectMT 98.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^teber^Menu Démarrer^Programmes^Démarrage^Programme Garnier Nutritionist.lnk]
path=C:\Documents and Settings\teber\Menu Démarrer\Programmes\Démarrage\Programme Garnier Nutritionist.lnk
backup=C:\WINDOWS\pss\Programme Garnier Nutritionist.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2005-09-03 14:18 94208 C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
--a------ 2001-11-15 11:08 1216512 C:\WINDOWS\mixer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 11:48 157592 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2004-02-09 14:01 77824 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-01-30 11:30 19486248 H:\logiciel\skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-11-09 15:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
-ra------ 2006-06-06 09:07 40960 C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2005-11-15 20:31 33792 C:\Program Files\Winamp\winampa.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\soulseek\\slsk.exe"=
"C:\\KAZAA\\Kazaa Lite K++\\KazaaLite.kpp"=
"C:\\AIM\\aim.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"H:\\Freeplayer\\vlc\\vlc.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"H:\\logiciel\\vlc freebox tv\\VLC\\vlc.exe"=
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"C:\\visionneuse\\Avant Browser\\avant.exe"=
"H:\\logiciel\\emule 0.47c xtreme 5.4\\emule.exe"=
"H:\\logiciel\\emule 0.47c beba v1.2\\emule.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"H:\\logiciel\\skype\\Phone\\Skype.exe"=
"H:\\logiciel\\emule 0.48a\\eMule.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"4669:TCP"= 4669:TCP:emule tcp
"5555:UDP"= 5555:UDP:emule udp
"6346:TCP"= 6346:TCP:shareaza
R3 ham50;V9X HAM 1394V;C:\WINDOWS\system32\DRIVERS\CTXH51.sys [2001-08-04 16:50]
S2 Fswsclds;F-Secure Windows Security Center Legacy Detection Service;C:\Program Files\F-Secure Internet Security\fswsclds.exe []
S2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2002-01-29 23:42]
S2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2002-01-29 23:42]
S3 adiusbae;USB ADSL LAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbae.sys []
S3 CH341SER;CH341SER;C:\WINDOWS\system32\Drivers\CH341SER.SYS [2006-06-05 00:00]
S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 11:35]
S3 ids0004C;ids0004C;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0004C.sys []
S3 ids0005c;ids0005c;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0005c.sys []
S3 musbehco;musbehco;C:\DOCUME~1\teber\LOCALS~1\Temp\musbehco.sys []
S3 nvcfsr;nvcfsr;C:\NORMAN VIRUS CONTROL\nvc\BIN\nvcfsr.sys []
S3 nvcoafl51;nvcoafl51;C:\NORMAN VIRUS CONTROL\nvc\BIN\nvcoafl51.sys []
S3 USBModem000;LGE Mobile USB Modem TC;C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-04 07:08]
S3 V0090VID;Creative WebCam Vista Plus;C:\WINDOWS\system32\DRIVERS\V0090Vid.sys [2004-09-06 02:00]
S3 viafilter;VIA USB Filter;C:\WINDOWS\system32\Drivers\viausb.sys [2001-08-21 05:11]
S3 Wdm1;USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc.sys [2001-12-13 14:35]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d116a174-8775-11db-9aae-0010dc21fba9}]
\Shell\AutoRun\command - I:\autorun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{32D08D3D-0C7E-2D2B-6A6E-85C8A618B1A7}]
C:\WINDOWS\System32\Dractx.exe 2
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-16 22:12:21 C:\WINDOWS\Tasks\At1.job"
- C:\Documents
"2008-03-16 22:12:23 C:\WINDOWS\Tasks\At2.job"
- C:\Documents
"2008-03-16 22:12:27 C:\WINDOWS\Tasks\At3.job"
- C:\Documents
"2008-03-14 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- H:\fichier compresser\SystemOptimizer.exe
"2008-03-18 18:18:40 C:\WINDOWS\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_BERTRAND_teber.job"
- C:\WINDOWS\system32\mobsync.exeC /Schedule=
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-18 21:29:44
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\pmnlk.dll
-> C:\Program Files\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
H:\logiciel\spyware doctor\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\wscntfy.exe
H:\fichier compresser\changeur fond d'ecran\Data\CFE TrayIcon.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-18 21:37:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-18 20:36:58
.
2008-03-12 20:11:30 --- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 23:07:36, on 18/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
H:\logiciel\spyware doctor\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
H:\fichier compresser\changeur fond d'ecran\Data\CFE TrayIcon.exe
C:\WINDOWS\explorer.exe
C:\visionneuse\Avant Browser\avant.exe
C:\Program Files\Windows Media Player\wmplayer.exe
H:\logiciel\hijack this\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - H:\logiciel\SPYWAR~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - blank (file missing)
O2 - BHO: (no name) - {6902F36D-E8DE-4F58-9A64-5B68B888130D} - C:\DOCUME~1\teber\LOCALS~1\Temp\~DP13.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - H:\logiciel\SPYWAR~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {DE48606D-0903-200A-B678-4BD04AA89B8F} - blank (file missing)
O2 - BHO: (no name) - {F49B5525-4B28-4740-B360-C44745F4E4B2} - C:\WINDOWS\system32\pmnlk.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MSN\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Vidalia] "H:\logiciel\T O R\Vidalia\vidalia.exe"
O4 - Startup: CFE TrayIcon.lnk = H:\fichier compresser\changeur fond d'ecran\Data\CFE TrayIcon.exe
O4 - Startup: CFE.lnk = H:\fichier compresser\changeur fond d'ecran\Data\CFE.exe
O4 - Startup: HDDlife.lnk = H:\logiciel\hddlife\HDDlifePro.exe
O4 - Global Startup: Privoxy.lnk = H:\logiciel\T O R\Privoxy\privoxy.exe
O8 - Extra context menu item: Bloquer ce serveur... - C:\visionneuse\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Bloquer cette publicité... - C:\visionneuse\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir tous les liens de la page... - C:\visionneuse\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Personnaliser - c:\reverso\promtie4\options.htm
O8 - Extra context menu item: Rechercher sur Internet - c:\reverso\promtie4\search.htm
O8 - Extra context menu item: Rechercher sur le Web... - C:\visionneuse\Avant Browser\Search.htm
O8 - Extra context menu item: Surligner - C:\visionneuse\Avant Browser\Highlight.htm
O8 - Extra context menu item: Traduire - c:\reverso\promtie4\translat.htm
O8 - Extra context menu item: Traduire dans WebView - c:\reverso\promtie4\webview.htm
O8 - Extra context menu item: Traduire la page - c:\reverso\promtie4\page.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - H:\logiciel\SPYWAR~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - H:\logiciel\titan poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - H:\logiciel\titan poker\Titan Poker\casino.exe
O9 - Extra button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe
O9 - Extra 'Tools' menuitem: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe
O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - c:\reverso\promtie4\promtie5.htm
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - c:\reverso\promtie4\promtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - c:\reverso\promtie4\options.htm
O9 - Extra 'Tools' menuitem: Personnalisez traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - c:\reverso\promtie4\options.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/2575a1141fef8049c006/netzip/RdxIE6...
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall....
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-fe252e6120df2123.spaces.live.com/PhotoUpload...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - Unknown owner - C:\Program Files\F-Secure Internet Security\fswsclds.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NTSVCMGR - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe (file missing)
O23 - Service: Norman Virus Control on-access component (nvcoas) - Unknown owner - (no file)
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - H:\logiciel\spyware doctor\Spyware Doctor\sdhelp.exe
Scan saved at 23:07:36, on 18/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
H:\logiciel\spyware doctor\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
H:\fichier compresser\changeur fond d'ecran\Data\CFE TrayIcon.exe
C:\WINDOWS\explorer.exe
C:\visionneuse\Avant Browser\avant.exe
C:\Program Files\Windows Media Player\wmplayer.exe
H:\logiciel\hijack this\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - H:\logiciel\SPYWAR~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - blank (file missing)
O2 - BHO: (no name) - {6902F36D-E8DE-4F58-9A64-5B68B888130D} - C:\DOCUME~1\teber\LOCALS~1\Temp\~DP13.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - H:\logiciel\SPYWAR~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {DE48606D-0903-200A-B678-4BD04AA89B8F} - blank (file missing)
O2 - BHO: (no name) - {F49B5525-4B28-4740-B360-C44745F4E4B2} - C:\WINDOWS\system32\pmnlk.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MSN\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Vidalia] "H:\logiciel\T O R\Vidalia\vidalia.exe"
O4 - Startup: CFE TrayIcon.lnk = H:\fichier compresser\changeur fond d'ecran\Data\CFE TrayIcon.exe
O4 - Startup: CFE.lnk = H:\fichier compresser\changeur fond d'ecran\Data\CFE.exe
O4 - Startup: HDDlife.lnk = H:\logiciel\hddlife\HDDlifePro.exe
O4 - Global Startup: Privoxy.lnk = H:\logiciel\T O R\Privoxy\privoxy.exe
O8 - Extra context menu item: Bloquer ce serveur... - C:\visionneuse\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Bloquer cette publicité... - C:\visionneuse\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir tous les liens de la page... - C:\visionneuse\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Personnaliser - c:\reverso\promtie4\options.htm
O8 - Extra context menu item: Rechercher sur Internet - c:\reverso\promtie4\search.htm
O8 - Extra context menu item: Rechercher sur le Web... - C:\visionneuse\Avant Browser\Search.htm
O8 - Extra context menu item: Surligner - C:\visionneuse\Avant Browser\Highlight.htm
O8 - Extra context menu item: Traduire - c:\reverso\promtie4\translat.htm
O8 - Extra context menu item: Traduire dans WebView - c:\reverso\promtie4\webview.htm
O8 - Extra context menu item: Traduire la page - c:\reverso\promtie4\page.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - H:\logiciel\SPYWAR~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - H:\logiciel\titan poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - H:\logiciel\titan poker\Titan Poker\casino.exe
O9 - Extra button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe
O9 - Extra 'Tools' menuitem: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe
O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - c:\reverso\promtie4\promtie5.htm
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - c:\reverso\promtie4\promtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - c:\reverso\promtie4\options.htm
O9 - Extra 'Tools' menuitem: Personnalisez traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - c:\reverso\promtie4\options.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/2575a1141fef8049c006/netzip/RdxIE6...
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall....
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-fe252e6120df2123.spaces.live.com/PhotoUpload...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - Unknown owner - C:\Program Files\F-Secure Internet Security\fswsclds.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NTSVCMGR - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe (file missing)
O23 - Service: Norman Virus Control on-access component (nvcoas) - Unknown owner - (no file)
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - H:\logiciel\spyware doctor\Spyware Doctor\sdhelp.exe
Re,
Télécharge MalwareBytes' Anti-Malwares![]()
< ici
Double clique sur mbam-setup.exe pour lancer l'installation
Autorise le téléchargement des mises à jour !
Redémarre en mode sans echec ( > Mode Sans Echec < )
Double clique sur le raccourci Malwarebytes présent sur ton bureau
Coche Exécuter un examen complet , puis clique sur [Rechercher]
A la fin du scan , clique sur [Afficher les resultats]
Si objets infectés sont trouvés , clique sur [Supprimer la sélection]
Poste le rapport ( il se trouve aussi dans l'onglet Rapports/Logs )
Télécharge MalwareBytes' Anti-Malwares
< iciDouble clique sur mbam-setup.exe pour lancer l'installation
Autorise le téléchargement des mises à jour !
Redémarre en mode sans echec ( > Mode Sans Echec < )
Double clique sur le raccourci Malwarebytes présent sur ton bureau
Coche Exécuter un examen complet , puis clique sur [Rechercher]
A la fin du scan , clique sur [Afficher les resultats]
Si objets infectés sont trouvés , clique sur [Supprimer la sélection]
Poste le rapport ( il se trouve aussi dans l'onglet Rapports/Logs )
Malwarebytes' Anti-Malware 1.08
Version de la base de données: 501
Type de recherche: Examen complet (C:\|D:\|E:\|H:\|)
Eléments examinés: 132105
Temps écoulé: 1 hour(s), 21 minute(s), 49 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 13
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 421
Fichier(s) infecté(s): 3424
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\pmnlk.dll (Trojan.Vundo) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5b06fd41-dc33-48f7-94b3-d8c3759f536f} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{5b06fd41-dc33-48f7-94b3-d8c3759f536f} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\pmnlk.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\pmnlk.dll -> Delete on reboot.
Dossier(s) infecté(s):
C:\Casino (Adware.Casino) -> Delete on reboot.
C:\Casino\Europa Casino (Adware.Casino) -> Delete on reboot.
C:\Casino\Europa Casino\00000c4c.tmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\aroundtheworld (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\baccarat (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\baccarat_ln (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\baccarat_progressive (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\baccarat_video (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\balls (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjack (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjack_duel (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjack_ln (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjack_pontoon (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjack_progressive (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjack_switch (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjack_video (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\bonusbowling (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\casinowar (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\common (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\craps (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\darts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\dicetwister (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\genieshilo (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\headsortails (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\horseracing (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\keno (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\keno_x (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\lobby (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\mahjong (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\pachinko (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\penaltyshootout (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\poker_3card (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\poker_caribbean (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\poker_holdem (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\poker_letthemride (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\poker_paigow (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\poker_tequila (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\popbingo (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\reddog (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\rockpaperscissors (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\rollercoasterdice (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\roulette (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\roulette00 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\roulette_ln (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\roulette_mini (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\roulette_video (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\sicbo (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\sicbo_ln (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\sicbo_video (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_8ball (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_8ball_xl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_alchemist (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_alien25line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_amigos (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_amigos_xl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_beachlife20line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_bermuda (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_bermuda_xl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_captain (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_chinese8line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_cinerama5reel (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_crazy (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_crazy_xl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_desert20line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_diamond5reel (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_europa (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_europa_xl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_footballrules25line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_fountain (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_fountain_xl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_fruitmania5reel (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_globaltraveler20line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_goblin (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_gold8line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_golf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_haunted (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_haunted_xl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_highway (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_jungle (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_jungle_xl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_lotto20line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_lovemore20line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_magic (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_millionaireslane20line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_monkey (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_monkey_xl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_neptune (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_neptune_xl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_nightout20line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_ocean (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_party (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_party_xl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_pyramids9line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_rock (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_rock_xl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_safecracker (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_silver (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_sultan (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_sultan_xl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_thrillseekers50line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_treasures5reel (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_treasures5reel_xl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_tropic (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_uggabugga (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_ultimate8line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_vacation8line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_wall5reel (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\spinawin (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\stravaganza (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\videopoker_10jacks (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\videopoker_10orbetter (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\videopoker_25aces (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\videopoker_4aces (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\videopoker_4deuceswild (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\videopoker_4jacks (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\videopoker_50jacks (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\videopoker_aces (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\videopoker_deuceswild (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\videopoker_highlow (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\videopoker_jacks (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\videopoker_joker (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\videopoker_megajacks (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\aroundtheworld\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\aroundtheworld\windows (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\baccarat\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\baccarat_progressive\gold_dark (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\baccarat_video\table (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\balls\buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\balls\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\balls\tables (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\balls\tables\cocktail (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\balls\tables\colors (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\balls\tables\firstlast (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\balls\tables\jackpot (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\balls\tables\numbers (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\balls\tables\sixth (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\balls\tables\steps (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\balls\tables\total (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjack\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjack_duel\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjack_progressive\gold_dark (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjack_video\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\bonusbowling\anim (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\bonusbowling\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\bonusbowling\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\common\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\common\interface (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\common\ui (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\craps\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\craps\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\darts\buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\darts\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\darts\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\darts\texts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\dicetwister\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\genieshilo\buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\genieshilo\cards (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\genieshilo\jackpot (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\genieshilo\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\headsortails\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\headsortails\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\horseracing\buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\horseracing\info (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\horseracing\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\horseracing\stadium (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\horseracing\start (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\horseracing\tables (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\horseracing\texts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\keno\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\keno\buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\keno\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\keno_x\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\keno_x\buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\keno_x\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\keno_x\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\lobby\ln (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\lobby\login (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\lobby\menu (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\lobby\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\mahjong\buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\mahjong\paytable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\mahjong\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\mahjong\window_win (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\pachinko\components (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\pachinko\gems (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\pachinko\minigames (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\pachinko\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\pachinko\yokoku (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\penaltyshootout\anims (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\penaltyshootout\buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\penaltyshootout\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\popbingo\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\popbingo\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\rockpaperscissors\buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\rockpaperscissors\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\rockpaperscissors\info (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\rockpaperscissors\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\rollercoasterdice\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\rollercoasterdice\buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\rollercoasterdice\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\roulette\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\roulette\buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\roulette\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\roulette\zoom (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\roulette00\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\roulette00\zoom (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\roulette_mini\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\roulette_mini\luxury (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\roulette_mini\luxury\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\3reel (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\3reel_xl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\5reel (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\5reel_xl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\8line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\9line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\blackjack (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\cards (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\coins (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\dollarball (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\doublescreen (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\html (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\interface (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\live_buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\ln (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\slots_multispin (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\tablegames (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\tablesigns (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\ui (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\videopoker_4line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\videopoker_deuces (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\videopoker_jacks (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\videopoker_multiline (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\cards\poker (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\cards\textures (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\cards\videopoker_multiline (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\coins\tablecoins (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\dollarball\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\html\chat (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\html\chat\emoticons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\interface\chat (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\interface\ui (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\sounds\dealervoices (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\sounds\numbers (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\sounds\dealervoices\numbers (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\tablegames\gold_dark (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\videopoker_4line\buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\videopoker_multiline\buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\sicbo\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_8ball\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_alchemist\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_alchemist\bonus (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_alchemist\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_alchemist\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_alien25line\animations (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_alien25line\bonus1 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_alien25line\bonus2 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_alien25line\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_alien25line\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_alien25line\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_amigos\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_beachlife20line\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_beachlife20line\betlines (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_beachlife20line\bonusgame (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_beachlife20line\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_beachlife20line\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_bermuda\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_captain\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_captain\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_chinese8line\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_chinese8line\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_chinese8line\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_cinerama5reel\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_cinerama5reel\bonus (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_cinerama5reel\bonus2 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_cinerama5reel\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_cinerama5reel\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_cinerama5reel\bonus\select (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_cinerama5reel\bonus2\select (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_crazy\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_desert20line\bonusgame (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_desert20line\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_desert20line\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_diamond5reel\bonus (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_diamond5reel\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_diamond5reel\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_diamond5reel\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_diamond5reel\bonus\screen (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_europa\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_europa_xl\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_europa_xl\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_footballrules25line\bonus (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_footballrules25line\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_footballrules25line\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_footballrules25line\sounds\bonus (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_fountain\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_fruitmania5reel\bonus (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_fruitmania5reel\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_fruitmania5reel\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_fruitmania5reel\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_globaltraveler20line\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_globaltraveler20line\betlines (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_globaltraveler20line\bonus (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_globaltraveler20line\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_globaltraveler20line\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_goblin\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_goblin\bonusgame (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_goblin\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_goblin\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_goblin\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_gold8line\bonus (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_gold8line\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_gold8line\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_gold8line\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_gold8line\bonus\screen (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_golf\bonusgame (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_golf\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_golf\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_haunted\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_haunted\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_haunted_xl\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_highway\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_highway\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_highway\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_jungle\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_jungle_xl\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_lotto20line\activate_window (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_lotto20line\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_lotto20line\bonusgame (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_lotto20line\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_lotto20line\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_lotto20line\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_lovemore20line\dollarball (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_lovemore20line\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_lovemore20line\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_magic\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_magic\bonus (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_magic\buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_magic\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_magic\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_millionaireslane20line\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_millionaireslane20line\bonusgame (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_millionaireslane20line\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_millionaireslane20line\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_monkey\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_monkey_xl\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_neptune\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_neptune_xl\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_nightout20line\bonusgame (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_nightout20line\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_nightout20line\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_ocean\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_ocean\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_ocean\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_ocean\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_party\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_party_xl\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\bonusgame (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_pyramids9line\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_pyramids9line\bonus (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_pyramids9line\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_pyramids9line\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_rock\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_rock\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_rock_xl\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_safecracker\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_safecracker\bonus (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_safecracker\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_safecracker\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_silver\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_silver\dollarball (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_silver\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_silver\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_sultan\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_sultan_xl\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_thrillseekers50line\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_thrillseekers50line\bonus (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_thrillseekers50line\loading (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_thrillseekers50line\payline (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_thrillseekers50line\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_thrillseekers50line\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_treasures5reel\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_treasures5reel_xl\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_treasures5reel_xl\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_tropic\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_tropic\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_tropic\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_tropic\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_tropic\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_uggabugga\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_uggabugga\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_uggabugga\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_ultimate8line\anim (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_ultimate8line\bonus (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_ultimate8line\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_ultimate8line\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_vacation8line\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_vacation8line\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_wall5reel\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_wall5reel\bonus (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_wall5reel\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_wall5reel\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_wall5reel\bonus\select (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\spinawin\buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\spinawin\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\videopoker_10jacks\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\videopoker_25aces\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\videopoker_50jacks\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\videopoker_highlow\doublescreen (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\videopoker_joker\animation (Adware.Casino) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\pmnlk.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\klnmp.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\klnmp.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\(offline).db (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\cactivex.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\casino.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\casino.hlp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\casino.ico (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\CEF35956392.db (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\directsounddriver.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\fileinfo.dat (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\fileinfo2.dat (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\fileinfo2r.dat (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\gdigraphdriver.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\h264dec.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\nvssd450.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\replace.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\unicows.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\aroundtheworld.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\aroundtheworld.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\baccarat.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\baccarat.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\baccaratlive.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\baccaratln.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\baccarat_progressive.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\baccarat_video.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\baccarat_video_japanese_ln.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\baccarat_video_ln.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\baccarat_video_mini_japanese_ln.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\baccarat_video_mini_ln.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\baccarat_video_progressive_ln.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\baccarat_video_vip_ln.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\balls.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\balls.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjack.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjack.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjacklive.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjackln.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjack_5h.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjack_5h_pontoon.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjack_5h_progressive.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjack_5h_surrender.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjack_duel.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjack_duel.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjack_pontoon.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjack_surrender.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjack_switch.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjack_video.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjack_video_ln.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\bonusbowling.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\bonusbowling.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\cards.swf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\cashier.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\cashier.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\casinowar.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\casinowar.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\common.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\common.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\craps.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\craps.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\darts.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\darts.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\dicetwister.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\dicetwister.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\genieshilo.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\genieshilo.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\genieshilo_jackpot.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\headsortails.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\headsortails.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\horseracing.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\horseracing.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\keno.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\keno.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\keno_x.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\loader.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\loader.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\lobby.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\lobby.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\mahjong_pro_japan.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\mahjong_pro_wmf.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\mahjong_solo_japan.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\mahjong_solo_wmf.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\pachinko.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\pachinko.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\penaltyshootout.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\penaltyshootout.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\pokergames.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\poker_3card.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\poker_caribbean.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\poker_holdem.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\poker_letthemride.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\poker_paigow.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\poker_tequila.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\popbingo.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\popbingo.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\receive_video.swf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\reddog.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\reddog.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\rockpaperscissors.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\rockpaperscissors.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\rollercoasterdice.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\rollercoasterdice.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\roulette.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\roulette00.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\roulettelive.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\rouletteln.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\roulette_french.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\roulette_mini.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\roulette_video.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\roulette_video_ln.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\sicbo.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\sicbo.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\sicbolive.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\sicboln.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\sicbo_video.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\sicbo_video_ln.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slotmachines.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_8ball.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_8ball_xl.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_alchemist.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_alien25line.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_amigos.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_amigos_xl.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_beachlife20line.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_bermuda.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_bermuda_xl.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_captain.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_chinese8line.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_cinerama5reel.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_crazy.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_crazy_xl.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_custom3reel.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_custom3reel_xl.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_custom5reel.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_custom5reel_xl.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_desert20line.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_diamond5reel.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_footballrules25line.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_fountain.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_fountain_xl.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_fruitmania5reel.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_globaltraveler20line.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_goblin.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_gold8line.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_golf.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_haunted.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_haunted_xl.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_highway.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_jungle.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_jungle_xl.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_lotto20line.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_lovemore20line.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_magic.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_millionaireslane20line.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_monkey.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_monkey_xl.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_neptune.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_neptune_xl.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_nightout20line.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_ocean.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_party.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_party_xl.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_pyramids9line.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_rock.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_rock_xl.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_safe.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_silver.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_sultan.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_sultan_xl.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_thrillseekers50line.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_tropic.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_uggabugga.gam (Adwa
Version de la base de données: 501
Type de recherche: Examen complet (C:\|D:\|E:\|H:\|)
Eléments examinés: 132105
Temps écoulé: 1 hour(s), 21 minute(s), 49 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 13
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 421
Fichier(s) infecté(s): 3424
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\pmnlk.dll (Trojan.Vundo) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5b06fd41-dc33-48f7-94b3-d8c3759f536f} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{5b06fd41-dc33-48f7-94b3-d8c3759f536f} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\pmnlk.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\pmnlk.dll -> Delete on reboot.
Dossier(s) infecté(s):
C:\Casino (Adware.Casino) -> Delete on reboot.
C:\Casino\Europa Casino (Adware.Casino) -> Delete on reboot.
C:\Casino\Europa Casino\00000c4c.tmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\aroundtheworld (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\baccarat (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\baccarat_ln (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\baccarat_progressive (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\baccarat_video (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\balls (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjack (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjack_duel (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjack_ln (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjack_pontoon (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjack_progressive (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjack_switch (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjack_video (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\bonusbowling (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\casinowar (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\common (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\craps (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\darts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\dicetwister (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\genieshilo (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\headsortails (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\horseracing (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\keno (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\keno_x (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\lobby (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\mahjong (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\pachinko (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\penaltyshootout (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\poker_3card (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\poker_caribbean (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\poker_holdem (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\poker_letthemride (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\poker_paigow (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\poker_tequila (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\popbingo (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\reddog (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\rockpaperscissors (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\rollercoasterdice (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\roulette (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\roulette00 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\roulette_ln (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\roulette_mini (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\roulette_video (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\sicbo (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\sicbo_ln (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\sicbo_video (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_8ball (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_8ball_xl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_alchemist (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_alien25line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_amigos (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_amigos_xl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_beachlife20line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_bermuda (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_bermuda_xl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_captain (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_chinese8line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_cinerama5reel (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_crazy (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_crazy_xl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_desert20line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_diamond5reel (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_europa (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_europa_xl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_footballrules25line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_fountain (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_fountain_xl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_fruitmania5reel (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_globaltraveler20line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_goblin (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_gold8line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_golf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_haunted (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_haunted_xl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_highway (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_jungle (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_jungle_xl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_lotto20line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_lovemore20line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_magic (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_millionaireslane20line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_monkey (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_monkey_xl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_neptune (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_neptune_xl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_nightout20line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_ocean (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_party (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_party_xl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_pyramids9line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_rock (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_rock_xl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_safecracker (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_silver (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_sultan (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_sultan_xl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_thrillseekers50line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_treasures5reel (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_treasures5reel_xl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_tropic (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_uggabugga (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_ultimate8line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_vacation8line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_wall5reel (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\spinawin (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\stravaganza (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\videopoker_10jacks (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\videopoker_10orbetter (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\videopoker_25aces (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\videopoker_4aces (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\videopoker_4deuceswild (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\videopoker_4jacks (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\videopoker_50jacks (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\videopoker_aces (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\videopoker_deuceswild (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\videopoker_highlow (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\videopoker_jacks (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\videopoker_joker (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\videopoker_megajacks (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\aroundtheworld\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\aroundtheworld\windows (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\baccarat\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\baccarat_progressive\gold_dark (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\baccarat_video\table (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\balls\buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\balls\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\balls\tables (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\balls\tables\cocktail (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\balls\tables\colors (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\balls\tables\firstlast (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\balls\tables\jackpot (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\balls\tables\numbers (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\balls\tables\sixth (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\balls\tables\steps (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\balls\tables\total (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjack\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjack_duel\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjack_progressive\gold_dark (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjack_video\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\bonusbowling\anim (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\bonusbowling\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\bonusbowling\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\common\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\common\interface (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\common\ui (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\craps\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\craps\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\darts\buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\darts\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\darts\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\darts\texts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\dicetwister\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\genieshilo\buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\genieshilo\cards (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\genieshilo\jackpot (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\genieshilo\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\headsortails\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\headsortails\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\horseracing\buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\horseracing\info (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\horseracing\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\horseracing\stadium (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\horseracing\start (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\horseracing\tables (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\horseracing\texts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\keno\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\keno\buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\keno\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\keno_x\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\keno_x\buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\keno_x\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\keno_x\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\lobby\ln (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\lobby\login (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\lobby\menu (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\lobby\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\mahjong\buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\mahjong\paytable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\mahjong\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\mahjong\window_win (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\pachinko\components (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\pachinko\gems (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\pachinko\minigames (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\pachinko\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\pachinko\yokoku (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\penaltyshootout\anims (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\penaltyshootout\buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\penaltyshootout\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\popbingo\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\popbingo\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\rockpaperscissors\buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\rockpaperscissors\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\rockpaperscissors\info (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\rockpaperscissors\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\rollercoasterdice\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\rollercoasterdice\buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\rollercoasterdice\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\roulette\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\roulette\buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\roulette\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\roulette\zoom (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\roulette00\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\roulette00\zoom (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\roulette_mini\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\roulette_mini\luxury (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\roulette_mini\luxury\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\3reel (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\3reel_xl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\5reel (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\5reel_xl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\8line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\9line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\blackjack (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\cards (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\coins (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\dollarball (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\doublescreen (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\html (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\interface (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\live_buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\ln (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\slots_multispin (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\tablegames (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\tablesigns (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\ui (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\videopoker_4line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\videopoker_deuces (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\videopoker_jacks (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\videopoker_multiline (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\cards\poker (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\cards\textures (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\cards\videopoker_multiline (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\coins\tablecoins (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\dollarball\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\html\chat (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\html\chat\emoticons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\interface\chat (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\interface\ui (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\sounds\dealervoices (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\sounds\numbers (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\sounds\dealervoices\numbers (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\tablegames\gold_dark (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\videopoker_4line\buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\shared\videopoker_multiline\buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\sicbo\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_8ball\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_alchemist\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_alchemist\bonus (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_alchemist\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_alchemist\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_alien25line\animations (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_alien25line\bonus1 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_alien25line\bonus2 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_alien25line\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_alien25line\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_alien25line\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_amigos\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_beachlife20line\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_beachlife20line\betlines (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_beachlife20line\bonusgame (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_beachlife20line\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_beachlife20line\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_bermuda\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_captain\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_captain\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_chinese8line\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_chinese8line\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_chinese8line\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_cinerama5reel\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_cinerama5reel\bonus (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_cinerama5reel\bonus2 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_cinerama5reel\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_cinerama5reel\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_cinerama5reel\bonus\select (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_cinerama5reel\bonus2\select (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_crazy\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_desert20line\bonusgame (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_desert20line\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_desert20line\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_diamond5reel\bonus (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_diamond5reel\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_diamond5reel\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_diamond5reel\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_diamond5reel\bonus\screen (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_europa\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_europa_xl\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_europa_xl\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_footballrules25line\bonus (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_footballrules25line\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_footballrules25line\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_footballrules25line\sounds\bonus (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_fountain\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_fruitmania5reel\bonus (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_fruitmania5reel\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_fruitmania5reel\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_fruitmania5reel\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_globaltraveler20line\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_globaltraveler20line\betlines (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_globaltraveler20line\bonus (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_globaltraveler20line\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_globaltraveler20line\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_goblin\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_goblin\bonusgame (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_goblin\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_goblin\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_goblin\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_gold8line\bonus (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_gold8line\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_gold8line\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_gold8line\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_gold8line\bonus\screen (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_golf\bonusgame (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_golf\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_golf\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_haunted\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_haunted\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_haunted_xl\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_highway\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_highway\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_highway\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_jungle\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_jungle_xl\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_lotto20line\activate_window (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_lotto20line\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_lotto20line\bonusgame (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_lotto20line\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_lotto20line\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_lotto20line\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_lovemore20line\dollarball (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_lovemore20line\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_lovemore20line\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_magic\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_magic\bonus (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_magic\buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_magic\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_magic\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_millionaireslane20line\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_millionaireslane20line\bonusgame (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_millionaireslane20line\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_millionaireslane20line\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_monkey\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_monkey_xl\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_neptune\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_neptune_xl\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_nightout20line\bonusgame (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_nightout20line\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_nightout20line\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_ocean\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_ocean\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_ocean\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_ocean\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_party\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_party_xl\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\bonusgame (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_pyramids9line\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_pyramids9line\bonus (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_pyramids9line\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_pyramids9line\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_rock\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_rock\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_rock_xl\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_safecracker\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_safecracker\bonus (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_safecracker\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_safecracker\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_silver\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_silver\dollarball (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_silver\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_silver\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_sultan\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_sultan_xl\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_thrillseekers50line\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_thrillseekers50line\bonus (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_thrillseekers50line\loading (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_thrillseekers50line\payline (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_thrillseekers50line\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_thrillseekers50line\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_treasures5reel\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_treasures5reel_xl\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_treasures5reel_xl\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_tropic\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_tropic\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_tropic\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_tropic\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_tropic\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_uggabugga\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_uggabugga\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_uggabugga\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_ultimate8line\anim (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_ultimate8line\bonus (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_ultimate8line\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_ultimate8line\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_vacation8line\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_vacation8line\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_wall5reel\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_wall5reel\bonus (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_wall5reel\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_wall5reel\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_wall5reel\bonus\select (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\spinawin\buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\spinawin\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\videopoker_10jacks\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\videopoker_25aces\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\videopoker_50jacks\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\videopoker_highlow\doublescreen (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\videopoker_joker\animation (Adware.Casino) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\pmnlk.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\klnmp.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\klnmp.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\(offline).db (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\cactivex.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\casino.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\casino.hlp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\casino.ico (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\CEF35956392.db (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\directsounddriver.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\fileinfo.dat (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\fileinfo2.dat (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\fileinfo2r.dat (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\gdigraphdriver.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\h264dec.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\nvssd450.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\replace.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\unicows.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\aroundtheworld.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\aroundtheworld.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\baccarat.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\baccarat.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\baccaratlive.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\baccaratln.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\baccarat_progressive.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\baccarat_video.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\baccarat_video_japanese_ln.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\baccarat_video_ln.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\baccarat_video_mini_japanese_ln.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\baccarat_video_mini_ln.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\baccarat_video_progressive_ln.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\baccarat_video_vip_ln.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\balls.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\balls.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjack.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjack.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjacklive.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjackln.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjack_5h.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjack_5h_pontoon.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjack_5h_progressive.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjack_5h_surrender.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjack_duel.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjack_duel.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjack_pontoon.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjack_surrender.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjack_switch.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjack_video.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\blackjack_video_ln.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\bonusbowling.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\bonusbowling.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\cards.swf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\cashier.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\cashier.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\casinowar.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\casinowar.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\common.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\common.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\craps.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\craps.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\darts.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\darts.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\dicetwister.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\dicetwister.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\genieshilo.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\genieshilo.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\genieshilo_jackpot.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\headsortails.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\headsortails.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\horseracing.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\horseracing.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\keno.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\keno.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\keno_x.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\loader.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\loader.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\lobby.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\lobby.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\mahjong_pro_japan.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\mahjong_pro_wmf.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\mahjong_solo_japan.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\mahjong_solo_wmf.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\pachinko.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\pachinko.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\penaltyshootout.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\penaltyshootout.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\pokergames.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\poker_3card.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\poker_caribbean.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\poker_holdem.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\poker_letthemride.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\poker_paigow.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\poker_tequila.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\popbingo.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\popbingo.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\receive_video.swf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\reddog.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\reddog.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\rockpaperscissors.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\rockpaperscissors.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\rollercoasterdice.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\rollercoasterdice.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\roulette.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\roulette00.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\roulettelive.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\rouletteln.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\roulette_french.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\roulette_mini.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\roulette_video.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\roulette_video_ln.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\sicbo.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\sicbo.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\sicbolive.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\sicboln.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\sicbo_video.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\sicbo_video_ln.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slotmachines.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_8ball.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_8ball_xl.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_alchemist.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_alien25line.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_amigos.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_amigos_xl.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_beachlife20line.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_bermuda.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_bermuda_xl.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_captain.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_chinese8line.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_cinerama5reel.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_crazy.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_crazy_xl.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_custom3reel.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_custom3reel_xl.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_custom5reel.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_custom5reel_xl.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_desert20line.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_diamond5reel.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_footballrules25line.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_fountain.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_fountain_xl.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_fruitmania5reel.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_globaltraveler20line.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_goblin.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_gold8line.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_golf.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_haunted.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_haunted_xl.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_highway.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_jungle.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_jungle_xl.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_lotto20line.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_lovemore20line.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_magic.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_millionaireslane20line.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_monkey.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_monkey_xl.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_neptune.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_neptune_xl.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_nightout20line.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_ocean.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_party.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_party_xl.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_profits.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_pyramids9line.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_rock.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_rock_xl.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_safe.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_silver.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_sultan.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_sultan_xl.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_thrillseekers50line.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_tropic.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Europa Casino\data\slots_uggabugga.gam (Adwa
Logfile of HijackThis v1.99.1
Scan saved at 16:55, on 2008-03-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\visionneuse\Avant Browser\avant.exe
H:\logiciel\hijack this\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - H:\logiciel\SPYWAR~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - blank (file missing)
O2 - BHO: (no name) - {6902F36D-E8DE-4F58-9A64-5B68B888130D} - C:\DOCUME~1\teber\LOCALS~1\Temp\~DP13.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - H:\logiciel\SPYWAR~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {DE48606D-0903-200A-B678-4BD04AA89B8F} - blank (file missing)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - H:\logiciel\bitdefender\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MSN\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: CFE TrayIcon.lnk = H:\fichier compresser\changeur fond d'ecran\Data\CFE TrayIcon.exe
O4 - Startup: CFE.lnk = H:\fichier compresser\changeur fond d'ecran\Data\CFE.exe
O8 - Extra context menu item: Bloquer ce serveur... - C:\visionneuse\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Bloquer cette publicité... - C:\visionneuse\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir tous les liens de la page... - C:\visionneuse\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Personnaliser - c:\reverso\promtie4\options.htm
O8 - Extra context menu item: Rechercher sur Internet - c:\reverso\promtie4\search.htm
O8 - Extra context menu item: Rechercher sur le Web... - C:\visionneuse\Avant Browser\Search.htm
O8 - Extra context menu item: Surligner - C:\visionneuse\Avant Browser\Highlight.htm
O8 - Extra context menu item: Traduire - c:\reverso\promtie4\translat.htm
O8 - Extra context menu item: Traduire dans WebView - c:\reverso\promtie4\webview.htm
O8 - Extra context menu item: Traduire la page - c:\reverso\promtie4\page.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - H:\logiciel\SPYWAR~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe (file missing)
O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - c:\reverso\promtie4\promtie5.htm
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - c:\reverso\promtie4\promtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - c:\reverso\promtie4\options.htm
O9 - Extra 'Tools' menuitem: Personnalisez traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - c:\reverso\promtie4\options.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/2575a1141fef8049c006/netzip/RdxIE6...
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall....
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-fe252e6120df2123.spaces.live.com/PhotoUpload...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - Unknown owner - C:\Program Files\F-Secure Internet Security\fswsclds.exe (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NTSVCMGR - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe (file missing)
O23 - Service: Norman Virus Control on-access component (nvcoas) - Unknown owner - (no file)
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - H:\logiciel\spyware doctor\Spyware Doctor\sdhelp.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - H:\logiciel\bitdefender\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Scan saved at 16:55, on 2008-03-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\visionneuse\Avant Browser\avant.exe
H:\logiciel\hijack this\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - H:\logiciel\SPYWAR~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - blank (file missing)
O2 - BHO: (no name) - {6902F36D-E8DE-4F58-9A64-5B68B888130D} - C:\DOCUME~1\teber\LOCALS~1\Temp\~DP13.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - H:\logiciel\SPYWAR~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {DE48606D-0903-200A-B678-4BD04AA89B8F} - blank (file missing)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - H:\logiciel\bitdefender\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MSN\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: CFE TrayIcon.lnk = H:\fichier compresser\changeur fond d'ecran\Data\CFE TrayIcon.exe
O4 - Startup: CFE.lnk = H:\fichier compresser\changeur fond d'ecran\Data\CFE.exe
O8 - Extra context menu item: Bloquer ce serveur... - C:\visionneuse\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Bloquer cette publicité... - C:\visionneuse\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir tous les liens de la page... - C:\visionneuse\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Personnaliser - c:\reverso\promtie4\options.htm
O8 - Extra context menu item: Rechercher sur Internet - c:\reverso\promtie4\search.htm
O8 - Extra context menu item: Rechercher sur le Web... - C:\visionneuse\Avant Browser\Search.htm
O8 - Extra context menu item: Surligner - C:\visionneuse\Avant Browser\Highlight.htm
O8 - Extra context menu item: Traduire - c:\reverso\promtie4\translat.htm
O8 - Extra context menu item: Traduire dans WebView - c:\reverso\promtie4\webview.htm
O8 - Extra context menu item: Traduire la page - c:\reverso\promtie4\page.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - H:\logiciel\SPYWAR~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe (file missing)
O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - c:\reverso\promtie4\promtie5.htm
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - c:\reverso\promtie4\promtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - c:\reverso\promtie4\options.htm
O9 - Extra 'Tools' menuitem: Personnalisez traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - c:\reverso\promtie4\options.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/2575a1141fef8049c006/netzip/RdxIE6...
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall....
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-fe252e6120df2123.spaces.live.com/PhotoUpload...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - Unknown owner - C:\Program Files\F-Secure Internet Security\fswsclds.exe (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NTSVCMGR - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe (file missing)
O23 - Service: Norman Virus Control on-access component (nvcoas) - Unknown owner - (no file)
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - H:\logiciel\spyware doctor\Spyware Doctor\sdhelp.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - H:\logiciel\bitdefender\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)
ComboFix 08-03-17.1 - teber 2008-03-19 20:09:04.3 - NTFSx86 NETWORK
Endroit: C:\Documents and Settings\teber\Bureau\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\BM47072347.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\jkjdbtnb.dll
C:\WINDOWS\system32\klnmp.ini
C:\WINDOWS\system32\klnmp.ini2
C:\WINDOWS\system32\nhdowrsp.ini
C:\WINDOWS\system32\pmnlk.dll
C:\WINDOWS\system32\psrwodhn.dll
C:\WINDOWS\system32\qwoudqxe.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-19 to 2008-03-19 ))))))))))))))))))))))))))))))))))))
.
2008-03-19 17:01 . 2008-03-19 17:45 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-03-19 16:59 . 2008-03-19 17:01 <REP> d-------- C:\WINDOWS\LastGood
2008-03-19 09:55 . 2008-03-19 15:47 121 --a------ C:\WINDOWS\bdagent.INI
2008-03-19 09:47 . 2008-03-19 09:47 <REP> d-------- C:\Documents and Settings\teber\Application Data\BitDefender
2008-03-19 09:45 . 2008-03-19 09:45 <REP> d-------- C:\Program Files\BitDefender
2008-03-19 09:45 . 2008-03-19 09:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-03-19 09:43 . 2008-03-19 09:45 <REP> d-------- C:\Program Files\Fichiers communs\BitDefender
2008-03-18 23:12 . 2008-03-18 23:12 <REP> d-------- C:\Documents and Settings\teber\Application Data\Malwarebytes
2008-03-18 23:12 . 2008-03-18 23:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-18 09:31 . 2008-03-18 09:31 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-03-18 08:30 . 2008-03-18 09:31 <REP> d-------- C:\VundoFix Backups
2008-03-16 23:17 . 2008-03-16 23:17 63 --a------ C:\WINDOWS\system32\44340255
2008-03-16 23:12 . 2007-02-09 18:34 420,816 --a------ C:\Documents and Settings\teber\Application Data\wunauclt.exe
2008-03-16 23:12 . 2008-03-15 16:57 199,445 --a------ C:\Documents and Settings\teber\Application Data\toolbar.dll
2008-03-16 23:12 . 2008-03-15 14:24 82,937 --a------ C:\Documents and Settings\teber\Application Data\space1.exe
2008-03-16 23:12 . 2008-03-12 20:25 57,344 --------- C:\Documents and Settings\teber\Application Data\dr.exe
2008-03-16 23:12 . 2008-03-16 23:12 36,864 --a------ C:\WINDOWS\system32\khfccbx.dll.vir
2008-03-16 22:50 . 2008-03-16 22:50 <REP> d--hs---- C:\WINDOWS\ftpcache
2008-03-11 09:21 . 2008-03-11 09:21 234 --a------ C:\WINDOWS\PrnHlpLogConfig.ini
2008-03-05 08:58 . 2008-03-05 08:58 <REP> d-------- C:\WINDOWS\system32\AGEIA
2008-03-05 08:58 . 2008-03-05 08:59 <REP> d-------- C:\Program Files\AGEIA Technologies
2008-03-05 08:57 . 2008-03-05 08:57 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-03-05 08:55 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-19 15:59 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2008-03-19 15:59 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2008-03-19 15:59 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2008-03-19 09:49 85,520 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-03-19 09:47 77,824 ----a-w C:\WINDOWS\system32\xcomm.dll
2008-03-19 07:57 --------- d-----w C:\Documents and Settings\teber\Application Data\Vidalia
2008-03-18 09:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-18 06:00 --------- d-----w C:\Program Files\ESET
2008-03-16 09:06 --------- d-----w C:\Program Files\Everest Poker
2008-03-16 08:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-13 19:28 --------- d-----w C:\Program Files\MSN Messenger
2008-03-10 19:45 --------- d-----w C:\Documents and Settings\teber\Application Data\Tor
2008-02-07 17:56 --------- d-----w C:\Program Files\CODECS
2008-01-28 18:02 1,409 ----a-w C:\WINDOWS\Fonts\sncf09.fot
2007-09-24 09:16 284,672 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2007-03-18 18:21 87,608 ----a-w C:\Documents and Settings\teber\Application Data\ezpinst.exe
2007-03-18 18:21 47,360 ----a-w C:\Documents and Settings\teber\Application Data\pcouffin.sys
2006-09-26 20:10 124,664 ----a-w C:\Documents and Settings\teber\Application Data\GDIPFONTCACHEV1.DAT
2005-05-11 22:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2004-08-11 18:49 192,512 ----a-w C:\WINDOWS\inf\unregmp2(2).exe
2004-08-19 23:09 65,024 --sha-w C:\WINDOWS\system32\asycfilt.dll
2006-08-25 15:51 617,472 --sha-w C:\WINDOWS\system32\comctl32.dll
2004-08-19 23:09 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll
2001-08-28 12:00 57,344 --sha-w C:\WINDOWS\system32\mfc42loc.dll
2004-08-19 23:09 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll
2004-08-19 23:09 343,040 --sha-w C:\WINDOWS\system32\msvcrt.dll
2001-08-28 12:00 253,952 --sha-w C:\WINDOWS\system32\msvcrt20.dll
2007-12-04 18:41 550,912 --sha-w C:\WINDOWS\system32\oleaut32.dll
2004-08-19 23:09 83,456 --sha-w C:\WINDOWS\system32\olepro32.dll
2004-08-19 23:09 30,749 --sha-w C:\WINDOWS\system32\vbajet32.dll
1999-01-28 10:40 368,912 --sha-w C:\WINDOWS\system32\Vbar332.dll
.
((((((((((((((((((((((((((((( snapshot@2008-03-18_21.36.13.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-19 16:01:14 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2008-03-19 16:01:14 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2008-03-19 16:01:14 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2008-03-19 16:01:16 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2006-05-25 00:21:00 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2006-05-25 00:21:14 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2008-03-19 16:01:16 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2008-03-19 16:01:14 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
+ 2006-05-25 00:22:06 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
+ 2006-05-25 00:21:00 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2006-05-25 00:21:14 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
+ 2008-03-19 08:47:28 61,440 ----a-r C:\WINDOWS\Installer\{F4F09997-F426-4019-B29B-6F1FE74852AC}\helpicon.exe
+ 2008-03-19 08:47:27 32,768 ----a-r C:\WINDOWS\Installer\{F4F09997-F426-4019-B29B-6F1FE74852AC}\maintenance_icon.exe
+ 2008-03-19 08:47:27 22,486 ----a-r C:\WINDOWS\Installer\{F4F09997-F426-4019-B29B-6F1FE74852AC}\register_icon.exe
+ 2008-03-19 08:47:27 57,344 ----a-r C:\WINDOWS\Installer\{F4F09997-F426-4019-B29B-6F1FE74852AC}\texticon.exe
+ 2001-12-14 11:34:46 164,864 ----a-w C:\WINDOWS\LastGood\patchw32.dll
- 2001-12-14 11:34:46 164,864 ----a-w C:\WINDOWS\patchw32.dll
+ 2001-12-14 12:34:46 164,864 ----a-w C:\WINDOWS\patchw32.dll
+ 2008-01-07 16:41:34 196,368 ----a-w C:\WINDOWS\system32\drivers\bdfsfltr.sys
+ 2007-01-31 12:50:32 913,408 ----a-w C:\WINDOWS\system32\xreglib.dll
- 2006-12-01 21:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-01 20:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
- 2006-12-01 21:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-01 20:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
- 2006-12-01 21:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-01 20:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
- 2006-12-01 23:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-01 22:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
- 2006-12-01 23:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-01 22:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
- 2006-12-01 23:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-01 22:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
- 2006-12-01 23:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-01 22:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
- 2006-12-01 23:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-01 22:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
- 2006-12-01 23:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-01 22:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
- 2006-12-01 23:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-01 22:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
- 2006-12-01 23:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-01 22:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
- 2006-12-01 23:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
- 2006-12-01 23:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
- 2006-12-01 23:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
- 2006-12-01 23:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-01 22:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
- 2006-12-01 23:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-01 22:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6902F36D-E8DE-4F58-9A64-5B68B888130D}]
C:\DOCUME~1\teber\LOCALS~1\Temp\~DP13.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DE48606D-0903-200A-B678-4BD04AA89B8F}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="C:\Program Files\MSN\MsgPlus.exe" [2006-04-16 20:42 190024]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 14:43 7630848]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2001-10-05 15:51 28738]
"EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-01 08:50 28672]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-06-11 18:31 180269]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"nwiz"="nwiz.exe" [2006-08-11 14:43 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 14:43 86016]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-02-09 14:01 77824]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-10-26 09:10 949376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
"Spyware Doctor"="" []
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk
backup=C:\WINDOWS\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Hulk Maximyzer.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Hulk Maximyzer.lnk
backup=C:\WINDOWS\pss\Hulk Maximyzer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Privoxy.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Privoxy.lnk
backup=C:\WINDOWS\pss\Privoxy.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^teber^Menu Démarrer^Programmes^Démarrage^HDDlife.lnk]
path=C:\Documents and Settings\teber\Menu Démarrer\Programmes\Démarrage\HDDlife.lnk
backup=C:\WINDOWS\pss\HDDlife.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^teber^Menu Démarrer^Programmes^Démarrage^Intégrateur PROjectMT 98.lnk]
path=C:\Documents and Settings\teber\Menu Démarrer\Programmes\Démarrage\Intégrateur PROjectMT 98.lnk
backup=C:\WINDOWS\pss\Intégrateur PROjectMT 98.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^teber^Menu Démarrer^Programmes^Démarrage^Programme Garnier Nutritionist.lnk]
path=C:\Documents and Settings\teber\Menu Démarrer\Programmes\Démarrage\Programme Garnier Nutritionist.lnk
backup=C:\WINDOWS\pss\Programme Garnier Nutritionist.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
H:\logiciel\bitdefender\bdagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2005-09-03 14:18 94208 C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper]
--a------ 2007-10-09 15:46 61440 H:\logiciel\bitdefender\IEShow.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
--a------ 2001-11-15 11:08 1216512 C:\WINDOWS\mixer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 11:48 157592 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2004-02-09 14:01 77824 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-01-30 11:30 19486248 H:\logiciel\skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-11-09 15:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
-ra------ 2006-06-06 09:07 40960 C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
--a------ 2006-07-07 20:58 8915456 H:\logiciel\T O R\Vidalia\vidalia.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2005-11-15 20:31 33792 C:\Program Files\Winamp\winampa.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\soulseek\\slsk.exe"=
"C:\\KAZAA\\Kazaa Lite K++\\KazaaLite.kpp"=
"C:\\AIM\\aim.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"H:\\Freeplayer\\vlc\\vlc.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"H:\\logiciel\\vlc freebox tv\\VLC\\vlc.exe"=
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"C:\\visionneuse\\Avant Browser\\avant.exe"=
"H:\\logiciel\\emule 0.47c xtreme 5.4\\emule.exe"=
"H:\\logiciel\\emule 0.47c beba v1.2\\emule.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"H:\\logiciel\\skype\\Phone\\Skype.exe"=
"H:\\logiciel\\emule 0.48a\\eMule.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"4669:TCP"= 4669:TCP:emule tcp
"5555:UDP"= 5555:UDP:emule udp
"6346:TCP"= 6346:TCP:shareaza
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-03-19 10:49]
S2 Fswsclds;F-Secure Windows Security Center Legacy Detection Service;C:\Program Files\F-Secure Internet Security\fswsclds.exe []
S2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2002-01-29 23:42]
S2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2002-01-29 23:42]
S3 adiusbae;USB ADSL LAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbae.sys []
S3 CH341SER;CH341SER;C:\WINDOWS\system32\Drivers\CH341SER.SYS [2006-06-05 00:00]
S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 11:35]
S3 ham50;V9X HAM 1394V;C:\WINDOWS\system32\DRIVERS\CTXH51.sys [2001-08-04 16:50]
S3 ids0004C;ids0004C;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0004C.sys []
S3 ids0005c;ids0005c;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0005c.sys []
S3 MBAMCatchMe;MBAMCatchMe;H:\logiciel\malware\Malwarebytes' Anti-Malware\catchme.sys [2008-03-09 17:29]
S3 musbehco;musbehco;C:\DOCUME~1\teber\LOCALS~1\Temp\musbehco.sys []
S3 nvcfsr;nvcfsr;C:\NORMAN VIRUS CONTROL\nvc\BIN\nvcfsr.sys []
S3 nvcoafl51;nvcoafl51;C:\NORMAN VIRUS CONTROL\nvc\BIN\nvcoafl51.sys []
S3 USBModem000;LGE Mobile USB Modem TC;C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-04 07:08]
S3 V0090VID;Creative WebCam Vista Plus;C:\WINDOWS\system32\DRIVERS\V0090Vid.sys [2004-09-06 02:00]
S3 viafilter;VIA USB Filter;C:\WINDOWS\system32\Drivers\viausb.sys [2001-08-21 05:11]
S3 Wdm1;USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc.sys [2001-12-13 14:35]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d116a174-8775-11db-9aae-0010dc21fba9}]
\Shell\AutoRun\command - I:\autorun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{32D08D3D-0C7E-2D2B-6A6E-85C8A618B1A7}]
C:\WINDOWS\System32\Dractx.exe 2
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-16 22:12:21 C:\WINDOWS\Tasks\At1.job"
- C:\Documents
"2008-03-16 22:12:23 C:\WINDOWS\Tasks\At2.job"
- C:\Documents
"2008-03-16 22:12:27 C:\WINDOWS\Tasks\At3.job"
- C:\Documents
"2008-03-14 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- H:\fichier compresser\SystemOptimizer.exe
"2008-03-18 21:54:33 C:\WINDOWS\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_BERTRAND_teber.job"
- C:\WINDOWS\system32\mobsync.exeC /Schedule=
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 20:14:20
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
Temps d'accomplissement: 2008-03-19 20:15:58
ComboFix-quarantined-files.txt 2008-03-19 19:15:03
ComboFix2.txt 2008-03-18 20:37:24
.
2008-03-12 20:11:30 --- E O F ---
Endroit: C:\Documents and Settings\teber\Bureau\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\BM47072347.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\jkjdbtnb.dll
C:\WINDOWS\system32\klnmp.ini
C:\WINDOWS\system32\klnmp.ini2
C:\WINDOWS\system32\nhdowrsp.ini
C:\WINDOWS\system32\pmnlk.dll
C:\WINDOWS\system32\psrwodhn.dll
C:\WINDOWS\system32\qwoudqxe.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-19 to 2008-03-19 ))))))))))))))))))))))))))))))))))))
.
2008-03-19 17:01 . 2008-03-19 17:45 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-03-19 16:59 . 2008-03-19 17:01 <REP> d-------- C:\WINDOWS\LastGood
2008-03-19 09:55 . 2008-03-19 15:47 121 --a------ C:\WINDOWS\bdagent.INI
2008-03-19 09:47 . 2008-03-19 09:47 <REP> d-------- C:\Documents and Settings\teber\Application Data\BitDefender
2008-03-19 09:45 . 2008-03-19 09:45 <REP> d-------- C:\Program Files\BitDefender
2008-03-19 09:45 . 2008-03-19 09:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-03-19 09:43 . 2008-03-19 09:45 <REP> d-------- C:\Program Files\Fichiers communs\BitDefender
2008-03-18 23:12 . 2008-03-18 23:12 <REP> d-------- C:\Documents and Settings\teber\Application Data\Malwarebytes
2008-03-18 23:12 . 2008-03-18 23:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-18 09:31 . 2008-03-18 09:31 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-03-18 08:30 . 2008-03-18 09:31 <REP> d-------- C:\VundoFix Backups
2008-03-16 23:17 . 2008-03-16 23:17 63 --a------ C:\WINDOWS\system32\44340255
2008-03-16 23:12 . 2007-02-09 18:34 420,816 --a------ C:\Documents and Settings\teber\Application Data\wunauclt.exe
2008-03-16 23:12 . 2008-03-15 16:57 199,445 --a------ C:\Documents and Settings\teber\Application Data\toolbar.dll
2008-03-16 23:12 . 2008-03-15 14:24 82,937 --a------ C:\Documents and Settings\teber\Application Data\space1.exe
2008-03-16 23:12 . 2008-03-12 20:25 57,344 --------- C:\Documents and Settings\teber\Application Data\dr.exe
2008-03-16 23:12 . 2008-03-16 23:12 36,864 --a------ C:\WINDOWS\system32\khfccbx.dll.vir
2008-03-16 22:50 . 2008-03-16 22:50 <REP> d--hs---- C:\WINDOWS\ftpcache
2008-03-11 09:21 . 2008-03-11 09:21 234 --a------ C:\WINDOWS\PrnHlpLogConfig.ini
2008-03-05 08:58 . 2008-03-05 08:58 <REP> d-------- C:\WINDOWS\system32\AGEIA
2008-03-05 08:58 . 2008-03-05 08:59 <REP> d-------- C:\Program Files\AGEIA Technologies
2008-03-05 08:57 . 2008-03-05 08:57 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-03-05 08:55 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-19 15:59 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2008-03-19 15:59 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2008-03-19 15:59 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2008-03-19 09:49 85,520 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-03-19 09:47 77,824 ----a-w C:\WINDOWS\system32\xcomm.dll
2008-03-19 07:57 --------- d-----w C:\Documents and Settings\teber\Application Data\Vidalia
2008-03-18 09:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-18 06:00 --------- d-----w C:\Program Files\ESET
2008-03-16 09:06 --------- d-----w C:\Program Files\Everest Poker
2008-03-16 08:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-13 19:28 --------- d-----w C:\Program Files\MSN Messenger
2008-03-10 19:45 --------- d-----w C:\Documents and Settings\teber\Application Data\Tor
2008-02-07 17:56 --------- d-----w C:\Program Files\CODECS
2008-01-28 18:02 1,409 ----a-w C:\WINDOWS\Fonts\sncf09.fot
2007-09-24 09:16 284,672 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2007-03-18 18:21 87,608 ----a-w C:\Documents and Settings\teber\Application Data\ezpinst.exe
2007-03-18 18:21 47,360 ----a-w C:\Documents and Settings\teber\Application Data\pcouffin.sys
2006-09-26 20:10 124,664 ----a-w C:\Documents and Settings\teber\Application Data\GDIPFONTCACHEV1.DAT
2005-05-11 22:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2004-08-11 18:49 192,512 ----a-w C:\WINDOWS\inf\unregmp2(2).exe
2004-08-19 23:09 65,024 --sha-w C:\WINDOWS\system32\asycfilt.dll
2006-08-25 15:51 617,472 --sha-w C:\WINDOWS\system32\comctl32.dll
2004-08-19 23:09 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll
2001-08-28 12:00 57,344 --sha-w C:\WINDOWS\system32\mfc42loc.dll
2004-08-19 23:09 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll
2004-08-19 23:09 343,040 --sha-w C:\WINDOWS\system32\msvcrt.dll
2001-08-28 12:00 253,952 --sha-w C:\WINDOWS\system32\msvcrt20.dll
2007-12-04 18:41 550,912 --sha-w C:\WINDOWS\system32\oleaut32.dll
2004-08-19 23:09 83,456 --sha-w C:\WINDOWS\system32\olepro32.dll
2004-08-19 23:09 30,749 --sha-w C:\WINDOWS\system32\vbajet32.dll
1999-01-28 10:40 368,912 --sha-w C:\WINDOWS\system32\Vbar332.dll
.
((((((((((((((((((((((((((((( snapshot@2008-03-18_21.36.13.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-19 16:01:14 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2008-03-19 16:01:14 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2008-03-19 16:01:14 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2008-03-19 16:01:16 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2006-05-25 00:21:00 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2006-05-25 00:21:14 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2008-03-19 16:01:16 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2008-03-19 16:01:14 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
+ 2006-05-25 00:22:06 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
+ 2006-05-25 00:21:00 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2006-05-25 00:21:14 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
+ 2008-03-19 08:47:28 61,440 ----a-r C:\WINDOWS\Installer\{F4F09997-F426-4019-B29B-6F1FE74852AC}\helpicon.exe
+ 2008-03-19 08:47:27 32,768 ----a-r C:\WINDOWS\Installer\{F4F09997-F426-4019-B29B-6F1FE74852AC}\maintenance_icon.exe
+ 2008-03-19 08:47:27 22,486 ----a-r C:\WINDOWS\Installer\{F4F09997-F426-4019-B29B-6F1FE74852AC}\register_icon.exe
+ 2008-03-19 08:47:27 57,344 ----a-r C:\WINDOWS\Installer\{F4F09997-F426-4019-B29B-6F1FE74852AC}\texticon.exe
+ 2001-12-14 11:34:46 164,864 ----a-w C:\WINDOWS\LastGood\patchw32.dll
- 2001-12-14 11:34:46 164,864 ----a-w C:\WINDOWS\patchw32.dll
+ 2001-12-14 12:34:46 164,864 ----a-w C:\WINDOWS\patchw32.dll
+ 2008-01-07 16:41:34 196,368 ----a-w C:\WINDOWS\system32\drivers\bdfsfltr.sys
+ 2007-01-31 12:50:32 913,408 ----a-w C:\WINDOWS\system32\xreglib.dll
- 2006-12-01 21:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-01 20:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
- 2006-12-01 21:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-01 20:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
- 2006-12-01 21:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-01 20:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
- 2006-12-01 23:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-01 22:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
- 2006-12-01 23:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-01 22:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
- 2006-12-01 23:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-01 22:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
- 2006-12-01 23:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-01 22:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
- 2006-12-01 23:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-01 22:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
- 2006-12-01 23:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-01 22:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
- 2006-12-01 23:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-01 22:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
- 2006-12-01 23:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-01 22:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
- 2006-12-01 23:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
- 2006-12-01 23:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
- 2006-12-01 23:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
- 2006-12-01 23:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-01 22:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
- 2006-12-01 23:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-01 22:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6902F36D-E8DE-4F58-9A64-5B68B888130D}]
C:\DOCUME~1\teber\LOCALS~1\Temp\~DP13.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DE48606D-0903-200A-B678-4BD04AA89B8F}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="C:\Program Files\MSN\MsgPlus.exe" [2006-04-16 20:42 190024]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 14:43 7630848]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2001-10-05 15:51 28738]
"EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-01 08:50 28672]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-06-11 18:31 180269]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"nwiz"="nwiz.exe" [2006-08-11 14:43 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 14:43 86016]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-02-09 14:01 77824]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-10-26 09:10 949376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
"Spyware Doctor"="" []
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk
backup=C:\WINDOWS\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Hulk Maximyzer.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Hulk Maximyzer.lnk
backup=C:\WINDOWS\pss\Hulk Maximyzer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Privoxy.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Privoxy.lnk
backup=C:\WINDOWS\pss\Privoxy.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^teber^Menu Démarrer^Programmes^Démarrage^HDDlife.lnk]
path=C:\Documents and Settings\teber\Menu Démarrer\Programmes\Démarrage\HDDlife.lnk
backup=C:\WINDOWS\pss\HDDlife.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^teber^Menu Démarrer^Programmes^Démarrage^Intégrateur PROjectMT 98.lnk]
path=C:\Documents and Settings\teber\Menu Démarrer\Programmes\Démarrage\Intégrateur PROjectMT 98.lnk
backup=C:\WINDOWS\pss\Intégrateur PROjectMT 98.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^teber^Menu Démarrer^Programmes^Démarrage^Programme Garnier Nutritionist.lnk]
path=C:\Documents and Settings\teber\Menu Démarrer\Programmes\Démarrage\Programme Garnier Nutritionist.lnk
backup=C:\WINDOWS\pss\Programme Garnier Nutritionist.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
H:\logiciel\bitdefender\bdagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2005-09-03 14:18 94208 C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper]
--a------ 2007-10-09 15:46 61440 H:\logiciel\bitdefender\IEShow.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
--a------ 2001-11-15 11:08 1216512 C:\WINDOWS\mixer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 11:48 157592 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2004-02-09 14:01 77824 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-01-30 11:30 19486248 H:\logiciel\skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-11-09 15:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
-ra------ 2006-06-06 09:07 40960 C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
--a------ 2006-07-07 20:58 8915456 H:\logiciel\T O R\Vidalia\vidalia.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2005-11-15 20:31 33792 C:\Program Files\Winamp\winampa.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\soulseek\\slsk.exe"=
"C:\\KAZAA\\Kazaa Lite K++\\KazaaLite.kpp"=
"C:\\AIM\\aim.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"H:\\Freeplayer\\vlc\\vlc.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"H:\\logiciel\\vlc freebox tv\\VLC\\vlc.exe"=
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"C:\\visionneuse\\Avant Browser\\avant.exe"=
"H:\\logiciel\\emule 0.47c xtreme 5.4\\emule.exe"=
"H:\\logiciel\\emule 0.47c beba v1.2\\emule.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"H:\\logiciel\\skype\\Phone\\Skype.exe"=
"H:\\logiciel\\emule 0.48a\\eMule.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"4669:TCP"= 4669:TCP:emule tcp
"5555:UDP"= 5555:UDP:emule udp
"6346:TCP"= 6346:TCP:shareaza
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-03-19 10:49]
S2 Fswsclds;F-Secure Windows Security Center Legacy Detection Service;C:\Program Files\F-Secure Internet Security\fswsclds.exe []
S2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2002-01-29 23:42]
S2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2002-01-29 23:42]
S3 adiusbae;USB ADSL LAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbae.sys []
S3 CH341SER;CH341SER;C:\WINDOWS\system32\Drivers\CH341SER.SYS [2006-06-05 00:00]
S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 11:35]
S3 ham50;V9X HAM 1394V;C:\WINDOWS\system32\DRIVERS\CTXH51.sys [2001-08-04 16:50]
S3 ids0004C;ids0004C;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0004C.sys []
S3 ids0005c;ids0005c;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0005c.sys []
S3 MBAMCatchMe;MBAMCatchMe;H:\logiciel\malware\Malwarebytes' Anti-Malware\catchme.sys [2008-03-09 17:29]
S3 musbehco;musbehco;C:\DOCUME~1\teber\LOCALS~1\Temp\musbehco.sys []
S3 nvcfsr;nvcfsr;C:\NORMAN VIRUS CONTROL\nvc\BIN\nvcfsr.sys []
S3 nvcoafl51;nvcoafl51;C:\NORMAN VIRUS CONTROL\nvc\BIN\nvcoafl51.sys []
S3 USBModem000;LGE Mobile USB Modem TC;C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-04 07:08]
S3 V0090VID;Creative WebCam Vista Plus;C:\WINDOWS\system32\DRIVERS\V0090Vid.sys [2004-09-06 02:00]
S3 viafilter;VIA USB Filter;C:\WINDOWS\system32\Drivers\viausb.sys [2001-08-21 05:11]
S3 Wdm1;USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc.sys [2001-12-13 14:35]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d116a174-8775-11db-9aae-0010dc21fba9}]
\Shell\AutoRun\command - I:\autorun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{32D08D3D-0C7E-2D2B-6A6E-85C8A618B1A7}]
C:\WINDOWS\System32\Dractx.exe 2
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-16 22:12:21 C:\WINDOWS\Tasks\At1.job"
- C:\Documents
"2008-03-16 22:12:23 C:\WINDOWS\Tasks\At2.job"
- C:\Documents
"2008-03-16 22:12:27 C:\WINDOWS\Tasks\At3.job"
- C:\Documents
"2008-03-14 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- H:\fichier compresser\SystemOptimizer.exe
"2008-03-18 21:54:33 C:\WINDOWS\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_BERTRAND_teber.job"
- C:\WINDOWS\system32\mobsync.exeC /Schedule=
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 20:14:20
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
Temps d'accomplissement: 2008-03-19 20:15:58
ComboFix-quarantined-files.txt 2008-03-19 19:15:03
ComboFix2.txt 2008-03-18 20:37:24
.
2008-03-12 20:11:30 --- E O F ---
Re,
[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
![]()
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
File::
C:\Documents and Settings\teber\Application Data\wunauclt.exe
C:\Documents and Settings\teber\Application Data\toolbar.dll
C:\Documents and Settings\teber\Application Data\space1.exe
C:\Documents and Settings\teber\Application Data\dr.exe
C:\WINDOWS\system32\khfccbx.dll.vir
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6902F36D-E8DE-4F58-9A64-5B68B888130D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DE48606D-0903-200A-B678-4BD04AA89B8F}]
C:\Documents and Settings\teber\Application Data\wunauclt.exe
C:\Documents and Settings\teber\Application Data\toolbar.dll
C:\Documents and Settings\teber\Application Data\space1.exe
C:\Documents and Settings\teber\Application Data\dr.exe
C:\WINDOWS\system32\khfccbx.dll.vir
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6902F36D-E8DE-4F58-9A64-5B68B888130D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DE48606D-0903-200A-B678-4BD04AA89B8F}]
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
ComboFix 08-03-17.1 - teber 2008-03-19 21:24:40.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.487 [GMT 1:00]
Endroit: C:\Documents and Settings\teber\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\teber\Mes documents\CFScript.txt
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE ::
C:\Documents and Settings\teber\Application Data\dr.exe
C:\Documents and Settings\teber\Application Data\space1.exe
C:\Documents and Settings\teber\Application Data\toolbar.dll
C:\Documents and Settings\teber\Application Data\wunauclt.exe
C:\WINDOWS\system32\khfccbx.dll.vir
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\teber\Application Data\dr.exe
C:\Documents and Settings\teber\Application Data\space1.exe
C:\Documents and Settings\teber\Application Data\toolbar.dll
C:\Documents and Settings\teber\Application Data\wunauclt.exe
C:\WINDOWS\system32\khfccbx.dll.vir
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-19 to 2008-03-19 ))))))))))))))))))))))))))))))))))))
.
2008-03-19 20:52 . 2008-03-19 20:52 <REP> d-------- C:\Program Files\Avira
2008-03-19 20:52 . 2008-03-19 20:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-19 17:01 . 2008-03-19 17:45 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-03-19 09:55 . 2008-03-19 15:47 121 --a------ C:\WINDOWS\bdagent.INI
2008-03-19 09:47 . 2008-03-19 09:47 <REP> d-------- C:\Documents and Settings\teber\Application Data\BitDefender
2008-03-19 09:45 . 2008-03-19 09:45 <REP> d-------- C:\Program Files\BitDefender
2008-03-19 09:45 . 2008-03-19 09:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-03-19 09:43 . 2008-03-19 09:45 <REP> d-------- C:\Program Files\Fichiers communs\BitDefender
2008-03-18 23:12 . 2008-03-18 23:12 <REP> d-------- C:\Documents and Settings\teber\Application Data\Malwarebytes
2008-03-18 23:12 . 2008-03-18 23:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-18 09:31 . 2008-03-18 09:31 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-03-18 08:30 . 2008-03-18 09:31 <REP> d-------- C:\VundoFix Backups
2008-03-16 23:17 . 2008-03-16 23:17 63 --a------ C:\WINDOWS\system32\44340255
2008-03-16 22:50 . 2008-03-16 22:50 <REP> d--hs---- C:\WINDOWS\ftpcache
2008-03-11 09:21 . 2008-03-11 09:21 234 --a------ C:\WINDOWS\PrnHlpLogConfig.ini
2008-03-05 08:58 . 2008-03-05 08:58 <REP> d-------- C:\WINDOWS\system32\AGEIA
2008-03-05 08:58 . 2008-03-05 08:59 <REP> d-------- C:\Program Files\AGEIA Technologies
2008-03-05 08:57 . 2008-03-05 08:57 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-03-05 08:55 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-19 20:20 --------- d-----w C:\Program Files\ESET
2008-03-19 15:59 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2008-03-19 15:59 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2008-03-19 15:59 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2008-03-19 09:49 85,520 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-03-19 07:57 --------- d-----w C:\Documents and Settings\teber\Application Data\Vidalia
2008-03-18 09:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-16 09:06 --------- d-----w C:\Program Files\Everest Poker
2008-03-16 08:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-13 19:28 --------- d-----w C:\Program Files\MSN Messenger
2008-03-10 19:45 --------- d-----w C:\Documents and Settings\teber\Application Data\Tor
2008-02-07 17:56 --------- d-----w C:\Program Files\CODECS
2008-01-28 18:02 1,409 ----a-w C:\WINDOWS\Fonts\sncf09.fot
2007-03-18 18:21 87,608 ----a-w C:\Documents and Settings\teber\Application Data\ezpinst.exe
2007-03-18 18:21 47,360 ----a-w C:\Documents and Settings\teber\Application Data\pcouffin.sys
2006-09-26 20:10 124,664 ----a-w C:\Documents and Settings\teber\Application Data\GDIPFONTCACHEV1.DAT
2004-08-19 23:09 65,024 --sha-w C:\WINDOWS\system32\asycfilt.dll
2006-08-25 15:51 617,472 --sha-w C:\WINDOWS\system32\comctl32.dll
2004-08-19 23:09 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll
2001-08-28 12:00 57,344 --sha-w C:\WINDOWS\system32\mfc42loc.dll
2004-08-19 23:09 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll
2004-08-19 23:09 343,040 --sha-w C:\WINDOWS\system32\msvcrt.dll
2001-08-28 12:00 253,952 --sha-w C:\WINDOWS\system32\msvcrt20.dll
2007-12-04 18:41 550,912 --sha-w C:\WINDOWS\system32\oleaut32.dll
2004-08-19 23:09 83,456 --sha-w C:\WINDOWS\system32\olepro32.dll
2004-08-19 23:09 30,749 --sha-w C:\WINDOWS\system32\vbajet32.dll
1999-01-28 10:40 368,912 --sha-w C:\WINDOWS\system32\Vbar332.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="C:\Program Files\MSN\MsgPlus.exe" [2006-04-16 20:42 190024]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 14:43 7630848]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2001-10-05 15:51 28738]
"EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-01 08:50 28672]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-06-11 18:31 180269]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"nwiz"="nwiz.exe" [2006-08-11 14:43 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 14:43 86016]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-02-09 14:01 77824]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
"Spyware Doctor"="" []
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk
backup=C:\WINDOWS\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Hulk Maximyzer.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Hulk Maximyzer.lnk
backup=C:\WINDOWS\pss\Hulk Maximyzer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Privoxy.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Privoxy.lnk
backup=C:\WINDOWS\pss\Privoxy.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^teber^Menu Démarrer^Programmes^Démarrage^HDDlife.lnk]
path=C:\Documents and Settings\teber\Menu Démarrer\Programmes\Démarrage\HDDlife.lnk
backup=C:\WINDOWS\pss\HDDlife.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^teber^Menu Démarrer^Programmes^Démarrage^Intégrateur PROjectMT 98.lnk]
path=C:\Documents and Settings\teber\Menu Démarrer\Programmes\Démarrage\Intégrateur PROjectMT 98.lnk
backup=C:\WINDOWS\pss\Intégrateur PROjectMT 98.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^teber^Menu Démarrer^Programmes^Démarrage^Programme Garnier Nutritionist.lnk]
path=C:\Documents and Settings\teber\Menu Démarrer\Programmes\Démarrage\Programme Garnier Nutritionist.lnk
backup=C:\WINDOWS\pss\Programme Garnier Nutritionist.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
H:\logiciel\bitdefender\bdagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2005-09-03 14:18 94208 C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper]
H:\logiciel\bitdefender\IEShow.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
--a------ 2001-11-15 11:08 1216512 C:\WINDOWS\mixer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 11:48 157592 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2004-02-09 14:01 77824 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-01-30 11:30 19486248 H:\logiciel\skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-11-09 15:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
-ra------ 2006-06-06 09:07 40960 C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
--a------ 2006-07-07 20:58 8915456 H:\logiciel\T O R\Vidalia\vidalia.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2005-11-15 20:31 33792 C:\Program Files\Winamp\winampa.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\soulseek\\slsk.exe"=
"C:\\KAZAA\\Kazaa Lite K++\\KazaaLite.kpp"=
"C:\\AIM\\aim.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"H:\\Freeplayer\\vlc\\vlc.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"H:\\logiciel\\vlc freebox tv\\VLC\\vlc.exe"=
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"C:\\visionneuse\\Avant Browser\\avant.exe"=
"H:\\logiciel\\emule 0.47c xtreme 5.4\\emule.exe"=
"H:\\logiciel\\emule 0.47c beba v1.2\\emule.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"H:\\logiciel\\skype\\Phone\\Skype.exe"=
"H:\\logiciel\\emule 0.48a\\eMule.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"4669:TCP"= 4669:TCP:emule tcp
"5555:UDP"= 5555:UDP:emule udp
"6346:TCP"= 6346:TCP:shareaza
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-03-19 10:49]
R3 ham50;V9X HAM 1394V;C:\WINDOWS\system32\DRIVERS\CTXH51.sys [2001-08-04 16:50]
S2 Fswsclds;F-Secure Windows Security Center Legacy Detection Service;C:\Program Files\F-Secure Internet Security\fswsclds.exe []
S2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2002-01-29 23:42]
S2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2002-01-29 23:42]
S3 adiusbae;USB ADSL LAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbae.sys []
S3 CH341SER;CH341SER;C:\WINDOWS\system32\Drivers\CH341SER.SYS [2006-06-05 00:00]
S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 11:35]
S3 ids0004C;ids0004C;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0004C.sys []
S3 ids0005c;ids0005c;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0005c.sys []
S3 MBAMCatchMe;MBAMCatchMe;H:\logiciel\malware\Malwarebytes' Anti-Malware\catchme.sys [2008-03-09 17:29]
S3 musbehco;musbehco;C:\DOCUME~1\teber\LOCALS~1\Temp\musbehco.sys []
S3 nvcfsr;nvcfsr;C:\NORMAN VIRUS CONTROL\nvc\BIN\nvcfsr.sys []
S3 nvcoafl51;nvcoafl51;C:\NORMAN VIRUS CONTROL\nvc\BIN\nvcoafl51.sys []
S3 USBModem000;LGE Mobile USB Modem TC;C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-04 07:08]
S3 V0090VID;Creative WebCam Vista Plus;C:\WINDOWS\system32\DRIVERS\V0090Vid.sys [2004-09-06 02:00]
S3 viafilter;VIA USB Filter;C:\WINDOWS\system32\Drivers\viausb.sys [2001-08-21 05:11]
S3 Wdm1;USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc.sys [2001-12-13 14:35]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d116a174-8775-11db-9aae-0010dc21fba9}]
\Shell\AutoRun\command - I:\autorun.exe
*Newly Created Service* - AVGNTFLT
*Newly Created Service* - SSMDRV
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{32D08D3D-0C7E-2D2B-6A6E-85C8A618B1A7}]
C:\WINDOWS\System32\Dractx.exe 2
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-16 22:12:21 C:\WINDOWS\Tasks\At1.job"
- C:\Documents
"2008-03-16 22:12:23 C:\WINDOWS\Tasks\At2.job"
- C:\Documents
"2008-03-16 22:12:27 C:\WINDOWS\Tasks\At3.job"
- C:\Documents
"2008-03-14 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- H:\fichier compresser\SystemOptimizer.exe
"2008-03-18 21:54:33 C:\WINDOWS\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_BERTRAND_teber.job"
- C:\WINDOWS\system32\mobsync.exeC /Schedule=
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 21:29:11
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
Temps d'accomplissement: 2008-03-19 21:30:50
ComboFix-quarantined-files.txt 2008-03-19 20:29:58
ComboFix2.txt 2008-03-19 19:15:58
ComboFix3.txt 2008-03-18 20:37:24
.
2008-03-12 20:11:30 --- E O F ---
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.487 [GMT 1:00]
Endroit: C:\Documents and Settings\teber\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\teber\Mes documents\CFScript.txt
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE ::
C:\Documents and Settings\teber\Application Data\dr.exe
C:\Documents and Settings\teber\Application Data\space1.exe
C:\Documents and Settings\teber\Application Data\toolbar.dll
C:\Documents and Settings\teber\Application Data\wunauclt.exe
C:\WINDOWS\system32\khfccbx.dll.vir
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\teber\Application Data\dr.exe
C:\Documents and Settings\teber\Application Data\space1.exe
C:\Documents and Settings\teber\Application Data\toolbar.dll
C:\Documents and Settings\teber\Application Data\wunauclt.exe
C:\WINDOWS\system32\khfccbx.dll.vir
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-19 to 2008-03-19 ))))))))))))))))))))))))))))))))))))
.
2008-03-19 20:52 . 2008-03-19 20:52 <REP> d-------- C:\Program Files\Avira
2008-03-19 20:52 . 2008-03-19 20:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-19 17:01 . 2008-03-19 17:45 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-03-19 09:55 . 2008-03-19 15:47 121 --a------ C:\WINDOWS\bdagent.INI
2008-03-19 09:47 . 2008-03-19 09:47 <REP> d-------- C:\Documents and Settings\teber\Application Data\BitDefender
2008-03-19 09:45 . 2008-03-19 09:45 <REP> d-------- C:\Program Files\BitDefender
2008-03-19 09:45 . 2008-03-19 09:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-03-19 09:43 . 2008-03-19 09:45 <REP> d-------- C:\Program Files\Fichiers communs\BitDefender
2008-03-18 23:12 . 2008-03-18 23:12 <REP> d-------- C:\Documents and Settings\teber\Application Data\Malwarebytes
2008-03-18 23:12 . 2008-03-18 23:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-18 09:31 . 2008-03-18 09:31 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-03-18 08:30 . 2008-03-18 09:31 <REP> d-------- C:\VundoFix Backups
2008-03-16 23:17 . 2008-03-16 23:17 63 --a------ C:\WINDOWS\system32\44340255
2008-03-16 22:50 . 2008-03-16 22:50 <REP> d--hs---- C:\WINDOWS\ftpcache
2008-03-11 09:21 . 2008-03-11 09:21 234 --a------ C:\WINDOWS\PrnHlpLogConfig.ini
2008-03-05 08:58 . 2008-03-05 08:58 <REP> d-------- C:\WINDOWS\system32\AGEIA
2008-03-05 08:58 . 2008-03-05 08:59 <REP> d-------- C:\Program Files\AGEIA Technologies
2008-03-05 08:57 . 2008-03-05 08:57 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-03-05 08:55 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-19 20:20 --------- d-----w C:\Program Files\ESET
2008-03-19 15:59 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2008-03-19 15:59 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2008-03-19 15:59 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2008-03-19 09:49 85,520 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-03-19 07:57 --------- d-----w C:\Documents and Settings\teber\Application Data\Vidalia
2008-03-18 09:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-16 09:06 --------- d-----w C:\Program Files\Everest Poker
2008-03-16 08:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-13 19:28 --------- d-----w C:\Program Files\MSN Messenger
2008-03-10 19:45 --------- d-----w C:\Documents and Settings\teber\Application Data\Tor
2008-02-07 17:56 --------- d-----w C:\Program Files\CODECS
2008-01-28 18:02 1,409 ----a-w C:\WINDOWS\Fonts\sncf09.fot
2007-03-18 18:21 87,608 ----a-w C:\Documents and Settings\teber\Application Data\ezpinst.exe
2007-03-18 18:21 47,360 ----a-w C:\Documents and Settings\teber\Application Data\pcouffin.sys
2006-09-26 20:10 124,664 ----a-w C:\Documents and Settings\teber\Application Data\GDIPFONTCACHEV1.DAT
2004-08-19 23:09 65,024 --sha-w C:\WINDOWS\system32\asycfilt.dll
2006-08-25 15:51 617,472 --sha-w C:\WINDOWS\system32\comctl32.dll
2004-08-19 23:09 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll
2001-08-28 12:00 57,344 --sha-w C:\WINDOWS\system32\mfc42loc.dll
2004-08-19 23:09 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll
2004-08-19 23:09 343,040 --sha-w C:\WINDOWS\system32\msvcrt.dll
2001-08-28 12:00 253,952 --sha-w C:\WINDOWS\system32\msvcrt20.dll
2007-12-04 18:41 550,912 --sha-w C:\WINDOWS\system32\oleaut32.dll
2004-08-19 23:09 83,456 --sha-w C:\WINDOWS\system32\olepro32.dll
2004-08-19 23:09 30,749 --sha-w C:\WINDOWS\system32\vbajet32.dll
1999-01-28 10:40 368,912 --sha-w C:\WINDOWS\system32\Vbar332.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="C:\Program Files\MSN\MsgPlus.exe" [2006-04-16 20:42 190024]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 14:43 7630848]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2001-10-05 15:51 28738]
"EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-01 08:50 28672]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-06-11 18:31 180269]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"nwiz"="nwiz.exe" [2006-08-11 14:43 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 14:43 86016]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-02-09 14:01 77824]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
"Spyware Doctor"="" []
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk
backup=C:\WINDOWS\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Hulk Maximyzer.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Hulk Maximyzer.lnk
backup=C:\WINDOWS\pss\Hulk Maximyzer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Privoxy.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Privoxy.lnk
backup=C:\WINDOWS\pss\Privoxy.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^teber^Menu Démarrer^Programmes^Démarrage^HDDlife.lnk]
path=C:\Documents and Settings\teber\Menu Démarrer\Programmes\Démarrage\HDDlife.lnk
backup=C:\WINDOWS\pss\HDDlife.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^teber^Menu Démarrer^Programmes^Démarrage^Intégrateur PROjectMT 98.lnk]
path=C:\Documents and Settings\teber\Menu Démarrer\Programmes\Démarrage\Intégrateur PROjectMT 98.lnk
backup=C:\WINDOWS\pss\Intégrateur PROjectMT 98.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^teber^Menu Démarrer^Programmes^Démarrage^Programme Garnier Nutritionist.lnk]
path=C:\Documents and Settings\teber\Menu Démarrer\Programmes\Démarrage\Programme Garnier Nutritionist.lnk
backup=C:\WINDOWS\pss\Programme Garnier Nutritionist.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
H:\logiciel\bitdefender\bdagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2005-09-03 14:18 94208 C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper]
H:\logiciel\bitdefender\IEShow.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
--a------ 2001-11-15 11:08 1216512 C:\WINDOWS\mixer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 11:48 157592 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2004-02-09 14:01 77824 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-01-30 11:30 19486248 H:\logiciel\skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-11-09 15:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
-ra------ 2006-06-06 09:07 40960 C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
--a------ 2006-07-07 20:58 8915456 H:\logiciel\T O R\Vidalia\vidalia.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2005-11-15 20:31 33792 C:\Program Files\Winamp\winampa.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\soulseek\\slsk.exe"=
"C:\\KAZAA\\Kazaa Lite K++\\KazaaLite.kpp"=
"C:\\AIM\\aim.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"H:\\Freeplayer\\vlc\\vlc.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"H:\\logiciel\\vlc freebox tv\\VLC\\vlc.exe"=
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"C:\\visionneuse\\Avant Browser\\avant.exe"=
"H:\\logiciel\\emule 0.47c xtreme 5.4\\emule.exe"=
"H:\\logiciel\\emule 0.47c beba v1.2\\emule.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"H:\\logiciel\\skype\\Phone\\Skype.exe"=
"H:\\logiciel\\emule 0.48a\\eMule.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"4669:TCP"= 4669:TCP:emule tcp
"5555:UDP"= 5555:UDP:emule udp
"6346:TCP"= 6346:TCP:shareaza
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-03-19 10:49]
R3 ham50;V9X HAM 1394V;C:\WINDOWS\system32\DRIVERS\CTXH51.sys [2001-08-04 16:50]
S2 Fswsclds;F-Secure Windows Security Center Legacy Detection Service;C:\Program Files\F-Secure Internet Security\fswsclds.exe []
S2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2002-01-29 23:42]
S2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2002-01-29 23:42]
S3 adiusbae;USB ADSL LAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbae.sys []
S3 CH341SER;CH341SER;C:\WINDOWS\system32\Drivers\CH341SER.SYS [2006-06-05 00:00]
S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 11:35]
S3 ids0004C;ids0004C;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0004C.sys []
S3 ids0005c;ids0005c;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0005c.sys []
S3 MBAMCatchMe;MBAMCatchMe;H:\logiciel\malware\Malwarebytes' Anti-Malware\catchme.sys [2008-03-09 17:29]
S3 musbehco;musbehco;C:\DOCUME~1\teber\LOCALS~1\Temp\musbehco.sys []
S3 nvcfsr;nvcfsr;C:\NORMAN VIRUS CONTROL\nvc\BIN\nvcfsr.sys []
S3 nvcoafl51;nvcoafl51;C:\NORMAN VIRUS CONTROL\nvc\BIN\nvcoafl51.sys []
S3 USBModem000;LGE Mobile USB Modem TC;C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-04 07:08]
S3 V0090VID;Creative WebCam Vista Plus;C:\WINDOWS\system32\DRIVERS\V0090Vid.sys [2004-09-06 02:00]
S3 viafilter;VIA USB Filter;C:\WINDOWS\system32\Drivers\viausb.sys [2001-08-21 05:11]
S3 Wdm1;USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc.sys [2001-12-13 14:35]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d116a174-8775-11db-9aae-0010dc21fba9}]
\Shell\AutoRun\command - I:\autorun.exe
*Newly Created Service* - AVGNTFLT
*Newly Created Service* - SSMDRV
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{32D08D3D-0C7E-2D2B-6A6E-85C8A618B1A7}]
C:\WINDOWS\System32\Dractx.exe 2
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-16 22:12:21 C:\WINDOWS\Tasks\At1.job"
- C:\Documents
"2008-03-16 22:12:23 C:\WINDOWS\Tasks\At2.job"
- C:\Documents
"2008-03-16 22:12:27 C:\WINDOWS\Tasks\At3.job"
- C:\Documents
"2008-03-14 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- H:\fichier compresser\SystemOptimizer.exe
"2008-03-18 21:54:33 C:\WINDOWS\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_BERTRAND_teber.job"
- C:\WINDOWS\system32\mobsync.exeC /Schedule=
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 21:29:11
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
Temps d'accomplissement: 2008-03-19 21:30:50
ComboFix-quarantined-files.txt 2008-03-19 20:29:58
ComboFix2.txt 2008-03-19 19:15:58
ComboFix3.txt 2008-03-18 20:37:24
.
2008-03-12 20:11:30 --- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 21:33:07, on 19/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\HPZipm12.exe
H:\logiciel\spyware doctor\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\snmp.exe
H:\fichier compresser\changeur fond d'ecran\Data\CFE TrayIcon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\visionneuse\Avant Browser\avant.exe
H:\logiciel\hijack this\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - H:\logiciel\SPYWAR~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - blank (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - H:\logiciel\SPYWAR~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MSN\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: CFE TrayIcon.lnk = H:\fichier compresser\changeur fond d'ecran\Data\CFE TrayIcon.exe
O4 - Startup: CFE.lnk = H:\fichier compresser\changeur fond d'ecran\Data\CFE.exe
O8 - Extra context menu item: Bloquer ce serveur... - C:\visionneuse\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Bloquer cette publicité... - C:\visionneuse\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir tous les liens de la page... - C:\visionneuse\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Personnaliser - c:\reverso\promtie4\options.htm
O8 - Extra context menu item: Rechercher sur Internet - c:\reverso\promtie4\search.htm
O8 - Extra context menu item: Rechercher sur le Web... - C:\visionneuse\Avant Browser\Search.htm
O8 - Extra context menu item: Surligner - C:\visionneuse\Avant Browser\Highlight.htm
O8 - Extra context menu item: Traduire - c:\reverso\promtie4\translat.htm
O8 - Extra context menu item: Traduire dans WebView - c:\reverso\promtie4\webview.htm
O8 - Extra context menu item: Traduire la page - c:\reverso\promtie4\page.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - H:\logiciel\SPYWAR~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe (file missing)
O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - c:\reverso\promtie4\promtie5.htm
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - c:\reverso\promtie4\promtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - c:\reverso\promtie4\options.htm
O9 - Extra 'Tools' menuitem: Personnalisez traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - c:\reverso\promtie4\options.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/2575a1141fef8049c006/netzip/RdxIE6...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall....
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-fe252e6120df2123.spaces.live.com/PhotoUpload...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - Unknown owner - C:\Program Files\F-Secure Internet Security\fswsclds.exe (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NTSVCMGR - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe (file missing)
O23 - Service: Norman Virus Control on-access component (nvcoas) - Unknown owner - (no file)
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - H:\logiciel\spyware doctor\Spyware Doctor\sdhelp.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - H:\logiciel\bitdefender\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Scan saved at 21:33:07, on 19/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\HPZipm12.exe
H:\logiciel\spyware doctor\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\snmp.exe
H:\fichier compresser\changeur fond d'ecran\Data\CFE TrayIcon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\visionneuse\Avant Browser\avant.exe
H:\logiciel\hijack this\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - H:\logiciel\SPYWAR~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - blank (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - H:\logiciel\SPYWAR~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MSN\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: CFE TrayIcon.lnk = H:\fichier compresser\changeur fond d'ecran\Data\CFE TrayIcon.exe
O4 - Startup: CFE.lnk = H:\fichier compresser\changeur fond d'ecran\Data\CFE.exe
O8 - Extra context menu item: Bloquer ce serveur... - C:\visionneuse\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Bloquer cette publicité... - C:\visionneuse\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir tous les liens de la page... - C:\visionneuse\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Personnaliser - c:\reverso\promtie4\options.htm
O8 - Extra context menu item: Rechercher sur Internet - c:\reverso\promtie4\search.htm
O8 - Extra context menu item: Rechercher sur le Web... - C:\visionneuse\Avant Browser\Search.htm
O8 - Extra context menu item: Surligner - C:\visionneuse\Avant Browser\Highlight.htm
O8 - Extra context menu item: Traduire - c:\reverso\promtie4\translat.htm
O8 - Extra context menu item: Traduire dans WebView - c:\reverso\promtie4\webview.htm
O8 - Extra context menu item: Traduire la page - c:\reverso\promtie4\page.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - H:\logiciel\SPYWAR~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe (file missing)
O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - c:\reverso\promtie4\promtie5.htm
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - c:\reverso\promtie4\promtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - c:\reverso\promtie4\options.htm
O9 - Extra 'Tools' menuitem: Personnalisez traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - c:\reverso\promtie4\options.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/2575a1141fef8049c006/netzip/RdxIE6...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall....
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-fe252e6120df2123.spaces.live.com/PhotoUpload...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - Unknown owner - C:\Program Files\F-Secure Internet Security\fswsclds.exe (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NTSVCMGR - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe (file missing)
O23 - Service: Norman Virus Control on-access component (nvcoas) - Unknown owner - (no file)
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - H:\logiciel\spyware doctor\Spyware Doctor\sdhelp.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - H:\logiciel\bitdefender\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Re,
Fix les lignes dans le cadre ci-dessous avec Hijackthis : AIDE EN IMAGES
&
Télécharge MalwareBytes' Anti-Malwares![]()
< ici
Double clique sur mbam-setup.exe pour lancer l'installation
Autorise le téléchargement des mises à jour !
Redémarre en mode sans echec ( > Mode Sans Echec < )
Double clique sur le raccourci Malwarebytes présent sur ton bureau
Coche Exécuter un examen complet , puis clique sur [Rechercher]
A la fin du scan , clique sur [Afficher les resultats]
Si objets infectés sont trouvés , clique sur [Supprimer la sélection]
Poste le rapport ( il se trouve aussi dans l'onglet Rapports/Logs )
Fix les lignes dans le cadre ci-dessous avec Hijackthis : AIDE EN IMAGES
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O23 - Service: NTSVCMGR - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe (file missing)
O23 - Service: Norman Virus Control on-access component (nvcoas) - Unknown owner - (no file)
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - (no file)
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O23 - Service: NTSVCMGR - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe (file missing)
O23 - Service: Norman Virus Control on-access component (nvcoas) - Unknown owner - (no file)
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - (no file)
&
Télécharge MalwareBytes' Anti-Malwares
< iciDouble clique sur mbam-setup.exe pour lancer l'installation
Autorise le téléchargement des mises à jour !
Redémarre en mode sans echec ( > Mode Sans Echec < )
Double clique sur le raccourci Malwarebytes présent sur ton bureau
Coche Exécuter un examen complet , puis clique sur [Rechercher]
A la fin du scan , clique sur [Afficher les resultats]
Si objets infectés sont trouvés , clique sur [Supprimer la sélection]
Poste le rapport ( il se trouve aussi dans l'onglet Rapports/Logs )
Malwarebytes' Anti-Malware 1.08
Version de la base de données: 501
Type de recherche: Examen complet (C:\|)
Eléments examinés: 108421
Temps écoulé: 32 minute(s), 34 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Casino (Adware.Casino) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Version de la base de données: 501
Type de recherche: Examen complet (C:\|)
Eléments examinés: 108421
Temps écoulé: 32 minute(s), 34 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Casino (Adware.Casino) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Logfile of HijackThis v1.99.1
Scan saved at 21:00:37, on 20/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
H:\logiciel\spyware doctor\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
H:\fichier compresser\changeur fond d'ecran\Data\CFE TrayIcon.exe
C:\WINDOWS\System32\alg.exe
C:\visionneuse\Avant Browser\avant.exe
H:\logiciel\ciboxtools\CiBoxTools.exe
H:\logiciel\hijack this\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - H:\logiciel\SPYWAR~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - blank (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - H:\logiciel\SPYWAR~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MSN\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: CFE TrayIcon.lnk = H:\fichier compresser\changeur fond d'ecran\Data\CFE TrayIcon.exe
O4 - Startup: CFE.lnk = H:\fichier compresser\changeur fond d'ecran\Data\CFE.exe
O8 - Extra context menu item: Bloquer ce serveur... - C:\visionneuse\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Bloquer cette publicité... - C:\visionneuse\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir tous les liens de la page... - C:\visionneuse\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Personnaliser - c:\reverso\promtie4\options.htm
O8 - Extra context menu item: Rechercher sur Internet - c:\reverso\promtie4\search.htm
O8 - Extra context menu item: Rechercher sur le Web... - C:\visionneuse\Avant Browser\Search.htm
O8 - Extra context menu item: Surligner - C:\visionneuse\Avant Browser\Highlight.htm
O8 - Extra context menu item: Traduire - c:\reverso\promtie4\translat.htm
O8 - Extra context menu item: Traduire dans WebView - c:\reverso\promtie4\webview.htm
O8 - Extra context menu item: Traduire la page - c:\reverso\promtie4\page.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - H:\logiciel\SPYWAR~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe (file missing)
O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - c:\reverso\promtie4\promtie5.htm
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - c:\reverso\promtie4\promtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - c:\reverso\promtie4\options.htm
O9 - Extra 'Tools' menuitem: Personnalisez traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - c:\reverso\promtie4\options.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/2575a1141fef8049c006/netzip/RdxIE6...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall....
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-fe252e6120df2123.spaces.live.com/PhotoUpload...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - Unknown owner - C:\Program Files\F-Secure Internet Security\fswsclds.exe (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Norman Virus Control on-access component (nvcoas) - Unknown owner - (no file)
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - H:\logiciel\spyware doctor\Spyware Doctor\sdhelp.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - H:\logiciel\bitdefender\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Scan saved at 21:00:37, on 20/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
H:\logiciel\spyware doctor\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
H:\fichier compresser\changeur fond d'ecran\Data\CFE TrayIcon.exe
C:\WINDOWS\System32\alg.exe
C:\visionneuse\Avant Browser\avant.exe
H:\logiciel\ciboxtools\CiBoxTools.exe
H:\logiciel\hijack this\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - H:\logiciel\SPYWAR~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - blank (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - H:\logiciel\SPYWAR~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MSN\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: CFE TrayIcon.lnk = H:\fichier compresser\changeur fond d'ecran\Data\CFE TrayIcon.exe
O4 - Startup: CFE.lnk = H:\fichier compresser\changeur fond d'ecran\Data\CFE.exe
O8 - Extra context menu item: Bloquer ce serveur... - C:\visionneuse\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Bloquer cette publicité... - C:\visionneuse\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir tous les liens de la page... - C:\visionneuse\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Personnaliser - c:\reverso\promtie4\options.htm
O8 - Extra context menu item: Rechercher sur Internet - c:\reverso\promtie4\search.htm
O8 - Extra context menu item: Rechercher sur le Web... - C:\visionneuse\Avant Browser\Search.htm
O8 - Extra context menu item: Surligner - C:\visionneuse\Avant Browser\Highlight.htm
O8 - Extra context menu item: Traduire - c:\reverso\promtie4\translat.htm
O8 - Extra context menu item: Traduire dans WebView - c:\reverso\promtie4\webview.htm
O8 - Extra context menu item: Traduire la page - c:\reverso\promtie4\page.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - H:\logiciel\SPYWAR~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe (file missing)
O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - c:\reverso\promtie4\promtie5.htm
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - c:\reverso\promtie4\promtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - c:\reverso\promtie4\options.htm
O9 - Extra 'Tools' menuitem: Personnalisez traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - c:\reverso\promtie4\options.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/2575a1141fef8049c006/netzip/RdxIE6...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall....
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-fe252e6120df2123.spaces.live.com/PhotoUpload...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - Unknown owner - C:\Program Files\F-Secure Internet Security\fswsclds.exe (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Norman Virus Control on-access component (nvcoas) - Unknown owner - (no file)
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - H:\logiciel\spyware doctor\Spyware Doctor\sdhelp.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - H:\logiciel\bitdefender\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)
On termine ![;)]( ";)")
Télécharge ToolsCleaner sur ton Bureau.
Clique sur Recherche et laisse le scan se terminer.
Clique sur Suppression pour finaliser.
Clique sur Quitter, pour que le rapport puisse se créer.
Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\)
Désactive puis réactive la restauration du système : Voir aide
Ajoute maintenant [Résolu] au titre. Pour cela :
* Clique, dans ton premier message, sur le bouton "Editer"![]()
* Rajoute la mention [Résolu] au titre
* Clique ensuite sur "Valider votre message"
Lis le dossier dossier sur la prévention et la protection pour ne plus avoir ce genre de problème en cliquant sur l'image ci-dessous :
![]()
Désactive puis réactive la restauration du système : Voir aide
Ajoute maintenant [Résolu] au titre. Pour cela :
* Clique, dans ton premier message, sur le bouton "Editer"
* Rajoute la mention [Résolu] au titre
* Clique ensuite sur "Valider votre message"
Lis le dossier dossier sur la prévention et la protection pour ne plus avoir ce genre de problème en cliquant sur l'image ci-dessous :
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumVirus virtumonde rapport hijackthis
- ForumVirus virtumonde trojan.vundo
- ForumProbleme virus virtumonde cooki traceur.
- ForumVirus virtumonde aider moi svp
- ForumVirus virtumonde, win32 trojan-gen et co.
- ForumRapport suite a un virus virtumonde trojan
- ForumSos virus ou trojan virtumonde
- ForumVirus trojan virtumonde
- ForumVirus vundo virtumonde
- ForumVirus infecte par virtumonde apparement
- Voir plus
