Virus TR/Vudo et TR/Crypt.cfi.gen
Elhan
Messages postés
58
Statut
Membre
-
Elhan Messages postés 58 Statut Membre -
Elhan Messages postés 58 Statut Membre -
Bonjour,
Mon antivirus Avira m'a détecté ces Virus: TR/Vundo.Gen et TR/Crypt.CFI.Gen. Comment puis-je les enlever?
Voici un rapport Hi Jack This:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:19:26, on 01/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Labtec\Keyboard\V5.1\kbdap32a.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.mini20.com/?tm=1&kw=Secure+Web+Search+Engine&KW1=Secure%20Web%20Search%20Engine&KW2=Best%20Malware%20Detection%20And%20Removal%20Software&searchbox=0&domainname=0&backfill=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Labtec\Keyboard\V5.1\kbdap32a.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://www.gamenext.fr/online/online2/zuma/oberongamesloader.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Mon antivirus Avira m'a détecté ces Virus: TR/Vundo.Gen et TR/Crypt.CFI.Gen. Comment puis-je les enlever?
Voici un rapport Hi Jack This:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:19:26, on 01/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Labtec\Keyboard\V5.1\kbdap32a.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.mini20.com/?tm=1&kw=Secure+Web+Search+Engine&KW1=Secure%20Web%20Search%20Engine&KW2=Best%20Malware%20Detection%20And%20Removal%20Software&searchbox=0&domainname=0&backfill=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Labtec\Keyboard\V5.1\kbdap32a.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://www.gamenext.fr/online/online2/zuma/oberongamesloader.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
A voir également:
- Virus TR/Vudo et TR/Crypt.cfi.gen
- Virus mcafee - Accueil - Piratage
- Sennheiser tr 4200 notice - Forum Casque et écouteurs
- Sennheiser tr 120 mode d'emploi - Forum TV & Vidéo
- Tr signification ✓ - Forum Loisirs / Divertissements
- Artemis virus - Forum Virus
7 réponses
bonjours,
comment ils s'appellent et ou sont-ils sur le disque ces infections
Téléchargez RSIT (de random/random) sur votre bureau :
http://images.malwareremoval.com/random/RSIT.exe
• Double cliquez sur RSIT.exe,
• Appuyez sur [Continue] à l'écran « Disclaimer »,
• RSIT téléchargera HijackThis (s’il n’est pas installé) -> acceptez la licence,
>> le rapport Log.txt va s'ouvrir à l'écran..
>> l'autre est dans la barre de tâche, cliquez dessus pour l'ouvrir
► Postez ces rapports disponibles dans C:\RSIT\log.txt & info.txt
comment ils s'appellent et ou sont-ils sur le disque ces infections
Téléchargez RSIT (de random/random) sur votre bureau :
http://images.malwareremoval.com/random/RSIT.exe
• Double cliquez sur RSIT.exe,
• Appuyez sur [Continue] à l'écran « Disclaimer »,
• RSIT téléchargera HijackThis (s’il n’est pas installé) -> acceptez la licence,
>> le rapport Log.txt va s'ouvrir à l'écran..
>> l'autre est dans la barre de tâche, cliquez dessus pour l'ouvrir
► Postez ces rapports disponibles dans C:\RSIT\log.txt & info.txt
Bonjour
Télécharge GenProc http://www.genproc.com/GenProc.exe
double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre
Télécharge GenProc http://www.genproc.com/GenProc.exe
double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre
bonjour merci je poste le rapport qui semble sain mais avira détecte virus
Rapport GenProc 2.617 [1] - 01/09/2009 à 18:47:26
@ Windows XP Service Pack 3 - Mode normal
@ Internet Explorer (8.0.6001.18702) [Navigateur par défaut]
GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :
Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
C:\Program Files\EsetOnlineScanner\log.txt
~~~~ INFORMATION COMPLEMENTAIRE ~~~~
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:48:44, on 01/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Labtec\Keyboard\V5.1\kbdap32a.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\GenProc\outil\vini_GenProc.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.mini20.com/?tm=1&kw=Secure+Web+Search+Engine&KW1=Secure%20Web%20Search%20Engine&KW2=Best%20Malware%20Detection%20And%20Removal%20Software&searchbox=0&domainname=0&backfill=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Labtec\Keyboard\V5.1\kbdap32a.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://www.gamenext.fr/online/online2/zuma/oberongamesloader.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Rapport GenProc 2.617 [1] - 01/09/2009 à 18:47:26
@ Windows XP Service Pack 3 - Mode normal
@ Internet Explorer (8.0.6001.18702) [Navigateur par défaut]
GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :
Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
C:\Program Files\EsetOnlineScanner\log.txt
~~~~ INFORMATION COMPLEMENTAIRE ~~~~
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:48:44, on 01/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Labtec\Keyboard\V5.1\kbdap32a.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\GenProc\outil\vini_GenProc.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.mini20.com/?tm=1&kw=Secure+Web+Search+Engine&KW1=Secure%20Web%20Search%20Engine&KW2=Best%20Malware%20Detection%20And%20Removal%20Software&searchbox=0&domainname=0&backfill=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Labtec\Keyboard\V5.1\kbdap32a.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://www.gamenext.fr/online/online2/zuma/oberongamesloader.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
[*] Télécharge combofix (sUBs) http://download.bleepingcomputer.com/sUBs/ComboFix.exe sur ton Bureau
[*] Double clique combofix.exe et suis les instructions.
[*] Installe la console de récupération si proposé et continue.
[*] Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
[*] Double clique combofix.exe et suis les instructions.
[*] Installe la console de récupération si proposé et continue.
[*] Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
voila le scan , il dit qu il ya pas de console mais il m'a pas proposé de l'installer pourquoi? merci encore
ComboFix 09-08-31.04 - vini 01/09/2009 19:26.1.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.543 [GMT 2:00]
Running from: c:\documents and settings\vini\Bureau\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-1085031214-1708537768-1957994488-1002
c:\windows\Installer\2e4ee2e.msp
c:\windows\sysdat.dll
c:\windows\system32\AVSredirect.dll
c:\windows\system32\Sp3.dll
.
((((((((((((((((((((((((( Files Created from 2009-08-01 to 2009-09-01 )))))))))))))))))))))))))))))))
.
2009-09-01 16:47 . 2009-09-01 16:47 -------- d-----w- C:\GenProc
2009-09-01 11:11 . 2009-09-01 11:11 -------- d-----w- c:\program files\Trend Micro
2009-09-01 06:27 . 2009-09-01 06:27 -------- d-----r- c:\documents and settings\LocalService\Favoris
2009-08-27 22:08 . 2009-08-27 22:08 -------- d-----w- C:\AeriaGames
2009-08-27 22:01 . 2009-08-27 22:01 -------- d-----w- c:\documents and settings\vini\Application Data\InstallShield
2009-08-25 11:32 . 2007-05-17 15:30 318976 ----a-w- c:\windows\system32\avisynth.dll
2009-08-25 11:32 . 2004-02-22 08:11 719872 ----a-w- c:\windows\system32\devil.dll
2009-08-25 11:32 . 2004-01-24 22:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2009-08-25 11:32 . 2004-01-24 22:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2009-08-25 11:32 . 2009-08-25 11:32 -------- d-----w- c:\program files\AviSynth 2.5
2009-08-25 11:31 . 2009-08-25 11:31 -------- d-----w- c:\program files\eRightSoft
2009-08-14 15:09 . 2009-08-14 15:09 1961720 ----a-w- c:\documents and settings\vini\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-08-12 18:47 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-11 20:33 . 2009-08-11 20:33 278984 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-08-11 20:33 . 2009-08-11 20:33 25416 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-08-10 18:41 . 2009-08-10 18:41 -------- d-----w- c:\program files\ProtectDisc Driver Installer
2009-08-10 18:40 . 2009-08-10 18:40 3112408 ----a-w- c:\documents and settings\vini\Application Data\ProtectDisc\pe17af2e81.dll
2009-08-10 18:40 . 2009-08-10 18:40 -------- d-----w- c:\documents and settings\vini\Application Data\ProtectDisc
2009-08-06 22:28 . 2009-08-06 22:28 152576 ----a-w- c:\documents and settings\vini\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-06 22:15 . 2009-08-06 22:15 -------- d-----w- C:\c1321aae1c0aea1d7a96
2009-08-06 22:13 . 2009-08-06 22:13 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-06 22:12 . 2009-08-06 22:12 -------- d-----w- c:\program files\Reference Assemblies
2009-08-06 22:12 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-06 22:12 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-06 22:12 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-06 22:12 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-06 22:12 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-06 22:12 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-06 22:12 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-06 22:12 . 2009-08-06 22:12 -------- d-----w- C:\8bc84dfaeb715b3ac3f23478
2009-08-06 22:11 . 2009-08-06 22:20 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-05 09:00 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-01 05:02 . 2009-04-17 19:12 -------- d-----w- c:\documents and settings\vini\Application Data\uTorrent
2009-09-01 04:50 . 2008-05-10 15:58 -------- d-----w- c:\documents and settings\vini\Application Data\OpenOffice.org2
2009-08-27 22:08 . 2006-08-27 16:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-18 19:10 . 2009-07-15 09:01 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-12 21:07 . 2009-07-13 05:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-10 18:33 . 2007-04-22 13:25 -------- d-----w- c:\program files\Ubisoft
2009-08-07 09:34 . 2006-08-27 16:13 74312 -c--a-w- c:\documents and settings\vini\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-07 00:00 . 2002-08-30 12:00 82068 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-07 00:00 . 2002-08-30 12:00 504118 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-05 09:00 . 2002-08-30 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-01 10:27 . 2009-07-21 10:02 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-31 20:23 . 2009-06-16 13:28 -------- d-----w- c:\program files\eMule
2009-07-29 07:23 . 2007-03-31 18:49 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-27 19:56 . 2009-07-27 19:56 24638 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\_\_crt_scratch.960d1fa68750fa010e573df52f42c947.dll
2009-07-27 19:56 . 2009-07-27 19:56 114822 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\_\_crt_progcyberstud.e038aa28085a77aa97b543eea1b2f3b9.dll
2009-07-27 19:56 . 2009-07-27 19:56 73811 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\_\_crt_mhblackjack.031a97dbfc22ce8c3c008e321e750432.dll
2009-07-27 19:56 . 2009-07-27 19:56 41013 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\_\_crt_cyberstud.1b8f431ce9dfe38861b98045dc7bc82c.dll
2009-07-27 19:55 . 2009-07-27 19:55 393216 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\f\flyingwitchbonus.178abae7811f3ce106a1068e2f8e83aa.dll
2009-07-27 19:54 . 2009-07-27 19:54 352256 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\spinningwandbonus.71b441eaf88d72b917384cc517583ca7.dll
2009-07-27 19:53 . 2009-07-27 19:53 348432 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\w\whatonearth.0a3ab3633f8df69ecc1bb0d848f47412.dll
2009-07-27 19:53 . 2009-07-27 19:53 352528 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\w\whatonearthxxx.b1cc356ee36fb84ac5c9eca977aa894a.dll
2009-07-27 19:53 . 2009-07-27 19:53 250128 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\w\whatonearthbonus.4a3c41468d5b693ba49db2c04b228a66.dll
2009-07-27 19:52 . 2009-07-27 19:52 221456 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\v\vegascrapsxxx.9260625f65eb4bc5b68e6b446a4be9ec.dll
2009-07-27 19:52 . 2009-07-27 19:52 110592 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\v\vegascraps.b5db027e00863192286f05af6c1d7fd0.dll
2009-07-27 19:52 . 2009-07-27 19:52 114688 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\u\usroulette.111677cc695657a0c9a392432a7a3d55.dll
2009-07-27 19:48 . 2009-07-27 19:48 499984 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\g\greatgalaxycasinobonus.55dde164a6c32cf7a5be1bb8e3746043.dll
2009-07-27 19:45 . 2009-07-27 19:45 700416 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\p\pickuntilcollectbonus.07d287f25bba4ccba9ff2af0dedb4455.dll
2009-07-27 19:45 . 2009-07-27 19:45 380928 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\p\pickuntilcollectbonus_tggg.e66cbfaf93bc06e345be6dacdf926516.dll
2009-07-27 19:43 . 2009-07-27 19:43 380928 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\superfun21blackjack.fc65bebd8cad283071824009b0f58e18.dll
2009-07-27 19:35 . 2009-07-27 19:35 65536 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\sizzlingscorpionsbonus.b810fd9a6f22045661d97e29b7b598bb.dll
2009-07-27 19:34 . 2009-07-27 19:34 151552 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\sicbo.947b265d4f68e9c480664c57d59ab47c.dll
2009-07-27 19:33 . 2009-07-27 19:33 131072 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\r\rouletteroyale.78fbb4e6860f34eb015928fa5c78c605.dll
2009-07-27 19:30 . 2009-07-27 19:30 245760 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\p\pokerride.0e46f0612786991e4a026d6c70ac2e93.dll
2009-07-27 19:30 . 2009-07-27 19:30 188416 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\p\pokerpursuit.99406aaa92216ca4bca884748c50551a.dll
2009-07-27 19:28 . 2009-07-27 19:28 1024000 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickxofychoicebonus_summerholiday.2f3c0065ff052710ed0c13651e2571da.dll
2009-07-27 19:27 . 2009-07-27 19:27 495888 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickxofychoicebonus.281bc5f32411b92464f05fd4a21f7e74.dll
2009-07-27 19:25 . 2009-07-27 19:25 376832 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\v\vegasstripblackjack.59f244d12616734754d6150b8b007a01.dll
2009-07-27 19:25 . 2009-07-27 19:25 380928 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\v\vegasdowntownblackjack.e7dba3d00f62f28aeb42af2519700caa.dll
2009-07-27 19:25 . 2009-07-27 19:25 376832 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\spanishblackjack.8c2ac90e8c4bbda7817e074b224d622e.dll
2009-07-27 19:24 . 2009-07-27 19:24 217360 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bonusmhblackjack.84d4657d317de829d176ac2f1af5d8c4.dll
2009-07-27 19:24 . 2009-07-27 19:24 311568 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bonusmhblackjackxxx.c3b991b53ad6a9558a283150df84299e.dll
2009-07-27 19:24 . 2009-07-27 19:24 126976 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bjstrategyui1.f6bf7f52301739c715fb0c01374c3b3a.dll
2009-07-27 19:24 . 2009-07-27 19:24 323856 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedmhblackjack1xxx.2ee620ed3209d6b2b80e783d95ac27ee.dll
2009-07-27 19:24 . 2009-07-27 19:24 241936 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedmhblackjack1.083be9c67a155a097b96aea9ddb29706.dll
2009-07-27 19:24 . 2009-07-27 19:24 49152 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bjstrategylogic1.0ce35352c4c4658d12c59ec38c70398a.dll
2009-07-27 19:24 . 2009-07-27 19:24 172032 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\m\mh3cardpokerxxx.74afec728d946d3f7f15d0772542ef3f.dll
2009-07-27 19:24 . 2009-07-27 19:24 159744 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\m\mh3cardpokerplugin.66fb6927c2425fa0482becdc7c24f0ef.dll
2009-07-27 19:18 . 2009-07-27 19:18 45169 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\l\luckycharmerbonus.daf5f53b45ca201c513cbb5bf382c914.dll
2009-07-27 19:15 . 2009-07-27 19:15 597255 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\k\kingcashalotxxx.c39a8168a9332a44195dceea7cc4b4a3.dll
2009-07-27 19:15 . 2009-07-27 19:15 348160 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\k\kingbonus.7b606bae550d65659343cca3e8d37f6c.dll
2009-07-27 19:15 . 2009-07-27 19:15 159744 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\k\kingcashalot.da5002763205d34a8b2c0e18774e93d3.dll
2009-07-27 19:14 . 2009-07-27 19:14 368912 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\r\reelstrikexxx.f6ecb9684e1be3d30a84d6ce47725e8a.dll
2009-07-27 19:14 . 2009-07-27 19:14 151824 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\r\reelstrikebonus.352846d26cf4c594dafc9b9ea0b478be.dll
2009-07-27 19:14 . 2009-07-27 19:14 307472 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\r\reelstrikeslot.263bf62c0114cead1f4829bc52d84b9f.dll
2009-07-27 19:13 . 2009-07-27 19:13 250128 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\p\progvideopokersuite1.ce769cc09824fe1c736c64a0ed38ed89.dll
2009-07-27 19:10 . 2009-07-27 19:10 348432 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\h\hitmancontractbonus.5bb25297e42b173d7ee73dcb3a8888c7.dll
2009-07-27 18:59 . 2009-07-27 18:59 581904 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\l\levelbonus.f133a53ea3279bce1fc3bc7aa9ad6839.dll
2009-07-27 18:55 . 2009-07-27 18:55 274704 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\secretadmirerxxx.b82b0093b453bf095401cf169803f6f6.dll
2009-07-27 18:54 . 2009-07-27 18:54 270608 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\secretadmirer.8a58ed349e595e616819333c365b431d.dll
2009-07-27 18:54 . 2009-07-27 18:54 94208 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\statsgeneralplugin.efa02b50f3fc7221b8a2e25b6f85e7f2.dll
2009-07-27 18:54 . 2009-07-27 18:54 602112 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\g\goldseriestriplepocketholdemplugin.8bab8c085fa07ba1585b7c1441b0a6b2.dll
2009-07-27 18:54 . 2009-07-27 18:54 528384 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\g\goldseriestriplepocketholdemxxx.ecf01ad5591cce11875fb8851db8f0d5.dll
2009-07-27 18:54 . 2009-07-27 18:54 204800 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\g\goldseriesholdemhighxxx.952c8bca9c65081665f10ce586bc602b.dll
2009-07-27 18:54 . 2009-07-27 18:54 241664 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\g\goldseriesholdemhighplugin.bdcc6d12f3f414250e83fa84f22c5a5c.dll
2009-07-27 18:54 . 2009-07-27 18:54 49152 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bjghighstreakstrategylogic1.191efcf9140c2fe6e0f5d9a976a4dc62.dll
2009-07-27 18:54 . 2009-07-27 18:54 221184 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bjghighstreakxxx.b4ec12e8f6a82be74843d2bd8895d089.dll
2009-07-27 18:54 . 2009-07-27 18:54 98304 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bjghighstreakautoplayplugin.daa7cf372053cea211edcbea65d22b12.dll
2009-07-27 18:54 . 2009-07-27 18:54 417792 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bjghighstreakplugin.3e93030461895e6c47198d045c8d1cf9.dll
2009-07-27 18:54 . 2009-07-27 18:54 106496 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bjghighstreakstatsplugin.145ee00ec8a028833dd329dab350af61.dll
2009-07-27 18:54 . 2009-07-27 18:54 126976 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bjghighstreakstrategyui1.57392ae0d395ad2b922b909eeea4d57f.dll
2009-07-27 18:53 . 2009-07-27 18:53 225280 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\g\goldseriesmh3cardpokerxxx.f90691784645d2d0d637d253e6b6f397.dll
2009-07-27 18:53 . 2009-07-27 18:53 262144 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\g\goldseriesmh3cardpokerplugin.5a185095e975ba0cdfe6e7400fcb7d4e.dll
2009-07-27 18:51 . 2009-07-27 18:51 422160 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\g\goldengoosecardbonus.beed9ae47c0c2568c714185c758d7916.dll
2009-07-27 18:51 . 2009-07-27 18:51 426256 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\g\goldengoosemoneybonus.88773b38efa085f2a6e02577cba4f183.dll
2009-07-27 18:51 . 2009-07-27 18:51 418064 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\g\goldengoosexofybonus.88892da50485f0c014ab42fcd341989f.dll
2009-07-27 18:51 . 2009-07-27 18:51 409872 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\g\goldengoosecreditsbonus.2a4f48ff11fe7f483cd4c2a21c9fbcac.dll
2009-07-27 18:50 . 2009-07-27 18:50 122880 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\f\frenchroulette.181434980597f8ff07c31ab5432ab080.dll
2009-07-27 18:45 . 2009-07-27 18:45 942080 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\f\flightzonebonus.bb993454d3170414b7655081a3ec7db9.dll
2009-07-27 18:41 . 2009-07-27 18:41 32768 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\_\_crt_keno.ed975aa9c9bb5e5ec89c8ffeee254e8a.dll
2009-07-27 18:41 . 2009-07-27 18:41 32834 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\_\_crt_baccarat.a090413d6195a12421945ded5707d93f.dll
2009-07-27 18:39 . 2009-07-27 18:39 233472 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bjstrategyui1.5a2f52359fe99e4484435bbaf8f92b30.dll
2009-07-27 18:39 . 2009-07-27 18:39 225280 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bjgoldautoplayplugin.9e04124b2f25d98a562d14260b995f0c.dll
2009-07-27 18:39 . 2009-07-27 18:39 126976 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\m\mhbjstrategyui1.95a00a7e6658ab8736067b646ccd9783.dll
2009-07-27 18:39 . 2009-07-27 18:39 589824 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bjgoldplugin.30ebac308b430f373d22851023dddb58.dll
2009-07-27 18:39 . 2009-07-27 18:39 512000 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bjgoldxxx.098a7b3de069b4b076bd8c2cc92131be.dll
2009-07-27 18:39 . 2009-07-27 18:39 147456 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bjstrategylogic1.cae96e5e68740973929725d2ac549cc0.dll
2009-07-27 18:39 . 2009-07-27 18:39 413696 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\m\mhbjgoldplugin.5d832144ec1b88e6caeb7446bbe13d54.dll
2009-07-27 18:39 . 2009-07-27 18:39 233472 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bjgoldstatsplugin.67546387f1af1fe46f021dbce8a072f4.dll
2009-07-27 18:39 . 2009-07-27 18:39 225280 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\m\mhbjgoldxxx.042cb38dc856800dc292666302eb33ed.dll
2009-07-27 18:39 . 2009-07-27 18:39 163840 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\g\goldseries_euroroulette.c04add4a4ccdfa99acf5bc9050a74d69.dll
2009-07-27 18:38 . 2009-07-27 18:38 53342 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\blplugin.43df87da33698c32bca7a2698484452d.dll
2009-07-27 18:38 . 2009-07-27 18:38 412685 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\g\goldseries_roulette.1edb0f45625215829abaaca345d96e06.dll
2009-07-24 19:34 . 2009-07-24 19:34 884736 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\f\fatladybonus.1bbd616c1ce52b392c6981c202173fe7.dll
2009-07-24 19:31 . 2009-07-24 19:31 114688 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\e\euroroulette.fa2b524975a5d8bbc30203d094e2b084.dll
2009-07-24 19:31 . 2009-07-24 19:31 45056 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\e\euroblackjackstrategy.9c188ef9cd6c03e5b4bd398d23041cd2.dll
2009-07-24 19:31 . 2009-07-24 19:31 376832 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\e\europeanblackjack.cb403a5bad6b43e2910d2e09c35c47ed.dll
2009-07-24 19:31 . 2009-07-24 19:31 229483 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\e\euroblackjack.6c6f541acc24f3244c0a64fa851edca8.dll
2009-07-24 19:28 . 2009-07-24 19:28 127248 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\m\megaspinsuite1.2def01b8e52d92e08cc8f9a917ea6e80.dll
2009-07-24 19:28 . 2009-07-24 19:28 397312 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\d\doubleexposureblackjack.00416c68a65da9cd4e538e162751f284.dll
2009-07-24 19:23 . 2009-07-24 19:23 40960 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\d\diamonddealbonus.2870129824bd4ab03fe258a72414c9fe.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-08-31 288560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-02-28 315392]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
"OFFICEKB"="c:\program files\Labtec\Keyboard\V5.1\kbdap32a.exe" [2008-01-10 387584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-17 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-11-17 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-11-17 1622016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\vini\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.exe.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-4 113664]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\InstantTouch\\bin\\CmCenterV2.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Games\\Dungeon Siege 2\\DungeonSiege2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"4662:TCP"= 4662:TCP:emule tcp entrant
"4672:UDP"= 4672:UDP:emule udp entrant
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [30/07/2008 07:51 277736]
S3 kbeepm;kbeepm;\??\c:\docume~1\vini\LOCALS~1\Temp\kbeepm.sys --> c:\docume~1\vini\LOCALS~1\Temp\kbeepm.sys [?]
S3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;c:\windows\system32\drivers\WlanUIG.sys [28/08/2006 09:59 379456]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBR
*Deregistered* - avgio
*Deregistered* - avipbb
*Deregistered* - mbr
*Deregistered* - ssmdrv
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.mini20.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} - hxxp://data.jeuxclassiques.com/npwwg.cab
DPF: {E1342154-4889-42B5-BEF6-19237577048F} - hxxp://www.gamenext.fr/online/online2/zuma/oberongamesloader.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
FF - ProfilePath - c:\documents and settings\vini\Application Data\Mozilla\Firefox\Profiles\7ih63rz3.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPplaynet.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-01 19:31
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(620)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-09-01 19:34
ComboFix-quarantined-files.txt 2009-09-01 17:33
Pre-Run: 7 297 966 080 octets libres
Post-Run: 7 382 331 392 octets libres
260 --- E O F --- 2009-08-30 01:01
ComboFix 09-08-31.04 - vini 01/09/2009 19:26.1.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.543 [GMT 2:00]
Running from: c:\documents and settings\vini\Bureau\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-1085031214-1708537768-1957994488-1002
c:\windows\Installer\2e4ee2e.msp
c:\windows\sysdat.dll
c:\windows\system32\AVSredirect.dll
c:\windows\system32\Sp3.dll
.
((((((((((((((((((((((((( Files Created from 2009-08-01 to 2009-09-01 )))))))))))))))))))))))))))))))
.
2009-09-01 16:47 . 2009-09-01 16:47 -------- d-----w- C:\GenProc
2009-09-01 11:11 . 2009-09-01 11:11 -------- d-----w- c:\program files\Trend Micro
2009-09-01 06:27 . 2009-09-01 06:27 -------- d-----r- c:\documents and settings\LocalService\Favoris
2009-08-27 22:08 . 2009-08-27 22:08 -------- d-----w- C:\AeriaGames
2009-08-27 22:01 . 2009-08-27 22:01 -------- d-----w- c:\documents and settings\vini\Application Data\InstallShield
2009-08-25 11:32 . 2007-05-17 15:30 318976 ----a-w- c:\windows\system32\avisynth.dll
2009-08-25 11:32 . 2004-02-22 08:11 719872 ----a-w- c:\windows\system32\devil.dll
2009-08-25 11:32 . 2004-01-24 22:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2009-08-25 11:32 . 2004-01-24 22:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2009-08-25 11:32 . 2009-08-25 11:32 -------- d-----w- c:\program files\AviSynth 2.5
2009-08-25 11:31 . 2009-08-25 11:31 -------- d-----w- c:\program files\eRightSoft
2009-08-14 15:09 . 2009-08-14 15:09 1961720 ----a-w- c:\documents and settings\vini\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-08-12 18:47 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-11 20:33 . 2009-08-11 20:33 278984 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-08-11 20:33 . 2009-08-11 20:33 25416 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-08-10 18:41 . 2009-08-10 18:41 -------- d-----w- c:\program files\ProtectDisc Driver Installer
2009-08-10 18:40 . 2009-08-10 18:40 3112408 ----a-w- c:\documents and settings\vini\Application Data\ProtectDisc\pe17af2e81.dll
2009-08-10 18:40 . 2009-08-10 18:40 -------- d-----w- c:\documents and settings\vini\Application Data\ProtectDisc
2009-08-06 22:28 . 2009-08-06 22:28 152576 ----a-w- c:\documents and settings\vini\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-06 22:15 . 2009-08-06 22:15 -------- d-----w- C:\c1321aae1c0aea1d7a96
2009-08-06 22:13 . 2009-08-06 22:13 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-06 22:12 . 2009-08-06 22:12 -------- d-----w- c:\program files\Reference Assemblies
2009-08-06 22:12 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-06 22:12 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-06 22:12 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-06 22:12 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-06 22:12 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-06 22:12 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-06 22:12 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-06 22:12 . 2009-08-06 22:12 -------- d-----w- C:\8bc84dfaeb715b3ac3f23478
2009-08-06 22:11 . 2009-08-06 22:20 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-05 09:00 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-01 05:02 . 2009-04-17 19:12 -------- d-----w- c:\documents and settings\vini\Application Data\uTorrent
2009-09-01 04:50 . 2008-05-10 15:58 -------- d-----w- c:\documents and settings\vini\Application Data\OpenOffice.org2
2009-08-27 22:08 . 2006-08-27 16:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-18 19:10 . 2009-07-15 09:01 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-12 21:07 . 2009-07-13 05:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-10 18:33 . 2007-04-22 13:25 -------- d-----w- c:\program files\Ubisoft
2009-08-07 09:34 . 2006-08-27 16:13 74312 -c--a-w- c:\documents and settings\vini\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-07 00:00 . 2002-08-30 12:00 82068 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-07 00:00 . 2002-08-30 12:00 504118 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-05 09:00 . 2002-08-30 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-01 10:27 . 2009-07-21 10:02 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-31 20:23 . 2009-06-16 13:28 -------- d-----w- c:\program files\eMule
2009-07-29 07:23 . 2007-03-31 18:49 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-27 19:56 . 2009-07-27 19:56 24638 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\_\_crt_scratch.960d1fa68750fa010e573df52f42c947.dll
2009-07-27 19:56 . 2009-07-27 19:56 114822 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\_\_crt_progcyberstud.e038aa28085a77aa97b543eea1b2f3b9.dll
2009-07-27 19:56 . 2009-07-27 19:56 73811 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\_\_crt_mhblackjack.031a97dbfc22ce8c3c008e321e750432.dll
2009-07-27 19:56 . 2009-07-27 19:56 41013 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\_\_crt_cyberstud.1b8f431ce9dfe38861b98045dc7bc82c.dll
2009-07-27 19:55 . 2009-07-27 19:55 393216 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\f\flyingwitchbonus.178abae7811f3ce106a1068e2f8e83aa.dll
2009-07-27 19:54 . 2009-07-27 19:54 352256 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\spinningwandbonus.71b441eaf88d72b917384cc517583ca7.dll
2009-07-27 19:53 . 2009-07-27 19:53 348432 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\w\whatonearth.0a3ab3633f8df69ecc1bb0d848f47412.dll
2009-07-27 19:53 . 2009-07-27 19:53 352528 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\w\whatonearthxxx.b1cc356ee36fb84ac5c9eca977aa894a.dll
2009-07-27 19:53 . 2009-07-27 19:53 250128 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\w\whatonearthbonus.4a3c41468d5b693ba49db2c04b228a66.dll
2009-07-27 19:52 . 2009-07-27 19:52 221456 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\v\vegascrapsxxx.9260625f65eb4bc5b68e6b446a4be9ec.dll
2009-07-27 19:52 . 2009-07-27 19:52 110592 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\v\vegascraps.b5db027e00863192286f05af6c1d7fd0.dll
2009-07-27 19:52 . 2009-07-27 19:52 114688 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\u\usroulette.111677cc695657a0c9a392432a7a3d55.dll
2009-07-27 19:48 . 2009-07-27 19:48 499984 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\g\greatgalaxycasinobonus.55dde164a6c32cf7a5be1bb8e3746043.dll
2009-07-27 19:45 . 2009-07-27 19:45 700416 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\p\pickuntilcollectbonus.07d287f25bba4ccba9ff2af0dedb4455.dll
2009-07-27 19:45 . 2009-07-27 19:45 380928 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\p\pickuntilcollectbonus_tggg.e66cbfaf93bc06e345be6dacdf926516.dll
2009-07-27 19:43 . 2009-07-27 19:43 380928 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\superfun21blackjack.fc65bebd8cad283071824009b0f58e18.dll
2009-07-27 19:35 . 2009-07-27 19:35 65536 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\sizzlingscorpionsbonus.b810fd9a6f22045661d97e29b7b598bb.dll
2009-07-27 19:34 . 2009-07-27 19:34 151552 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\sicbo.947b265d4f68e9c480664c57d59ab47c.dll
2009-07-27 19:33 . 2009-07-27 19:33 131072 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\r\rouletteroyale.78fbb4e6860f34eb015928fa5c78c605.dll
2009-07-27 19:30 . 2009-07-27 19:30 245760 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\p\pokerride.0e46f0612786991e4a026d6c70ac2e93.dll
2009-07-27 19:30 . 2009-07-27 19:30 188416 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\p\pokerpursuit.99406aaa92216ca4bca884748c50551a.dll
2009-07-27 19:28 . 2009-07-27 19:28 1024000 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickxofychoicebonus_summerholiday.2f3c0065ff052710ed0c13651e2571da.dll
2009-07-27 19:27 . 2009-07-27 19:27 495888 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickxofychoicebonus.281bc5f32411b92464f05fd4a21f7e74.dll
2009-07-27 19:25 . 2009-07-27 19:25 376832 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\v\vegasstripblackjack.59f244d12616734754d6150b8b007a01.dll
2009-07-27 19:25 . 2009-07-27 19:25 380928 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\v\vegasdowntownblackjack.e7dba3d00f62f28aeb42af2519700caa.dll
2009-07-27 19:25 . 2009-07-27 19:25 376832 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\spanishblackjack.8c2ac90e8c4bbda7817e074b224d622e.dll
2009-07-27 19:24 . 2009-07-27 19:24 217360 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bonusmhblackjack.84d4657d317de829d176ac2f1af5d8c4.dll
2009-07-27 19:24 . 2009-07-27 19:24 311568 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bonusmhblackjackxxx.c3b991b53ad6a9558a283150df84299e.dll
2009-07-27 19:24 . 2009-07-27 19:24 126976 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bjstrategyui1.f6bf7f52301739c715fb0c01374c3b3a.dll
2009-07-27 19:24 . 2009-07-27 19:24 323856 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedmhblackjack1xxx.2ee620ed3209d6b2b80e783d95ac27ee.dll
2009-07-27 19:24 . 2009-07-27 19:24 241936 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedmhblackjack1.083be9c67a155a097b96aea9ddb29706.dll
2009-07-27 19:24 . 2009-07-27 19:24 49152 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bjstrategylogic1.0ce35352c4c4658d12c59ec38c70398a.dll
2009-07-27 19:24 . 2009-07-27 19:24 172032 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\m\mh3cardpokerxxx.74afec728d946d3f7f15d0772542ef3f.dll
2009-07-27 19:24 . 2009-07-27 19:24 159744 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\m\mh3cardpokerplugin.66fb6927c2425fa0482becdc7c24f0ef.dll
2009-07-27 19:18 . 2009-07-27 19:18 45169 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\l\luckycharmerbonus.daf5f53b45ca201c513cbb5bf382c914.dll
2009-07-27 19:15 . 2009-07-27 19:15 597255 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\k\kingcashalotxxx.c39a8168a9332a44195dceea7cc4b4a3.dll
2009-07-27 19:15 . 2009-07-27 19:15 348160 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\k\kingbonus.7b606bae550d65659343cca3e8d37f6c.dll
2009-07-27 19:15 . 2009-07-27 19:15 159744 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\k\kingcashalot.da5002763205d34a8b2c0e18774e93d3.dll
2009-07-27 19:14 . 2009-07-27 19:14 368912 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\r\reelstrikexxx.f6ecb9684e1be3d30a84d6ce47725e8a.dll
2009-07-27 19:14 . 2009-07-27 19:14 151824 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\r\reelstrikebonus.352846d26cf4c594dafc9b9ea0b478be.dll
2009-07-27 19:14 . 2009-07-27 19:14 307472 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\r\reelstrikeslot.263bf62c0114cead1f4829bc52d84b9f.dll
2009-07-27 19:13 . 2009-07-27 19:13 250128 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\p\progvideopokersuite1.ce769cc09824fe1c736c64a0ed38ed89.dll
2009-07-27 19:10 . 2009-07-27 19:10 348432 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\h\hitmancontractbonus.5bb25297e42b173d7ee73dcb3a8888c7.dll
2009-07-27 18:59 . 2009-07-27 18:59 581904 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\l\levelbonus.f133a53ea3279bce1fc3bc7aa9ad6839.dll
2009-07-27 18:55 . 2009-07-27 18:55 274704 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\secretadmirerxxx.b82b0093b453bf095401cf169803f6f6.dll
2009-07-27 18:54 . 2009-07-27 18:54 270608 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\secretadmirer.8a58ed349e595e616819333c365b431d.dll
2009-07-27 18:54 . 2009-07-27 18:54 94208 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\statsgeneralplugin.efa02b50f3fc7221b8a2e25b6f85e7f2.dll
2009-07-27 18:54 . 2009-07-27 18:54 602112 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\g\goldseriestriplepocketholdemplugin.8bab8c085fa07ba1585b7c1441b0a6b2.dll
2009-07-27 18:54 . 2009-07-27 18:54 528384 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\g\goldseriestriplepocketholdemxxx.ecf01ad5591cce11875fb8851db8f0d5.dll
2009-07-27 18:54 . 2009-07-27 18:54 204800 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\g\goldseriesholdemhighxxx.952c8bca9c65081665f10ce586bc602b.dll
2009-07-27 18:54 . 2009-07-27 18:54 241664 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\g\goldseriesholdemhighplugin.bdcc6d12f3f414250e83fa84f22c5a5c.dll
2009-07-27 18:54 . 2009-07-27 18:54 49152 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bjghighstreakstrategylogic1.191efcf9140c2fe6e0f5d9a976a4dc62.dll
2009-07-27 18:54 . 2009-07-27 18:54 221184 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bjghighstreakxxx.b4ec12e8f6a82be74843d2bd8895d089.dll
2009-07-27 18:54 . 2009-07-27 18:54 98304 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bjghighstreakautoplayplugin.daa7cf372053cea211edcbea65d22b12.dll
2009-07-27 18:54 . 2009-07-27 18:54 417792 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bjghighstreakplugin.3e93030461895e6c47198d045c8d1cf9.dll
2009-07-27 18:54 . 2009-07-27 18:54 106496 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bjghighstreakstatsplugin.145ee00ec8a028833dd329dab350af61.dll
2009-07-27 18:54 . 2009-07-27 18:54 126976 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bjghighstreakstrategyui1.57392ae0d395ad2b922b909eeea4d57f.dll
2009-07-27 18:53 . 2009-07-27 18:53 225280 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\g\goldseriesmh3cardpokerxxx.f90691784645d2d0d637d253e6b6f397.dll
2009-07-27 18:53 . 2009-07-27 18:53 262144 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\g\goldseriesmh3cardpokerplugin.5a185095e975ba0cdfe6e7400fcb7d4e.dll
2009-07-27 18:51 . 2009-07-27 18:51 422160 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\g\goldengoosecardbonus.beed9ae47c0c2568c714185c758d7916.dll
2009-07-27 18:51 . 2009-07-27 18:51 426256 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\g\goldengoosemoneybonus.88773b38efa085f2a6e02577cba4f183.dll
2009-07-27 18:51 . 2009-07-27 18:51 418064 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\g\goldengoosexofybonus.88892da50485f0c014ab42fcd341989f.dll
2009-07-27 18:51 . 2009-07-27 18:51 409872 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\g\goldengoosecreditsbonus.2a4f48ff11fe7f483cd4c2a21c9fbcac.dll
2009-07-27 18:50 . 2009-07-27 18:50 122880 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\f\frenchroulette.181434980597f8ff07c31ab5432ab080.dll
2009-07-27 18:45 . 2009-07-27 18:45 942080 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\f\flightzonebonus.bb993454d3170414b7655081a3ec7db9.dll
2009-07-27 18:41 . 2009-07-27 18:41 32768 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\_\_crt_keno.ed975aa9c9bb5e5ec89c8ffeee254e8a.dll
2009-07-27 18:41 . 2009-07-27 18:41 32834 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\_\_crt_baccarat.a090413d6195a12421945ded5707d93f.dll
2009-07-27 18:39 . 2009-07-27 18:39 233472 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bjstrategyui1.5a2f52359fe99e4484435bbaf8f92b30.dll
2009-07-27 18:39 . 2009-07-27 18:39 225280 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bjgoldautoplayplugin.9e04124b2f25d98a562d14260b995f0c.dll
2009-07-27 18:39 . 2009-07-27 18:39 126976 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\m\mhbjstrategyui1.95a00a7e6658ab8736067b646ccd9783.dll
2009-07-27 18:39 . 2009-07-27 18:39 589824 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bjgoldplugin.30ebac308b430f373d22851023dddb58.dll
2009-07-27 18:39 . 2009-07-27 18:39 512000 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bjgoldxxx.098a7b3de069b4b076bd8c2cc92131be.dll
2009-07-27 18:39 . 2009-07-27 18:39 147456 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bjstrategylogic1.cae96e5e68740973929725d2ac549cc0.dll
2009-07-27 18:39 . 2009-07-27 18:39 413696 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\m\mhbjgoldplugin.5d832144ec1b88e6caeb7446bbe13d54.dll
2009-07-27 18:39 . 2009-07-27 18:39 233472 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bjgoldstatsplugin.67546387f1af1fe46f021dbce8a072f4.dll
2009-07-27 18:39 . 2009-07-27 18:39 225280 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\m\mhbjgoldxxx.042cb38dc856800dc292666302eb33ed.dll
2009-07-27 18:39 . 2009-07-27 18:39 163840 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\g\goldseries_euroroulette.c04add4a4ccdfa99acf5bc9050a74d69.dll
2009-07-27 18:38 . 2009-07-27 18:38 53342 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\blplugin.43df87da33698c32bca7a2698484452d.dll
2009-07-27 18:38 . 2009-07-27 18:38 412685 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\g\goldseries_roulette.1edb0f45625215829abaaca345d96e06.dll
2009-07-24 19:34 . 2009-07-24 19:34 884736 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\f\fatladybonus.1bbd616c1ce52b392c6981c202173fe7.dll
2009-07-24 19:31 . 2009-07-24 19:31 114688 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\e\euroroulette.fa2b524975a5d8bbc30203d094e2b084.dll
2009-07-24 19:31 . 2009-07-24 19:31 45056 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\e\euroblackjackstrategy.9c188ef9cd6c03e5b4bd398d23041cd2.dll
2009-07-24 19:31 . 2009-07-24 19:31 376832 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\e\europeanblackjack.cb403a5bad6b43e2910d2e09c35c47ed.dll
2009-07-24 19:31 . 2009-07-24 19:31 229483 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\e\euroblackjack.6c6f541acc24f3244c0a64fa851edca8.dll
2009-07-24 19:28 . 2009-07-24 19:28 127248 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\m\megaspinsuite1.2def01b8e52d92e08cc8f9a917ea6e80.dll
2009-07-24 19:28 . 2009-07-24 19:28 397312 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\d\doubleexposureblackjack.00416c68a65da9cd4e538e162751f284.dll
2009-07-24 19:23 . 2009-07-24 19:23 40960 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\d\diamonddealbonus.2870129824bd4ab03fe258a72414c9fe.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-08-31 288560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-02-28 315392]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
"OFFICEKB"="c:\program files\Labtec\Keyboard\V5.1\kbdap32a.exe" [2008-01-10 387584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-17 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-11-17 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-11-17 1622016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\vini\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.exe.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-4 113664]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\InstantTouch\\bin\\CmCenterV2.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Games\\Dungeon Siege 2\\DungeonSiege2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"4662:TCP"= 4662:TCP:emule tcp entrant
"4672:UDP"= 4672:UDP:emule udp entrant
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [30/07/2008 07:51 277736]
S3 kbeepm;kbeepm;\??\c:\docume~1\vini\LOCALS~1\Temp\kbeepm.sys --> c:\docume~1\vini\LOCALS~1\Temp\kbeepm.sys [?]
S3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;c:\windows\system32\drivers\WlanUIG.sys [28/08/2006 09:59 379456]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBR
*Deregistered* - avgio
*Deregistered* - avipbb
*Deregistered* - mbr
*Deregistered* - ssmdrv
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.mini20.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} - hxxp://data.jeuxclassiques.com/npwwg.cab
DPF: {E1342154-4889-42B5-BEF6-19237577048F} - hxxp://www.gamenext.fr/online/online2/zuma/oberongamesloader.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
FF - ProfilePath - c:\documents and settings\vini\Application Data\Mozilla\Firefox\Profiles\7ih63rz3.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPplaynet.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-01 19:31
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(620)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-09-01 19:34
ComboFix-quarantined-files.txt 2009-09-01 17:33
Pre-Run: 7 297 966 080 octets libres
Post-Run: 7 382 331 392 octets libres
260 --- E O F --- 2009-08-30 01:01
À titre d'info.
Ce répertoire semble contenir des truc pas très clean ??
c:\documents and settings\All Users\Application Data\MGS\cache\....
De plus ..
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBR <-------
*Deregistered* - avgio <..
*Deregistered* - avipbb
*Deregistered* - mbr
*Deregistered* - ssmdrv
Y a une procédure pour désinfecter le MBR, si nécessaire !
Ce répertoire semble contenir des truc pas très clean ??
c:\documents and settings\All Users\Application Data\MGS\cache\....
De plus ..
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBR <-------
*Deregistered* - avgio <..
*Deregistered* - avipbb
*Deregistered* - mbr
*Deregistered* - ssmdrv
Y a une procédure pour désinfecter le MBR, si nécessaire !
