Virus "party"
Fermé
greg6900
-
22 mai 2008 à 21:35
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 24 mai 2008 à 15:18
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 24 mai 2008 à 15:18
Bonjour,
j'ai reçu un lien par msn d'une amie avec party dedans. je l'ai betement ouvert... mon statut msn s'est mis à changer tout seul puis se déconnecte. Un message me dit qu'un autre ordinateur utilise ma connexion!
j'ai fait toutes mes analyses avast, spybot, ccleaner, msnfix...
mais le souci n'est pas parti.
j'ai fait un rapport HijackThis, je sais pas quoi faire: au secours!!
voici le rapport:
(bien sur je suis pas doué en info...)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:27:18, on 22/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Ariane\Ariane\Ariane.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\Prismsta.exe
C:\WINDOWS\system32\Prismsvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ArianeLU] C:\Program Files\Ariane\Lanceur\ArianeLU.exe
O4 - HKLM\..\Run: [affinity] C:\Program Files\Borland\Interbase\Bin\IB_Affinity.exe -A1
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PRISMSTA.EXE] "C:\WINDOWS\system32\Prismsta.exe" /START
O4 - HKLM\..\Run: [PRISMSVR.EXE] Prismsvr.exe /APPLY
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453754 14
O4 - HKCU\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InterBaseGuardian - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE
O23 - Service: InterBaseServer - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
j'ai reçu un lien par msn d'une amie avec party dedans. je l'ai betement ouvert... mon statut msn s'est mis à changer tout seul puis se déconnecte. Un message me dit qu'un autre ordinateur utilise ma connexion!
j'ai fait toutes mes analyses avast, spybot, ccleaner, msnfix...
mais le souci n'est pas parti.
j'ai fait un rapport HijackThis, je sais pas quoi faire: au secours!!
voici le rapport:
(bien sur je suis pas doué en info...)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:27:18, on 22/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Ariane\Ariane\Ariane.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\Prismsta.exe
C:\WINDOWS\system32\Prismsvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ArianeLU] C:\Program Files\Ariane\Lanceur\ArianeLU.exe
O4 - HKLM\..\Run: [affinity] C:\Program Files\Borland\Interbase\Bin\IB_Affinity.exe -A1
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PRISMSTA.EXE] "C:\WINDOWS\system32\Prismsta.exe" /START
O4 - HKLM\..\Run: [PRISMSVR.EXE] Prismsvr.exe /APPLY
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453754 14
O4 - HKCU\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InterBaseGuardian - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE
O23 - Service: InterBaseServer - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
A voir également:
- Party soft virus
- Tlauncher virus ✓ - Forum Jeux vidéo
- Softonic virus - Forum Virus
- Homday party mode d'emploi - Forum Enceintes / HiFi
- Message virus iphone site adulte - Forum iPhone
- Youtu.be virus - Accueil - Guide virus
15 réponses
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
22 mai 2008 à 21:43
22 mai 2008 à 21:43
Salut,
Téléchargez MSNFix.zip (de !aur3n7) sur votre bureau:
http://sosvirus.changelog.fr/MSNFix.zip
Décompressez-le (clic droit >> Extraire ici) et double cliquer sur le fichier MSNFix.bat.
- Exécutez l'option R.
-- Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage
Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
- Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt
Tuto :
https://www.malekal.com/supprimer-virus-desinfecter-pc/
@+
Téléchargez MSNFix.zip (de !aur3n7) sur votre bureau:
http://sosvirus.changelog.fr/MSNFix.zip
Décompressez-le (clic droit >> Extraire ici) et double cliquer sur le fichier MSNFix.bat.
- Exécutez l'option R.
-- Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage
Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
- Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt
Tuto :
https://www.malekal.com/supprimer-virus-desinfecter-pc/
@+
Malheureusement j'ai déjà fait... en voici le rapport si ça peut t'aider et surtout m'aider. merci d'etre la!!
rapport MSNfix:
MSNFix 1.717
C:\MSNFix
Fix exécuté le 22/05/2008 - 20:33:06,71 By C Perrin Nicolet
mode normal
************************ Recherche les fichiers présents
... C:\??????.exe
************************ Recherche les dossiers présents
Aucun dossier trouvé
************************ Suppression des fichiers
.. OK ... C:\??????.exe
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
Aucun Fichier trouvé
************************ Fichiers suspects
Aucun Fichier trouvé
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 22052008_20374079.zip
************************ HKLM\...\Winlogon\Userinit
Userinit = C:\WINDOWS\system32\userinit.exe,
Important : http://msnfix.changelog.fr/index.php/2008/05/18/32-alerte
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
rapport MSNfix:
MSNFix 1.717
C:\MSNFix
Fix exécuté le 22/05/2008 - 20:33:06,71 By C Perrin Nicolet
mode normal
************************ Recherche les fichiers présents
... C:\??????.exe
************************ Recherche les dossiers présents
Aucun dossier trouvé
************************ Suppression des fichiers
.. OK ... C:\??????.exe
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
Aucun Fichier trouvé
************************ Fichiers suspects
Aucun Fichier trouvé
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 22052008_20374079.zip
************************ HKLM\...\Winlogon\Userinit
Userinit = C:\WINDOWS\system32\userinit.exe,
Important : http://msnfix.changelog.fr/index.php/2008/05/18/32-alerte
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
22 mai 2008 à 21:50
22 mai 2008 à 21:50
ok
passe ceci car tu as une autre saloperie visible dans hijack this
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Post un nouveau hijack this stp
@+
passe ceci car tu as une autre saloperie visible dans hijack this
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Post un nouveau hijack this stp
@+
Merci encore pour ta réponse.
Voici le rapport Combofix suivi du 2ème rapport hijackthis:
une 2ème icone Internet explorer est apparue(on s'en fout?)
ComboFix 08-05-21.3 - C Perrin Nicolet 2008-05-22 21:59:04.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.611 [GMT 2:00]
Endroit: C:\Documents and Settings\C Perrin Nicolet\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\lsprst7.dll
C:\WINDOWS\system32\nsprs.dll
C:\WINDOWS\system32\serauth1.dll
C:\WINDOWS\system32\serauth2.dll
C:\WINDOWS\system32\ssprs.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-22 to 2008-05-22 ))))))))))))))))))))))))))))))))))))
.
2008-05-22 21:25 . 2008-05-22 21:25 <REP> d-------- C:\Program Files\Trend Micro
2008-05-22 21:24 . 2008-05-22 21:24 812,344 --a------ C:\hijackthis_hijackthis_2.02_anglais_17891.exe
2008-05-22 20:28 . 2008-05-22 20:38 <REP> d-------- C:\MSNFix
2008-05-22 20:24 . 2008-05-22 20:24 443,843 --a------ C:\MSNFix.zip
2008-05-22 20:23 . 2008-05-22 20:23 769,778 --a------ C:\MSNFix.MSNFix
2008-05-22 20:19 . 2008-05-22 20:19 <REP> d-------- C:\Program Files\Panda Security
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-22 18:43 --------- d-----w C:\Program Files\Wanadoo
2008-05-21 20:07 --------- d-----w C:\Program Files\Everest Poker
2008-05-19 09:35 --------- d-----w C:\Program Files\Microsoft Money
2008-05-16 16:15 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-05-16 16:12 --------- d-----w C:\Documents and Settings\C Perrin Nicolet\Application Data\AdobeUM
2008-04-22 20:04 --------- d-----w C:\Documents and Settings\C Perrin Nicolet\Application Data\Creative
2008-04-10 17:28 --------- d-----w C:\Program Files\PokerStars
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2007-11-22 10:39 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2006-10-31 09:11 524 ----a-w C:\Documents and Settings\C Perrin Nicolet\Application Data\wklnhst.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"fsc-reminder.exe"="C:\WINDOWS\reminder\fsc-reminder.exe" [2005-01-19 18:10 28672]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CamTray.exe" [2005-10-27 20:00 299008]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-04-28 18:08 692224]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 18:35 3587120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-09 09:25 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-09 09:25 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-09 09:25 114688]
"SoundMan"="SOUNDMAN.EXE" [2005-08-23 13:41 86016 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2005-08-23 13:47 2807296 C:\WINDOWS\ALCWZRD.EXE]
"SMSERIAL"="sm56hlpr.exe" [2005-08-12 11:09 552960 C:\WINDOWS\sm56hlpr.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
"MoneyStartUp10.0"="C:\Program Files\Microsoft Money\System\Activation.exe" [2001-07-25 11:00 245810]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"ArianeLU"="C:\Program Files\Ariane\Lanceur\ArianeLU.exe" [2003-03-26 12:57 598016]
"affinity"="C:\Program Files\Borland\Interbase\Bin\IB_Affinity.exe" [2001-05-14 01:30 48640]
"PD0620 STISvc"="P0620Pin.dll" [2005-05-10 19:03 36864 C:\WINDOWS\system32\P0620Pin.dll]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-02-10 17:11 185896]
"PRISMSTA.EXE"="C:\WINDOWS\system32\Prismsta.exe" [2003-11-08 17:49 254044]
"PRISMSVR.EXE"="Prismsvr.exe" [2004-07-02 16:27 295001 C:\WINDOWS\system32\PRISMSVR.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
C:\Documents and Settings\C Perrin Nicolet\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 14:49:52 64864]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 14:49:52 64864]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2006-01-18 19:57:43 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DIVXc32.dll
"vidc.DIV4"= DIVXc32f.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkbMonitor.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NkbMonitor.exe.lnk
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-10-30 10:36 256576 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-02-10 17:11 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Borland\\Interbase\\Bin\\ibserver.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\UBISOFT\\SCRABBLE® 2005 EDITION\\Scrabble20051.19.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 InterBaseGuardian;InterBaseGuardian;C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE [2002-12-24 11:57]
R3 InterBaseServer;InterBaseServer;C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe [2002-12-24 11:57]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2008-02-24 19:48]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6abb0d42-f4c1-11dc-802c-001500290fba}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc3d66b9-ad3d-11db-bdc2-001500290fba}]
\Shell\AutoRun\command - E:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec18c074-941c-11dc-bf7c-001500290fba}]
\Shell\AutoRun\command - E:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec18c075-941c-11dc-bf7c-001500290fba}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs
*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-26 15:54:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-22 19:53:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-22 22:02:40
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-05-22 22:04:06
ComboFix-quarantined-files.txt 2008-05-22 20:04:02
Pre-Run: 5,998,391,296 octets libres
Post-Run: 6,233,264,128 octets libres
143 --- E O F --- 2008-05-17 01:13:09
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:10:50, on 22/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Ariane\Ariane\Ariane.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\Prismsta.exe
C:\WINDOWS\system32\Prismsvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ArianeLU] C:\Program Files\Ariane\Lanceur\ArianeLU.exe
O4 - HKLM\..\Run: [affinity] C:\Program Files\Borland\Interbase\Bin\IB_Affinity.exe -A1
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PRISMSTA.EXE] "C:\WINDOWS\system32\Prismsta.exe" /START
O4 - HKLM\..\Run: [PRISMSVR.EXE] Prismsvr.exe /APPLY
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453754 14
O4 - HKCU\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InterBaseGuardian - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE
O23 - Service: InterBaseServer - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
Voici le rapport Combofix suivi du 2ème rapport hijackthis:
une 2ème icone Internet explorer est apparue(on s'en fout?)
ComboFix 08-05-21.3 - C Perrin Nicolet 2008-05-22 21:59:04.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.611 [GMT 2:00]
Endroit: C:\Documents and Settings\C Perrin Nicolet\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\lsprst7.dll
C:\WINDOWS\system32\nsprs.dll
C:\WINDOWS\system32\serauth1.dll
C:\WINDOWS\system32\serauth2.dll
C:\WINDOWS\system32\ssprs.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-22 to 2008-05-22 ))))))))))))))))))))))))))))))))))))
.
2008-05-22 21:25 . 2008-05-22 21:25 <REP> d-------- C:\Program Files\Trend Micro
2008-05-22 21:24 . 2008-05-22 21:24 812,344 --a------ C:\hijackthis_hijackthis_2.02_anglais_17891.exe
2008-05-22 20:28 . 2008-05-22 20:38 <REP> d-------- C:\MSNFix
2008-05-22 20:24 . 2008-05-22 20:24 443,843 --a------ C:\MSNFix.zip
2008-05-22 20:23 . 2008-05-22 20:23 769,778 --a------ C:\MSNFix.MSNFix
2008-05-22 20:19 . 2008-05-22 20:19 <REP> d-------- C:\Program Files\Panda Security
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-22 18:43 --------- d-----w C:\Program Files\Wanadoo
2008-05-21 20:07 --------- d-----w C:\Program Files\Everest Poker
2008-05-19 09:35 --------- d-----w C:\Program Files\Microsoft Money
2008-05-16 16:15 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-05-16 16:12 --------- d-----w C:\Documents and Settings\C Perrin Nicolet\Application Data\AdobeUM
2008-04-22 20:04 --------- d-----w C:\Documents and Settings\C Perrin Nicolet\Application Data\Creative
2008-04-10 17:28 --------- d-----w C:\Program Files\PokerStars
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2007-11-22 10:39 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2006-10-31 09:11 524 ----a-w C:\Documents and Settings\C Perrin Nicolet\Application Data\wklnhst.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"fsc-reminder.exe"="C:\WINDOWS\reminder\fsc-reminder.exe" [2005-01-19 18:10 28672]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CamTray.exe" [2005-10-27 20:00 299008]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-04-28 18:08 692224]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 18:35 3587120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-09 09:25 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-09 09:25 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-09 09:25 114688]
"SoundMan"="SOUNDMAN.EXE" [2005-08-23 13:41 86016 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2005-08-23 13:47 2807296 C:\WINDOWS\ALCWZRD.EXE]
"SMSERIAL"="sm56hlpr.exe" [2005-08-12 11:09 552960 C:\WINDOWS\sm56hlpr.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
"MoneyStartUp10.0"="C:\Program Files\Microsoft Money\System\Activation.exe" [2001-07-25 11:00 245810]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"ArianeLU"="C:\Program Files\Ariane\Lanceur\ArianeLU.exe" [2003-03-26 12:57 598016]
"affinity"="C:\Program Files\Borland\Interbase\Bin\IB_Affinity.exe" [2001-05-14 01:30 48640]
"PD0620 STISvc"="P0620Pin.dll" [2005-05-10 19:03 36864 C:\WINDOWS\system32\P0620Pin.dll]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-02-10 17:11 185896]
"PRISMSTA.EXE"="C:\WINDOWS\system32\Prismsta.exe" [2003-11-08 17:49 254044]
"PRISMSVR.EXE"="Prismsvr.exe" [2004-07-02 16:27 295001 C:\WINDOWS\system32\PRISMSVR.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
C:\Documents and Settings\C Perrin Nicolet\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 14:49:52 64864]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 14:49:52 64864]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2006-01-18 19:57:43 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DIVXc32.dll
"vidc.DIV4"= DIVXc32f.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkbMonitor.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NkbMonitor.exe.lnk
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-10-30 10:36 256576 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-02-10 17:11 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Borland\\Interbase\\Bin\\ibserver.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\UBISOFT\\SCRABBLE® 2005 EDITION\\Scrabble20051.19.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 InterBaseGuardian;InterBaseGuardian;C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE [2002-12-24 11:57]
R3 InterBaseServer;InterBaseServer;C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe [2002-12-24 11:57]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2008-02-24 19:48]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6abb0d42-f4c1-11dc-802c-001500290fba}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc3d66b9-ad3d-11db-bdc2-001500290fba}]
\Shell\AutoRun\command - E:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec18c074-941c-11dc-bf7c-001500290fba}]
\Shell\AutoRun\command - E:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec18c075-941c-11dc-bf7c-001500290fba}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs
*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-26 15:54:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-22 19:53:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-22 22:02:40
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-05-22 22:04:06
ComboFix-quarantined-files.txt 2008-05-22 20:04:02
Pre-Run: 5,998,391,296 octets libres
Post-Run: 6,233,264,128 octets libres
143 --- E O F --- 2008-05-17 01:13:09
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:10:50, on 22/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Ariane\Ariane\Ariane.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\Prismsta.exe
C:\WINDOWS\system32\Prismsvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ArianeLU] C:\Program Files\Ariane\Lanceur\ArianeLU.exe
O4 - HKLM\..\Run: [affinity] C:\Program Files\Borland\Interbase\Bin\IB_Affinity.exe -A1
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PRISMSTA.EXE] "C:\WINDOWS\system32\Prismsta.exe" /START
O4 - HKLM\..\Run: [PRISMSVR.EXE] Prismsvr.exe /APPLY
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453754 14
O4 - HKCU\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InterBaseGuardian - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE
O23 - Service: InterBaseServer - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
22 mai 2008 à 22:21
22 mai 2008 à 22:21
ok
dis moi ce que tu pensse de ca avant de continuer :
A propos de Boonty games
Utilises tu des jeux de boonty games depuis longtemps ?
Voici une petite information sur Boonty games
Leur politique :
"Il se peut que nous partageons aussi des informations payantes avec des tiers
qui fournissent des services payants et partage des données regroupées montrant le type
et le nombre de jeux vidéos que vous téléchargez, votre age, votre sexe, vos occupations,
niveau d'éducation, localité géographique, données sur l'équipement de votre ordinateur,
internet et intérêts pour les jeux vidéos, activités et entraînement des jeux édités.
De plus, nous partageons les adresses email avec des tiers fournisseurs de compte mails
qui nous assistent en envoyant nos mails a de nombreux clients en même temps..."
Si tu es d'accord avec eux, pas de problèmes sinon...
@+
dis moi ce que tu pensse de ca avant de continuer :
A propos de Boonty games
Utilises tu des jeux de boonty games depuis longtemps ?
Voici une petite information sur Boonty games
Leur politique :
"Il se peut que nous partageons aussi des informations payantes avec des tiers
qui fournissent des services payants et partage des données regroupées montrant le type
et le nombre de jeux vidéos que vous téléchargez, votre age, votre sexe, vos occupations,
niveau d'éducation, localité géographique, données sur l'équipement de votre ordinateur,
internet et intérêts pour les jeux vidéos, activités et entraînement des jeux édités.
De plus, nous partageons les adresses email avec des tiers fournisseurs de compte mails
qui nous assistent en envoyant nos mails a de nombreux clients en même temps..."
Si tu es d'accord avec eux, pas de problèmes sinon...
@+
je comprends pas trop le rapport avec mon soucis. Les seuls jeux que j'utilise sont les trucs suur facebook!
jamais entendu parler de ces jeux!
je vois pas où tu veux en venir.
jamais entendu parler de ces jeux!
je vois pas où tu veux en venir.
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
22 mai 2008 à 22:33
22 mai 2008 à 22:33
c´est pour rajouter boony au script que je vais t´ecrir pour virer les infections
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
22 mai 2008 à 22:42
22 mai 2008 à 22:42
ok
la suite :
Copie le texte ci-dessous :
File::
C:\WINDOWS\reminder\fsc-reminder.exe
C:\WINDOWS\System32\FTRTSVC.exe
Folder::
C:\Program Files\Fichiers communs\BOONTY Shared
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fsc-reminder.exe"=-
Driver::
Boonty Games
France Telecom Routing Table Service
FTRTSVC
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
@+
la suite :
Copie le texte ci-dessous :
File::
C:\WINDOWS\reminder\fsc-reminder.exe
C:\WINDOWS\System32\FTRTSVC.exe
Folder::
C:\Program Files\Fichiers communs\BOONTY Shared
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fsc-reminder.exe"=-
Driver::
Boonty Games
France Telecom Routing Table Service
FTRTSVC
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
@+
ça a redemarré. voici le nouveau rapport combofix suivi du nouveau rapport hijackthis:
merci encore pour le temps consacré!
ComboFix 08-05-21.3 - C Perrin Nicolet 2008-05-22 22:51:49.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.569 [GMT 2:00]
Endroit: C:\Documents and Settings\C Perrin Nicolet\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\C Perrin Nicolet\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE ::
C:\WINDOWS\reminder\fsc-reminder.exe
C:\WINDOWS\System32\FTRTSVC.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Fichiers communs\BOONTY Shared
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
C:\WINDOWS\reminder\fsc-reminder.exe
C:\WINDOWS\System32\FTRTSVC.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Legacy_FTRTSVC
-------\Service_Boonty Games
-------\Service_FTRTSVC
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-22 to 2008-05-22 ))))))))))))))))))))))))))))))))))))
.
2008-05-22 21:25 . 2008-05-22 21:25 <REP> d-------- C:\Program Files\Trend Micro
2008-05-22 21:24 . 2008-05-22 21:24 812,344 --a------ C:\hijackthis_hijackthis_2.02_anglais_17891.exe
2008-05-22 20:28 . 2008-05-22 20:38 <REP> d-------- C:\MSNFix
2008-05-22 20:24 . 2008-05-22 20:24 443,843 --a------ C:\MSNFix.zip
2008-05-22 20:23 . 2008-05-22 20:23 769,778 --a------ C:\MSNFix.MSNFix
2008-05-22 20:19 . 2008-05-22 20:19 <REP> d-------- C:\Program Files\Panda Security
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-22 20:55 --------- d-----w C:\Program Files\Wanadoo
2008-05-21 20:07 --------- d-----w C:\Program Files\Everest Poker
2008-05-19 09:35 --------- d-----w C:\Program Files\Microsoft Money
2008-05-16 16:15 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-05-16 16:12 --------- d-----w C:\Documents and Settings\C Perrin Nicolet\Application Data\AdobeUM
2008-04-22 20:04 --------- d-----w C:\Documents and Settings\C Perrin Nicolet\Application Data\Creative
2008-04-10 17:28 --------- d-----w C:\Program Files\PokerStars
2007-11-22 10:39 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2006-10-31 09:11 524 ----a-w C:\Documents and Settings\C Perrin Nicolet\Application Data\wklnhst.dat
.
((((((((((((((((((((((((((((( snapshot@2008-05-22_22.03.45,76 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-22 18:42:39 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-22 20:55:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-05-22 20:55:31 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_330.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CamTray.exe" [2005-10-27 20:00 299008]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-04-28 18:08 692224]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 18:35 3587120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-09 09:25 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-09 09:25 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-09 09:25 114688]
"SoundMan"="SOUNDMAN.EXE" [2005-08-23 13:41 86016 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2005-08-23 13:47 2807296 C:\WINDOWS\ALCWZRD.EXE]
"SMSERIAL"="sm56hlpr.exe" [2005-08-12 11:09 552960 C:\WINDOWS\sm56hlpr.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
"MoneyStartUp10.0"="C:\Program Files\Microsoft Money\System\Activation.exe" [2001-07-25 11:00 245810]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"ArianeLU"="C:\Program Files\Ariane\Lanceur\ArianeLU.exe" [2003-03-26 12:57 598016]
"affinity"="C:\Program Files\Borland\Interbase\Bin\IB_Affinity.exe" [2001-05-14 01:30 48640]
"PD0620 STISvc"="P0620Pin.dll" [2005-05-10 19:03 36864 C:\WINDOWS\system32\P0620Pin.dll]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-02-10 17:11 185896]
"PRISMSTA.EXE"="C:\WINDOWS\system32\Prismsta.exe" [2003-11-08 17:49 254044]
"PRISMSVR.EXE"="Prismsvr.exe" [2004-07-02 16:27 295001 C:\WINDOWS\system32\PRISMSVR.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DIVXc32.dll
"vidc.DIV4"= DIVXc32f.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkbMonitor.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NkbMonitor.exe.lnk
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-10-30 10:36 256576 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-02-10 17:11 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Borland\\Interbase\\Bin\\ibserver.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 InterBaseGuardian;InterBaseGuardian;C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE [2002-12-24 11:57]
R3 InterBaseServer;InterBaseServer;C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe [2002-12-24 11:57]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6abb0d42-f4c1-11dc-802c-001500290fba}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc3d66b9-ad3d-11db-bdc2-001500290fba}]
\Shell\AutoRun\command - E:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec18c074-941c-11dc-bf7c-001500290fba}]
\Shell\AutoRun\command - E:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec18c075-941c-11dc-bf7c-001500290fba}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-26 15:54:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-22 20:53:03 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:03, on 2008-05-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Prismsta.exe
C:\WINDOWS\system32\Prismsvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Ariane\Ariane\Ariane.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ArianeLU] C:\Program Files\Ariane\Lanceur\ArianeLU.exe
O4 - HKLM\..\Run: [affinity] C:\Program Files\Borland\Interbase\Bin\IB_Affinity.exe -A1
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PRISMSTA.EXE] "C:\WINDOWS\system32\Prismsta.exe" /START
O4 - HKLM\..\Run: [PRISMSVR.EXE] Prismsvr.exe /APPLY
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InterBaseGuardian - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE
O23 - Service: InterBaseServer - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
merci encore pour le temps consacré!
ComboFix 08-05-21.3 - C Perrin Nicolet 2008-05-22 22:51:49.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.569 [GMT 2:00]
Endroit: C:\Documents and Settings\C Perrin Nicolet\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\C Perrin Nicolet\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE ::
C:\WINDOWS\reminder\fsc-reminder.exe
C:\WINDOWS\System32\FTRTSVC.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Fichiers communs\BOONTY Shared
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
C:\WINDOWS\reminder\fsc-reminder.exe
C:\WINDOWS\System32\FTRTSVC.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Legacy_FTRTSVC
-------\Service_Boonty Games
-------\Service_FTRTSVC
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-22 to 2008-05-22 ))))))))))))))))))))))))))))))))))))
.
2008-05-22 21:25 . 2008-05-22 21:25 <REP> d-------- C:\Program Files\Trend Micro
2008-05-22 21:24 . 2008-05-22 21:24 812,344 --a------ C:\hijackthis_hijackthis_2.02_anglais_17891.exe
2008-05-22 20:28 . 2008-05-22 20:38 <REP> d-------- C:\MSNFix
2008-05-22 20:24 . 2008-05-22 20:24 443,843 --a------ C:\MSNFix.zip
2008-05-22 20:23 . 2008-05-22 20:23 769,778 --a------ C:\MSNFix.MSNFix
2008-05-22 20:19 . 2008-05-22 20:19 <REP> d-------- C:\Program Files\Panda Security
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-22 20:55 --------- d-----w C:\Program Files\Wanadoo
2008-05-21 20:07 --------- d-----w C:\Program Files\Everest Poker
2008-05-19 09:35 --------- d-----w C:\Program Files\Microsoft Money
2008-05-16 16:15 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-05-16 16:12 --------- d-----w C:\Documents and Settings\C Perrin Nicolet\Application Data\AdobeUM
2008-04-22 20:04 --------- d-----w C:\Documents and Settings\C Perrin Nicolet\Application Data\Creative
2008-04-10 17:28 --------- d-----w C:\Program Files\PokerStars
2007-11-22 10:39 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2006-10-31 09:11 524 ----a-w C:\Documents and Settings\C Perrin Nicolet\Application Data\wklnhst.dat
.
((((((((((((((((((((((((((((( snapshot@2008-05-22_22.03.45,76 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-22 18:42:39 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-22 20:55:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-05-22 20:55:31 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_330.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CamTray.exe" [2005-10-27 20:00 299008]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-04-28 18:08 692224]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 18:35 3587120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-09 09:25 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-09 09:25 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-09 09:25 114688]
"SoundMan"="SOUNDMAN.EXE" [2005-08-23 13:41 86016 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2005-08-23 13:47 2807296 C:\WINDOWS\ALCWZRD.EXE]
"SMSERIAL"="sm56hlpr.exe" [2005-08-12 11:09 552960 C:\WINDOWS\sm56hlpr.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
"MoneyStartUp10.0"="C:\Program Files\Microsoft Money\System\Activation.exe" [2001-07-25 11:00 245810]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"ArianeLU"="C:\Program Files\Ariane\Lanceur\ArianeLU.exe" [2003-03-26 12:57 598016]
"affinity"="C:\Program Files\Borland\Interbase\Bin\IB_Affinity.exe" [2001-05-14 01:30 48640]
"PD0620 STISvc"="P0620Pin.dll" [2005-05-10 19:03 36864 C:\WINDOWS\system32\P0620Pin.dll]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-02-10 17:11 185896]
"PRISMSTA.EXE"="C:\WINDOWS\system32\Prismsta.exe" [2003-11-08 17:49 254044]
"PRISMSVR.EXE"="Prismsvr.exe" [2004-07-02 16:27 295001 C:\WINDOWS\system32\PRISMSVR.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DIVXc32.dll
"vidc.DIV4"= DIVXc32f.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkbMonitor.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NkbMonitor.exe.lnk
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-10-30 10:36 256576 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-02-10 17:11 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Borland\\Interbase\\Bin\\ibserver.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 InterBaseGuardian;InterBaseGuardian;C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE [2002-12-24 11:57]
R3 InterBaseServer;InterBaseServer;C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe [2002-12-24 11:57]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6abb0d42-f4c1-11dc-802c-001500290fba}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc3d66b9-ad3d-11db-bdc2-001500290fba}]
\Shell\AutoRun\command - E:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec18c074-941c-11dc-bf7c-001500290fba}]
\Shell\AutoRun\command - E:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec18c075-941c-11dc-bf7c-001500290fba}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-26 15:54:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-22 20:53:03 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:03, on 2008-05-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Prismsta.exe
C:\WINDOWS\system32\Prismsvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Ariane\Ariane\Ariane.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ArianeLU] C:\Program Files\Ariane\Lanceur\ArianeLU.exe
O4 - HKLM\..\Run: [affinity] C:\Program Files\Borland\Interbase\Bin\IB_Affinity.exe -A1
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PRISMSTA.EXE] "C:\WINDOWS\system32\Prismsta.exe" /START
O4 - HKLM\..\Run: [PRISMSVR.EXE] Prismsvr.exe /APPLY
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InterBaseGuardian - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE
O23 - Service: InterBaseServer - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
22 mai 2008 à 23:08
22 mai 2008 à 23:08
ok
Fais un scan avec cet antispyware :
Telecharge malwarebytes + tutoriel :
-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Tu l´instale; le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
@+
Fais un scan avec cet antispyware :
Telecharge malwarebytes + tutoriel :
-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Tu l´instale; le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
@+
si t'es encore là (ce que j'espère).
on m'a pas demandé de redemmaré.
voici le rapport: ( environ 250 éléments infectés trouvés)
Malwarebytes' Anti-Malware 1.12
Version de la base de données: 779
Type de recherche: Examen complet (C:\|)
Eléments examinés: 109193
Temps écoulé: 45 minute(s), 45 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 9
Fichier(s) infecté(s): 238
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Casino (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\history (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\logs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\promo (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\sfx (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\history\2075369 (Adware.Casino) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Casino\Poker Heaven\blackjack.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\browser.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\cacerts.crt (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\cam.cas (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\cardlib.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\common.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\countries.lst (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\db.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\devlib.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\devlibcomm.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\filemap.lst (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\fivecard.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\games.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\gsid.txt (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\id.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\INSTALL.LOG (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\languages.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\libeay32.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\licens.txt (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\mfc80.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\microsoft.vc80.crt.manifest (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\microsoft.vc80.mfc.manifest (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\modstatus.lst (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\mp3dec.asi (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\mss32.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\msvcp80.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\msvcr80.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\navigator.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\omaha.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\options.cfg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\poker.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\poker.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\sc.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\srvmap.lst (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\ssleay32.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\texas.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\UNWISE.EXE (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\update.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\webdollar.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xml.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\0.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\1.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\10.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\11.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\12.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\13.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\14.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\15.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\16.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\17.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\18.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\19.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\2.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\20.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\21.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\22.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\23.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\24.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\25.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\26.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\27.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\28.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\29.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\3.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\30.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\31.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\32.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\33.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\34.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\35.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\36.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\37.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\38.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\39.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\4.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\40.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\41.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\42.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\43.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\44.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\45.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\46.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\47.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\48.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\49.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\5.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\50.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\51.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\6.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\7.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\8.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\9.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\allin_popup.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\archive.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\archive_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\avatar.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\b.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\base.css (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\bj_bkg.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\bkg.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\browserdetect.js (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\but_blackjack.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\but_close.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\but_filters_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\but_filters_small.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\but_game.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\but_general.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\but_join.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\but_main.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\but_medium.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\but_minmax.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\but_sublevels_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\but_sublevels_small.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\caret.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\chatbubble.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\chips.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\decktype_settings.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\edit.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\gamelimits1.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\gamelimits2.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\gamelimits3.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\game_bjframe.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\game_blackjack.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\game_summary.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\gre_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\hand.html (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\hand.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\hand_cursor.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\hand_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\harrow.cur (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\headers_bkg.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\headers_text.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\history.html (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\history.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\history_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\input_additional.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\input_boxes.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\input_lists.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\language.xml (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\language.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\languages.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\language_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\main.js (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\main_bkg.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\main_listhi.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\navigator_bg.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\navigator_buttons.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\navigator_moneytext.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\navigator_timer.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\panel_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\panel_bottom.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\panel_game_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\panel_game_small.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\panel_game_top.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\panel_left.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\panel_medium.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\panel_moretables.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\panel_texts.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\panel_top.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\pointer.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\poker_cardback.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\poker_cards.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\poker_cards_4c.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\poker_cards_large.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\poker_cards_large_4c.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\poker_deckside.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\poker_font_11p_bold.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\poker_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\poker_makechoice.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\poker_pucks.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\pol_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\popups.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\position_actions.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\position_active.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\position_inactive.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\position_mute.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\position_note.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\position_numbers.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\progress_ani.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\promo-test1.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\rus_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\sc_bkg8.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\tabs_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\tabs_small.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\tab_casino.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\text.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\timeslider.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\tur_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\tx_bkg10.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\tx_bkg5.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\user.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\user_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\white_line.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\win_graphics.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\xml.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\xml_decoder.js (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\history\2075369\stats_GAME_THM.xml (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\promo\PHhalffb.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\promo\PHhalftpzborder.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\sfx\c_button.wav (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\sfx\c_chip.wav (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\sfx\c_deal.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\sfx\p_alert.wav (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\sfx\p_checkknock.wav (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\blackjack_game_panel.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\blackjack_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\common.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\ext_clientspecific.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\ext_game.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\ext_general.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\ext_mc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\ext_navigator.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\fcs_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\fc_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\fc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\filemap.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\filerefs.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\gameclient.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\game_common.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\game_common_message.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\game_panel.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\gizmo.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\mc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\message.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\mtt_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\mtt_lobby.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\navigator.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\omaha_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\omaha_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\optdef.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\poker_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\sc_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\sc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\soko_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\tel_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\texas_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\texas_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\tournament_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
on m'a pas demandé de redemmaré.
voici le rapport: ( environ 250 éléments infectés trouvés)
Malwarebytes' Anti-Malware 1.12
Version de la base de données: 779
Type de recherche: Examen complet (C:\|)
Eléments examinés: 109193
Temps écoulé: 45 minute(s), 45 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 9
Fichier(s) infecté(s): 238
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Casino (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\history (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\logs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\promo (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\sfx (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\history\2075369 (Adware.Casino) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Casino\Poker Heaven\blackjack.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\browser.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\cacerts.crt (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\cam.cas (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\cardlib.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\common.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\countries.lst (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\db.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\devlib.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\devlibcomm.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\filemap.lst (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\fivecard.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\games.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\gsid.txt (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\id.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\INSTALL.LOG (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\languages.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\libeay32.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\licens.txt (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\mfc80.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\microsoft.vc80.crt.manifest (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\microsoft.vc80.mfc.manifest (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\modstatus.lst (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\mp3dec.asi (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\mss32.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\msvcp80.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\msvcr80.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\navigator.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\omaha.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\options.cfg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\poker.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\poker.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\sc.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\srvmap.lst (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\ssleay32.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\texas.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\UNWISE.EXE (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\update.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\webdollar.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xml.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\0.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\1.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\10.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\11.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\12.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\13.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\14.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\15.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\16.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\17.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\18.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\19.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\2.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\20.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\21.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\22.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\23.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\24.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\25.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\26.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\27.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\28.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\29.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\3.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\30.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\31.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\32.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\33.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\34.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\35.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\36.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\37.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\38.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\39.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\4.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\40.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\41.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\42.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\43.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\44.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\45.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\46.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\47.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\48.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\49.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\5.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\50.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\51.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\6.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\7.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\8.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\9.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\allin_popup.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\archive.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\archive_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\avatar.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\b.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\base.css (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\bj_bkg.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\bkg.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\browserdetect.js (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\but_blackjack.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\but_close.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\but_filters_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\but_filters_small.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\but_game.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\but_general.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\but_join.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\but_main.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\but_medium.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\but_minmax.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\but_sublevels_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\but_sublevels_small.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\caret.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\chatbubble.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\chips.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\decktype_settings.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\edit.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\gamelimits1.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\gamelimits2.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\gamelimits3.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\game_bjframe.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\game_blackjack.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\game_summary.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\gre_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\hand.html (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\hand.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\hand_cursor.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\hand_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\harrow.cur (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\headers_bkg.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\headers_text.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\history.html (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\history.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\history_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\input_additional.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\input_boxes.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\input_lists.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\language.xml (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\language.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\languages.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\language_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\main.js (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\main_bkg.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\main_listhi.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\navigator_bg.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\navigator_buttons.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\navigator_moneytext.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\navigator_timer.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\panel_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\panel_bottom.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\panel_game_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\panel_game_small.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\panel_game_top.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\panel_left.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\panel_medium.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\panel_moretables.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\panel_texts.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\panel_top.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\pointer.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\poker_cardback.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\poker_cards.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\poker_cards_4c.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\poker_cards_large.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\poker_cards_large_4c.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\poker_deckside.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\poker_font_11p_bold.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\poker_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\poker_makechoice.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\poker_pucks.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\pol_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\popups.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\position_actions.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\position_active.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\position_inactive.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\position_mute.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\position_note.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\position_numbers.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\progress_ani.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\promo-test1.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\rus_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\sc_bkg8.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\tabs_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\tabs_small.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\tab_casino.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\text.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\timeslider.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\tur_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\tx_bkg10.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\tx_bkg5.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\user.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\user_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\white_line.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\win_graphics.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\xml.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\xml_decoder.js (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\history\2075369\stats_GAME_THM.xml (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\promo\PHhalffb.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\promo\PHhalftpzborder.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\sfx\c_button.wav (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\sfx\c_chip.wav (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\sfx\c_deal.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\sfx\p_alert.wav (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\sfx\p_checkknock.wav (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\blackjack_game_panel.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\blackjack_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\common.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\ext_clientspecific.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\ext_game.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\ext_general.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\ext_mc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\ext_navigator.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\fcs_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\fc_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\fc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\filemap.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\filerefs.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\gameclient.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\game_common.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\game_common_message.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\game_panel.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\gizmo.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\mc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\message.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\mtt_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\mtt_lobby.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\navigator.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\omaha_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\omaha_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\optdef.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\poker_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\sc_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\sc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\soko_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\tel_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\texas_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\texas_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\tournament_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
23 mai 2008 à 19:00
23 mai 2008 à 19:00
Salut greg6900,
je suis partie me coucher hier au soir...
oui les logiciel de poker sont pratiquement tous infectieux...
passe ceci maintenant :
Télécharge Clean:
-> http://www.malekal.com/download/clean.zip
-> Dézippe tout le contenu dans un dossier que tu auras cré au préalable (sur ton bureau par exemple). Double clic sur clean ou clean.cmd choisie l'option 1.
Un rapport va s'ouvrir, copie et colle le contenu sur le forum.
-> pour ceux ou celles qui auraient un doute sur comment deziper un fichier :
http://www.tutopat.com/viewtopic.php?t=933&sid=34215b238376bfb22ef9e8eca9995914
@+
je suis partie me coucher hier au soir...
oui les logiciel de poker sont pratiquement tous infectieux...
passe ceci maintenant :
Télécharge Clean:
-> http://www.malekal.com/download/clean.zip
-> Dézippe tout le contenu dans un dossier que tu auras cré au préalable (sur ton bureau par exemple). Double clic sur clean ou clean.cmd choisie l'option 1.
Un rapport va s'ouvrir, copie et colle le contenu sur le forum.
-> pour ceux ou celles qui auraient un doute sur comment deziper un fichier :
http://www.tutopat.com/viewtopic.php?t=933&sid=34215b238376bfb22ef9e8eca9995914
@+
pas de souci!
j'ai finalemement restaurer mon système à une date antérieure. j'ai plus de souci!
merci pour ton aide et à la prochaine galère! ;)
j'ai finalemement restaurer mon système à une date antérieure. j'ai plus de souci!
merci pour ton aide et à la prochaine galère! ;)
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
24 mai 2008 à 15:18
24 mai 2008 à 15:18
salut greg,
si tu le dis, mais ca m´etonnerais que tout soit ok ?!
@+
si tu le dis, mais ca m´etonnerais que tout soit ok ?!
@+
