Sujet Précédent Sujet Suivant

Infection AntiSpyexpert Fenetres intempestive

Résolu/Fermé
Sougen - 24 sept. 2008 à 23:40
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 - 29 sept. 2008 à 14:19
Bonsoir,

J'ai un petit problème d'infection qui me prend quelque peu la tête.
J'ai des fenêtres intempestives qui apparaissent sous deux noms :
- C:\Windows\iexplore.html
- Antispyware Expert

Ca commence d'abord par me faire apparaitre une fenetre avec la premiere adresse (C:\Windows\iexplore.html) et ensuite ca m'ouvre des fenetres de pubs (Antispyware Expert..)

Comment faire ?

41 réponses

Réponse 1 / 41
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
25 sept. 2008 à 00:25
Salut !!

Fais un rapport hijackthis pour que je puisse vérifier les infections de ton pc stp

▶ Télécharge hijackthis à cette adresse, tout est expliqué pour bien l installer et pour savoir s'en servir :

https://www.androidworld.fr/


Comment copier/coller le rapport :


Quand tu as le rapport à l écran, tu fais ctrl A pour "sélectionner tout" puis ctrl C pour "copier".

ensuite tu viens sur le forum pour me répondre et tu fais ctrl V pour "coller" le rapport.

Une explication des raccourcis clavier sont illustrés sur mon site web à cette adresse :

https://www.androidworld.fr/
0
Réponse 2 / 41
Sougen
25 sept. 2008 à 00:51
Merci de m'aider ! Entre temps d'autres virus sont arrivé...j'ai pu tous les éradiqués avec Malwarebytes (3680 infections) mais mon probleme exposé ci-dessus persiste.

Voila donc le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:48:43, on 25/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiLB.exe
C:\Windows\system32\SPOOLER.EXE
C:\Windows\lsass.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [Print Spooler] C:\Windows\system32\SPOOLER.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Policies\Explorer\Run: [LocalSecurityAuthoritySubsystem] C:\Windows\lsass.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: WiFi Station pour Livebox.lnk = C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiLB.exe
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
0
Réponse 3 / 41
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
25 sept. 2008 à 00:55
poste moi le rapport de malwarebytes stp

ensuite fais ceci :

▶ Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

▶ Va dans démarrer puis panneau de configuration
▶ Double Clique sur l'icône "Comptes d'utilisateurs"
▶ Clique ensuite sur désactiver et valide.


▶ Télécharge Toolbar-S&D (de Team IDN) sur ton Bureau

(c est le numéro 6 en bas de la page) :


▶ Lance l'installation du programme en exécutant le fichier téléchargé.
▶ Double-clique maintenant sur le raccourci de Toolbar-S&D.
▶ Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
▶ Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
▶ Poste le rapport généré. (C:\TB.txt)
0
Réponse 4 / 41
Sougen
25 sept. 2008 à 00:59
Le rapport de malwarebytes est énorme ! Surtout a cause d'un logiciel de casino que j'avais télécharger...

Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1203
Windows 6.0.6001 Service Pack 1

25/09/2008 00:41:25
mbam-log-2008-09-25 (00-41-22).txt

Type de recherche: Examen rapide
Eléments examinés: 42195
Temps écoulé: 5 minute(s), 33 second(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 21
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 392
Fichier(s) infecté(s): 3262

Processus mémoire infecté(s):
C:\Program Files\MicroAV\MicroAV.exe (Rogue.MicroAntivirus) -> Unloaded process successfully.
C:\Windows\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MicroAV (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1851.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur193b.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1d12.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1ed6.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur8dcd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur8e4a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur8e2b.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur92dc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur9626.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1851.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur193b.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1d12.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1ed6.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur8dcd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur8e4a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur8e2b.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur92dc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur9626.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\localsecurityauthoritysubsystem (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Casino (Adware.Casino) -> Delete on reboot.
C:\Casino\Royal Lounge Casino (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\aroundtheworld (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\aroundtheworld\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\aroundtheworld\windows (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\baccarat (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\baccarat_ln (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\baccarat_progressive (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\baccarat_progressive\silver_bright (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\balls (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\balls\buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\balls\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\balls\tables (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\balls\tables\cocktail (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\balls\tables\colors (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\balls\tables\firstlast (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\balls\tables\jackpot (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\balls\tables\numbers (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\balls\tables\sixth (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\balls\tables\steps (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\balls\tables\total (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\blackjack (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\blackjack_duel (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\blackjack_duel\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\blackjack_ln (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\blackjack_pontoon (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\blackjack_progressive (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\blackjack_progressive\silver_bright (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\blackjack_switch (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\bonusbowling (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\bonusbowling\anim (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\bonusbowling\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\craps (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\craps\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\darts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\darts\buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\darts\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\darts\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\darts\texts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\dicetwister (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\dicetwister\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\genieshilo (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\genieshilo\buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\genieshilo\cards (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\genieshilo\jackpot (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\genieshilo\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\headsortails (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\headsortails\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\headsortails\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\horseracing (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\horseracing\buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\horseracing\info (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\horseracing\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\horseracing\stadium (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\horseracing\start (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\horseracing\tables (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\horseracing\texts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\keno (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\keno\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\keno\buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\keno\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\keno_x (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\keno_x\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\keno_x\buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\keno_x\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\keno_x\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\lobby (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\lobby\anim (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\lobby\gameicon (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\lobby\ln (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\lobby\login (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\lobby\menu (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\lobby\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\lobby\window_jackpot (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\mahjong (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\mahjong\buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\mahjong\paytable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\mahjong\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\mahjong\window_win (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\pachinko (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\pachinko\components (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\pachinko\gems (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\pachinko\minigames (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\pachinko\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\pachinko\yokoku (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\penaltyshootout (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\penaltyshootout\anims (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\penaltyshootout\buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\penaltyshootout\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\poker_caribbean (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\poker_holdem (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\poker_paigow (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\poker_tequila (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\popbingo (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\popbingo\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\reddog (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\rockpaperscissors (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\rockpaperscissors\buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\rockpaperscissors\info (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\rockpaperscissors\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\rollercoasterdice (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\rollercoasterdice\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\rollercoasterdice\buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\rollercoasterdice\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\roulette (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\roulette\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\roulette\buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\roulette\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\roulette\zoom (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\roulette00 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\roulette00\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\roulette00\zoom (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\roulette_ln (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\roulette_mini (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\roulette_mini\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\roulette_mini\luxury (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\roulette_mini\luxury\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\shared (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\shared\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\shared\3reel (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\shared\3reel_xl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\shared\5reel (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\shared\5reel_xl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\shared\8line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\shared\9line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\shared\blackjack (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\shared\buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\shared\cards (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\shared\cards\poker (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\shared\cards\textures (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\shared\cards\videopoker_multiline (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\shared\coins (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\shared\coins\tablecoins (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\shared\dollarball (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\shared\dollarball\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\shared\doublescreen (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\shared\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\shared\html (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\shared\html\chat (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\shared\html\chat\emoticons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\shared\interface (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\shared\interface\chat (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\shared\interface\ui (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\shared\ln (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\shared\slots_multispin (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\shared\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\shared\sounds\dealervoices (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\shared\sounds\dealervoices\numbers (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\shared\tablegames (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\shared\tablegames\silver_bright (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\shared\tablesigns (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\shared\ui (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\shared\videopoker_4line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\shared\videopoker_4line\buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\shared\videopoker_deuces (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\shared\videopoker_jacks (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\shared\videopoker_multiline (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\shared\videopoker_multiline\buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\sicbo (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\sicbo\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\sicbo_ln (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_8ball (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_8ball\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_8ball_xl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_alchemist (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_alchemist\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_alchemist\bonus (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_alchemist\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_alchemist\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_alien25line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_alien25line\animations (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_alien25line\bonus1 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_alien25line\bonus2 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_alien25line\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_alien25line\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_alien25line\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_amigos (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_amigos\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_amigos_xl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_beachlife20line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_beachlife20line\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_beachlife20line\betlines (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_beachlife20line\bonusgame (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_beachlife20line\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_beachlife20line\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_bermuda (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_bermuda\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_bermuda_xl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_bonusbears25line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_bonusbears25line\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_captain (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_captain\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_captain\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_chinese8line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_chinese8line\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_chinese8line\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_chinese8line\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_cinerama5reel (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_cinerama5reel\bonus (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_cinerama5reel\bonus\select (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_cinerama5reel\bonus2 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_cinerama5reel\bonus2\select (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_cinerama5reel\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_cinerama5reel\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_crazy (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_crazy\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_crazy_xl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_custom3reel (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_custom3reel_xl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_custom3reel_xl\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_custom5reel (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_custom5reel_xl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_custom5reel_xl\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_desert20line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_desert20line\bonusgame (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_desert20line\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_desert20line\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_diamond5reel (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_diamond5reel\bonus (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_diamond5reel\bonus\screen (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_diamond5reel\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_diamond5reel\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_diamond5reel\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_farmersmarket20line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_farmersmarket20line\bonus (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_farmersmarket20line\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_farmersmarket20line\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_farmersmarket20line\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_fo (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_fo\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_fo\buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_fo\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_footballrules25line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_footballrules25line\bonus (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_footballrules25line\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_footballrules25line\sounds\bonus (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_footballrules25line\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_forestofwonders25line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_forestofwonders25line\bonus (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_forestofwonders25line\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_forestofwonders25line\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_fountain (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_fountain\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_fountain_xl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_fruitmania5reel (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_fruitmania5reel\bonus (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_fruitmania5reel\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_fruitmania5reel\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_fruitmania5reel\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_goblin (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_goblin\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_goblin\bonusgame (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_goblin\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_goblin\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_goblin\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_gold8line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_gold8line\bonus (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_gold8line\bonus\screen (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_gold8line\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_gold8line\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_gold8line\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_golf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_golf\bonusgame (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_golf\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_golf\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_haunted (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_haunted\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_haunted\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_haunted_xl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_haunted_xl\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_highway (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_highway\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_highway\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_highway\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_jungle (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_jungle\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_jungle_xl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_jungle_xl\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_lotto20line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_lotto20line\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_lotto20line\bonusgame (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_lotto20line\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_lotto20line\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_lotto20line\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_lovemore20line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_lovemore20line\dollarball (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_lovemore20line\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_lovemore20line\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_magic (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_magic\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_magic\bonus (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_magic\buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_magic\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_magic\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_monkey (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_monkey\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_monkey_xl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_monkey_xl\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_neptune (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_neptune\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_neptune_xl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_neptune_xl\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_nightout20line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_nightout20line\bonusgame (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_nightout20line\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_nightout20line\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_ocean (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_ocean\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_ocean\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_ocean\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_ocean\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_party (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_party\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_party_xl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_party_xl\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_profits (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_profits\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_profits\bonusgame (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_profits\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_profits\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_profits\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_pyramids9line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_pyramids9line\bonus (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_pyramids9line\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_pyramids9line\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_rock (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_rock\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_rock\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_rock_xl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_rock_xl\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_safecracker (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_safecracker\3d (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_safecracker\bonus (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_safecracker\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_silver (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_silver\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_silver\dollarball (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_silver\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_silver\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_sultan (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_sultan\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_sultan_xl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_sultan_xl\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_thrillseekers50line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_thrillseekers50line\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_thrillseekers50line\bonus (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_thrillseekers50line\loading (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_thrillseekers50line\payline (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_thrillseekers50line\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_thrillseekers50line\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_tropic (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_tropic\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_tropic\fonts (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_tropic\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_tropic\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_uggabugga (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_uggabugga\animation (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_uggabugga\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_uggabugga\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_ultimate8line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_ultimate8line\anim (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_ultimate8line\bonus (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_ultimate8line\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_ultimate8line\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_vacation8line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_vacation8line\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_vacation8line\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_wall5reel (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_wall5reel\bonus (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_wall5reel\bonus\select (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_wall5reel\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_wall5reel\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_wanted25line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_wanted25line\bonus (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_wanted25line\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_wanted25line\sounds\bonus (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_wanted25line\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_whatscooking30line (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_whatscooking30line\bonus (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_whatscooking30line\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_whatscooking30line\wintable (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\spinawin (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\spinawin\buttons (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\spinawin\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\stravaganza (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\tutorial_wildviking (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\tutorial_wildviking\audio (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\tutorial_wildviking\images (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\tutorial_wildviking\swf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\MicroAV (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Windows\System32\YURBB04.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\cactivex.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\casino.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\casino.hlp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\directsounddriver.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\fileinfo.dat (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\fileinfo2.dat (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\fileinfo2r.dat (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\gdigraphdriver.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\h264dec.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\nvssd450.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\ptsetup.lang (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\ptsetup.log (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\replace.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\ROF88933682.db (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\unicows.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\_SetupCasino.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\aroundtheworld.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\aroundtheworld.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\baccarat.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\baccarat.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\baccaratln.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\baccarat_progressive.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\baccarat_video_japanese_ln.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\baccarat_video_ln.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\baccarat_video_mini_japanese_ln.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\baccarat_video_mini_ln.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\baccarat_video_progressive_ln.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\baccarat_video_running_ln.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\baccarat_video_vip_ln.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\balls.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\balls.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\blackjack.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\blackjack.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\blackjackln.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\blackjack_5h.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\blackjack_5h_pontoon.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\blackjack_5h_progressive.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\blackjack_5h_surrender.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\blackjack_duel.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\blackjack_duel.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\blackjack_pontoon.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\blackjack_surrender.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\blackjack_switch.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\blackjack_video_ln.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\bonusbowling.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\bonusbowling.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\cards.swf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\cashier.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\cashier.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\common.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\common.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\craps.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\craps.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\darts.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\darts.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\dicetwister.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\dicetwister.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\genieshilo.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\genieshilo.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\genieshilo_jackpot.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\headsortails.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\headsortails.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\horseracing.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\horseracing.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\keno.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\keno.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\keno_x.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\loader.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\loader.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\lobby.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\lobby.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\mahjong_pro_japan.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\mahjong_pro_wmf.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\mahjong_solo_japan.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\mahjong_solo_wmf.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\pachinko.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\pachinko.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\penaltyshootout.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\penaltyshootout.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\pokergames.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\poker_caribbean.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\poker_holdem.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\poker_paigow.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\poker_tequila.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\popbingo.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\popbingo.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\reddog.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\reddog.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\rockpaperscissors.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\rockpaperscissors.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\rollercoasterdice.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\rollercoasterdice.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\roulette.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\roulette00.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\rouletteln.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\roulettemini.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\roulette_french.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\roulette_mini.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\roulette_video_ln.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\sicbo.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\sicbo.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\sicboln.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\sicbo_video_ln.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slotmachines.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_8ball.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_8ball_xl.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_alchemist.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_alien25line.gam (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Royal Lounge Casino\data\slots_amigos.gam (Adware.Casino) -> Quarantined and deleted successfully.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 41
Sougen
25 sept. 2008 à 01:02
Le rapport TB maintenant :


-----------\\ ToolBar S&D 1.2.1 XP/Vista

Microsoft® Windows Vista™ Édition Intégrale ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz )
BIOS : BIOS Date: 10/30/07 20:44:12 Ver: 08.00.12
USER : Sougen ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total : 29 Go Free : 3 Go
D:\ (Local Disk) - NTFS - Total : 68 Go Free : 6 Go
E:\ (Local Disk) - NTFS - Total : 368 Go Free : 53 Go
F:\ (CD or DVD)
G:\ (CD or DVD)
H:\ (Local Disk) - FAT32 - Total : 298 Go Free : 101 Go
I:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 24-09-2008|21:50 )
Option : [1] ( 25/09/2008| 0:55 )

[ UAC => 0 ]

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Users\Sougen\AppData\Roaming\MICROS~1\Windows\Cookies\sougen@dealio[1].txt
C:\Program Files\Search Settings
C:\Program Files\Search Settings\kb127
C:\Program Files\Search Settings\SearchSettings.exe

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Url"="https://www.msn.com/fr-fr/actualite/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\Sougen\AppData\Roaming\uTorrent\ADOBE_ENCORE_DVD_V2.0_KEYGEN_ONLY-XFORCE.torrent


[ UAC => 1 ]


1 - "C:\ToolBar SD\TB_1.txt" - 25/09/2008| 0:56 - Option : [1]

-----------\\ Fin du rapport a 0:56:31,36
0
Réponse 6 / 41
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
25 sept. 2008 à 01:04
ok maintenant :

▶ Relance Toolbar-S&D en double-cliquant sur le raccourci.
▶ Tape sur "2" puis valide en appuyant sur "Entrée".
/!\ Ne ferme pas la fenêtre lors de la suppression !
▶ Un rapport sera généré, poste son contenu ici.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.


ensuite fais quand meme ceci pour vérifier stp :


Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

▶ Va dans démarrer puis panneau de configuration
▶ Double Clique sur l'icône "Comptes d'utilisateurs"
▶ Clique ensuite sur désactiver et valide.


ensuite :


Option 1 - Recherche :


▶ télécharge smitfraudfix et enregistre le sur le bureau

(c est le numéro 2 en bas de la page) :

▶ Ensuite double clique sur smitfraudfix puis exécuter

▶ Sélectionner 1 pour créer un rapport des fichiers responsables de l'infection.

(attention : N utilises pas l option 2 si je ne te l ai pas demandé !!)

▶ copier/coller le rapport dans la réponse.


Un tutoriel sonore et animé est à ta disposition sur le site.



(Attention : "process.exe", un composant de l'outil, est détecté par certains antivirus comme étant un "RiskTool".
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains,
cet utilitaire pourrait arrêter des logiciels de sécurité.)
0
Réponse 7 / 41
Sougen
25 sept. 2008 à 01:09
Le Probleme persiste, avec en plus une demande récurente d'installation de Search Settings !

Le rapport :


-----------\\ ToolBar S&D 1.2.1 XP/Vista

Microsoft® Windows Vista™ Édition Intégrale ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz )
BIOS : BIOS Date: 10/30/07 20:44:12 Ver: 08.00.12
USER : Sougen ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total : 29 Go Free : 3 Go
D:\ (Local Disk) - NTFS - Total : 68 Go Free : 6 Go
E:\ (Local Disk) - NTFS - Total : 368 Go Free : 53 Go
F:\ (CD or DVD)
G:\ (CD or DVD)
H:\ (Local Disk) - FAT32 - Total : 298 Go Free : 101 Go
I:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 24-09-2008|21:50 )
Option : [1] ( 25/09/2008| 0:55 )

[ UAC => 0 ]

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Users\Sougen\AppData\Roaming\MICROS~1\Windows\Cookies\sougen@dealio[1].txt
C:\Program Files\Search Settings
C:\Program Files\Search Settings\kb127
C:\Program Files\Search Settings\SearchSettings.exe

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Url"="https://www.msn.com/fr-fr/actualite/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\Sougen\AppData\Roaming\uTorrent\ADOBE_ENCORE_DVD_V2.0_KEYGEN_ONLY-XFORCE.torrent


[ UAC => 1 ]


1 - "C:\ToolBar SD\TB_1.txt" - 25/09/2008| 0:56 - Option : [1]

-----------\\ Fin du rapport a 0:56:31,36


Je vais effectuer la solution de "vérif"
0
Réponse 8 / 41
Sougen
25 sept. 2008 à 01:11
Le rapport :

SmitFraudFix v2.354

Scan done at 1:09:22,56, 25/09/2008
Run from C:\Users\Sougen\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiLB.exe
C:\Windows\system32\SPOOLER.EXE
C:\Windows\lsass.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Sougen


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Sougen\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Sougen\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, following keys are not inevitably infected!!!



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{E31004D1-A431-41B8-826F-E902F9D95C81}"="Windows DreamScene"

[HKEY_CLASSES_ROOT\CLSID\{E31004D1-A431-41B8-826F-E902F9D95C81}\InProcServer32]
@="%SystemRoot%\System32\DreamScene.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E31004D1-A431-41B8-826F-E902F9D95C81}\InProcServer32]
@="%SystemRoot%\System32\DreamScene.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000000


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Attansic L1 Gigabit Ethernet 10/100/1000Base-T Controller
DNS Server Search Order: 192.168.1.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{76DBD95A-266B-4F49-911D-47478154F904}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{997C4820-1BEF-4236-A5E6-A5FA438DB3EA}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{76DBD95A-266B-4F49-911D-47478154F904}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{997C4820-1BEF-4236-A5E6-A5FA438DB3EA}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{76DBD95A-266B-4F49-911D-47478154F904}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{997C4820-1BEF-4236-A5E6-A5FA438DB3EA}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
0
Réponse 9 / 41
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
25 sept. 2008 à 01:13
tu n as pas fais la suppression avec toolbarSD...il faut que tu tapes 2 pour faire la suppression.

ensuite :

▶ Télécharger SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.

(c est le numéro 8 en bas de la page)


▶ Double cliquer sur SDFix.exe et choisir Install pour l'extraire dans un dossier dédié sur ton disque C:.

/!\ Démarre en mode sans échec : après le bip et avant le logo windows tapoter sur la touche F8 (ou F5): menu M.S.E..

▶ Choisir son compte, pas celui de l'Administrateur ou autre.

Dérouler la liste des instructions ci-dessous :

• Ouvrir le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuyer sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuyer sur une touche pour redémarrer le PC.
• Le système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuyer sur une touche pour finir l'exécution du script et charger les icônes du Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copier/coller le contenu du fichier Report.txt dans la prochaine réponse sur le forum

et ensuite refais un nouveau rapport hijackthis stp
0
Réponse 10 / 41
Sougen
25 sept. 2008 à 01:19
Si, j'avais bien supprimer...mais pas poster le bon rapport semble-t-il. Le voici à nouveau :


-----------\\ ToolBar S&D 1.2.1 XP/Vista

Microsoft® Windows Vista™ Édition Intégrale ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz )
BIOS : BIOS Date: 10/30/07 20:44:12 Ver: 08.00.12
USER : Sougen ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total : 29 Go Free : 3 Go
D:\ (Local Disk) - NTFS - Total : 68 Go Free : 6 Go
E:\ (Local Disk) - NTFS - Total : 368 Go Free : 53 Go
F:\ (CD or DVD)
G:\ (CD or DVD)
H:\ (Local Disk) - FAT32 - Total : 298 Go Free : 101 Go
I:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 24-09-2008|21:50 )
Option : [2] ( 25/09/2008| 1:15 )

[ UAC => 1 ]

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Url"="https://www.msn.com/fr-fr/actualite/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\Sougen\AppData\Roaming\uTorrent\ADOBE_ENCORE_DVD_V2.0_KEYGEN_ONLY-XFORCE.torrent


[ UAC => 1 ]


1 - "C:\ToolBar SD\TB_1.txt" - 25/09/2008| 0:56 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 25/09/2008| 1:06 - Option : [2]
3 - "C:\ToolBar SD\TB_3.txt" - 25/09/2008| 1:15 - Option : [2]

-----------\\ Fin du rapport a 1:15:19,85


J'ai installé SDFix, je rédemarre en mode sans échec !
0
Réponse 11 / 41
Sougen
25 sept. 2008 à 01:45
Je n'arrive pas à utiliser le logiciel. En mode Sans échec, le programme se charge, puis plus rien. J'ai testé en tant qu'admin et utilisateur standard. Rien n'y fait.

Que faire ?
0
Réponse 12 / 41
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
25 sept. 2008 à 01:47
Si SDfix ne marche pas :


il faut que tu decompresse sdfix.exe et que tu mette le dossier sdfix dans c:

ensuite tu fait demarrer executer et tu met ceci
%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe

la une fenetre dos va s ouvrir si c est le cas et qu il te demande confirmation repond par y et la touche entrer
referme ensuite la fenetre et essai de relancer runthisbat
0
Réponse 13 / 41
Sougen
25 sept. 2008 à 01:50
Ahlala..."exécuter" dans Windows Vista, ça se trouve où ? (pardon)
0
Réponse 14 / 41
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
25 sept. 2008 à 01:53
[Touche Windows]+[R]
0
Réponse 15 / 41
Sougen
25 sept. 2008 à 01:57
Il me dit :

RegOpenKeyEx returned error 5.

c:/Windows/system32>_

Après avoir appuyé sur Y.

Ca veut dire que c'est bon et que je n'ai plus qu'a redémarré en mode sans échec pour tester RunThis ?
0
Réponse 16 / 41
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
25 sept. 2008 à 02:00
oui essaye pour voir (tu dois surement faire un clic droit dessus et sélectionner "exécuter en tant qu admin")
0
Réponse 17 / 41
Sougen
25 sept. 2008 à 02:14
Ca ne fonctionne pas. Bon, pas grave, puisque le probleme semble être résolu. Je n'ai plus les problèmes initiaux. Du moins, ils ne sont pas encore réaparu.

Cependant, j'ai un autre petit soucis qui vient d'apparaitre. J'ai le logiciel Search Settings 1.2 qui tente de s'installer sur mon PC, dès que je lance mon ExplorateurWindows. J'aimerais bien le virer celui là ! Si vous aviez une idée ?

En tant cas, merci de m'aider, en cette heure tardive !
0
Réponse 18 / 41
Sougen
25 sept. 2008 à 02:18
De plus, dès que je fais quelque chose, j'ai une fenetre intitulé "Spooler.exe" qui apparait. Je sais pas ce que sait.
0
Réponse 19 / 41
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
25 sept. 2008 à 02:19
Si tu as bien fais la suppression avec toolbarSD, il y a déjà une partie de searchsetting qui a été supprimée...

fais ceci stp :

▶ Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

▶ Va dans démarrer puis panneau de configuration
▶ Double Clique sur l'icône "Comptes d'utilisateurs"
▶ Clique ensuite sur désactiver et valide.




▶ Télécharge Combofix de sUBs

(c est le numéro 5 en bas de la page)

▶ et enregistre le sur le Bureau.


▶ désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware)


Voici le tutoriel officiel de Bleeping Computer pour savoir l utiliser :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix


ensuite envois le rapport et refais un nouveau rapport hijackthis stp
0
Réponse 20 / 41
Sougen
25 sept. 2008 à 02:29
Rapport ComboFix :

ComboFix 08-09-24.08 - Sougen 2008-09-25 2:21:41.1 - NTFSx86
Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.1.1036.18.2404 [GMT 2:00]
Lancé depuis: C:\Users\Sougen\Downloads\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Sougen\AppData\Roaming\Microsoft\Windows\Cookies\sougen@ad.yieldmanager[2].txt
C:\Users\Sougen\AppData\Roaming\Microsoft\Windows\Cookies\sougen@clicktorrent[1].txt
C:\Windows\lsass.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-25 au 2008-09-25 ))))))))))))))))))))))))))))))))))))
.

2008-09-25 01:42 . 2008-09-25 01:42 <REP> dr------- C:\Users\TrucMush\Searches
2008-09-25 01:42 . 2008-09-25 01:42 <REP> dr------- C:\Users\TrucMush\Contacts
2008-09-25 01:39 . <REP> C:\Users\Invité\Videos
2008-09-25 01:39 . <REP> C:\Users\Invité\Saved Games
2008-09-25 01:39 . <REP> C:\Users\Invité\Pictures
2008-09-25 01:39 . <REP> C:\Users\Invité\Music
2008-09-25 01:39 . <REP> C:\Users\Invité\Links
2008-09-25 01:39 . <REP> C:\Users\Invité\Downloads
2008-09-25 01:39 . <REP> C:\Users\Invité\Documents
2008-09-25 01:39 . <REP> C:\Users\Invité\AppData
2008-09-25 01:39 . 2008-09-25 01:39 <REP> d-------- C:\Users\Invit‚
2008-09-25 01:38 . 2008-09-25 01:42 <REP> dr------- C:\Users\TrucMush\Videos
2008-09-25 01:38 . 2008-09-25 01:42 <REP> dr------- C:\Users\TrucMush\Saved Games
2008-09-25 01:38 . 2008-09-25 01:42 <REP> dr------- C:\Users\TrucMush\Pictures
2008-09-25 01:38 . 2008-09-25 01:42 <REP> dr------- C:\Users\TrucMush\Music
2008-09-25 01:38 . 2008-09-25 01:42 <REP> dr------- C:\Users\TrucMush\Links
2008-09-25 01:38 . 2008-09-25 01:42 <REP> dr------- C:\Users\TrucMush\Downloads
2008-09-25 01:38 . 2008-09-25 01:42 <REP> dr------- C:\Users\TrucMush\Documents
2008-09-25 01:38 . 2006-11-02 14:35 <REP> d-------- C:\Users\TrucMush\AppData\Roaming\Media Center Programs
2008-09-25 01:38 . 2008-09-25 01:42 <REP> d--h----- C:\Users\TrucMush\AppData
2008-09-25 01:38 . 2008-09-25 01:42 <REP> d-------- C:\Users\TrucMush
2008-09-25 01:17 . 2008-09-25 02:01 <REP> d-------- C:\SDFix
2008-09-25 01:09 . 2008-09-25 01:09 2,576 --a------ C:\Windows\System32\tmp.reg
2008-09-25 00:55 . 2008-09-25 01:15 <REP> d-------- C:\ToolBar SD
2008-09-25 00:47 . 2008-09-25 00:47 <REP> d-------- C:\Program Files\Trend Micro
2008-09-25 00:23 . 2008-09-25 00:23 289,852,542 --a------ C:\Windows\MEMORY.DMP
2008-09-25 00:17 . 2008-09-25 00:17 <REP> d-------- C:\Users\Sougen\AppData\Roaming\Malwarebytes
2008-09-25 00:17 . 2008-09-25 00:17 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-09-25 00:17 . 2008-09-25 00:17 <REP> d-------- C:\ProgramData\Malwarebytes
2008-09-25 00:17 . 2008-09-25 00:17 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-25 00:17 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-09-25 00:17 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-09-25 00:01 . 2008-09-25 00:33 <REP> d-------- C:\Users\All Users\Kaspersky Lab
2008-09-25 00:01 . 2008-09-25 00:33 <REP> d-------- C:\ProgramData\Kaspersky Lab
2008-09-25 00:01 . 2008-09-25 00:01 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-09-25 00:00 . 2008-09-25 00:00 <REP> d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-09-25 00:00 . 2008-09-25 00:00 <REP> d-------- C:\ProgramData\Kaspersky Lab Setup Files
2008-09-24 22:35 . 2008-09-24 23:13 <REP> d-------- C:\Program Files\Navilog1
2008-09-24 22:21 . 2008-09-24 22:34 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-09-24 22:21 . 2008-09-24 22:34 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-09-24 22:21 . 2008-09-24 22:21 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-24 20:24 . 2008-09-25 01:17 1,782 --a------ C:\Windows\iexplore.html
2008-09-24 20:23 . 2008-09-25 00:44 3,362 --a------ C:\Windows\System32\mssc32.dll
2008-09-24 20:23 . 2008-09-25 00:44 3,362 --a------ C:\Windows\System32\bsc32.dll
2008-09-24 20:22 . 2008-09-24 20:22 620,169 --a------ C:\Windows\System32\SPOOLER.EXE
2008-09-24 20:22 . 2008-09-25 00:43 620,169 --a------ C:\Windows\divx32.dll
2008-09-24 20:22 . 2008-09-24 20:22 16,896 --a------ C:\Windows\System32\apisrv32.exe
2008-09-24 18:49 . 2008-09-24 18:49 <REP> d-------- C:\Users\All Users\eMule
2008-09-24 18:49 . 2008-09-24 18:49 <REP> d-------- C:\ProgramData\eMule
2008-09-24 18:49 . 2008-09-24 18:49 <REP> d-------- C:\Program Files\eMule
2008-09-23 19:32 . 2008-09-24 17:02 69 --a------ C:\Windows\NeroDigital.ini
2008-09-23 17:53 . 2008-09-24 18:26 54,156 --ah----- C:\Windows\QTFont.qfn
2008-09-23 17:53 . 2008-09-23 17:53 1,409 --a------ C:\Windows\QTFont.for
2008-09-23 17:46 . 2008-09-23 17:48 <REP> d-------- C:\Program Files\FilmFX2
2008-09-23 17:38 . 2008-09-23 17:38 <REP> d-------- C:\Windows\Downloaded Installations
2008-09-23 17:36 . 2008-09-23 17:36 <REP> d-------- C:\Program Files\AIST
2008-09-23 11:50 . 2008-09-23 11:50 <REP> d-------- C:\Users\All Users\Media Center Programs
2008-09-23 11:50 . 2008-09-23 11:50 <REP> d-------- C:\ProgramData\Media Center Programs
2008-09-23 11:50 . 2008-09-23 11:50 <REP> d-------- C:\Program Files\Common Files\BioWare
2008-09-23 11:26 . 2008-09-23 11:26 <REP> d-------- C:\Users\Sougen\AppData\Roaming\DAEMON Tools
2008-09-23 11:16 . 2008-09-23 11:16 <REP> d-------- C:\Program Files\Common Files\EZB Systems
2008-09-23 02:53 . 2008-09-23 02:53 <REP> d-------- C:\Program Files\Synthetic Aperture
2008-09-23 01:14 . 2008-09-23 01:14 <REP> d-------- C:\Program Files\Free Video Converter
2008-09-18 13:57 . 2008-09-18 13:57 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-09-18 13:30 . 2008-09-18 13:30 <REP> d-------- C:\Program Files\Sony Ericsson
2008-09-18 13:30 . 2008-09-18 13:30 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-09-18 04:31 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-09-18 04:31 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-09-18 04:31 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-09-18 04:31 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-09-18 04:31 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-09-18 04:31 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-09-18 04:31 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-09-18 04:30 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-09-18 04:30 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-09-16 22:30 . 2008-09-16 22:30 <REP> d-------- C:\Users\Sougen\AppData\Roaming\AVS4YOU
2008-09-16 22:30 . 2008-09-16 22:30 <REP> d-------- C:\Users\All Users\AVS4YOU
2008-09-16 22:30 . 2008-09-16 22:30 <REP> d-------- C:\ProgramData\AVS4YOU
2008-09-16 22:30 . 2008-09-16 22:30 <REP> d-------- C:\Program Files\AVS4YOU
2008-09-16 22:28 . 2008-09-23 17:49 <REP> d-------- C:\Users\Sougen\AppData\Roaming\FileZilla
2008-09-16 22:24 . 2008-09-16 22:24 <REP> d-------- C:\Crack
2008-09-16 22:23 . 2008-09-16 22:30 <REP> d-------- C:\Program Files\Common Files\AVSMedia
2008-09-16 22:23 . 2008-09-16 22:23 <REP> d-------- C:\Program Files\AVSMedia
2008-09-16 18:45 . 2003-03-15 23:15 90,112 --a------ C:\Windows\unvise32.exe
2008-09-16 12:49 . 2008-09-16 12:49 <REP> d-------- C:\Program Files\RADVideo
2008-09-16 12:35 . 2008-09-23 11:16 <REP> d-------- C:\Program Files\UltraISO
2008-09-16 12:28 . 2008-09-16 12:28 <REP> d-------- C:\Users\Sougen\AppData\Roaming\DAEMON Tools Pro
2008-09-16 12:24 . 2008-09-23 11:27 717,296 --a------ C:\Windows\System32\drivers\sptd.sys
2008-09-16 10:17 . 2008-09-16 10:17 <REP> d-------- C:\Program Files\DivX
2008-09-12 23:59 . 2008-09-12 23:59 <REP> d-------- C:\Users\Sougen\AppData\Roaming\Nero
2008-09-12 23:56 . 2008-09-12 23:56 <REP> d-------- C:\Users\All Users\Nero
2008-09-12 23:56 . 2008-09-12 23:56 <REP> d-------- C:\ProgramData\Nero
2008-09-12 23:56 . 2008-09-12 23:56 <REP> d-------- C:\Program Files\Common Files\Nero
2008-09-12 16:44 . 2008-09-12 23:56 <REP> d-------- C:\Program Files\Nero
2008-09-12 16:44 . 2008-09-12 16:45 <REP> d-------- C:\Program Files\Common Files\Ahead
2008-09-10 20:56 . 2008-08-02 03:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-10 20:56 . 2008-06-26 05:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-10 20:56 . 2008-06-26 05:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-10 20:56 . 2008-05-08 21:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-10 20:56 . 2008-05-20 04:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-10 20:56 . 2008-06-26 05:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-10 20:56 . 2008-08-02 05:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-08 21:32 . 2008-09-08 21:32 <REP> d-------- C:\Users\Sougen\AppData\Roaming\CyberLink
2008-09-08 21:31 . 2008-09-08 21:31 <REP> d-------- C:\Users\All Users\CyberLink
2008-09-08 21:31 . 2008-09-08 21:31 <REP> d-------- C:\ProgramData\CyberLink
2008-09-08 21:30 . 2008-09-08 21:30 <REP> d-------- C:\Program Files\CyberLink
2008-09-08 21:03 . 2008-09-08 21:03 <REP> d-------- C:\Users\All Users\Minnetonka Audio Software
2008-09-08 21:03 . 2008-09-08 21:03 <REP> d-------- C:\ProgramData\Minnetonka Audio Software
2008-09-08 16:57 . 2008-04-23 06:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-09-08 16:57 . 2008-04-23 06:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-09-08 16:57 . 2008-04-23 06:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-09-08 16:57 . 2008-04-23 06:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-09-08 16:54 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-08 16:54 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-09-08 15:34 . 2008-09-08 15:39 <REP> d-------- C:\Users\All Users\Apple Computer
2008-09-08 15:34 . 2008-09-08 15:34 <REP> d-------- C:\Users\All Users\Apple
2008-09-08 15:34 . 2008-09-08 15:39 <REP> d-------- C:\ProgramData\Apple Computer
2008-09-08 15:34 . 2008-09-08 15:34 <REP> d-------- C:\ProgramData\Apple
2008-09-08 15:34 . 2008-09-08 15:34 <REP> d-------- C:\Program Files\Apple Software Update
2008-09-07 12:14 . 2008-09-25 00:02 <REP> d-------- C:\Users\Sougen\AppData\Roaming\uTorrent
2008-09-07 12:14 . 2008-09-07 12:14 <REP> d-------- C:\Program Files\uTorrent
2008-09-07 11:30 . 2008-09-07 11:30 <REP> d-------- C:\Program Files\Microsoft Works
2008-09-07 11:29 . 2008-09-07 11:29 <REP> d-------- C:\Program Files\Microsoft.NET
2008-09-07 11:28 . 2008-09-07 11:28 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-09-07 11:27 . 2008-09-10 20:58 <REP> d-------- C:\Users\All Users\Microsoft Help

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-19 10:26 82,944 ----a-w C:\Windows\System32\o4Patch.exe
2008-09-19 10:26 82,944 ----a-w C:\Windows\System32\IEDFix.C.exe
2008-09-08 21:38 88,576 ----a-w C:\Windows\System32\AntiXPVSTFix.exe
2008-09-08 16:28 --------- d-----w C:\Program Files\Windows Mail
2008-09-07 09:30 --------- d-----w C:\Program Files\MSBuild
2008-09-06 18:31 315,392 ----a-w C:\Windows\HideWin.exe
2008-09-06 17:29 48,128 ----a-w C:\Windows\system32\drivers\atl01v32.sys
2008-09-06 15:55 --------- d-sh--w C:\ProgramData\Modèles
2008-09-06 15:55 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-09-06 15:55 --------- d-sh--w C:\ProgramData\Favoris
2008-09-06 15:55 --------- d-sh--w C:\ProgramData\Documents
2008-09-06 15:55 --------- d-sh--w C:\ProgramData\Bureau
2008-09-06 15:55 --------- d-sh--w C:\ProgramData\Application Data
2008-09-06 15:55 --------- d-sh--w C:\Program Files\Fichiers communs
2008-09-02 14:51 86,528 ----a-w C:\Windows\System32\VACFix.exe
2008-08-18 10:19 82,432 ----a-w C:\Windows\System32\404Fix.exe
2008-07-31 08:41 68,616 ----a-w C:\Windows\System32\XAPOFX1_1.dll
2008-07-31 08:41 238,088 ----a-w C:\Windows\System32\xactengine3_2.dll
2008-07-31 08:40 509,448 ----a-w C:\Windows\System32\XAudio2_2.dll
2008-07-23 16:48 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-07-12 06:18 467,984 ----a-w C:\Windows\System32\d3dx10_39.dll
2008-07-12 06:18 3,851,784 ----a-w C:\Windows\System32\D3DX9_39.dll
2008-07-12 06:18 1,493,528 ----a-w C:\Windows\System32\D3DCompiler_39.dll
2008-02-21 17:57 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-06 39408]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-16 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-16 92704]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 286720]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Print Spooler"="C:\Windows\system32\SPOOLER.EXE" [2008-09-24 620169]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 C:\Windows\RtHDVCpl.exe]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
WiFi Station pour Livebox.lnk - C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiLB.exe [2008-09-06 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regedit.exe]
"Debugger"=0

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taskmgr.exe]
"Debugger"=0

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9CEEFD9E-7029-488B-805E-6109CDEBC053}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{458AE218-2E16-4AD3-8B91-B09EB716D18F}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{FBEBA054-12DA-45FB-B0BC-870348AF946E}"= UDP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice
"{3E44141B-0020-4904-8220-20D41B4AD7C7}"= TCP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice
"{B9818347-C9EB-4D8D-B99C-96176A6DC635}"= UDP:3703:Adobe Version Cue CS3 Server
"{C87E9180-94EE-463F-9A7A-CDC6FE4C87F6}"= UDP:3704:Adobe Version Cue CS3 Server
"{F5CE6B7E-4C9B-4F00-B96F-057C3A8DCE5D}"= UDP:50900:Adobe Version Cue CS3 Server
"{4A01F92D-8F10-4488-8B2D-730851012E9C}"= UDP:50901:Adobe Version Cue CS3 Server
"{D45B76E1-1301-4A58-A2E2-DB67037E7259}"= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{44328308-658B-429B-B101-E92B1DA8B7A0}"= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{3BBB942A-9CC2-46BA-8318-C8E1750E335C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{7D140D39-92A2-43CC-944A-76BEBF5B6516}D:\\jeux\\steam\\steamapps\\nadelais\\counter-strike source\\hl2.exe"= UDP:D:\jeux\steam\steamapps\nadelais\counter-strike source\hl2.exe:hl2
"UDP Query User{9211064F-7B3B-4E4A-B763-861AA54BA5AF}D:\\jeux\\steam\\steamapps\\nadelais\\counter-strike source\\hl2.exe"= TCP:D:\jeux\steam\steamapps\nadelais\counter-strike source\hl2.exe:hl2
"{A2DBAA0B-0E56-4F3D-927A-3319A62BF799}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9C50FEAA-D846-4345-8DE9-F740632C840D}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{6FF143FC-125A-438A-89EA-67572A318302}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{D34DCB5C-B705-495A-82A5-3BDDD169DCBD}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{4A577F45-76CF-490C-9687-36CF956C40FA}"= C:\Program Files\Cyberlink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"TCP Query User{72918D6C-151E-46D2-B69F-2B6EDE5D1F19}D:\\jeux\\steam\\steamapps\\keldon56\\counter-strike source\\hl2.exe"= UDP:D:\jeux\steam\steamapps\keldon56\counter-strike source\hl2.exe:hl2
"UDP Query User{6B438220-9FCC-4DBE-B83F-E472743D1092}D:\\jeux\\steam\\steamapps\\keldon56\\counter-strike source\\hl2.exe"= TCP:D:\jeux\steam\steamapps\keldon56\counter-strike source\hl2.exe:hl2
"TCP Query User{2D3A9BA2-C571-4297-8B2B-8B8C7FDE89F4}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{5A27AAB8-5755-4CEE-951C-C5E7ACBBF888}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{F821D475-6D24-466D-A786-9B2D99500371}"= UDP:C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0
"{329A1D22-8DA1-45FE-AC23-FE5CBB5B8004}"= TCP:C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0
"{05685679-1FD3-455F-A2F8-BEB096F5BBF4}"= UDP:D:\Jeux\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
"{51F2F4FC-A910-4F7F-9D5F-7CC0144EFA04}"= TCP:D:\Jeux\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
"{14785881-6CC7-4354-87DE-366D1CFE0D73}"= UDP:D:\Jeux\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher
"{2EF2BE67-F582-4F18-BDE7-35D1344233DD}"= TCP:D:\Jeux\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher
"TCP Query User{62B2659D-9E73-491F-BDA3-C0303A5A09B0}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{25C582B3-6BCA-4F1B-8E62-04994DB373C2}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{62A006E8-71B4-447A-A29B-9C1C9C68358F}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\english\setup.exe:Kaspersky Internet Security 2009 Setup
"UDP Query User{424AD357-6125-432E-AB79-B1515AA7D64B}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\english\setup.exe:Kaspersky Internet Security 2009 Setup

R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u]0/u00.fcl [2006-11-02 16:51 13560]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\atl01v32.sys [2008-09-06 48128]
R3 VBoxMouse;VirtualBox Guest Mouse Service;C:\Windows\system32\DRIVERS\VBoxMouse.sys [2008-02-19 33120]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-09-02 191656]
S3 netr73;Hercules Wireless USB Dongle Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-01-31 256000]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-09-16 92656]
S3 vboxvideo;vboxvideo;C:\Windows\system32\DRIVERS\VBoxVideo.sys [2008-02-19 52096]
S4 VBoxGuest;VirtualBox Guest Driver;C:\Windows\system32\DRIVERS\VBoxGuest.sys [2008-02-19 36000]

*Newly Created Service* - PROCEXP90
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-SearchSettings - C:\Program Files\Search Settings\SearchSettings.exe
HKLM-Run-NWEReboot - (no file)
HKLM-Explorer_Run-LocalSecurityAuthoritySubsystem - C:\Windows\lsass.exe


.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: Ajouter au fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convertir en Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convertir la cible du lien en Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convertir la cible du lien en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convertir la sélection en Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convertir la sélection en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convertir les liens sélectionnés en fichier Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 -: Convertir les liens sélectionnés en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_0_3_1.cab
C:\Windows\Downloaded Program Files\hardwaredetection.inf
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-25 02:23:03
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-09-25 2:24:48
ComboFix-quarantined-files.txt 2008-09-25 00:24:01

Avant-CF: 3ÿ933ÿ650ÿ944 octets libres
Après-CF: 3,720,802,304 octets libres

279 --- E O F --- 2008-09-24 09:35:54
0

Discussions similaires

Problème de clavier, des fenêtre s'ouvrent !!
Lyon691D -
tanteelise -

5 réponses
iCloud affichage fenêtres intempestives. Réglages impossible.
jemlabd -
jemlabd -

9 réponses
Afficher deux fenêtres côte à côte
ptitchinoise -
pistouri -

11 réponses
problème pop up (promotion McAfee etc)
thewwws57 -
Plutonmp3 -

17 réponses
Mon pc ouvre des fenetres tout seul
ilvyans -
bugiuglg -

25 réponses